Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: BKA Trojaner und was nun?

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 22.07.2014, 08:11   #1
darnoc861
 
BKA Trojaner und was nun? - Standard

BKA Trojaner und was nun?



Hallo Liebe Leute

habe mir offenbar auch einen BKA Trojaner eingefangen. Ich poste hier mal gleich um die Sache abzukürzen die Logfiles die benötigt werden. Wäre wirklich schön wenn mir jemand helfen könnte. VIELEN DANK


Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-07-2014
Ran by Conrad (administrator) on CONRAD-THINK on 22-07-2014 09:05:35
Running from C:\Users\Conrad\Downloads
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(AuthenTec, Inc) C:\Program Files\Lenovo Fingerprint Reader\TrueSuiteService.exe
(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
() C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Diskeeper Corporation) C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe
(Lenovo) C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(Ulead Systems, Inc.) C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATIHAE.EXE
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATIHAE.EXE
() C:\Users\Conrad\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe
(Dropbox, Inc.) C:\Users\Conrad\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Ricoh co.,Ltd.) C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe
(Intel Corporation) C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
(AuthenTec Inc.) C:\Program Files\Lenovo Fingerprint Reader\TouchControl.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AuthenTec Inc.) C:\Program Files\Lenovo Fingerprint Reader\x86\BioMonitor.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\mkrmsg.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Small Business Advantage\UI\IntelSmallBusinessAdvantage.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Small Business Advantage\Service\Intel.SmallBusinessAdvantage.WindowsService.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccsvchst.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccsvchst.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Penny Bee Agent) C:\ProgramData\pennybee\pennybee.exe
(Penny Bee Agent) C:\ProgramData\pennybee\wpennybeed.exe
(Penny Bee Agent) C:\ProgramData\pennybee\pennybee.exe
(www.shadowexplorer.com) C:\Program Files (x86)\ShadowExplorer\sesvc.exe
(www.shadowexplorer.com) C:\Program Files (x86)\ShadowExplorer\ShadowExplorer.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


und der zweite

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-07-2014
Ran by Conrad at 2014-07-22 09:06:20
Running from C:\Users\Conrad\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Norton Internet Security (Disabled - Out of date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Internet Security (Disabled - Out of date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security (Disabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

==================== Installed Programs ======================

AAVUpdateManager (HKLM-x32\...\{AFA42FE1-A5C3-485F-9180-BFCF5BF1F1C3}) (Version: 18.00.0000 - Wolters Kluwer Deutschland GmbH)
Absolute Reminder (HKLM-x32\...\{40F4FF7A-B214-4453-B973-080B09CED019}) (Version: 2.0.0.19 - Absolute Software)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 4.0.0.1390 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 4.0.0.1390 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 10 ActiveX (HKLM-x32\...\{B7B3E9B3-FB14-4927-894B-E9124509AF5A}) (Version: 10.0.32.18 - Adobe Systems, Inc.)
Adobe Reader XI (11.0.03) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.03 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.9.149 - Adobe Systems, Inc.)
Advanced-System Protector (HKLM-x32\...\00212D92-C5D8-4ff4-AE50-B20F0F85C40A_Systweak_Ad~B9F029BF_is1) (Version: 2.1.1000.13665 - Systweak Software)
Amazon Cloud Player (HKCU\...\Amazon Amazon Cloud Player) (Version: 2.2.0.399 - Amazon Services LLC)
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Anzeige am Bildschirm (HKLM\...\OnScreenDisplay) (Version: 6.72.00 - )
Burn.Now 4.5 (x32 Version: 4.5.0 - Corel Corporation) Hidden
Citrix Online Launcher (HKLM-x32\...\{3E7E6F1E-7376-475A-8BC9-E3126B20CF5F}) (Version: 1.0.198 - Citrix)
Corel Burn.Now Lenovo Edition (HKLM-x32\...\InstallShield_{A3BE3F1E-2472-4211-8735-E8239BE49D9F}) (Version: 4.5.0 - Corel Corporation)
Corel DVD MovieFactory 7 (x32 Version: 7.0.0 - Corel Corporation) Hidden
Corel DVD MovieFactory Lenovo Edition (HKLM-x32\...\InstallShield_{50F68032-B5B7-4513-9116-C978DBD8F27A}) (Version: 7.0.0 - Corel Corporation)
Corel WinDVD (HKLM-x32\...\{5C1F18D2-F6B7-4242-B803-B5A78648185D}) (Version: 10.0.6.392 - Corel Inc.)
Create Recovery Media (HKLM-x32\...\{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}) (Version: 1.20.0.00 - Lenovo Group Limited)
Crystal Reports for .NET Framework 2.0 (x86) (HKLM-x32\...\{7C05EEDD-E565-4E2B-ADE4-0C784C17311C}) (Version: 10.2.0 - Business Objects)
Crystal Reports für .NET Framework 2.0 Language Pack (x86) - DEU (HKLM-x32\...\{AC94622D-D899-44DF-9857-7DD31958C541}) (Version: 10.2.0 - Business Objects)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Direct DiscRecorder (x32 Version: 1.00.0000 - Corel Corporation) Hidden
Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.7000.11 - Dolby Laboratories Inc)
Dropbox (HKCU\...\Dropbox) (Version: 2.8.2 - Dropbox, Inc.)
eFuhrpark (HKLM-x32\...\eFuhrpark) (Version: - X4TD)
eFuhrpark (x32 Version: 3.50 - X4TD) Hidden
Elevated Installer (x32 Version: 3.2.4.0 - Garmin Ltd or its subsidiaries) Hidden
ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 15.0.20140117 - Landesfinanzdirektion Thüringen)
Energie-Manager (HKLM-x32\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 6.32 - )
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
EPSON SX430 Series Printer Uninstall (HKLM\...\EPSON SX430 Series) (Version: - SEIKO EPSON Corporation)
Evernote v. 4.2.3 (HKLM-x32\...\{F761359C-9CED-45AE-9A51-9D6605CD55C4}) (Version: 4.2.3.15 - Evernote Corp.)
ExpressCache (HKLM\...\{2EBEFDA8-F905-4C39-AC1C-D5ABE7B3E0AE}) (Version: 1.0.86 - Diskeeper Corporation)
Fingerprint Reader (HKLM\...\{C5BB9380-D729-410A-A440-061EBCADCCB9}) (Version: 5.4.100.232 - AuthenTec, Inc.)
FlowFact (HKLM-x32\...\FlowFact) (Version: 18.0.492 - )
Full Tilt Poker.Eu (HKLM-x32\...\{127BEFB3-24B2-4B44-8E99-AD22C2A5A8ED}) (Version: 5.6.0.WIN.FullTilt.EU - )
Garmin Communicator Plugin (HKLM-x32\...\{71DBFBF2-F7EB-4268-8485-9471D83C4E66}) (Version: 4.2.0 - Garmin Ltd or its subsidiaries)
Garmin Communicator Plugin x64 (HKLM\...\{70A381F1-C161-4D61-A20C-BE12FC6777DF}) (Version: 4.2.0 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM-x32\...\{95fb9355-9884-416e-b377-5339fc7ef31a}) (Version: 3.2.4.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 3.2.4.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 3.2.4.0 - Garmin Ltd or its subsidiaries) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.)
Google Drive (HKLM-x32\...\{75939021-3B68-419D-8DC1-E9823BFF9658}) (Version: 1.16.7009.9618 - Google, Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
GoToMeeting 6.3.0.1468 (HKCU\...\GoToMeeting) (Version: 6.3.0.1468 - CitrixOnline)
Integrated Camera Driver Installer Package Ver.1.2.1.16 (HKLM-x32\...\{A78800AF-1779-4AE8-8EBE-16E1BE727C71}) (Version: 1.2.1.16 - RICOH)
Intel PROSet Wireless (Version: - ) Hidden
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{A6C48A9F-694A-4234-B3AA-62590B668927}) (Version: 1.0.0.35342 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.3.1427 - Intel Corporation)
Intel(R) OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2696 - Intel Corporation)
Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed (HKLM\...\{37EC048A-81A2-452A-8D1F-3BE2018E767D}) (Version: 15.1.0.0096 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{520C4DD4-2BC7-409B-BA48-E1A4F832662D}) (Version: 2.1.0.0140 - Intel Corporation)
Intel(R) Update Manager (x32 Version: 1.0.0.36888 - Intel Corporation) Hidden
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.4.220 - Intel Corporation)
Intel(R) WiDi (HKLM-x32\...\{7FCB8D5D-9396-4D17-8CFA-349D6D49CD32}) (Version: 3.0.13.0 - Intel Corporation)
Intel(R) Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version: - )
Intel® PROSet/Wireless WiFi-Software (HKLM\...\{E97F409F-9E1C-42A0-B72D-765A78DF3696}) (Version: 15.01.0000.0830 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{09536BA1-E498-4CC3-B834-D884A67D7E34}) (Version: 1.23.605.1 - Intel Corporation)
Java 7 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.600 - Oracle)
Java Auto Updater (x32 Version: 2.1.60.19 - Oracle, Inc.) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Lenovo App Shop (HKLM-x32\...\Intel AppUp(SM) center 33057) (Version: 44154 - Intel)
Lenovo Auto Scroll Utility (HKLM\...\LenovoAutoScrollUtility) (Version: 1.11 - )
Lenovo Patch Utility (HKLM-x32\...\{6E6E7725-C7BC-4C39-8B3F-14B67331A120}) (Version: 1.3.0.9 - Lenovo Group Limited)
Lenovo Patch Utility 64 bit (HKLM\...\{0369F866-2CE0-4EB9-B426-88FA122C6E82}) (Version: 1.3.0.9 - Lenovo Group Limited)
Lenovo Registration (HKLM-x32\...\{6707C034-ED6B-4B6A-B21F-969B3606FBDE}) (Version: 1.0.4 - Lenovo Inc.)
Lenovo SimpleTap (HKLM\...\{BF601122-9F0A-41A9-BA06-3158D9FB4B80}) (Version: 3.2.0004.00 - Lenovo Group Limited)
Lenovo Solution Center (HKLM\...\{D60E3A84-5DDC-49ED-B9A5-E3466996EB36}) (Version: 2.3.002.00 - Lenovo Group Limited)
Lenovo Solutions for Small Business (HKLM-x32\...\{6A6D86CD-B004-46b7-8951-7BB75A776F8C}) (Version: 2.2.47.8420 - Intel(R) Corporation)
Lenovo Solutions for Small Business Customizations (HKLM-x32\...\{5B5DEF99-85E9-423D-A1A3-B83202697B09}) (Version: 1.0.0006.00 - Lenovo Group Limited)
Lenovo System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 5.02.0018 - Lenovo)
Lenovo User Guide (HKLM-x32\...\{13F59938-C595-479C-B479-F171AB9AF64F}) (Version: 1.0.0009.00 - Lenovo Group Limited)
Lenovo Warranty Information (HKLM-x32\...\{FD4EC278-C1B1-4496-99ED-C0BE1B0AA521}) (Version: 1.0.0005.00 - Lenovo)
Angehängte Dateien
Dateityp: txt FRST.txt (73,3 KB, 116x aufgerufen)
Dateityp: txt Addition.txt (42,8 KB, 118x aufgerufen)

Geändert von darnoc861 (22.07.2014 um 08:13 Uhr) Grund: leider die Daten als Anhang dran gewesen!

