Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Telekom Mobilfunk RechnungOnline für Geschäftskunden

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 13.01.2014, 12:56   #1
Vayn
 
Telekom Mobilfunk RechnungOnline für Geschäftskunden - Standard

Telekom Mobilfunk RechnungOnline für Geschäftskunden



Hi,

einer unserer Vorstände hat das mail bekommen und geöffnet + Anhang + entzippen + auf die .exe geklickt.

(hoch leben die lokalen Admin Rechte)

Das Thema wurde ja schon ein paarmal beantwortet.
Darum hier gleich die beiden Auswertungen im Anschluss.
Würde mich freuen wenn Ihr Euch das ansehen könntet.

LG Vayn

FRST.txt
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-01-2014 01
Ran by BrandlmaierH (administrator) on LP0272 on 13-01-2014 12:29:59
Running from C:\Users\brandlmaierh\Downloads
Windows 8 Pro (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
(Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
(ESTOS GmbH) C:\Windows\System32\EACUSrv.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\System Center Operations Manager 2007\HealthService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(LENOVO INCORPORATED.) C:\Program Files\Lenovo\SystemAgent\SystemAgentService.exe
(Lenovo Corporation) C:\Program Files\Lenovo\Communications Utility\CamMute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Lenovo Corporation) C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(Lenovo) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(Microsoft Corporation) C:\Program Files\System Center Operations Manager 2007\MonitoringHost.exe
(Microsoft Corporation) C:\Program Files\System Center Operations Manager 2007\MonitoringHost.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(LENOVO INCORPORATED.) C:\Program Files\Lenovo\QuickSnipService\QuickSnipService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Mobile Hotspot\LnvHotSpotSvc.exe
() C:\Program Files (x86)\Lenovo\LocationAware\loctaskmgr.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\LogonUI.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler64.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\OfficeScan Client\Ntrtscan.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmListen.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\OfficeScan Client\CNTAoSMgr.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\BM\TMBMSRV.exe
(Microsoft Corporation) C:\Windows\System32\printfilterpipelinesvc.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\SeaPort.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Authentec Inc.) C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Lenovo) C:\Program Files\Lenovo\QuickSnipService\QuickSnipInput.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tposd.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\shtctky.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4396.1016_x64__8wekyb3d8bbwe\LiveComm.exe
() C:\Program Files (x86)\Lenovo\LocationAware\lpdagent.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\extapsup.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Mobile Hotspot\MobileHotspotclient.exe
(Lenovo Corporation) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
(Ricoh co.,Ltd.) C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\OfficeScan Client\PccNTMon.exe
(Lenovo Corporation) C:\Program Files\Lenovo\Communications Utility\vcamsvchlpr.exe
(ESTOS GmbH) C:\Program Files (x86)\ESTOS\ProCall 4\ECtiClient.exe
(ESTOS GmbH) C:\Program Files (x86)\ESTOS\ProCall 4\Communicator.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\OfficeScan Client\PccNt.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTStackServer.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [LenovoOptMouseUpdate] - C:\Program Files\Lenovo\HOTKEY\extapsup.exe [250976 2012-09-01] (Lenovo Group Limited)
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13192848 2012-08-21] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1215632 2012-08-17] (Realtek Semiconductor)
HKLM\...\Run: [TpShocks] - C:\Windows\system32\TpShocks.exe [222720 2012-08-24] (Lenovo.)
HKLM\...\Run: [LnvMobHotspotClient] - C:\Program Files\Lenovo\Lenovo Mobile Hotspot\MobileHotspotclient.exe [2645568 2012-11-08] (Lenovo)
HKLM\...\Run: [LENOVO.TPKNRRES] - C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [572992 2012-10-17] (Lenovo Corporation)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2963184 2013-04-24] (Synaptics Incorporated)
HKLM\...\Run: [Logitech Download Assistant] - C:\Windows\System32\LogiLDA.dll [3933496 2012-09-20] (Logitech, Inc.)
HKLM-x32\...\Run: [IMSS] - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [133440 2012-07-19] (Intel Corporation)
HKLM-x32\...\Run: [RotateImage] - C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe [59392 2012-05-02] (Ricoh co.,Ltd.)
HKLM-x32\...\Run: [Intel AppUp(R) center] - C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [156000 2012-12-14] (Intel Corporation)
HKLM-x32\...\Run: [OfficeScanNT Monitor] - C:\Program Files (x86)\Trend Micro\OfficeScan Client\pccntmon.exe [2230608 2012-12-07] (Trend Micro Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [ECtiClient] - C:\Program Files (x86)\ESTOS\ProCall 4\eCtiClient.exe [21693208 2013-05-22] (ESTOS GmbH)
HKLM-x32\...\Run: [BMDNetClient_CISMOBMD01] - C:\ProgramData\BMDNTCS\BMDNTCSClients\CISMOBMD01\BMDNetClient.exe [40098512 2013-03-25] (BMD Systemhaus GmbH)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\psfus: C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (Authentec Inc.)
HKCU\...\Policies\Explorer: [NoInplaceSharing] 1
HKU\Default\...\RunOnce: [Lenovo.ShowBand] - C:\Program Files\Lenovo\SimpleTap DeskBand\ShowBand.exe [52584 2013-09-25] (Lenovo)
HKU\Default User\...\RunOnce: [Lenovo.ShowBand] - C:\Program Files\Lenovo\SimpleTap DeskBand\ShowBand.exe [52584 2013-09-25] (Lenovo)
AppInit_DLLs: C:\WINDOWS\system32\nvinitx.dll [245872 2013-10-29] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvStInit.dll,C:\WINDOWS\SysWOW64\nvinit.dll [201576 2013-10-29] (NVIDIA Corporation)
Lsa: [Notification Packages] scecli C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.oem-ag.at/de
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13-comm.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad
SearchScopes: HKLM - DefaultScope {6EFCA717-53C4-4888-A244-60996FFDDF21} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALCJS
SearchScopes: HKLM - {6EFCA717-53C4-4888-A244-60996FFDDF21} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALCJS
SearchScopes: HKLM-x32 - DefaultScope {6EFCA717-53C4-4888-A244-60996FFDDF21} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALCJS
SearchScopes: HKLM-x32 - {6EFCA717-53C4-4888-A244-60996FFDDF21} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALCJS
SearchScopes: HKCU - DefaultScope {6EFCA717-53C4-4888-A244-60996FFDDF21} URL =
SearchScopes: HKCU - {6EFCA717-53C4-4888-A244-60996FFDDF21} URL =
BHO: Bing Bar Helper - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\amd64\BingExt.dll (Microsoft Corporation.)
BHO: LastPass Vault - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll (LastPass)
BHO-x32: Bing Bar Helper - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: LastPass Vault - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll (LastPass)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll (LastPass)
Toolbar: HKLM - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\amd64\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll (LastPass)
Toolbar: HKLM-x32 - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BingExt.dll (Microsoft Corporation.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.200.112 192.168.200.110
Tcpip\..\Interfaces\{53E041E1-3449-4E3D-8287-EC74ACA87887}: [NameServer]194.48.128.199,194.48.139.254

FireFox:
========
FF ProfilePath: C:\Users\brandlmaierh\AppData\Roaming\Mozilla\Firefox\Profiles\g9i3d62o.default
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.21.2 - C:\WINDOWS\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml

Chrome:
=======
CHR HomePage: ttp://www.oem-ag.at/de
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Intel\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Java(TM) Platform SE 7 U21) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Java Deployment Toolkit 7.0.210.11) - C:\WINDOWS\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll No File
CHR Extension: (Google Docs) - C:\Users\brandlmaierh\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0 [2013-08-14]
CHR Extension: (Google Drive) - C:\Users\brandlmaierh\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0 [2013-08-14]
CHR Extension: (YouTube) - C:\Users\brandlmaierh\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0 [2013-08-14]
CHR Extension: (Google Search) - C:\Users\brandlmaierh\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0 [2013-08-14]
CHR Extension: (Google Wallet) - C:\Users\brandlmaierh\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0 [2013-11-13]
CHR Extension: (Gmail) - C:\Users\brandlmaierh\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0 [2013-07-25]