Alt 22.07.2014, 09:35   #2
schrauber
/// the machine
/// TB-Ausbilder
 

BKA Trojaner und was nun? - Standard

BKA Trojaner und was nun?



Hi,

Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen.
Ich kann auf Arbeit keine Anhänge öffnen, danke.

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.




Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________

__________________

Alt 22.07.2014, 11:50   #3
darnoc861
 
BKA Trojaner und was nun? - Standard

BKA Trojaner und was nun?



CODE-Tags? :-)

Code:
ATTFilter
ComboFix 14-07-21.01 - Conrad 22.07.2014  12:32:57.2.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.3662.200 [GMT 2:00]
ausgeführt von:: c:\users\Conrad\Desktop\ComboFix.exe
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Lenovo\Lenovo Solution Center\Microsoft Fix it\FixitUi\_desktop.ini
c:\programdata\Roaming
Q:\Autorun.inf
.
c:\windows\SysWow64\drivers\ntfs.sys . . . ist infiziert!!
.
.
(((((((((((((((((((((((   Dateien erstellt von 2014-06-22 bis 2014-07-22  ))))))))))))))))))))))))))))))
.
.
2014-07-22 10:44 . 2014-07-22 10:44	--------	d-----w-	c:\users\Default\AppData\Local\temp
2014-07-22 10:44 . 2014-07-22 10:44	--------	d-----w-	c:\users\Büro\AppData\Local\temp
2014-07-22 07:05 . 2014-07-22 07:07	--------	d-----w-	C:\FRST
2014-07-22 06:32 . 2014-07-22 06:32	--------	d-----w-	c:\users\Conrad\AppData\Roaming\www.shadowexplorer.com
2014-07-22 06:32 . 2014-07-22 06:32	--------	d-----w-	c:\program files (x86)\ShadowExplorer
2014-07-21 07:59 . 2014-07-02 03:09	10924376	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{532B23E3-5DD7-40C4-B38D-3A73395280D9}\mpengine.dll
2014-07-16 08:21 . 2014-07-16 08:21	--------	d-----w-	c:\program files (x86)\Citrix
2014-07-16 08:21 . 2014-07-16 08:21	--------	d-----w-	c:\users\Conrad\AppData\Local\Citrix
2014-07-14 11:06 . 2014-07-14 11:06	--------	d-----w-	c:\users\Conrad\AppData\Local\Apps
2014-07-14 11:06 . 2014-07-21 10:42	--------	d-----w-	c:\users\Conrad\AppData\Local\Deployment
2014-07-11 11:22 . 2014-06-03 09:29	936960	----a-w-	c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2014-07-11 11:22 . 2014-06-03 10:02	1719296	----a-w-	c:\program files\Windows Journal\NBDoc.DLL
2014-07-11 11:22 . 2014-06-03 10:02	1380864	----a-w-	c:\program files\Windows Journal\JNTFiltr.dll
2014-07-11 11:22 . 2014-06-03 10:02	1354240	----a-w-	c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2014-07-11 11:22 . 2014-06-03 10:02	1389568	----a-w-	c:\program files\Windows Journal\JNWDRV.dll
2014-07-11 11:18 . 2014-05-30 06:45	497152	----a-w-	c:\windows\system32\drivers\afd.sys
2014-07-11 11:16 . 2014-06-05 14:25	96768	----a-w-	c:\windows\SysWow64\sspicli.dll
2014-07-11 11:16 . 2014-06-05 14:26	22016	----a-w-	c:\windows\SysWow64\secur32.dll
2014-07-11 11:15 . 2014-06-05 14:45	1460736	----a-w-	c:\windows\system32\lsasrv.dll
2014-07-10 14:45 . 2014-07-10 15:04	--------	d-----w-	c:\users\Kaja
2014-07-10 14:40 . 2014-07-10 14:40	--------	d-----w-	c:\users\Conrad\AppData\Local\RydPtyKD
2014-07-10 14:40 . 2014-07-10 14:40	--------	d-----w-	c:\users\Conrad\AppData\Local\MBRNwMij
2014-07-10 14:40 . 2014-07-10 14:40	--------	d-----w-	c:\users\Conrad\AppData\Local\JrggLTmV
2014-07-04 08:03 . 2014-07-04 08:03	--------	d-----w-	c:\windows\Sun
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-06-03 08:41 . 2014-02-05 12:03	589008	----a-w-	c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
2014-05-07 13:02 . 2014-05-29 14:38	98216	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-04-25 02:34 . 2014-06-11 16:50	801280	----a-w-	c:\windows\system32\usp10.dll
2014-04-25 02:06 . 2014-06-11 16:50	626688	----a-w-	c:\windows\SysWow64\usp10.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}]
2013-05-25 21:59	433648	----a-w-	c:\programdata\Partner\Partner.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2014-02-05 12:09	222832	----a-w-	c:\users\Conrad\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2014-02-05 12:09	222832	----a-w-	c:\users\Conrad\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2014-02-05 12:09	222832	----a-w-	c:\users\Conrad\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09	131248	----a-w-	c:\users\Conrad\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09	131248	----a-w-	c:\users\Conrad\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09	131248	----a-w-	c:\users\Conrad\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Amazon Cloud Player"="c:\users\Conrad\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe" [2013-12-12 3145536]
"GarminExpressTrayApp"="c:\program files (x86)\Garmin\Express Tray\ExpressTray.exe" [2014-05-15 122200]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IMSS"="c:\program files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [2012-02-29 133400]
"RotateImage"="c:\program files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe" [2008-10-30 55808]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-02-27 291608]
"PWMTRV"="c:\progra~2\ThinkPad\UTILIT~1\PWMTR64V.DLL" [2012-05-15 5941344]
"Dolby Home Theater v4"="c:\program files (x86)\Dolby Home Theater v4\pcee4.exe" [2011-12-20 507744]
"Fastboot"="c:\program files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe" [2012-01-17 1091376]
"Intel AppUp(SM) center"="c:\program files (x86)\Intel\IntelAppStore\bin\ismagent.exe" [2013-06-19 156000]
"Lenovo Registration"="c:\program files (x86)\Lenovo Registration\LenovoReg.exe" [2011-07-13 4351712]
"IntelSBA"="c:\program files (x86)\Intel\Intel(R) Small Business Advantage\Service\SBALaunchDelay.exe" [2014-01-06 56000]
"Lenovo App Shop"="c:\program files (x86)\Intel\IntelAppStore\bin\ismagent.exe" [2013-06-19 156000]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-05-07 256896]
.
c:\users\Conrad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
An OneNote senden.lnk - c:\program files\Microsoft Office 15\root\office15\ONENOTEM.EXE /tsr [2014-7-12 195248]
Dropbox.lnk - c:\users\Conrad\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-5-20 33322312]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.8.150\SSScheduler.exe [2014-4-9 332016]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 HyperW7Svc;HyperW7 Service;c:\program files\Lenovo\RapidBoot\HyperW7Svc64.exe;c:\program files\Lenovo\RapidBoot\HyperW7Svc64.exe [x]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® + High Speed Protokoll;c:\windows\system32\DRIVERS\amppal.sys;c:\windows\SYSNATIVE\DRIVERS\amppal.sys [x]
R3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys;c:\windows\SYSNATIVE\DRIVERS\btmaux.sys [x]
R3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys;c:\windows\SYSNATIVE\DRIVERS\btmhsf.sys [x]
R3 Fastboot;Fastboot;c:\windows\system32\DRIVERS\Fastboot.sys;c:\windows\SYSNATIVE\DRIVERS\Fastboot.sys [x]
R3 ibtfltcoex;ibtfltcoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys;c:\windows\SYSNATIVE\DRIVERS\iBtFltCoex.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys;c:\windows\SYSNATIVE\drivers\intelaud.sys [x]
R3 LSCWinService;LSCWinService;c:\program files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe;c:\program files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.8.150\McCHSvc.exe;c:\program files\McAfee Security Scan\3.8.150\McCHSvc.exe [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 Partner Service;Partner Service;c:\programdata\Partner\Partner.exe;c:\programdata\Partner\Partner.exe [x]
R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [x]
R3 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE;c:\program files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WSDScan;WSD-Scanunterstützung durch UMB;c:\windows\system32\drivers\WSDScan.sys;c:\windows\SYSNATIVE\drivers\WSDScan.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 excsd;ExpressCache Storage Filter Driver;c:\windows\system32\DRIVERS\excsd.sys;c:\windows\SYSNATIVE\DRIVERS\excsd.sys [x]
S0 iusb3hcs;Intel(R) USB 3.0 Hostcontroller-Switchtreiber;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM64.sys;c:\windows\SYSNATIVE\DRIVERS\ApsHM64.sys [x]
S1 excfs;ExpressCache File System Filter Driver;c:\windows\system32\DRIVERS\excfs.sys;c:\windows\SYSNATIVE\DRIVERS\excfs.sys [x]
S1 PHCORE;PHCORE;c:\program files\Lenovo\RapidBoot\PHCORE64.SYS;c:\program files\Lenovo\RapidBoot\PHCORE64.SYS [x]
S2 AAV UpdateService;AAV UpdateService;c:\program files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe;c:\program files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [x]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [x]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [x]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [x]
S2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [x]
S2 ClickToRunSvc;Microsoft Office-Klick-und-Los-Dienst;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [x]
S2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE;c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [x]
S2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE;c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [x]
S2 ExpressCache;ExpressCache;c:\program files\Diskeeper Corporation\ExpressCache\ExpressCache.exe;c:\program files\Diskeeper Corporation\ExpressCache\ExpressCache.exe [x]
S2 FastbootService;FastbootService;c:\program files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe;c:\program files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe [x]
S2 FPLService;TrueSuiteService;c:\program files\Lenovo Fingerprint Reader\TrueSuiteService.exe;c:\program files\Lenovo Fingerprint Reader\TrueSuiteService.exe [x]
S2 Garmin Core Update Service;Garmin Core Update Service;c:\program files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe;c:\program files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 Intel(R) ME Service;Intel(R) ME Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [x]
S2 intelsba;Intel(R) Small Business Advantage;c:\program files\Intel\Intel(R) Small Business Advantage\Service\Intel.SmallBusinessAdvantage.WindowsService.exe;c:\program files\Intel\Intel(R) Small Business Advantage\Service\Intel.SmallBusinessAdvantage.WindowsService.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe [x]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [x]
S2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe [x]
S2 LENOVO.TVTVCAM;ThinkVantage Virtual Camera Controller;c:\program files\Lenovo\Communications Utility\vcamsvc.exe;c:\program files\Lenovo\Communications Utility\vcamsvc.exe [x]
S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [x]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe;c:\program files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe [x]
S2 NitroDriverReadSpool2;NitroPDFDriverCreatorReadSpool2;c:\program files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe;c:\program files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe [x]
S2 pennybee;pennybee;c:\progra~3\pennybee\pennybee.exe;c:\progra~3\pennybee\pennybee.exe [x]
S2 sesvc;ShadowExplorer Service;c:\program files (x86)\ShadowExplorer\sesvc.exe;c:\program files (x86)\ShadowExplorer\sesvc.exe [x]
S2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [x]
S2 TPHKSVC;Anzeige am Bildschirm;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 VIPAppService;VIPAppService;c:\program files (x86)\Symantec\VIP Access Client\VIPAppService.exe;c:\program files (x86)\Symantec\VIP Access Client\VIPAppService.exe [x]
S2 wpennybeed;wpennybeed;c:\progra~3\pennybee\wpennybeed.exe;c:\progra~3\pennybee\wpennybeed.exe [x]
S2 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [x]
S3 5U877;5U877;c:\windows\system32\DRIVERS\5U877.sys;c:\windows\SYSNATIVE\DRIVERS\5U877.sys [x]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed - Virtueller Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys;c:\windows\SYSNATIVE\DRIVERS\AMPPAL.sys [x]
S3 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20130715.001\BHDrvx64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20130715.001\BHDrvx64.sys [x]
S3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [x]
S3 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1309010.00E\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\NISx64\1309010.00E\ccSetx64.sys [x]
S3 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20130905.001\IDSvia64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20130905.001\IDSvia64.sys [x]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 iusb3hub;Intel(R) USB 3.0-Hubtreiber;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible-Hostcontrollertreiber;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys;c:\windows\SYSNATIVE\DRIVERS\iwdbus.sys [x]
S3 RSP2STOR;Realtek PCIE CardReader Driver - P2;c:\windows\system32\DRIVERS\RtsP2Stor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsP2Stor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 SmbDrvIntel;SmbDrvIntel;c:\windows\system32\DRIVERS\Smb_driver_Intel.sys;c:\windows\SYSNATIVE\DRIVERS\Smb_driver_Intel.sys [x]
S3 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1309010.00E\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1309010.00E\SYMDS64.SYS [x]
S3 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1309010.00E\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1309010.00E\SYMEFA64.SYS [x]
S3 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1309010.00E\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1309010.00E\Ironx64.SYS [x]
S3 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1309010.00E\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\NISx64\1309010.00E\SYMNETS.SYS [x]
S3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\DRIVERS\Tvti2c.sys;c:\windows\SYSNATIVE\DRIVERS\Tvti2c.sys [x]
S3 tvtvcamd;ThinkVantage Virtual Camera;c:\windows\system32\DRIVERS\tvtvcamd.sys;c:\windows\SYSNATIVE\DRIVERS\tvtvcamd.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-07-21 07:48	1104200	----a-w-	c:\program files (x86)\Google\Chrome\Application\36.0.1985.125\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2014-07-22 c:\windows\Tasks\G2MUpdateTask-S-1-5-21-2664929658-1551457082-1331067265-1002.job
- c:\program files (x86)\Citrix\GoToMeeting\1468\g2mupdate.exe [2014-07-16 08:21]
.
2014-07-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-05-25 21:59]
.
2014-07-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-05-25 21:59]
.
2014-07-22 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
- c:\program files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 11:41]
.
2014-07-22 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
- c:\program files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 11:41]
.
2014-07-22 c:\windows\Tasks\pennybee Runner.job
- c:\progra~3\pennybee\pennybee.exe [2014-06-30 08:56]
.
2014-07-22 c:\windows\Tasks\RegClean Pro_DEFAULT.job
- c:\program files (x86)\RCP\RegCleanPro.exe [2014-07-22 14:43]
.
2014-07-22 c:\windows\Tasks\RegClean Pro_UPDATES.job
- c:\program files (x86)\RCP\RegCleanPro.exe [2014-07-22 14:43]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}]
2013-05-25 21:59	750064	----a-w-	c:\programdata\Partner\Partner64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2014-02-05 12:09	261744	----a-w-	c:\users\Conrad\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2014-02-05 12:09	261744	----a-w-	c:\users\Conrad\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2014-02-05 12:09	261744	----a-w-	c:\users\Conrad\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2014-06-10 10:07	2335960	----a-w-	c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2014-06-10 10:07	2335960	----a-w-	c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2014-06-10 10:07	2335960	----a-w-	c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09	164016	----a-w-	c:\users\Conrad\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09	164016	----a-w-	c:\users\Conrad\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09	164016	----a-w-	c:\users\Conrad\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09	164016	----a-w-	c:\users\Conrad\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2014-06-27 12:20	777032	----a-w-	c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2014-06-27 12:20	777032	----a-w-	c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2014-06-27 12:20	777032	----a-w-	c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2014-06-27 12:20	777032	----a-w-	c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2014-06-27 12:20	777032	----a-w-	c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncBackedUp]
@="{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}"
[HKEY_CLASSES_ROOT\CLSID\{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}]
2012-05-14 17:39	463952	----a-w-	c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncPending]
@="{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}"
[HKEY_CLASSES_ROOT\CLSID\{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}]
2012-05-14 17:39	463952	----a-w-	c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncRoot]
@="{A759AFF6-5851-457D-A540-F4ECED148351}"
[HKEY_CLASSES_ROOT\CLSID\{A759AFF6-5851-457D-A540-F4ECED148351}]
2012-05-14 17:39	463952	----a-w-	c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncShared]
@="{1574C9EF-7D58-488F-B358-8B78C1538F51}"
[HKEY_CLASSES_ROOT\CLSID\{1574C9EF-7D58-488F-B358-8B78C1538F51}]
2012-05-14 17:39	463952	----a-w-	c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-03-27 398616]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-03-27 439064]
"BLEServicesCtrl"="c:\program files (x86)\Intel\Bluetooth\BleServicesCtrl.exe" [2012-02-17 177936]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2012-02-21 11406608]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-04-10 12476520]
"RtHDVBg_Dolby"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2012-03-09 1158248]
"TpShocks"="TpShocks.exe" [2012-02-24 382528]
"IntelSBA"="c:\program files\Intel\Intel(R) Small Business Advantage\Service\SBALaunchDelay.exe" [2014-01-06 56000]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://rocket-find.com/?f=1&a=rckt_dsites04_14_30_ch&cd=2XzuyEtN2Y1L1Qzu0Bzzzzzz0EtA0Fzz0Dzzzz0C0EtCyD0FtN0D0Tzu0SzytAtAtN1L2XzutBtFtBtCtFtCyEtFyEtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StDyCyDtC0A0F0E0CtGyEtAyCyEtGyE0FzytAtG0B0A0DyCtGtAyBtAzyyDyE0BtB0B0A0B0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2StB0EtB0CyE0ByD0AtG0EtCtC0FtGtCtBtDzytGtCyDtByDtGtDtB0AyBtCyDyBzzyDtDtA0B2Q&cr=1264773545&ir=
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\program files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-FlowFact - s:\flowfact\system\flowfactuninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Fastboot]
"ImagePath"=multi:"System32\DRIVERS\Fastboot.sys\00"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\19.9.1.14\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Fastboot]
"ImagePath"=multi:"System32\DRIVERS\Fastboot.sys\00"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2014-07-22  12:46:53
ComboFix-quarantined-files.txt  2014-07-22 10:46
.
Vor Suchlauf: 12 Verzeichnis(se), 361.487.544.320 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 361.945.972.736 Bytes frei
.
- - End Of File - - E0AE2DE993536C769A052D00C4F31E86
         
__________________

Alt 23.07.2014, 08:17   #4
schrauber
/// the machine
/// TB-Ausbilder
 

BKA Trojaner und was nun? - Standard

BKA Trojaner und was nun?



Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 23.07.2014, 11:42   #5
darnoc861
 
BKA Trojaner und was nun? - Standard

BKA Trojaner und was nun?