==================== Services (Whitelisted) =================

U4 AdtAgent; C:\WINDOWS\system32\AdtAgent.exe [343936 2009-05-08] (Microsoft Corporation)
U2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2227992 2012-10-02] (Broadcom Corporation.)
U2 EACUSrv; C:\WINDOWS\system32\EACUSrv.exe [7001928 2013-05-22] (ESTOS GmbH)
U3 edsservice; C:\Program Files (x86)\ESTOS\ProCall 4\EDeskShareService.exe [696120 2013-05-22] (ESTOS GmbH)
U2 HealthService; C:\Program Files\System Center Operations Manager 2007\HealthService.exe [30592 2009-05-08] (Microsoft Corporation)
U2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-07-19] (Intel Corporation)
U2 Lenovo QuickSnip Service; C:\Program Files\lenovo\QuickSnipService\QuickSnipService.exe [235488 2012-12-14] (LENOVO INCORPORATED.)
U2 Lenovo System Agent Service; C:\Program Files\lenovo\SystemAgent\SystemAgentService.exe [576992 2012-12-14] (LENOVO INCORPORATED.)
U2 LENOVO.TVTVCAM; C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe [661056 2012-10-17] (Lenovo Corporation)
U2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [136288 2012-08-10] (Lenovo Group Limited)
U2 LnvHotSpotSvc; C:\Program Files\Lenovo\Lenovo Mobile Hotspot\LnvHotSpotSvc.exe [460864 2012-11-08] (Lenovo)
U2 LocationTaskManager; C:\Program Files (x86)\Lenovo\LocationAware\loctaskmgr.exe [458304 2012-10-26] ()
U3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [1674720 2013-09-25] ()
U3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-08-28] ()
U2 ntrtscan; C:\Program Files (x86)\Trend Micro\OfficeScan Client\ntrtscan.exe [3015992 2012-12-06] (Trend Micro Inc.)
U3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [21416 2012-09-27] ()
U3 TMBMServer; C:\Program Files (x86)\Trend Micro\BM\TMBMSRV.exe [572464 2012-10-30] (Trend Micro Inc.)
U2 tmlisten; C:\Program Files (x86)\Trend Micro\OfficeScan Client\tmlisten.exe [3117680 2013-01-16] (Trend Micro Inc.)
U3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-02] (Microsoft Corporation)
U2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3378416 2013-08-28] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

U3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [169240 2012-10-02] (Broadcom Corporation.)
U3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
U3 e1cexpress; C:\Windows\system32\DRIVERS\e1c63x64.sys [452432 2012-11-26] (Intel Corporation)
U3 LnvHIDHW; C:\Windows\System32\drivers\LnvHIDHW.sys [27496 2012-07-30] (Lenovo)
U3 MbmLowExt; C:\Windows\System32\Drivers\MbmLowExt.sys [35840 2012-12-07] (Ericsson AB)
U3 MbmUsbSerial; C:\Windows\System32\Drivers\MbmUsbSerial.sys [72704 2012-07-03] (Ericsson AB)
U3 MkBusFilter; C:\Windows\System32\drivers\MbmDeviceFilter.sys [40760 2012-12-05] (Ericsson AB)
U3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3345376 2013-10-08] (Intel Corporation)
U1 nvkflt; C:\Windows\system32\DRIVERS\nvkflt.sys [284448 2013-10-29] (NVIDIA Corporation)
U3 RCUVCAVS; C:\Windows\system32\DRIVERS\RCUVCAVS.sys [149632 2012-08-02] (Ricoh co.,Ltd.)
U3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [43832 2012-08-16] (Synaptics Incorporated)
U2 smihlp2; C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [13128 2011-05-30] (Authentec Inc.)
U2 tmactmon; C:\Windows\system32\DRIVERS\tmactmon.sys [82840 2012-10-30] (Trend Micro Inc.)
U1 tmcomm; C:\Windows\system32\DRIVERS\tmcomm.sys [174016 2012-11-13] (Trend Micro Inc.)
U3 tmeevw; C:\Windows\system32\DRIVERS\tmeevw.sys [98104 2012-08-25] (Trend Micro Inc.)
U2 tmevtmgr; C:\Windows\system32\DRIVERS\tmevtmgr.sys [65872 2012-10-30] (Trend Micro Inc.)
U2 TmFilter; C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmXPFlt.sys [344376 2012-07-17] (Trend Micro Inc.)
U2 TmPreFilter; C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmPreFlt.sys [42808 2012-07-17] (Trend Micro Inc.)
U3 tmusa; C:\Windows\system32\DRIVERS\tmusa.sys [80696 2012-11-22] (Trend Micro Inc.)
U3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [47072 2012-10-09] (Windows (R) Win 7 DDK provider)
U2 VSApiNt; C:\Program Files (x86)\Trend Micro\OfficeScan Client\VSApiNt.sys [2224952 2012-07-17] (Trend Micro Inc.)
U3 wmbclass; C:\Windows\System32\drivers\wmbclass.sys [230912 2013-04-09] (Microsoft Corporation)
U3 XHCIPort; C:\Windows\System32\drivers\XHCIPort.sys [188896 2012-10-09] (Windows (R) Win 7 DDK provider)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-13 12:29 - 2014-01-13 12:30 - 00022892 _____ C:\Users\brandlmaierh\Downloads\FRST.txt
2014-01-13 12:29 - 2014-01-13 12:29 - 00000000 ____D C:\FRST
2014-01-13 12:28 - 2014-01-13 12:29 - 02075648 _____ (Farbar) C:\Users\brandlmaierh\Downloads\FRST64.exe
2014-01-13 11:30 - 2014-01-13 15:32 - 00159744 ____R C:\Users\brandlmaierh\AppData\Roaming\KB00560451.exe
2014-01-10 13:28 - 2012-11-26 11:40 - 00452432 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\e1c63x64.sys
2014-01-10 13:28 - 2012-08-09 12:56 - 00101224 _____ (Intel Corporation) C:\WINDOWS\system32\NicInstC.dll
2014-01-10 13:28 - 2012-08-09 08:54 - 00073032 _____ (Intel Corporation) C:\WINDOWS\system32\e1cmsg.dll
2014-01-10 13:27 - 2014-01-10 13:28 - 00000000 ____D C:\WINDOWS\LastGood
2014-01-10 13:27 - 2014-01-10 13:27 - 01295184 _____ (Lenovo Group Limited ) C:\Users\svjankum\Downloads\g1rs05ww_64.exe
2014-01-10 13:27 - 2014-01-10 13:27 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_MbmDevExt_01_11_00.Wdf
2014-01-10 13:27 - 2013-03-12 01:37 - 00252928 _____ (Ericsson AB) C:\WINDOWS\system32\MbmGpsRM.dll
2014-01-10 13:27 - 2012-12-07 02:02 - 00035840 _____ (Ericsson AB) C:\WINDOWS\system32\Drivers\MbmLowExt.sys
2014-01-10 13:27 - 2012-12-05 14:04 - 00040760 _____ (Ericsson AB) C:\WINDOWS\system32\Drivers\MbmDeviceFilter.sys
2014-01-10 13:27 - 2012-10-30 15:40 - 00035727 ____R C:\WINDOWS\ConnectionProfiles.dat
2014-01-10 13:24 - 2014-01-10 13:24 - 09866080 _____ (Lenovo Group Limited ) C:\Users\svjankum\Downloads\g7wq12ww(1).exe
2014-01-10 13:24 - 2014-01-10 13:24 - 04771536 _____ (Lenovo Group Limited ) C:\Users\svjankum\Downloads\g7wo09ww.exe
2014-01-10 13:18 - 2014-01-10 13:18 - 09866080 _____ (Lenovo Group Limited ) C:\Users\svjankum\Downloads\g7wq12ww.exe
2014-01-10 12:37 - 2014-01-10 13:20 - 00003596 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1009147077-2056058590-998311098-4797
2014-01-10 12:33 - 2014-01-10 12:33 - 00000000 ____D C:\Users\svjankum\AppData\Roaming\Mozilla
2014-01-10 12:33 - 2014-01-10 12:33 - 00000000 ____D C:\Users\svjankum\AppData\Local\Mozilla
2014-01-07 09:37 - 2014-01-07 09:37 - 00029627 __RSH C:\ProgramData\ntuser.pol
2014-01-04 14:24 - 2014-01-04 14:33 - 00000000 ____D C:\Users\Public\CyberLink
2014-01-04 14:19 - 2014-01-04 14:19 - 00000000 ____D C:\Users\brandlmaierh\AppData\Roaming\WebApp
2014-01-04 13:32 - 2014-01-04 13:32 - 00000000 ____D C:\Users\brandlmaierh\Documents\CyberLink
2014-01-04 13:32 - 2014-01-04 13:32 - 00000000 ____D C:\Users\brandlmaierh\AppData\Roaming\CyberLink
2014-01-02 09:17 - 2014-01-02 09:17 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-25 08:53 - 2013-12-25 09:08 - 00000000 ____D C:\Users\brandlmaierh\AppData\Roaming\RavensburgerTipToi
2013-12-25 08:53 - 2013-12-25 08:53 - 00001103 _____ C:\Users\brandlmaierh\Desktop\tiptoi.lnk
2013-12-25 08:53 - 2013-12-25 08:53 - 00000000 ____D C:\Users\brandlmaierh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\tiptoi® Manager
2013-12-25 08:53 - 2013-12-25 08:53 - 00000000 ____D C:\ProgramData\RavensburgerTipToi
2013-12-25 08:53 - 2013-12-25 08:53 - 00000000 ____D C:\Program Files (x86)\Ravensburger tiptoi