SOooo nun habe ich alles ausgeführt und poste mal alle notwendigen Daten


Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 23.07.2014
Suchlauf-Zeit: 10:34:59
Logdatei: Mailwarebyts.txt
Administrator: Ja

Version: 2.00.2.1012
Malware Datenbank: v2014.07.23.02
Rootkit Datenbank: v2014.07.17.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Self-protection: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Conrad

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 399403
Verstrichene Zeit: 11 Min, 9 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristics: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 13
PUP.Optional.MySearchDial.A, HKU\S-1-5-21-2664929658-1551457082-1331067265-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}, In Quarantäne, [25c91d8535468aac4af5441514ee7e82], 
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}, In Quarantäne, [25c91d8535468aac4af5441514ee7e82], 
PUP.Optional.RocketFind.A, HKLM\SOFTWARE\WOW6432NODE\INSTALLCORE\WSE Rocket, In Quarantäne, [1fcf455def8cb284bf18af1c43bf35cb], 
PUP.Optional.AdvancedSystemProtector.A, HKLM\SOFTWARE\WOW6432NODE\SYSTWEAK\Advanced System Protector, In Quarantäne, [8c624062bebdd0669634ccfcc33f44bc], 
PUP.Optional.RegCleanPro.A, HKLM\SOFTWARE\WOW6432NODE\SYSTWEAK\RegClean Pro, In Quarantäne, [46a8bce6156661d522a7c9ff7f8345bb], 
PUP.Optional.SystemSpeedup, HKLM\SOFTWARE\WOW6432NODE\SYSTWEAK\ssd, In Quarantäne, [4da1aaf82c4f59dd30f2a524db2737c9], 
PUP.Optional.InstallCore.A, HKU\S-1-5-21-2664929658-1551457082-1331067265-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE\1I1T1Q1S, In Quarantäne, [6c82b3eff18a93a3c0e3d01e2ad8cd33], 
PUP.Optional.InstallCore.A, HKU\S-1-5-21-2664929658-1551457082-1331067265-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE, In Quarantäne, [0be3fea4a3d8bc7a763c857fa95bb749], 
PUP.Optional.AdvancedSystemProtector.A, HKU\S-1-5-21-2664929658-1551457082-1331067265-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SYSTWEAK\Advanced System Protector, In Quarantäne, [a747129082f9e74f90ccae5c37cd8e72], 
PUP.Optional.RegCleanerPro.A, HKU\S-1-5-21-2664929658-1551457082-1331067265-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SYSTWEAK\RegClean Pro, In Quarantäne, [8f5ff3aff586aa8ce678d139659fd030], 
PUP.Optional.SystemSpeedup, HKU\S-1-5-21-2664929658-1551457082-1331067265-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SYSTWEAK\ssd, In Quarantäne, [618d4959215a89ad3de43990bc46916f], 
PUP.Optional.RocketFind.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\WSE Rocket, In Quarantäne, [09e5653d364577bf67a9fac34eb4c53b], 
PUP.Optional.Updater.A, HKU\S-1-5-21-2664929658-1551457082-1331067265-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Digital Sites, In Quarantäne, [8866a7fb1b60e452872a586b8f73bd43], 

Registrierungswerte: 1
PUP.Optional.InstallCore.A, HKU\S-1-5-21-2664929658-1551457082-1331067265-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE|tb, 0R2Y1I1P1N0J1U1C, In Quarantäne, [0be3fea4a3d8bc7a763c857fa95bb749]

Registrierungsdaten: 1
PUP.Optional.RocketFind.A, HKU\S-1-5-21-2664929658-1551457082-1331067265-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://rocket-find.com/?f=1&a=rckt_dsites04_14_30_ch&cd=2XzuyEtN2Y1L1Qzu0Bzzzzzz0EtA0Fzz0Dzzzz0C0EtCyD0FtN0D0Tzu0SzytAtAtN1L2XzutBtFtBtCtFtCyEtFyEtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StDyCyDtC0A0F0E0CtGyEtAyCyEtGyE0FzytAtG0B0A0DyCtGtAyBtAzyyDyE0BtB0B0A0B0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2StB0EtB0CyE0ByD0AtG0EtCtC0FtGtCtBtDzytGtCyDtByDtGtDtB0AyBtCyDyBzzyDtDtA0B2Q&cr=1264773545&ir=, Gut: (www.google.com), Schlecht: (hxxp://rocket-find.com/?f=1&a=rckt_dsites04_14_30_ch&cd=2XzuyEtN2Y1L1Qzu0Bzzzzzz0EtA0Fzz0Dzzzz0C0EtCyD0FtN0D0Tzu0SzytAtAtN1L2XzutBtFtBtCtFtCyEtFyEtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StDyCyDtC0A0F0E0CtGyEtAyCyEtGyE0FzytAtG0B0A0DyCtGtAyBtAzyyDyE0BtB0B0A0B0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2StB0EtB0CyE0ByD0AtG0EtCtC0FtGtCtBtDzytGtCyDtByDtGtDtB0AyBtCyDyBzzyDtDtA0B2Q&cr=1264773545&ir=),Ersetzt,[747ad5cd5a21dd59ad671c88c242b848]

Ordner: 11
PUP.Optional.RegCleanPro.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro, In Quarantäne, [27c7e9b9f58620169ff0c11552b033cd], 
PUP.Optional.AdvancedSystemProtector.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced System Protector, In Quarantäne, [f5f9039f5b20f541167ab0266999e11f], 
PUP.Optional.RegCleanerPro.A, C:\Users\Conrad\AppData\Roaming\Systweak\RegClean Pro, In Quarantäne, [44aafba70576989e90b2a204d929f010], 
PUP.Optional.RegCleanerPro.A, C:\Users\Conrad\AppData\Roaming\Systweak\RegClean Pro\Version 6.1, In Quarantäne, [44aafba70576989e90b2a204d929f010], 
PUP.Optional.RegCleanerPro.A, C:\Users\Conrad\AppData\Roaming\Systweak\RegClean Pro\Version 6.1\voice, In Quarantäne, [44aafba70576989e90b2a204d929f010], 
PUP.Optional.RegCleanerPro.A, C:\Users\Conrad\AppData\Roaming\Systweak\RegClean Pro\Version 6.1\voice\de, In Quarantäne, [44aafba70576989e90b2a204d929f010], 
PUP.Optional.RocketFind.A, C:\Users\Conrad\AppData\Roaming\RocketUpdater\UpdateProc, In Quarantäne, [2dc180227803f83e907fdfde758d28d8], 
PUP.Optional.RocketFind.A, C:\Program Files (x86)\WSE Rocket, In Quarantäne, [09e5653d364577bf67a9fac34eb4c53b], 
PUP.Optional.RocketFind.A, C:\Program Files (x86)\WSE Rocket\bh, In Quarantäne, [09e5653d364577bf67a9fac34eb4c53b], 
PUP.Optional.SystemSpeedup, C:\Users\Conrad\AppData\Roaming\Systweak\ssd, In Quarantäne, [5d912b77e7947bbb5a595a6418ea6a96], 
PUP.Optional.Updater.A, C:\Users\Conrad\AppData\Roaming\DigitalSites\UpdateProc, In Quarantäne, [8866a7fb1b60e452872a586b8f73bd43], 