==================== One Month Modified Files and Folders =======

2014-01-13 15:32 - 2014-01-13 11:30 - 00159744 ____R C:\Users\brandlmaierh\AppData\Roaming\KB00560451.exe
2014-01-13 12:30 - 2014-01-13 12:29 - 00022892 _____ C:\Users\brandlmaierh\Downloads\FRST.txt
2014-01-13 12:29 - 2014-01-13 12:29 - 00000000 ____D C:\FRST
2014-01-13 12:29 - 2014-01-13 12:28 - 02075648 _____ (Farbar) C:\Users\brandlmaierh\Downloads\FRST64.exe
2014-01-13 12:26 - 2013-06-26 17:03 - 01181964 _____ C:\WINDOWS\WindowsUpdate.log
2014-01-13 12:00 - 2012-07-26 09:12 - 00000000 ____D C:\WINDOWS\system32\sru
2014-01-13 11:58 - 2013-07-25 09:41 - 00001134 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-13 10:55 - 2013-06-26 18:43 - 00000432 _____ C:\WINDOWS\system32\config\netlogon.ftl
2014-01-13 09:07 - 2013-07-17 13:27 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1009147077-2056058590-998311098-1359
2014-01-13 09:00 - 2013-06-26 17:14 - 00000000 ____D C:\WINDOWS\System32\Tasks\Lenovo
2014-01-13 08:58 - 2013-07-25 09:41 - 00001130 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-13 08:57 - 2013-06-26 12:01 - 00009908 _____ C:\WINDOWS\cfgall.ini
2014-01-13 08:57 - 2012-07-26 09:12 - 00000000 ____D C:\WINDOWS\AUInstallAgent
2014-01-10 13:45 - 2013-06-27 03:01 - 00791098 _____ C:\WINDOWS\system32\perfh007.dat
2014-01-10 13:45 - 2013-06-27 03:01 - 00167722 _____ C:\WINDOWS\system32\perfc007.dat
2014-01-10 13:45 - 2012-07-26 08:28 - 01847114 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2014-01-10 13:28 - 2014-01-10 13:27 - 00000000 ____D C:\WINDOWS\LastGood
2014-01-10 13:27 - 2014-01-10 13:27 - 01295184 _____ (Lenovo Group Limited ) C:\Users\svjankum\Downloads\g1rs05ww_64.exe
2014-01-10 13:27 - 2014-01-10 13:27 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_MbmDevExt_01_11_00.Wdf
2014-01-10 13:27 - 2013-12-05 11:05 - 00009743 _____ C:\WINDOWS\setupact.log
2014-01-10 13:24 - 2014-01-10 13:24 - 09866080 _____ (Lenovo Group Limited ) C:\Users\svjankum\Downloads\g7wq12ww(1).exe
2014-01-10 13:24 - 2014-01-10 13:24 - 04771536 _____ (Lenovo Group Limited ) C:\Users\svjankum\Downloads\g7wo09ww.exe
2014-01-10 13:20 - 2014-01-10 12:37 - 00003596 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1009147077-2056058590-998311098-4797
2014-01-10 13:18 - 2014-01-10 13:18 - 09866080 _____ (Lenovo Group Limited ) C:\Users\svjankum\Downloads\g7wq12ww.exe
2014-01-10 13:17 - 2013-12-05 11:17 - 00000000 ____D C:\Users\svjankum\AppData\Roaming\LSC
2014-01-10 12:44 - 2012-07-26 09:12 - 00000000 ____D C:\WINDOWS\system32\NDF
2014-01-10 12:33 - 2014-01-10 12:33 - 00000000 ____D C:\Users\svjankum\AppData\Roaming\Mozilla
2014-01-10 12:33 - 2014-01-10 12:33 - 00000000 ____D C:\Users\svjankum\AppData\Local\Mozilla
2014-01-07 09:37 - 2014-01-07 09:37 - 00029627 __RSH C:\ProgramData\ntuser.pol
2014-01-06 20:01 - 2013-07-17 13:29 - 00000000 ____D C:\Users\brandlmaierh\AppData\Roaming\LSC
2014-01-04 14:33 - 2014-01-04 14:24 - 00000000 ____D C:\Users\Public\CyberLink
2014-01-04 14:19 - 2014-01-04 14:19 - 00000000 ____D C:\Users\brandlmaierh\AppData\Roaming\WebApp
2014-01-04 13:32 - 2014-01-04 13:32 - 00000000 ____D C:\Users\brandlmaierh\Documents\CyberLink
2014-01-04 13:32 - 2014-01-04 13:32 - 00000000 ____D C:\Users\brandlmaierh\AppData\Roaming\CyberLink
2014-01-04 13:32 - 2013-06-26 17:14 - 00000000 ____D C:\ProgramData\CyberLink
2014-01-02 09:17 - 2014-01-02 09:17 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2014-01-02 08:48 - 2013-07-17 13:53 - 00000000 ____D C:\Users\brandlmaierh\AppData\Local\CrashDumps
2013-12-30 16:03 - 2013-07-22 13:50 - 00000000 ____D C:\Users\brandlmaierh\AppData\Local\Deployment
2013-12-25 09:08 - 2013-12-25 08:53 - 00000000 ____D C:\Users\brandlmaierh\AppData\Roaming\RavensburgerTipToi
2013-12-25 08:53 - 2013-12-25 08:53 - 00001103 _____ C:\Users\brandlmaierh\Desktop\tiptoi.lnk
2013-12-25 08:53 - 2013-12-25 08:53 - 00000000 ____D C:\Users\brandlmaierh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\tiptoi® Manager
2013-12-25 08:53 - 2013-12-25 08:53 - 00000000 ____D C:\ProgramData\RavensburgerTipToi
2013-12-25 08:53 - 2013-12-25 08:53 - 00000000 ____D C:\Program Files (x86)\Ravensburger tiptoi

Files to move or delete:
====================
C:\ProgramData\Lenovo-14435.vbs


Some content of TEMP:
====================
C:\Users\adminlp0272\AppData\Local\Temp\BingBarSetup-Partner.exe
C:\Users\adminlp0272\AppData\Local\Temp\xmlUpdater.exe
C:\Users\brandlmaierh\AppData\Local\Temp\COMAP.EXE
C:\Users\brandlmaierh\AppData\Local\Temp\MouseKeyboardCenterx64_1031.exe
C:\Users\brandlmaierh\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\brandlmaierh\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\brandlmaierh\AppData\Local\Temp\nvStInst.exe
C:\Users\brandlmaierh\AppData\Local\Temp\tiptoi-install.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-01-08 09:03

==================== End Of Log ============================

Addition.txt:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-01-2014 01
Ran by BrandlmaierH at 2014-01-13 12:30:45
Running from C:\Users\brandlmaierh\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Trend Micro OfficeScan Antivirus (Enabled - Up to date) {B7599298-8445-728A-A5C7-A26A082C8BDA}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

PowerDVD Create 10 (x32 Version: 10.0.1.2020 - CyberLink Corp.) Hidden
7-Zip 9.20 (x32 Version: - )
Adobe AIR (x32 Version: 3.9.0.1380 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.9.0.1380 - Adobe Systems Incorporated) Hidden
Adobe Reader XI (11.0.05) - Deutsch (x32 Version: 11.0.05 - Adobe Systems Incorporated)
Anzeige am Bildschirm (Version: 7.10.00 - )
Apple Application Support (x32 Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (x32 Version: 2.1.3.127 - Apple Inc.)
Bing Bar (x32 Version: 7.3.124.0 - Microsoft Corporation)
BMDArchivExcel2010 (x32 Version: 2.1.40 - BMDSoftware\OfficeAddOn)
BMDArchivOutlook2010 (x32 Version: 2.1.40 - BMDSoftware\OfficeAddOn)
BMDArchivPowerPoint2010 (x32 Version: 2.1.40 - BMDSoftware\OfficeAddOn)
BMDArchivWord2010 (x32 Version: 2.1.40 - BMDSoftware\OfficeAddOn)
Bonjour (Version: 3.0.0.10 - Apple Inc.)
CCleaner (Version: 4.08 - Piriform)
Clever (HKCU Version: 1.0.0.82 - OeMAGTools)
CyberLink Power2Go 7 (x32 Version: 7.0.0.3217 - CyberLink Corp.) Hidden
CyberLink PowerDVD 10 (x32 Version: 10.0.4420.52 - CyberLink Corp.)
CyberLink PowerDVD 10 (x32 Version: 10.0.4420.52 - CyberLink Corp.) Hidden
CyberLink PowerProducer 5.5 (x32 Version: 5.5.3.4307 - CyberLink Corp.) Hidden
Disable AMT Profile Synchronization Pop-up for Windows XP/Vista/7/8 (Version: 1.00 - )
Dolby Advanced Audio v2 (x32 Version: 7.2.8000.16 - Dolby Laboratories Inc)
ESTOS ProCall (x32 Version: 4.1.11.22232 - ESTOS)
Google Chrome (x32 Version: 31.0.1650.63 - Google Inc.)
Google Earth (x32 Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden
Integrated Camera Driver Installer Package Ver.1.0.0.19 (x32 Version: 1.0.0.19 - RICOH)
Intel AppUp(R) center (x32 Version: 3.8.0.41651.58 - Intel)
Intel(R) Management Engine Components (x32 Version: 8.1.0.1281 - Intel Corporation)
Intel(R) Network Connections Drivers (Version: 18.0 - Intel)
Intel(R) PRO/Wireless Driver (Version: 16.01.5000.0577 - Intel Corporation) Hidden
Intel(R) Processor Graphics (x32 Version: 9.17.10.2843 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (x32 Version: 2.0.0.37149 - Intel Corporation)
Intel(R) WiDi (Version: 3.5.40.0 - Intel Corporation)
Intel® PROSet/Wireless Software (x32 Version: 16.1.5 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (Version: 16.01.5000.0269 - Intel Corporation) Hidden
Intel® Trusted Connect Service Client (Version: 1.24.738.1 - Intel Corporation) Hidden
iTunes (Version: 11.1.3.8 - Apple Inc.)
Java 7 Update 21 (x32 Version: 7.0.210 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.5 - Sun Microsystems, Inc.) Hidden
KontingentBearbeitungsOberflaeche (HKCU Version: 1.0.0.52 - OeMAGTools)
LastPass(Nur deinstallieren) (x32 Version: - LastPass)
Lenovo Auto Scroll Utility (Version: 1.34 - )
Lenovo Dependency Package (x32 Version: 1.05.0013 - Lenovo Group Limited)
Lenovo Patch Utility (x32 Version: 1.3.1.1 - Lenovo Group Limited)
Lenovo Patch Utility 64 bit (Version: 1.3.1.1 - Lenovo Group Limited)
Lenovo Patch Utility 64 bit (Version: 1.4.0.4 - Lenovo Group Limited) Hidden
Lenovo Power Management Driver (Version: 1.66.00.22 - )
Lenovo QuickLaunch (x32 Version: 1.2.0010 - Lenovo Group Limited)
Lenovo Settings - Camera Audio (Version: 4.0.17.0 - Lenovo Corporation)
Lenovo Settings Dependency Package (Version: 1.0.5.6 - Lenovo Group Limited)
Lenovo Settings Mobile Hotspot (Version: 1.0.0.26 - Lenovo)
Lenovo Solution Center (Version: 2.3.002.00 - Lenovo Group Limited)
Lenovo System Update (x32 Version: 5.00.0019 - Lenovo)
Lenovo User Guide (x32 Version: 1.0.0012.00 - Lenovo Group Limited)
Lenovo Warranty Information (x32 Version: 1.0.0011.00 - Lenovo)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
Microsoft Office Access MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office InfoPath MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Live Add-in 1.5 (x32 Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
Microsoft Office Publisher MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Report Viewer Redistributable 2008 (KB971119) (x32 Version: - Microsoft Corporation)
Microsoft Report Viewer Redistributable 2008 (KB971119) (x32 Version: 9.0.30731 - Microsoft Corporation) Hidden
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Backward compatibility (Version: 8.05.2309 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects (x64) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (x64) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)
Microsoft-Maus- und Tastatur-Center (Version: 2.2.173.0 - Microsoft Corporation)
Microsoft-Maus- und Tastatur-Center (Version: 2.2.173.0 - Microsoft Corporation) Hidden
Mobile Broadband Drivers (x32 Version: 8.0.10.1 - Ericsson AB)
Mozilla Firefox 26.0 (x86 de) (x32 Version: 26.0 - Mozilla)
Mozilla Maintenance Service (x32 Version: 26.0 - Mozilla)
Notepad++ (x32 Version: 5.9.8 - )
NVIDIA 3D Vision Treiber 312.69 (Version: 312.69 - NVIDIA Corporation)
NVIDIA Grafiktreiber 312.69 (Version: 312.69 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.24.2 (Version: 1.3.24.2 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.124.810 - NVIDIA Corporation) Hidden
NVIDIA nView 136.53 (Version: 136.53 - NVIDIA Corporation)
NVIDIA Optimus 1.11.3 (Version: 1.11.3 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.1269 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 312.69 (Version: 312.69 - NVIDIA Corporation) Hidden
NVIDIA Update 1.11.3 (Version: 1.11.3 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.11.3 - NVIDIA Corporation) Hidden
PowerDVD Create (x32 Version: 10.0 - CyberLink Corp.)
Ravensburger tiptoi (x32 Version: - )
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6710 - Realtek Semiconductor Corp.)
RICOH_Media_Driver_v2.22.18.02 (x32 Version: 2.22.18.02 - RICOH)
SES Driver (Version: 1.0.0 - Western Digital)
SQLXML4 (Version: 9.00.1399.06 - Microsoft Corporation)
SugarSync Manager (x32 Version: 1.9.80.99066 - SugarSync, Inc.)
System Center Essentials Configuration Helper (Version: 7.0.2432.0 - Microsoft Corporation)
System Center Operations Manager 2007 R2 Agent (Version: 6.1.7221.0 - Microsoft Corporation)
ThinkPad Bluetooth with Enhanced Data Rate Software (Version: 12.0.0.4300 - Broadcom Corporation)
ThinkPad UltraNav Driver (Version: 16.2.19.7 - )
ThinkVantage Fingerprint Software (Version: 5.9.9.7282 - Authentec Inc.)
ThinkVantage System für aktiven Festplattenschutz (Version: 1.77.0.8 - Lenovo)
Trend Micro OfficeScan Client (x32 Version: 10.6.3205 - Trend Micro Inc.)
TrueCrypt (x32 Version: 7.1a - TrueCrypt Foundation)
Update for 2007 Microsoft Office System (KB967642) (x32 Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2825642) 32-Bit Edition (x32 Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (x32 Version: - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (x32 Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (x32 Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (x32 Version: - Microsoft)
VLC media player 1.1.11 (x32 Version: 1.1.11 - VideoLAN)
WaveEditor (x32 Version: 1.0.1.4406 - CyberLink Corp.) Hidden
Windows Driver Package - Western Digital Technologies (WDC_SAM) WDC_SAM (01/19/2011 1.0.0009.0) (Version: 01/19/2011 1.0.0009.0 - Western Digital Technologies)
Windows-Treiberpaket - Intel System (01/11/2012 9.3.0.1020) (Version: 01/11/2012 9.3.0.1020 - Intel)
Windows-Treiberpaket - Intel System (08/26/2011 9.3.0.1011) (Version: 08/26/2011 9.3.0.1011 - Intel)
Windows-Treiberpaket - Intel USB (08/26/2011 9.3.0.1011) (Version: 08/26/2011 9.3.0.1011 - Intel)
Windows-Treiberpaket - Lenovo 1.66.00.07 (08/15/2012 1.66.00.07) (Version: 08/15/2012 1.66.00.07 - Lenovo)
Windows-Treiberpaket - Synaptics (SmbDrv) System (08/16/2012 16.2.10.5) (Version: 08/16/2012 16.2.10.5 - Synaptics)
Windows-Treiberpaket - Synaptics (SynTP) Mouse (08/16/2012 16.2.10.5) (Version: 08/16/2012 16.2.10.5 - Synaptics)

==================== Restore Points =========================

12-12-2013 11:20:41 Geplanter Prüfpunkt
30-12-2013 09:18:41 Geplanter Prüfpunkt
06-01-2014 19:20:21 Geplanter Prüfpunkt
10-01-2014 12:26:58 Installiert Mobile Broadband Drivers

==================== Hosts content: ==========================

2012-07-26 06:26 - 2013-07-17 12:42 - 00001018 ____A C:\WINDOWS\system32\Drivers\etc\hosts
192.168.200.112 CISMODC01
192.168.200.113 CISMODC02
192.168.200.116 CISMOFS01
192.168.200.122 CISMOPRINT01
192.168.200.114 CISMOEX01
192.168.200.117 CISMOBMD01
192.168.200.124 CISMOTEL01