Dateien: 35
PUP.Optional.Somoto.A, C:\Users\Conrad\Downloads\7ZipSetup.exe, In Quarantäne, [ca24a3ff601b5bdb170dd8603cc4fb05], 
PUP.Optional.OpenCandy, C:\Users\Conrad\Downloads\PhotoScape_V3.6.5.exe, In Quarantäne, [4f9f960c2a51c76f7428557e6b99b947], 
PUP.Optional.AdvancedSystemProtector, C:\Users\Public\Desktop\Advanced System Protector.lnk, In Quarantäne, [8b63c1e10d6e6fc709070ebb49b9e11f], 
PUP.Optional.RegCleanPro.A, C:\Windows\System32\Tasks\RegClean Pro_DEFAULT, In Quarantäne, [57973b67aecdfc3ac9f6d1faad55f709], 
PUP.Optional.RegCleanPro.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro\Register RegClean Pro.lnk, In Quarantäne, [27c7e9b9f58620169ff0c11552b033cd], 
PUP.Optional.RegCleanPro.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro\RegClean Pro entfernen.lnk, In Quarantäne, [27c7e9b9f58620169ff0c11552b033cd], 
PUP.Optional.RegCleanPro.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro\RegClean Pro.lnk, In Quarantäne, [27c7e9b9f58620169ff0c11552b033cd], 
PUP.Optional.AdvancedSystemProtector.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced System Protector\Register Advanced System Protector.lnk, In Quarantäne, [f5f9039f5b20f541167ab0266999e11f], 
PUP.Optional.AdvancedSystemProtector.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced System Protector\Advanced System Protector entfernen.lnk, In Quarantäne, [f5f9039f5b20f541167ab0266999e11f], 
PUP.Optional.AdvancedSystemProtector.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced System Protector\Advanced System Protector Trouble Shooter.lnk, In Quarantäne, [f5f9039f5b20f541167ab0266999e11f], 
PUP.Optional.AdvancedSystemProtector.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced System Protector\Advanced System Protector.lnk, In Quarantäne, [f5f9039f5b20f541167ab0266999e11f], 
PUP.Optional.RegCleanerPro.J, C:\Windows\Tasks\RegClean Pro_UPDATES.job, In Quarantäne, [3ab400a2b4c71a1c6694648c29d9e41c], 
PUP.Optional.RegCleanPro.A, C:\Windows\Tasks\RegClean Pro_DEFAULT.job, In Quarantäne, [2dc17c260a71280e480a6c97b74d58a8], 
PUP.Optional.RegCleanerPro.A, C:\Users\Conrad\AppData\Roaming\Systweak\RegClean Pro\Version 6.1\ExcludeList.rcp, In Quarantäne, [44aafba70576989e90b2a204d929f010], 
PUP.Optional.RegCleanerPro.A, C:\Users\Conrad\AppData\Roaming\Systweak\RegClean Pro\Version 6.1\German_rcp.dat, In Quarantäne, [44aafba70576989e90b2a204d929f010], 
PUP.Optional.RegCleanerPro.A, C:\Users\Conrad\AppData\Roaming\Systweak\RegClean Pro\Version 6.1\log_07-22-2014.log, In Quarantäne, [44aafba70576989e90b2a204d929f010], 
PUP.Optional.RegCleanerPro.A, C:\Users\Conrad\AppData\Roaming\Systweak\RegClean Pro\Version 6.1\log_07-23-2014.log, In Quarantäne, [44aafba70576989e90b2a204d929f010], 
PUP.Optional.RegCleanerPro.A, C:\Users\Conrad\AppData\Roaming\Systweak\RegClean Pro\Version 6.1\rcpupdate.ini, In Quarantäne, [44aafba70576989e90b2a204d929f010], 
PUP.Optional.RegCleanerPro.A, C:\Users\Conrad\AppData\Roaming\Systweak\RegClean Pro\Version 6.1\results.rcp, In Quarantäne, [44aafba70576989e90b2a204d929f010], 
PUP.Optional.RegCleanerPro.A, C:\Users\Conrad\AppData\Roaming\Systweak\RegClean Pro\Version 6.1\TempHLList.rcp, In Quarantäne, [44aafba70576989e90b2a204d929f010], 
PUP.Optional.RegCleanerPro.A, C:\Users\Conrad\AppData\Roaming\Systweak\RegClean Pro\Version 6.1\voice\de\voice.wav, In Quarantäne, [44aafba70576989e90b2a204d929f010], 
PUP.Optional.RocketFind.A, C:\Users\Conrad\AppData\Roaming\RocketUpdater\UpdateProc\config.dat, In Quarantäne, [2dc180227803f83e907fdfde758d28d8], 
PUP.Optional.RocketFind.A, C:\Users\Conrad\AppData\Roaming\RocketUpdater\UpdateProc\info.dat, In Quarantäne, [2dc180227803f83e907fdfde758d28d8], 
PUP.Optional.RocketFind.A, C:\Users\Conrad\AppData\Roaming\RocketUpdater\UpdateProc\UpdateTask.exe, In Quarantäne, [2dc180227803f83e907fdfde758d28d8], 
PUP.Optional.RocketFind.A, C:\Program Files (x86)\WSE Rocket\FavIcon.ico, In Quarantäne, [09e5653d364577bf67a9fac34eb4c53b], 
PUP.Optional.RocketFind.A, C:\Program Files (x86)\WSE Rocket\Sqlite3.dll, In Quarantäne, [09e5653d364577bf67a9fac34eb4c53b], 
PUP.Optional.RocketFind.A, C:\Program Files (x86)\WSE Rocket\uninst.dat, In Quarantäne, [09e5653d364577bf67a9fac34eb4c53b], 
PUP.Optional.RocketFind.A, C:\Program Files (x86)\WSE Rocket\uninstall.exe, In Quarantäne, [09e5653d364577bf67a9fac34eb4c53b], 
PUP.Optional.SystemSpeedup, C:\Users\Conrad\AppData\Roaming\Systweak\ssd\SSDPTstub.exe, In Quarantäne, [5d912b77e7947bbb5a595a6418ea6a96], 
PUP.Optional.Updater.A, C:\Users\Conrad\AppData\Roaming\DigitalSites\UpdateProc\config.dat, In Quarantäne, [8866a7fb1b60e452872a586b8f73bd43], 
PUP.Optional.Updater.A, C:\Users\Conrad\AppData\Roaming\DigitalSites\UpdateProc\info.dat, In Quarantäne, [8866a7fb1b60e452872a586b8f73bd43], 
PUP.Optional.Updater.A, C:\Users\Conrad\AppData\Roaming\DigitalSites\UpdateProc\prod.dat, In Quarantäne, [8866a7fb1b60e452872a586b8f73bd43], 
PUP.Optional.Updater.A, C:\Users\Conrad\AppData\Roaming\DigitalSites\UpdateProc\TTL.DAT, In Quarantäne, [8866a7fb1b60e452872a586b8f73bd43], 
PUP.Optional.Updater.A, C:\Users\Conrad\AppData\Roaming\DigitalSites\UpdateProc\UpdateTask.exe, In Quarantäne, [8866a7fb1b60e452872a586b8f73bd43], 
PUP.Optional.Conduit.A, C:\Users\Conrad\AppData\Local\Google\Chrome\User Data\Default\Preferences, Gut: (), Schlecht: (      "startup_urls": [ "hxxp://search.conduit.com/?ctid=CT3281675&SearchSource=48&CUI=UN31174045182613080&UM=2&UP=SP1916DB11-BE10-40EA-8D41-F7EE3D72F8FF&SSPV=", "hxxp://www.google.de/", "hxxp://www.google.com/", "hxxp://www.google.com/ig/redirectdomain?brand=LENP&bmod=LENP", "hxxp://search.conduit.com/?ctid=CT3281675&SearchSource=48&CUI=UN31174045182613080&UM=2&UP=SP1916DB11-BE10-40EA-8D41-F7EE3D72F8FF&SSPV=" ],), Ersetzt,[925c5f43e5969e98131cd20d0202748c]

Physische Sektoren: 0
(No malicious items detected)


(end)
         
Nummer 2

Code:
ATTFilter
# AdwCleaner v3.216 - Bericht erstellt am 23/07/2014 um 10:56:53
# Aktualisiert 17/07/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Conrad - CONRAD-THINK
# Gestartet von : C:\Users\Conrad\Desktop\adwcleaner_3.216.exe
# Option : Löschen

***** [ Dienste ] *****

[#] Dienst Gelöscht : Partner Service

***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\Partner
Ordner Gelöscht : C:\ProgramData\PennyBee
Ordner Gelöscht : C:\ProgramData\Systweak
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\open it!
Ordner Gelöscht : C:\Program Files (x86)\openit
Ordner Gelöscht : C:\Windows\util
Ordner Gelöscht : C:\Users\Conrad\AppData\LocalLow\PennyBee
Ordner Gelöscht : C:\Users\Conrad\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z
Ordner Gelöscht : C:\Users\Conrad\AppData\Roaming\DigitalSites
Ordner Gelöscht : C:\Users\Conrad\AppData\Roaming\RocketUpdater
Ordner Gelöscht : C:\Users\Conrad\AppData\Roaming\Systweak
Ordner Gelöscht : C:\Users\Conrad\AppData\Local\Google\Chrome\User Data\Default\Extensions\bopakagnckmlgajfccecajhnimjiiedh
Datei Gelöscht : C:\Users\Public\Desktop\Open It!.lnk
Datei Gelöscht : C:\Users\Public\Desktop\RegClean Pro.lnk
Datei Gelöscht : C:\Windows\System32\roboot64.exe
Datei Gelöscht : C:\Windows\System32\sasnative64.exe
Datei Gelöscht : C:\Windows\System32\Tasks\Advanced System Protector_startup
Datei Gelöscht : C:\Windows\System32\Tasks\RegClean Pro

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\kt_bho_dll.dll
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\kt_bho.KettleBho
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\kt_bho.KettleBho.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{28A88B70-D874-4F73-BBBA-9B2B222FB7D6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{86676E13-D6D8-4652-9FCF-F2047F1FB000}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Wert Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Schlüssel Gelöscht : HKCU\Software\dsiteproducts
Schlüssel Gelöscht : HKCU\Software\Rocket Browser
Schlüssel Gelöscht : HKCU\Software\RocketUpdater
Schlüssel Gelöscht : HKCU\Software\systweak
Schlüssel Gelöscht : HKCU\Software\WSE Rocket
Schlüssel Gelöscht : HKLM\Software\InstallCore
Schlüssel Gelöscht : HKLM\Software\systweak
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Zip Opener Packages
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\00212D92-C5D8-4ff4-AE50-B20F0F85C40A_Systweak_Ad~B9F029BF_is1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\openit open it!
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RegClean Pro_is1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RegClean-Pro_is1

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17207


-\\ Google Chrome v36.0.1985.125

[ Datei : C:\Users\Conrad\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Gelöscht [Search Provider] : hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&cui=UN31174045182613080&ctid=CT3281675&UM=2
Gelöscht [Startup_urls] : hxxp://search.conduit.com/?ctid=CT3281675&SearchSource=48&CUI=UN31174045182613080&UM=2&UP=SP1916DB11-BE10-40EA-8D41-F7EE3D72F8FF&SSPV=
Gelöscht [Startup_urls] : hxxp://search.conduit.com/?ctid=CT3281675&SearchSource=48&CUI=UN31174045182613080&UM=2&UP=SP1916DB11-BE10-40EA-8D41-F7EE3D72F8FF&SSPV=
Gelöscht [Extension] : bopakagnckmlgajfccecajhnimjiiedh

*************************

AdwCleaner[R0].txt - [6039 octets] - [23/07/2014 10:56:24]
AdwCleaner[S0].txt - [5549 octets] - [23/07/2014 10:56:53]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5609 octets] ##########
         

Nummer 3

Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by Conrad on 23.07.2014 at 11:02:00,14
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Empty Folder] C:\Users\Conrad\appdata\local\{123263B7-5B6E-4F36-96F0-1658100E1C98}
Successfully deleted: [Empty Folder] C:\Users\Conrad\appdata\local\{2A5A6D80-7C0A-426D-BAF8-B4946C69A57D}
Successfully deleted: [Empty Folder] C:\Users\Conrad\appdata\local\{2DBF8605-D48C-4998-A503-2E683079A5CB}
Successfully deleted: [Empty Folder] C:\Users\Conrad\appdata\local\{7709159B-DDC7-4D7C-BDB9-BC18FC58B682}
Successfully deleted: [Empty Folder] C:\Users\Conrad\appdata\local\{81E25774-DEA3-449D-8464-D8003E6294D0}
Successfully deleted: [Empty Folder] C:\Users\Conrad\appdata\local\{99DF9714-334E-4EF2-9AFC-087EE187C7F4}
Successfully deleted: [Empty Folder] C:\Users\Conrad\appdata\local\{A6C595E9-FCBB-4DA5-BD15-889189C2E15E}
Successfully deleted: [Empty Folder] C:\Users\Conrad\appdata\local\{E20C7B5C-1208-4ACF-AFE3-95C9F0154820}
Successfully deleted: [Empty Folder] C:\Users\Conrad\appdata\local\{E377DCE5-0EB2-4A7B-AC82-3CD2E0D85D51}



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 23.07.2014 at 11:09:28,09
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         



und als letztes


FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-07-2014
Ran by Conrad (administrator) on CONRAD-THINK on 23-07-2014 12:34:06
Running from C:\Users\Conrad\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(AuthenTec, Inc) C:\Program Files\Lenovo Fingerprint Reader\TrueSuiteService.exe
(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
() C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Diskeeper Corporation) C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe
(Lenovo) C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(www.shadowexplorer.com) C:\Program Files (x86)\ShadowExplorer\sesvc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(Ulead Systems, Inc.) C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe
(Ricoh co.,Ltd.) C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe
(Intel Corporation) C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\mkrmsg.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Small Business Advantage\UI\IntelSmallBusinessAdvantage.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Small Business Advantage\Service\Intel.SmallBusinessAdvantage.WindowsService.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccsvchst.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccsvchst.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\outlook.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\prevhost.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [BLEServicesCtrl] => C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe [177936 2012-02-17] (Intel Corporation)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12476520 2012-04-10] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1158248 2012-03-09] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2881336 2012-06-19] (Synaptics Incorporated)
HKLM\...\Run: [TpShocks] => TpShocks.exe 
HKLM\...\Run: [IntelSBA] => C:\Program Files\Intel\Intel(R) Small Business Advantage\Service\SBALaunchDelay.exe [56000 2014-01-06] (Intel Corporation)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [133400 2012-02-29] (Intel Corporation)
HKLM-x32\...\Run: [RotateImage] => C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe [55808 2008-10-30] (Ricoh co.,Ltd.)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-27] (Intel Corporation)
HKLM-x32\...\Run: [PWMTRV] => rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
HKLM-x32\...\Run: [Dolby Home Theater v4] => C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe [507744 2011-12-20] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [Fastboot] => C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe [1091376 2012-01-17] (Lenovo)
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [156000 2013-06-19] (Intel Corporation)
HKLM-x32\...\Run: [Lenovo Registration] => C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe [4351712 2011-07-13] (Lenovo, Inc.)
HKLM-x32\...\Run: [IntelSBA] => C:\Program Files (x86)\Intel\Intel(R) Small Business Advantage\UI\IntelSmallBusinessAdvantage.exe [5293248 2014-01-06] (Intel Corporation)
HKLM-x32\...\Run: [Lenovo App Shop] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [156000 2013-06-19] (Intel Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2664929658-1551457082-1331067265-1000\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [97280 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-2664929658-1551457082-1331067265-1002\...\Run: [Amazon Cloud Player] => C:\Users\Conrad\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe [3145536 2013-12-12] ()
HKU\S-1-5-21-2664929658-1551457082-1331067265-1002\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [122200 2014-05-15] (Garmin Ltd or its subsidiaries)
AppInit_DLLs: C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [260928 2012-02-07] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [215360 2012-02-07] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Conrad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk
ShortcutTarget: An OneNote senden.lnk -> C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe (Microsoft Corporation)
Startup: C:\Users\Conrad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Conrad\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers:  SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers:  SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers:  SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers:  SkyDrivePro1 (ErrorConflict) -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers:  SkyDrivePro2 (SyncInProgress) -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers:  SkyDrivePro3 (InSync) -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: GDriveBlacklistedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedEditOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedViewOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSyncedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSyncingOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: SugarSyncBackedUp -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: SugarSyncPending -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: SugarSyncRoot -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: SugarSyncShared -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers-x32:  SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32:  SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32:  SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - DefaultScope value is missing.
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: TrueSuite Browser Helper Object -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files\Lenovo Fingerprint Reader\IEBHO.DLL (AuthenTec Inc.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Symantec VIP Access Add-On -> {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} -> C:\Program Files (x86)\Symantec\VIP Access Client\64bit\VIPAddOnForIE64.dll (Symantec Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: TrueSuite Browser Helper Object -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files\Lenovo Fingerprint Reader\x86\IEBHO.dll (AuthenTec Inc.)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Symantec VIP Access Add-On -> {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} -> C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll (Symantec Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coIEPlg.dll (Symantec Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF Plugin: @garmin.com/GpsControl - C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1209149.dll (Adobe Systems, Inc.)
FF Plugin-x32: @garmin.com/GpsControl - C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF - C:\Program Files (x86)\Nitro PDF\Professional 7\npnitromozilla.dll ( )
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin - C:\Users\Conrad\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Conrad\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: intel.com/AppUp - C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp.dll (Intel)
FF Plugin HKCU: intel.com/AppUpx64 - C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp_x64.dll (Intel)
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\IPSFFPlgn
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\IPSFFPlgn [2013-08-10]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\coFFPlgn [2014-07-23]
FF HKLM-x32\...\Firefox\Extensions: [VIP5X@verisign.com] - C:\Program Files (x86)\Symantec\VIP Access Client
FF Extension: Symantec VIP Access Add-On - C:\Program Files (x86)\Symantec\VIP Access Client [2013-05-26]

Chrome: 
=======
CHR HomePage: hxxp://www.google.de/
CHR StartupUrls: "hxxp://search.conduit.com/?ctid=CT3281675&SearchSource=48&CUI=UN31174045182613080&UM=2&UP=SP1916DB11-BE10-40EA-8D41-F7EE3D72F8FF&SSPV=", "hxxp://www.google.de/", "hxxp://www.google.com/", "hxxp://www.google.com/ig/redirectdomain?brand=LENP&bmod=LENP", "hxxp://search.conduit.com/?ctid=CT3281675&SearchSource=48&CUI=UN31174045182613080&UM=2&UP=SP1916DB11-BE10-40EA-8D41-F7EE3D72F8FF&SSPV="
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\pdf.dll ()
CHR Plugin: (TrueSuite) - C:\Users\Conrad\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdkedefaddcdlpmiafhicjnkbogjiogj\2.0_0\npwebsitelogon.dll (AuthenTec, Inc)
CHR Plugin: (Norton Confidential) - C:\Users\Conrad\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.1.0.30_0\npcoplgn.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Nitro PDF Plug-In) - C:\Program Files (x86)\Nitro PDF\Professional 7\npnitromozilla.dll ( )
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll No File
CHR Extension: (Website Logon) - C:\Users\Conrad\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdkedefaddcdlpmiafhicjnkbogjiogj [2013-08-10]
CHR Extension: (Any.do Extension) - C:\Users\Conrad\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdadialhpiikehpdeejjeiikopddkjem [2014-01-21]
CHR Extension: (Norton Identity Protection) - C:\Users\Conrad\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2013-08-10]
CHR Extension: (Google Wallet) - C:\Users\Conrad\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-30]
CHR HKLM-x32\...\Chrome\Extension: [cdkedefaddcdlpmiafhicjnkbogjiogj] - C:\Program Files\Lenovo Fingerprint Reader\x86\tschrome.crx [2012-03-13]
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\Exts\Chrome.crx [2013-08-14]

==================== Services (Whitelisted) =================

R2 AAV UpdateService; C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2356408 2014-06-19] (Microsoft Corporation)
R2 ExpressCache; C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe [79664 2012-03-30] (Diskeeper Corporation)
R2 FastbootService; C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe [169776 2012-01-17] (Lenovo)
R2 FPLService; C:\Program Files\Lenovo Fingerprint Reader\TrueSuiteService.exe [328552 2012-06-07] (AuthenTec, Inc)
R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [443224 2014-05-15] (Garmin Ltd or its subsidiaries)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-02-29] ()
R2 intelsba; C:\Program Files\Intel\Intel(R) Small Business Advantage\Service\Intel.SmallBusinessAdvantage.WindowsService.exe [54976 2014-01-06] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-29] (Intel Corporation)
R2 LENOVO.TVTVCAM; C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe [179568 2012-06-01] (Lenovo Group Limited)
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [133992 2011-07-12] (Lenovo Group Limited)
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [1674720 2013-09-25] ()
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2012-02-26] ()
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe [138272 2012-06-16] (Symantec Corporation)
R2 NitroDriverReadSpool2; C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe [216072 2012-05-23] (Nitro PDF Software)
R2 sesvc; C:\Program Files (x86)\ShadowExplorer\sesvc.exe [9216 2013-01-02] (www.shadowexplorer.com) [File not signed]
S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [22376 2013-06-26] ()
R2 UleadBurningHelper; C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [61440 2008-01-10] (Ulead Systems, Inc.) [File not signed]
R2 VIPAppService; C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe [84080 2012-04-19] (Symantec Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2669840 2012-02-26] (Intel® Corporation)
S2 pennybee; "C:\PROGRA~3\pennybee\pennybee.exe" /task=4 /InstallOn=0 /closebr=0 /active=24 /update=24 /interval=2880 /pubId=1004 /affId=10040007 /appId=116 /uId={82680281-2142-43EC-B4C5-C36575434FC9-2014_07_22} /version=1.1.0.13 /Override=0 /regAppName=pennybee /curSID=S-1-5-21-2664929658-1551457082-1331067265-1002 /logf=C:\Users\Conrad\AppData\Local\10040007_loger_23_07_10_50_34_538432491.txt /mac=B888E3F8D88C /tst=none /ts2=1
S2 wpennybeed; "C:\PROGRA~3\pennybee\wpennybeed.exe" -scm [X]