==================== Scheduled Tasks (whitelisted) =============

Task: {079258F7-BE76-4B01-819A-E3CF00017BB2} - System32\Tasks\Microsoft\Windows\PLA\LSC Memory => Rundll32.exe C:\WINDOWS\system32\pla.dll,PlaHost "LSC Memory" "$(Arg0)"
Task: {0AA314C9-A772-4DC5-86C2-A64D00DD4942} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2013-05-13] (Microsoft)
Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {29419E44-75DF-4781-9E01-4FC00F6DF1B2} - System32\Tasks\StartPowerDVDService => C:\PROGRAM FILES (x86)\Cyberlink\PowerDVD10\PDVD10Serv.exe [2012-07-13] (CyberLink Corp.)
Task: {3FD9117A-0EAE-4005-95F9-5E1CD8112D3E} - System32\Tasks\Lenovo\sysrun-25157 => C:\Users\brandlmaierh\AppData\Local\Temp\sysrun-25157.cmd <==== ATTENTION
Task: {42FA5991-3630-41AC-9962-CDA0EB5285AA} - System32\Tasks\Lenovo\sysrun-25385 => C:\Users\brandlmaierh\AppData\Local\Temp\sysrun-25385.cmd <==== ATTENTION
Task: {4804E6EE-DB4D-4B89-971D-0E5E3AA16910} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [2013-09-25] (Lenovo)
Task: {50869874-BB59-416A-8FD3-5ECD41AC078B} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\system32\NotificationUI.exe [2013-08-16] (Microsoft Corporation)
Task: {6019E693-B987-425D-B44E-B9485C73D182} - System32\Tasks\CLMLSvc => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [2012-05-24] (CyberLink)
Task: {68A9E9F5-3596-4DFE-8663-E37D545B44FB} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-11-22] (Piriform Ltd)
Task: {70C4EE7C-7C87-491F-A9F4-EC8F30052DAA} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2013-09-25] ()
Task: {75DBB9F6-647D-44A0-A389-B226C2FB1E7A} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {8F18B10A-36B7-4DFB-BFB9-CE21D2AFEBCB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-25] (Google Inc.)
Task: {913184F8-3B90-4A18-BD31-D123E573B93D} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2012-09-27] ()
Task: {9D0B961B-3F3E-4942-BC3D-21E6A5F75DC4} - System32\Tasks\Lenovo\Lenovo-14435 => C:\ProgramData\Lenovo-14435.vbs [2013-06-26] ()
Task: {9F7E58E5-7838-4ED8-869B-93DBBECCCD2A} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {ADA2C32D-A683-47B0-8604-0D43A328364B} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {B1B63F56-CE1D-49C1-9E9A-8326F6CC02CD} - System32\Tasks\Microsoft\Windows\GroupPolicy\{A7719E0F-10DB-4640-AD8C-490CC6AD5202}
Task: {B5E7707A-64C9-4B0A-BD18-D889DE8F4A86} - System32\Tasks\Dolby => c:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe [2012-07-25] (Dolby Laboratories Inc.)
Task: {BBD815F2-E78C-4491-BB7B-6D05FED07CBC} - System32\Tasks\Lenovo\LSC\LSCHardwareScanPostpone => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2013-09-25] ()
Task: {C44510A1-44FB-49A3-88B2-09DF6128D582} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {D8C0548D-C9F8-486E-80B3-D40159F6A88D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-25] (Google Inc.)
Task: {D94FF244-9B74-44A4-B0C1-B7218A79C83C} - System32\Tasks\Microsoft\Windows\GroupPolicy\{3E0A038B-D834-4930-9981-E89C9BFF83AA}
Task: {E9BF7075-E6E2-4053-A058-EB600965F0B5} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2013-09-25] (Lenovo)
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2012-11-28 17:20 - 2012-11-01 20:43 - 00175008 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4396.1016_x64__8wekyb3d8bbwe\ModernShared\ErrorReporting\ErrorReporting.dll
2013-06-27 02:54 - 2012-08-25 21:36 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-05-08 11:57 - 2007-05-16 10:42 - 00089088 _____ () C:\Program Files (x86)\Trend Micro\OfficeScan Client\zlibwapi.dll
2013-05-08 11:57 - 2011-04-01 12:16 - 00801792 _____ () C:\Program Files (x86)\Trend Micro\OfficeScan Client\sqlite3.dll
2013-04-21 20:44 - 2013-04-21 20:44 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-04-21 20:44 - 2013-04-21 20:44 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-06-26 17:18 - 2012-10-15 19:10 - 02201088 _____ () C:\Program Files\Lenovo\Communications Utility\cxcore210.dll
2013-06-26 17:18 - 2012-10-15 19:10 - 02085888 _____ () C:\Program Files\Lenovo\Communications Utility\cv210.dll
2013-12-06 09:00 - 2013-12-06 09:00 - 00491008 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.Networking\48c2e4346c32df24c33f7a095339881c\Windows.Networking.ni.dll
2013-12-06 09:00 - 2013-12-06 09:00 - 00184832 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.Foundation\387a593cd07b32b07cbdf0e94ae9a092\Windows.Foundation.ni.dll
2013-06-26 17:07 - 2012-07-18 20:55 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2012-05-24 20:19 - 2012-05-24 20:19 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
2012-05-24 20:19 - 2012-05-24 20:19 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
2009-02-26 12:46 - 2009-02-26 12:46 - 00064344 _____ () C:\Program Files (x86)\Microsoft Office\Office12\ADDINS\ColleagueImport.dll
2011-06-22 10:46 - 2011-06-22 10:46 - 00434016 _____ () C:\Program Files (x86)\Microsoft Office\Office12\ADDINS\UmOutlookAddin.dll
2013-07-10 17:07 - 2013-07-10 17:07 - 00756888 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL
2014-01-02 09:17 - 2014-01-02 09:17 - 03559024 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Could not start eventlog service, could not read events.

Der angeforderte Dienst wurde bereits gestartet.

Sie erhalten weitere Hilfe, wenn Sie NET HELPMSG 2182 eingeben.


==================== Memory info ===========================

Percentage of memory in use: 36%
Total physical RAM: 8010.86 MB
Available physical RAM: 5092.02 MB
Total Pagefile: 9226.86 MB
Available Pagefile: 5866.86 MB
Total Virtual: 8192 MB
Available Virtual: 8191.77 MB

==================== Drives ================================

Drive c: (Windows8_OS) (Fixed) (Total:202.68 GB) (Free:48.82 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 224 GB) (Disk ID: E41428A0)

Partition: GPT Partition Type
==================== End Of Log ============================

Alt 13.01.2014, 13:01   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Telekom Mobilfunk RechnungOnline für Geschäftskunden - Standard

Telekom Mobilfunk RechnungOnline für Geschäftskunden



hi,

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.




Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________

__________________

Alt 13.01.2014, 15:25   #3
Vayn
 
Telekom Mobilfunk RechnungOnline für Geschäftskunden - Standard

Telekom Mobilfunk RechnungOnline für Geschäftskunden



ich schaffe es leider nicht den TredMicro abzuwürgen. DAs Passwort zum deaktivieren hat meine Kollegin und die ist auf Urlaub.
Es ist der TrendMicro Office SCAN und diese lässt sich leider abschießen. Abschalten oder sonstiges.. wie sehr beeintrechtigt dass das Eregnis ?

LG Vayn

[CODE]
Combofix Logfile:
Code:
ATTFilter
ComboFix 14-01-13.01 - SVJankuM 13.01.2014  14:45:13.2.8 - x64
Microsoft Windows 8 Pro  6.2.9200.0.1252.43.1031.18.8011.5440 [GMT 1:00]
ausgeführt von:: c:\users\svjankum\Desktop\ComboFix.exe
AV: Trend Micro OfficeScan Antivirus *Enabled/Updated* {B7599298-8445-728A-A5C7-A26A082C8BDA}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Im Speicher befindliches AV aktiv.
.
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-12-13 bis 2014-01-13  ))))))))))))))))))))))))))))))
.
.
2014-01-13 14:10 . 2014-01-13 14:10	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2014-01-13 14:10 . 2014-01-13 14:10	--------	d-----w-	c:\users\svjankum\AppData\Local\temp
2014-01-13 14:10 . 2014-01-13 14:10	--------	d-----w-	c:\users\Public\AppData\Local\temp
2014-01-13 14:10 . 2014-01-13 14:10	--------	d-----w-	c:\users\Default\AppData\Local\temp
2014-01-13 14:10 . 2014-01-13 14:10	--------	d-----w-	c:\users\brandlmaierh\AppData\Local\temp
2014-01-13 14:10 . 2014-01-13 14:10	--------	d-----w-	c:\users\adminlp0272\AppData\Local\temp
2014-01-13 13:53 . 2014-01-13 13:53	--------	d-----w-	c:\users\svjankum\AppData\Local\CrashDumps
2014-01-13 11:29 . 2014-01-13 11:29	--------	d-----w-	C:\FRST
2014-01-10 12:28 . 2012-11-26 10:40	452432	----a-w-	c:\windows\system32\drivers\e1c63x64.sys
2014-01-10 12:28 . 2012-08-09 11:56	101224	----a-w-	c:\windows\system32\NicInstC.dll
2014-01-10 12:28 . 2012-08-09 07:54	73032	----a-w-	c:\windows\system32\e1cmsg.dll
2014-01-10 12:27 . 2014-01-10 12:28	--------	d-----w-	c:\windows\LastGood.Tmp
2014-01-10 12:27 . 2012-12-05 13:04	40760	----a-w-	c:\windows\system32\drivers\MbmDeviceFilter.sys
2014-01-10 12:27 . 2013-03-12 00:37	252928	----a-w-	c:\windows\system32\MbmGpsRM.dll
2014-01-10 12:27 . 2012-11-30 12:29	216576	----a-w-	c:\windows\system32\drivers\UMDF\MbmGeolocationSensor.dll
2014-01-10 12:27 . 2012-12-05 12:42	118272	----a-w-	c:\windows\system32\drivers\UMDF\MbmDevExt.dll
2014-01-10 12:27 . 2012-12-07 01:02	35840	----a-w-	c:\windows\system32\drivers\MbmLowExt.sys
2014-01-10 12:26 . 2014-01-10 12:26	--------	d-----w-	c:\users\svjankum\AppData\Local\Programs
2014-01-10 12:25 . 2014-01-10 12:25	--------	d-----w-	C:\DRIVERS
2014-01-10 11:42 . 2014-01-10 11:42	--------	d-----w-	c:\users\svjankum\AppData\Local\Diagnostics
2014-01-10 11:33 . 2014-01-10 11:33	--------	d-----w-	c:\users\svjankum\AppData\Local\Mozilla
2014-01-04 13:24 . 2014-01-04 13:33	--------	d-----w-	c:\users\Public\CyberLink
2014-01-04 13:19 . 2014-01-04 13:19	--------	d-----w-	c:\users\brandlmaierh\AppData\Roaming\WebApp
2014-01-04 12:32 . 2014-01-04 12:32	--------	d-----w-	c:\users\brandlmaierh\AppData\Roaming\CyberLink
2013-12-25 07:53 . 2013-12-25 08:08	--------	d-----w-	c:\users\brandlmaierh\AppData\Roaming\RavensburgerTipToi
2013-12-25 07:53 . 2013-12-25 07:53	--------	d-----w-	c:\programdata\RavensburgerTipToi
2013-12-25 07:53 . 2013-12-25 07:53	--------	d-----w-	c:\program files (x86)\Ravensburger tiptoi
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-12-05 10:11 . 2013-12-05 10:11	59816	----a-r-	c:\users\brandlmaierh\AppData\Roaming\Microsoft\Installer\{053ACA98-6B07-4DD0-9DB3-F51E3EB1780C}\ARPPRODUCTICON.exe
2013-12-05 09:15 . 2013-06-26 11:34	82896128	----a-w-	c:\windows\system32\MRT.exe
2013-11-05 22:58 . 2013-12-05 10:16	78296	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-11-05 22:58 . 2013-12-05 10:16	694232	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-10-29 07:17 . 2013-12-05 10:06	961192	----a-w-	c:\windows\SysWow64\nvumdshim.dll
2013-10-29 07:17 . 2013-12-05 10:06	7566624	----a-w-	c:\windows\system32\nvopencl.dll
2013-10-29 07:17 . 2013-12-05 10:06	6264144	----a-w-	c:\windows\SysWow64\nvopencl.dll
2013-10-29 07:17 . 2013-12-05 10:06	30496	----a-w-	c:\windows\system32\drivers\nvpciflt.sys
2013-10-29 07:17 . 2013-12-05 10:06	284448	----a-w-	c:\windows\system32\drivers\nvkflt.sys
2013-10-29 07:17 . 2013-12-05 10:06	26940704	----a-w-	c:\windows\system32\nvoglv64.dll
2013-10-29 07:17 . 2013-12-05 10:06	245872	----a-w-	c:\windows\system32\nvinitx.dll
2013-10-29 07:17 . 2013-12-05 10:06	20461344	----a-w-	c:\windows\SysWow64\nvoglv32.dll
2013-10-29 07:17 . 2013-12-05 10:06	15051216	----a-w-	c:\windows\system32\nvwgf2umx.dll
2013-10-29 07:17 . 2013-12-05 10:06	12641480	----a-w-	c:\windows\SysWow64\nvwgf2um.dll
2013-10-29 07:17 . 2013-12-05 10:06	11137824	----a-w-	c:\windows\system32\drivers\nvlddmkm.sys
2013-10-29 07:17 . 2013-12-05 10:06	1107440	----a-w-	c:\windows\system32\nvumdshimx.dll
2013-10-29 07:17 . 2013-12-05 10:06	9393856	----a-w-	c:\windows\system32\nvcuda.dll
2013-10-29 07:17 . 2013-12-05 10:06	7935352	----a-w-	c:\windows\SysWow64\nvcuda.dll
2013-10-29 07:17 . 2013-12-05 10:06	2907936	----a-w-	c:\windows\system32\nvcuvid.dll
2013-10-29 07:17 . 2013-12-05 10:06	2723616	----a-w-	c:\windows\SysWow64\nvcuvid.dll
2013-10-29 07:17 . 2013-12-05 10:06	2346784	----a-w-	c:\windows\system32\nvcuvenc.dll
2013-10-29 07:17 . 2013-12-05 10:06	201576	----a-w-	c:\windows\SysWow64\nvinit.dll
2013-10-29 07:17 . 2013-12-05 10:06	1987360	----a-w-	c:\windows\SysWow64\nvcuvenc.dll
2013-10-29 07:17 . 2013-12-05 10:06	1814304	----a-w-	c:\windows\system32\nvdispco6431269.dll
2013-10-29 07:17 . 2013-12-05 10:06	18005208	----a-w-	c:\windows\system32\nvd3dumx.dll
2013-10-29 07:17 . 2013-12-05 10:06	1511712	----a-w-	c:\windows\system32\nvdispgenco6431269.dll
2013-10-29 07:17 . 2013-12-05 10:06	15095440	----a-w-	c:\windows\SysWow64\nvd3dum.dll
2013-10-29 07:17 . 2013-12-05 10:06	2832720	----a-w-	c:\windows\system32\nvapi64.dll
2013-10-29 07:17 . 2013-12-05 10:06	25256224	----a-w-	c:\windows\system32\nvcompiler.dll
2013-10-29 07:17 . 2013-12-05 10:06	2511312	----a-w-	c:\windows\SysWow64\nvapi.dll
2013-10-29 07:17 . 2013-12-05 10:06	17560352	----a-w-	c:\windows\SysWow64\nvcompiler.dll
2013-10-29 00:53 . 2013-06-26 16:10	6426400	----a-w-	c:\windows\system32\nvcpl.dll
2013-10-29 00:53 . 2013-06-26 16:10	3505440	----a-w-	c:\windows\system32\nvsvc64.dll
2013-10-29 00:53 . 2013-06-26 16:10	893216	----a-w-	c:\windows\system32\nvvsvc.exe
2013-10-29 00:53 . 2013-06-26 16:10	560928	----a-w-	c:\windows\SysWow64\oemdspif.dll
2013-10-29 00:53 . 2013-06-26 16:10	3435888	----a-w-	c:\windows\system32\nvcoproc.bin
2013-10-29 00:53 . 2013-06-26 16:10	2558240	----a-w-	c:\windows\system32\nvsvcr.dll
2013-10-29 00:53 . 2013-06-26 16:10	118560	----a-w-	c:\windows\system32\nvmctray.dll
2013-10-29 00:53 . 2013-06-26 11:41	63776	----a-w-	c:\windows\system32\nvshext.dll
2013-10-29 00:53 . 2013-12-05 10:07	76064	----a-w-	c:\windows\system32\nv3dappshextr.dll
2013-10-29 00:53 . 2013-12-05 10:07	1001760	----a-w-	c:\windows\system32\nv3dappshext.dll
2013-10-28 17:38 . 2013-10-28 17:38	551712	----a-w-	c:\windows\SysWow64\nvStreaming.exe
2013-06-26 12:54 . 2013-06-26 12:54	14880256	----a-w-	c:\program files (x86)\Common Files\lpuninstall.exe
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IMSS"="c:\program files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [2012-07-19 133440]
"RotateImage"="c:\program files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe" [2012-05-02 59392]
"Intel AppUp(R) center"="c:\program files (x86)\Intel\IntelAppStore\bin\ismagent.exe" [2012-12-14 156000]
"OfficeScanNT Monitor"="c:\program files (x86)\Trend Micro\OfficeScan Client\pccntmon.exe" [2012-12-07 2230608]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-05-11 958576]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"ECtiClient"="c:\program files (x86)\ESTOS\ProCall 4\eCtiClient.exe" [2013-05-22 21693208]
"BMDNetClient_CISMOBMD01"="c:\programdata\BMDNTCS\BMDNTCSClients\CISMOBMD01\BMDNetClient.exe" [2013-03-25 40098512]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-11-01 152392]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\StartUp\
Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2012-11-15 525080]
Install LastPass FF RunOnce.lnk - c:\program files (x86)\Common Files\lpuninstall.exe -q -name=LastPass -ffuuid support@lastpass.com [2013-6-26 14880256]
Install LastPass IE RunOnce.lnk - c:\program files (x86)\Common Files\lpuninstall.exe -p -name=LastPass -ffuuid support@lastpass.com [2013-6-26 14880256]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableCursorSuppression"= 1 (0x1)
"ConsentPromptBehaviorUser"= 3 (0x3)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoInplaceSharing"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages	REG_MULTI_SZ   	scecli c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
.
R2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.3.124.0\BBSvc.exe;c:\program files (x86)\Microsoft\BingBar\7.3.124.0\BBSvc.exe [x]
R2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\SysWOW64\NLSSRV32.EXE;c:\windows\SysWOW64\NLSSRV32.EXE [x]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\System32\drivers\dc3d.sys;c:\windows\SYSNATIVE\drivers\dc3d.sys [x]
R3 edsservice;ESTOS Desktop Sharing-Dienste;c:\program files (x86)\ESTOS\ProCall 4\EDeskShareService.exe;c:\program files (x86)\ESTOS\ProCall 4\EDeskShareService.exe [x]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys;c:\windows\SYSNATIVE\drivers\intelaud.sys [x]