==================== Drivers (Whitelisted) ====================

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R3 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20130715.001\BHDrvx64.sys [1393240 2013-07-15] (Symantec Corporation)
R3 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1309010.00E\ccSetx64.sys [167072 2012-06-07] (Symantec Corporation)
R3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-08-27] (Symantec Corporation)
R1 excfs; C:\Windows\System32\DRIVERS\excfs.sys [23344 2012-03-30] (Diskeeper Corporation)
R0 excsd; C:\Windows\System32\DRIVERS\excsd.sys [95024 2012-03-30] (Diskeeper Corporation)
S3 Fastboot; C:\Windows\System32\DRIVERS\Fastboot.sys [70416 2012-01-17] (Windows (R) Win 7 DDK provider)
R3 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20130905.001\IDSvia64.sys [520280 2013-08-14] (Symantec Corporation)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20130905.033\ENG64.SYS [126040 2013-08-29] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20130905.033\EX64.SYS [2099288 2013-08-29] (Symantec Corporation)
R3 RSP2STOR; C:\Windows\System32\DRIVERS\RtsP2Stor.sys [259688 2011-10-27] (Realtek Semiconductor Corp.)
R3 SmbDrvIntel; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [27448 2012-06-19] (Synaptics Incorporated)
S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1309010.00E\SRTSP64.SYS [737952 2012-07-06] (Symantec Corporation)
R3 SRTSPX; C:\Windows\system32\drivers\NISx64\1309010.00E\SRTSPX64.SYS [37536 2012-07-06] (Symantec Corporation)
R3 SymDS; C:\Windows\system32\drivers\NISx64\1309010.00E\SYMDS64.SYS [451192 2011-07-25] (Symantec Corporation)
R3 SymEFA; C:\Windows\system32\drivers\NISx64\1309010.00E\SYMEFA64.SYS [1129120 2012-05-22] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [175736 2013-08-11] (Symantec Corporation)
R3 SymIRON; C:\Windows\system32\drivers\NISx64\1309010.00E\Ironx64.SYS [190072 2012-04-18] (Symantec Corporation)
R3 SymNetS; C:\Windows\System32\Drivers\NISx64\1309010.00E\SYMNETS.SYS [405624 2012-04-18] (Symantec Corporation)
R3 TVTI2C; C:\Windows\System32\DRIVERS\Tvti2c.sys [40248 2011-05-29] (Lenovo Information Product(ShenZhen China) Inc.)
R3 tvtvcamd; C:\Windows\System32\DRIVERS\tvtvcamd.sys [27432 2011-12-07] (ThinkVantage Communications Utility)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-07-23 12:34 - 2014-07-23 12:34 - 00032026 _____ () C:\Users\Conrad\Desktop\FRST.txt
2014-07-23 12:33 - 2014-07-23 12:33 - 02091520 _____ (Farbar) C:\Users\Conrad\Desktop\FRST64.exe
2014-07-23 12:33 - 2014-07-23 12:33 - 00000000 ____D () C:\Users\Conrad\Desktop\FRST-OlderVersion
2014-07-23 12:28 - 2014-07-23 12:28 - 00035703 _____ () C:\ComboFix.txt
2014-07-23 11:09 - 2014-07-23 11:09 - 00001591 _____ () C:\Users\Conrad\Desktop\JRT.txt
2014-07-23 11:01 - 2014-07-23 11:01 - 01016261 _____ (Thisisu) C:\Users\Conrad\Downloads\JRT.exe
2014-07-23 11:01 - 2014-07-23 11:01 - 00000000 ____D () C:\Windows\ERUNT
2014-07-23 10:56 - 2014-07-23 10:56 - 00000000 ____D () C:\AdwCleaner
2014-07-23 10:55 - 2014-07-23 10:55 - 01354223 _____ () C:\Users\Conrad\Downloads\adwcleaner_3.216.exe
2014-07-23 10:55 - 2014-07-23 10:55 - 01354223 _____ () C:\Users\Conrad\Desktop\adwcleaner_3.216.exe
2014-07-23 10:53 - 2014-07-23 11:09 - 00000000 ____D () C:\Users\Conrad\Desktop\Beseitigung
2014-07-23 10:34 - 2014-07-23 10:52 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-23 10:33 - 2014-07-23 10:33 - 00001117 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-07-23 10:33 - 2014-07-23 10:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-07-23 10:33 - 2014-07-23 10:33 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-23 10:33 - 2014-07-23 10:33 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-07-23 10:33 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-23 10:33 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-07-23 10:33 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-07-23 10:30 - 2014-07-23 10:31 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Conrad\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-22 12:30 - 2014-07-23 11:11 - 05562024 ____R (Swearware) C:\Users\Conrad\Desktop\ComboFix.exe
2014-07-22 10:55 - 2014-07-23 12:28 - 00000000 ____D () C:\Qoobox
2014-07-22 10:55 - 2014-07-22 12:45 - 00000000 ____D () C:\Windows\erdnt
2014-07-22 10:55 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-07-22 10:55 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-07-22 10:55 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-07-22 10:55 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-07-22 10:55 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-07-22 10:55 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-07-22 10:55 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-07-22 10:55 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-07-22 10:53 - 2014-07-22 10:54 - 05562504 ____R (Swearware) C:\Users\Conrad\Downloads\ComboFix.exe
2014-07-22 10:14 - 2014-07-22 10:14 - 05840418 _____ () C:\Users\Conrad\Downloads\scareuncrypt.zip
2014-07-22 10:14 - 2014-07-22 10:14 - 00000000 ____D () C:\Users\Conrad\Downloads\scareuncrypt
2014-07-22 10:07 - 2014-07-22 10:16 - 340465664 _____ () C:\Users\Conrad\Downloads\kav_rescue_10-0513 (1).iso
2014-07-22 09:56 - 2014-07-22 09:56 - 00000043 _____ () C:\Users\Conrad\AppData\Roaming\WB.CFG
2014-07-22 09:06 - 2014-07-22 09:07 - 00043846 _____ () C:\Users\Conrad\Downloads\Addition.txt
2014-07-22 09:05 - 2014-07-23 12:34 - 00000000 ____D () C:\FRST
2014-07-22 09:05 - 2014-07-22 09:07 - 00075019 _____ () C:\Users\Conrad\Downloads\FRST.txt
2014-07-22 09:05 - 2014-07-22 09:05 - 02090496 _____ (Farbar) C:\Users\Conrad\Downloads\FRST64.exe
2014-07-22 08:41 - 2014-07-22 08:41 - 03084860 _____ () C:\Users\Conrad\Downloads\Beispielbilder_Win7.zip
2014-07-22 08:37 - 2014-07-22 08:37 - 00149694 _____ () C:\Users\Conrad\Downloads\DecryptHelper-0.5.3.exe
2014-07-22 08:37 - 2014-07-22 08:37 - 00000000 _____ () C:\Users\Conrad\Downloads\DecryptHelper.txt
2014-07-22 08:37 - 2014-07-22 08:37 - 00000000 _____ () C:\Users\Conrad\Downloads\DecryptException.txt
2014-07-22 08:32 - 2014-07-22 08:32 - 00969845 _____ (ShadowExplorer.com ) C:\Users\Conrad\Downloads\ShadowExplorer-0.9-setup.exe
2014-07-22 08:32 - 2014-07-22 08:32 - 00001900 _____ () C:\Users\Conrad\Desktop\ShadowExplorer.lnk
2014-07-22 08:32 - 2014-07-22 08:32 - 00000000 ____D () C:\Users\Conrad\AppData\Roaming\www.shadowexplorer.com
2014-07-22 08:32 - 2014-07-22 08:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShadowExplorer
2014-07-22 08:32 - 2014-07-22 08:32 - 00000000 ____D () C:\Program Files (x86)\ShadowExplorer
2014-07-22 08:26 - 2014-07-22 08:26 - 00003332 _____ () C:\Windows\System32\Tasks\ASP
2014-07-22 08:26 - 2014-07-22 08:26 - 00000000 ____D () C:\Users\Conrad\AppData\Roaming\unpacked19019
2014-07-22 08:26 - 2014-07-22 08:26 - 00000000 ____D () C:\Users\Conrad\AppData\Local\tmp19013
2014-07-22 08:26 - 2014-07-22 08:26 - 00000000 ____D () C:\Program Files (x86)\RCP
2014-07-22 08:26 - 2014-07-22 08:26 - 00000000 ____D () C:\Program Files (x86)\ASP
2014-07-22 08:25 - 2014-07-22 08:25 - 00680280 _____ ( ) C:\Users\Conrad\Downloads\ZipSetup.exe
2014-07-22 08:14 - 2014-07-22 08:15 - 00000000 ____D () C:\Users\Conrad\Downloads\Avira-RansomFileUnlocker-1.0.1
2014-07-22 08:14 - 2014-07-22 08:14 - 00062065 _____ () C:\Users\Conrad\Downloads\Avira-RansomFileUnlocker-1.0.1.zip
2014-07-21 12:42 - 2014-07-21 12:42 - 00051672 _____ () C:\Users\Conrad\Downloads\Elsinore.ScreenConnect.Client (2).exe
2014-07-18 08:57 - 2014-07-18 08:57 - 00051672 _____ () C:\Users\Conrad\Downloads\Elsinore.ScreenConnect.Client (1).exe
2014-07-17 15:09 - 2014-07-17 15:09 - 04541084 _____ () C:\Users\Conrad\Downloads\Video FlowFact Prozess Management WMV.wmv
2014-07-17 11:00 - 2014-07-17 11:00 - 00004599 _____ () C:\Users\Conrad\Downloads\Performer CRM_  FLOWFACT Mobile .ics
2014-07-16 10:21 - 2014-07-23 12:13 - 00000540 _____ () C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-2664929658-1551457082-1331067265-1002.job
2014-07-16 10:21 - 2014-07-16 10:21 - 00003580 _____ () C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-2664929658-1551457082-1331067265-1002
2014-07-16 10:21 - 2014-07-16 10:21 - 00000000 ____D () C:\Users\Conrad\AppData\Local\Citrix
2014-07-16 10:21 - 2014-07-16 10:21 - 00000000 ____D () C:\Program Files (x86)\Citrix
2014-07-14 13:06 - 2014-07-21 12:42 - 00000000 ____D () C:\Users\Conrad\AppData\Local\Deployment
2014-07-14 13:06 - 2014-07-14 13:06 - 00051672 _____ () C:\Users\Conrad\Downloads\Elsinore.ScreenConnect.Client.exe
2014-07-14 13:06 - 2014-07-14 13:06 - 00000000 ____D () C:\Users\Conrad\AppData\Local\Apps\2.0
2014-07-11 13:21 - 2014-06-30 04:09 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-07-11 13:21 - 2014-06-30 04:04 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-07-11 13:21 - 2014-06-18 04:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-07-11 13:21 - 2014-06-18 03:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-07-11 13:21 - 2014-06-18 03:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-11 13:21 - 2014-06-06 12:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-11 13:21 - 2014-06-06 11:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-07-11 13:18 - 2014-05-30 10:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-07-11 13:18 - 2014-05-30 10:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-07-11 13:18 - 2014-05-30 10:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-07-11 13:18 - 2014-05-30 10:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-07-11 13:18 - 2014-05-30 10:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-07-11 13:18 - 2014-05-30 10:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-07-11 13:18 - 2014-05-30 10:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-07-11 13:18 - 2014-05-30 09:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-07-11 13:18 - 2014-05-30 09:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-07-11 13:18 - 2014-05-30 09:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-07-11 13:18 - 2014-05-30 09:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-07-11 13:18 - 2014-05-30 09:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-07-11 13:18 - 2014-05-30 09:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-07-11 13:18 - 2014-05-30 09:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-07-11 13:18 - 2014-05-30 08:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-11 13:17 - 2014-06-20 22:14 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-11 13:17 - 2014-06-20 21:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-11 13:17 - 2014-06-19 03:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-11 13:17 - 2014-06-19 03:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-11 13:17 - 2014-06-19 03:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-07-11 13:17 - 2014-06-19 02:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-11 13:17 - 2014-06-19 02:42 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-11 13:17 - 2014-06-19 02:42 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-11 13:17 - 2014-06-19 02:41 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-07-11 13:17 - 2014-06-19 02:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-07-11 13:17 - 2014-06-19 02:32 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-11 13:17 - 2014-06-19 02:31 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-11 13:17 - 2014-06-19 02:26 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-11 13:17 - 2014-06-19 02:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-11 13:17 - 2014-06-19 02:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-07-11 13:17 - 2014-06-19 02:23 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-07-11 13:17 - 2014-06-19 02:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-11 13:17 - 2014-06-19 02:14 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-11 13:17 - 2014-06-19 02:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-11 13:17 - 2014-06-19 01:59 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-11 13:17 - 2014-06-19 01:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-11 13:17 - 2014-06-19 01:53 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-11 13:17 - 2014-06-19 01:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-11 13:17 - 2014-06-19 01:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-11 13:17 - 2014-06-19 01:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-11 13:17 - 2014-06-19 01:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-11 13:17 - 2014-06-19 01:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-07-11 13:17 - 2014-06-19 01:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-11 13:17 - 2014-06-19 01:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-07-11 13:17 - 2014-06-19 01:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-07-11 13:17 - 2014-06-19 01:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-11 13:17 - 2014-06-19 01:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-11 13:17 - 2014-06-19 01:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-11 13:17 - 2014-06-19 01:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-11 13:17 - 2014-06-19 01:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-11 13:17 - 2014-06-19 01:27 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-07-11 13:17 - 2014-06-19 01:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-11 13:17 - 2014-06-19 01:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-07-11 13:17 - 2014-06-19 01:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-07-11 13:17 - 2014-06-19 01:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-11 13:17 - 2014-06-19 01:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-11 13:17 - 2014-06-19 01:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-11 13:17 - 2014-06-19 00:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-11 13:17 - 2014-06-19 00:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-11 13:17 - 2014-06-19 00:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-11 13:17 - 2014-06-19 00:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-11 13:17 - 2014-06-19 00:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-11 13:17 - 2014-06-19 00:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-11 13:17 - 2014-06-19 00:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-07-11 13:17 - 2014-06-19 00:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-11 13:17 - 2014-06-19 00:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-11 13:17 - 2014-06-19 00:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-11 13:17 - 2014-06-19 00:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-11 13:17 - 2014-06-19 00:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-11 13:17 - 2014-06-19 00:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-11 13:17 - 2014-06-19 00:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-07-11 13:16 - 2014-06-05 16:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-07-11 13:16 - 2014-06-05 16:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-07-11 13:15 - 2014-06-05 16:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-10 17:00 - 2014-07-10 17:00 - 00000000 ____D () C:\Users\Kaja\AppData\Roaming\PwrMgr
2014-07-10 16:51 - 2014-07-10 16:51 - 00000000 ____D () C:\Users\Kaja\AppData\Local\LSC
2014-07-10 16:50 - 2014-07-10 16:50 - 00000000 ____D () C:\Users\Kaja\AppData\Roaming\LSC
2014-07-10 16:50 - 2014-07-10 16:50 - 00000000 ____D () C:\Users\Kaja\AppData\Local\Adobe
2014-07-10 16:47 - 2014-07-10 17:03 - 00000000 ____D () C:\Users\Kaja\AppData\Roaming\Lenovo
2014-07-10 16:47 - 2014-07-10 17:03 - 00000000 ____D () C:\Users\Kaja\AppData\Local\Lenovo
2014-07-10 16:47 - 2014-07-10 16:47 - 00130392 _____ () C:\Users\Kaja\AppData\Local\GDIPFONTCACHEV1.DAT
2014-07-10 16:47 - 2014-07-10 16:47 - 00000000 ____D () C:\Users\Kaja\AppData\Roaming\Leadertech
2014-07-10 16:46 - 2014-07-10 16:50 - 00000000 ____D () C:\Users\Kaja\AppData\Roaming\Adobe
2014-07-10 16:46 - 2014-07-10 16:46 - 00000000 _____ () C:\Users\Kaja\agent.log
2014-07-10 16:45 - 2014-07-10 17:04 - 00000000 ____D () C:\Users\Kaja
2014-07-10 16:45 - 2014-07-10 16:46 - 00000000 ____D () C:\Users\Kaja\AppData\Local\Google
2014-07-10 16:45 - 2014-07-10 16:45 - 00000000 _SHDL () C:\Users\Kaja\Vorlagen
2014-07-10 16:45 - 2014-07-10 16:45 - 00000000 _SHDL () C:\Users\Kaja\Startmenü
2014-07-10 16:45 - 2014-07-10 16:45 - 00000000 _SHDL () C:\Users\Kaja\Netzwerkumgebung
2014-07-10 16:45 - 2014-07-10 16:45 - 00000000 _SHDL () C:\Users\Kaja\Lokale Einstellungen
2014-07-10 16:45 - 2014-07-10 16:45 - 00000000 _SHDL () C:\Users\Kaja\Eigene Dateien
2014-07-10 16:45 - 2014-07-10 16:45 - 00000000 _SHDL () C:\Users\Kaja\Druckumgebung
2014-07-10 16:45 - 2014-07-10 16:45 - 00000000 _SHDL () C:\Users\Kaja\Documents\Eigene Musik
2014-07-10 16:45 - 2014-07-10 16:45 - 00000000 _SHDL () C:\Users\Kaja\Documents\Eigene Bilder
2014-07-10 16:45 - 2014-07-10 16:45 - 00000000 _SHDL () C:\Users\Kaja\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-07-10 16:45 - 2014-07-10 16:45 - 00000000 _SHDL () C:\Users\Kaja\AppData\Local\Verlauf
2014-07-10 16:45 - 2014-07-10 16:45 - 00000000 _SHDL () C:\Users\Kaja\AppData\Local\Anwendungsdaten
2014-07-10 16:45 - 2014-07-10 16:45 - 00000000 _SHDL () C:\Users\Kaja\Anwendungsdaten
2014-07-10 16:45 - 2014-07-10 16:45 - 00000000 ____D () C:\Users\Kaja\AppData\Roaming\Intel
2014-07-10 16:45 - 2013-05-25 23:51 - 00000000 ____D () C:\Users\Kaja\AppData\Roaming\Macromedia
2014-07-10 16:40 - 2014-07-10 16:42 - 00104552 _____ () C:\Users\Conrad\Desktop\XSWXmkCZ.zip
2014-07-10 16:40 - 2014-07-10 16:40 - 00000000 ____D () C:\Users\Conrad\AppData\Local\RydPtyKD
2014-07-10 16:40 - 2014-07-10 16:40 - 00000000 ____D () C:\Users\Conrad\AppData\Local\MBRNwMij
2014-07-10 16:40 - 2014-07-10 16:40 - 00000000 ____D () C:\Users\Conrad\AppData\Local\JrggLTmV
2014-07-04 10:03 - 2014-07-04 10:03 - 00000000 ____D () C:\Windows\Sun