R3 LSCWinService;LSCWinService;c:\program files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe;c:\program files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\System32\drivers\point64.sys;c:\windows\SYSNATIVE\drivers\point64.sys [x]
R3 tmeevw;tmeevw;c:\windows\system32\DRIVERS\tmeevw.sys;c:\windows\SYSNATIVE\DRIVERS\tmeevw.sys [x]
R3 tmusa;Trend Micro Osprey Driver;c:\windows\system32\DRIVERS\tmusa.sys;c:\windows\SYSNATIVE\DRIVERS\tmusa.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\System32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\System32\drivers\wdcsam64.sys;c:\windows\SYSNATIVE\drivers\wdcsam64.sys [x]
R4 AdtAgent;Operations Manager Audit Forwarding Service;c:\windows\system32\AdtAgent.exe;c:\windows\SYSNATIVE\AdtAgent.exe [x]
S0 iaStorA;iaStorA;c:\windows\System32\drivers\iaStorA.sys;c:\windows\SYSNATIVE\drivers\iaStorA.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM64.sys;c:\windows\SYSNATIVE\DRIVERS\ApsHM64.sys [x]
S1 nvkflt;nvkflt;c:\windows\system32\DRIVERS\nvkflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvkflt.sys [x]
S2 BcmBtRSupport;Bluetooth Radio Control Service;c:\windows\system32\BtwRSupportService.exe;c:\windows\SYSNATIVE\BtwRSupportService.exe [x]
S2 EACUSrv;ESTOS Automatic Client Update;c:\windows\system32\EACUSrv.exe;c:\windows\SYSNATIVE\EACUSrv.exe [x]
S2 HealthService;System Center Management;c:\program files\System Center Operations Manager 2007\HealthService.exe;c:\program files\System Center Operations Manager 2007\HealthService.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 Lenovo QuickSnip Service;Lenovo QuickSnip Service;c:\program files\lenovo\QuickSnipService\QuickSnipService.exe;c:\program files\lenovo\QuickSnipService\QuickSnipService.exe [x]
S2 Lenovo System Agent Service;Lenovo System Agent Service;c:\program files\lenovo\SystemAgent\SystemAgentService.exe;c:\program files\lenovo\SystemAgent\SystemAgentService.exe [x]
S2 LENOVO.CAMMUTE;Lenovo AVFramework Camera Privacy Controller;c:\program files\Lenovo\Communications Utility\CamMute.exe;c:\program files\Lenovo\Communications Utility\CamMute.exe [x]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [x]
S2 LENOVO.TPKNRSVC;Lenovo AVFramework Microphone Volume Controller and Dolby Interface;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe [x]
S2 LENOVO.TVTVCAM;Lenovo AVFramework Control Center and ThinkVantage Virtual Camera Controller;c:\program files\Lenovo\Communications Utility\vcamsvc.exe;c:\program files\Lenovo\Communications Utility\vcamsvc.exe [x]
S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [x]
S2 LnvHotSpotSvc;LnvMHService;c:\program files\Lenovo\Lenovo Mobile Hotspot\LnvHotSpotSvc.exe;c:\program files\Lenovo\Lenovo Mobile Hotspot\LnvHotSpotSvc.exe [x]
S2 LocationTaskManager;Location Task Manager;c:\program files (x86)\Lenovo\LocationAware\loctaskmgr.exe;c:\program files (x86)\Lenovo\LocationAware\loctaskmgr.exe [x]
S2 Power Manager DBC Service;Lenovo Settings Power Service;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [x]
S2 smihlp2;SMI Helper Driver (smihlp2);c:\program files\ThinkVantage Fingerprint Software\smihlp.sys;c:\program files\ThinkVantage Fingerprint Software\smihlp.sys [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys;c:\windows\SYSNATIVE\DRIVERS\tmevtmgr.sys [x]
S2 TmFilter;Trend Micro Filter;c:\program files (x86)\Trend Micro\OfficeScan Client\TmXPFlt.sys;c:\program files (x86)\Trend Micro\OfficeScan Client\TmXPFlt.sys [x]
S2 TmPreFilter;Trend Micro PreFilter;c:\program files (x86)\Trend Micro\OfficeScan Client\TmPreFlt.sys;c:\program files (x86)\Trend Micro\OfficeScan Client\TmPreFlt.sys [x]
S2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [x]
S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.3.124.0\SeaPort.exe;c:\program files (x86)\Microsoft\BingBar\7.3.124.0\SeaPort.exe [x]
S3 bcbtums;Bluetooth RAM Firmware Download USB Filter;c:\windows\system32\drivers\bcbtums.sys;c:\windows\SYSNATIVE\drivers\bcbtums.sys [x]
S3 BthLEEnum;Treiber für energiearme Bluetooth-Geräte;c:\windows\system32\DRIVERS\BthLEEnum.sys;c:\windows\SYSNATIVE\DRIVERS\BthLEEnum.sys [x]
S3 btwampfl;btwampfl Bluetooth filter driver;c:\windows\system32\drivers\btwampfl.sys;c:\windows\SYSNATIVE\drivers\btwampfl.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
S3 iwdbus;IWD Bus Enumerator;c:\windows\System32\drivers\iwdbus.sys;c:\windows\SYSNATIVE\drivers\iwdbus.sys [x]
S3 LnvHIDHW;Lenovo HID Mini-driver for Hardware Radio Switch;c:\windows\System32\drivers\LnvHIDHW.sys;c:\windows\SYSNATIVE\drivers\LnvHIDHW.sys [x]
S3 MbmLowExt;MBM USB Extension Filter svc;c:\windows\System32\Drivers\MbmLowExt.sys;c:\windows\SYSNATIVE\Drivers\MbmLowExt.sys [x]
S3 MbmUsbSerial;MBM USB Generic Serial Driver svc;c:\windows\System32\Drivers\MbmUsbSerial.sys;c:\windows\SYSNATIVE\Drivers\MbmUsbSerial.sys [x]
S3 MkBusFilter;MbmFilter Service;c:\windows\System32\drivers\MbmDeviceFilter.sys;c:\windows\SYSNATIVE\drivers\MbmDeviceFilter.sys [x]
S3 NETwNe64;Intel(R) Wireless WiFi Link der Serie 5000 Adaptertreiber für Windows 8 64-Bit;c:\windows\system32\DRIVERS\NETwew00.sys;c:\windows\SYSNATIVE\DRIVERS\NETwew00.sys [x]
S3 RCUVCAVS;Ricoh UVC AVStream driver;c:\windows\system32\DRIVERS\RCUVCAVS.sys;c:\windows\SYSNATIVE\DRIVERS\RCUVCAVS.sys [x]
S3 risdxc;risdxc;c:\windows\System32\drivers\risdxc64.sys;c:\windows\SYSNATIVE\drivers\risdxc64.sys [x]
S3 SmbDrvI;SmbDrvI;c:\windows\system32\DRIVERS\Smb_driver_Intel.sys;c:\windows\SYSNATIVE\DRIVERS\Smb_driver_Intel.sys [x]
S3 usb3Hub;USB-IF USB 3.0 Hub;c:\windows\System32\drivers\usb3Hub.sys;c:\windows\SYSNATIVE\drivers\usb3Hub.sys [x]
S3 wmbclass;Generischer Adapter für das mobile Breitband;c:\windows\System32\drivers\wmbclass.sys;c:\windows\SYSNATIVE\drivers\wmbclass.sys [x]
S3 WUDFWpdMtp;WUDFWpdMtp;c:\windows\system32\DRIVERS\WUDFRd.sys;c:\windows\SYSNATIVE\DRIVERS\WUDFRd.sys [x]
S3 XHCIPort;USB-IF xHCI USB Host Controller;c:\windows\System32\drivers\XHCIPort.sys;c:\windows\SYSNATIVE\drivers\XHCIPort.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-12-05 20:53	1210320	----a-w-	c:\program files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{A6EADE66-0000-0000-484E-7E8A45000000}]
2013-09-05 14:04	215416	----a-w-	c:\program files (x86)\Adobe\Reader 11.0\Esl\AiodLite.dll
.
Inhalt des "geplante Tasks" Ordners
.
2014-01-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-07-25 08:40]
.
2014-01-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-07-25 08:40]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncBackedUp]
@="{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}"
[HKEY_CLASSES_ROOT\CLSID\{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}]
2012-09-19 05:36	480888	----a-w-	c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncPending]
@="{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}"
[HKEY_CLASSES_ROOT\CLSID\{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}]
2012-09-19 05:36	480888	----a-w-	c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncRoot]
@="{A759AFF6-5851-457D-A540-F4ECED148351}"
[HKEY_CLASSES_ROOT\CLSID\{A759AFF6-5851-457D-A540-F4ECED148351}]
2012-09-19 05:36	480888	----a-w-	c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncShared]
@="{1574C9EF-7D58-488F-B358-8B78C1538F51}"
[HKEY_CLASSES_ROOT\CLSID\{1574C9EF-7D58-488F-B358-8B78C1538F51}]
2012-09-19 05:36	480888	----a-w-	c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LenovoOptMouseUpdate"="c:\program files\Lenovo\HOTKEY\extapsup.exe" [2012-09-01 250976]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-08-21 13192848]
"RtHDVBg_Dolby"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2012-08-17 1215632]
"TpShocks"="TpShocks.exe" [2012-08-24 222720]
"LnvMobHotspotClient"="c:\program files\Lenovo\Lenovo Mobile Hotspot\MobileHotspotclient.exe" [2012-11-08 2645568]
"LENOVO.TPKNRRES"="c:\program files\Lenovo\Communications Utility\TPKNRRES.exe" [2012-10-17 572992]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2012-09-20 3933496]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-08-28 170304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-08-28 398656]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-08-28 441152]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://lenovo13-comm.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: LastPass - file://c:\users\svjankum\AppData\LocalLow\LastPass\context.html?cmd=lastpass
IE: LastPass Fill Forms - file://c:\users\svjankum\AppData\LocalLow\LastPass\context.html?cmd=fillforms
TCP: DhcpNameServer = 192.168.200.112 192.168.200.110
TCP: Interfaces\{53E041E1-3449-4E3D-8287-EC74ACA87887}: NameServer = 194.48.128.199,194.48.139.254
FF - ProfilePath - c:\users\svjankum\AppData\Roaming\Mozilla\Firefox\Profiles\1heghzjh.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
@SACL=(02 0000)
.
Zeit der Fertigstellung: 2014-01-13  15:19:58
ComboFix-quarantined-files.txt  2014-01-13 14:19
ComboFix2.txt  2014-01-13 12:49
.
Vor Suchlauf: 16 Verzeichnis(se), 52*866*813*952 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 52*300*038*144 Bytes frei
.
- - End Of File - - 8F2FDA2296AC138BCE5C503E6E3B31C8
         
--- --- ---
__________________

Alt 14.01.2014, 09:58   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Telekom Mobilfunk RechnungOnline für Geschäftskunden - Standard

Telekom Mobilfunk RechnungOnline für Geschäftskunden



Zitat:
DAs Passwort zum deaktivieren hat meine Kollegin und die ist auf Urlaub.
Ist das ein Firmenrechner?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu Telekom Mobilfunk RechnungOnline für Geschäftskunden
adobe, antivirus, bildschirm, bingbar, bonjour, browser, cpu, defender, desktop, email, feedback, festplatte, firefox, google, homepage, hotspot, mobilfunk, mozilla, realtek, registry, rundll, schutz, security, services.exe, software, svchost.exe, system, taskmanager, temp, windowsapps



Ähnliche Themen: Telekom Mobilfunk RechnungOnline für Geschäftskunden


  1. Trojaner-Warnung: falsche TELEKOM Mobilfunk-Rechnungen
    Diskussionsforum - 12.11.2014 (0)
  2. Telekom Spam: RechnungOnline Monat November
    Diskussionsforum - 10.11.2014 (4)
  3. Ihre Telekom Mobilfunk Rechnung Online ...
    Plagegeister aller Art und deren Bekämpfung - 07.02.2014 (14)
  4. Virenverdacht: Ihre Telekom Mobilfunk RechnungOnline für Geschäftskunden 441457467125403501 vom 14.01.2014
    Plagegeister aller Art und deren Bekämpfung - 03.02.2014 (11)
  5. Virenverdacht: Ihre Telekom Mobilfunk RechnungOnline für Geschäftskunden ... Notebook
    Log-Analyse und Auswertung - 02.02.2014 (1)
  6. Ihre Telekom Mobilfunk RechnungOnline für Geschäftskunden 186908786699659659 vom 13.01.2014 des Kundenkontos 975871876876.
    Plagegeister aller Art und deren Bekämpfung - 25.01.2014 (12)
  7. Ihre Telekom Mobilfunk RechnungOnline
    Plagegeister aller Art und deren Bekämpfung - 24.01.2014 (13)
  8. Ihre Telekom Mobilfunk RechnungOnline für Geschäftskunden 528908555434859859 vom 13.01.2014
    Plagegeister aller Art und deren Bekämpfung - 22.01.2014 (9)
  9. Ihre Telekom Mobilfunk RechnungOnline für Geschäftskunden 528908947402206206 vom 10.01.2014 des Kundenkontos 783600704704
    Plagegeister aller Art und deren Bekämpfung - 17.01.2014 (11)
  10. Telekom Deutschland GmbH Spam: Ihre Telekom Mobilfunk RechnungOnline für Geschäftskunden
    Diskussionsforum - 17.01.2014 (15)
  11. Ihre Telekom Mobilfunk RechnungOnline für Geschäftskunden 402873682992836836 vom 09.01.2014 des Kundenkontos 741600929929
    Plagegeister aller Art und deren Bekämpfung - 10.01.2014 (17)
  12. Ihre Telekom Mobilfunk RechnungOnline für Geschäftskunden 126569526535459903.... Link auf ausländische Seite
    Plagegeister aller Art und deren Bekämpfung - 10.01.2014 (1)
  13. Ihre Telekom Mobilfunk RechnungOnline für Geschäftskunden 402873682992836836 vom 09.01.2014 des Kundenkontos 741600929929.
    Plagegeister aller Art und deren Bekämpfung - 09.01.2014 (1)
  14. Ihre Telekom Mobilfunk RechnungOnline für Geschäftskunden 729123725580459555 vom 19.12.2013 des Kundenkontos 221221679254.
    Plagegeister aller Art und deren Bekämpfung - 31.12.2013 (3)
  15. rechnungonline.@telekom.de zip-file geöffnet
    Log-Analyse und Auswertung - 01.10.2013 (1)
  16. Mail mit schädlichen Anhang von rechnungonline.@telekom.de
    Plagegeister aller Art und deren Bekämpfung - 08.03.2013 (21)
  17. Telekom Spam: RechnungOnline Monat
    Diskussionsforum - 21.02.2013 (5)

Zum Thema Telekom Mobilfunk RechnungOnline für Geschäftskunden - Hi, einer unserer Vorstände hat das mail bekommen und geöffnet + Anhang + entzippen + auf die .exe geklickt. (hoch leben die lokalen Admin Rechte) Das Thema wurde ja schon - Telekom Mobilfunk RechnungOnline für Geschäftskunden...
Archiv
Du betrachtest: Telekom Mobilfunk RechnungOnline für Geschäftskunden auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.