==================== One Month Modified Files and Folders =======

2014-07-23 12:34 - 2014-07-23 12:34 - 00032026 _____ () C:\Users\Conrad\Desktop\FRST.txt
2014-07-23 12:34 - 2014-07-22 09:05 - 00000000 ____D () C:\FRST
2014-07-23 12:33 - 2014-07-23 12:33 - 02091520 _____ (Farbar) C:\Users\Conrad\Desktop\FRST64.exe
2014-07-23 12:33 - 2014-07-23 12:33 - 00000000 ____D () C:\Users\Conrad\Desktop\FRST-OlderVersion
2014-07-23 12:28 - 2014-07-23 12:28 - 00035703 _____ () C:\ComboFix.txt
2014-07-23 12:28 - 2014-07-22 10:55 - 00000000 ____D () C:\Qoobox
2014-07-23 12:27 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-07-23 12:23 - 2009-07-14 06:45 - 00031472 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-23 12:23 - 2009-07-14 06:45 - 00031472 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-23 12:21 - 2013-05-26 09:27 - 00718150 _____ () C:\Windows\system32\perfh007.dat
2014-07-23 12:21 - 2013-05-26 09:27 - 00155646 _____ () C:\Windows\system32\perfc007.dat
2014-07-23 12:21 - 2009-07-14 07:13 - 01658436 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-23 12:20 - 2013-05-25 23:40 - 01920262 _____ () C:\Windows\WindowsUpdate.log
2014-07-23 12:19 - 2013-08-10 15:44 - 00000000 ____D () C:\Users\Conrad\AppData\Roaming\Nitro PDF
2014-07-23 12:17 - 2014-05-22 20:11 - 00000000 ____D () C:\Users\Conrad\AppData\Roaming\DropboxMaster
2014-07-23 12:17 - 2013-08-11 10:50 - 00000000 ____D () C:\Users\Conrad\AppData\Roaming\Dropbox
2014-07-23 12:17 - 2013-05-25 23:59 - 00001120 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-23 12:17 - 2013-05-25 23:43 - 00000828 _____ () C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2014-07-23 12:16 - 2010-11-21 05:47 - 00175268 _____ () C:\Windows\PFRO.log
2014-07-23 12:16 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-23 12:16 - 2009-07-14 06:51 - 00069063 _____ () C:\Windows\setupact.log
2014-07-23 12:13 - 2014-07-16 10:21 - 00000540 _____ () C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-2664929658-1551457082-1331067265-1002.job
2014-07-23 11:51 - 2013-05-25 23:59 - 00001124 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-23 11:11 - 2014-07-22 12:30 - 05562024 ____R (Swearware) C:\Users\Conrad\Desktop\ComboFix.exe
2014-07-23 11:09 - 2014-07-23 11:09 - 00001591 _____ () C:\Users\Conrad\Desktop\JRT.txt
2014-07-23 11:09 - 2014-07-23 10:53 - 00000000 ____D () C:\Users\Conrad\Desktop\Beseitigung
2014-07-23 11:09 - 2013-08-10 15:39 - 00105592 _____ () C:\Users\Conrad\AppData\Roaming\AbsoluteReminder.xml
2014-07-23 11:01 - 2014-07-23 11:01 - 01016261 _____ (Thisisu) C:\Users\Conrad\Downloads\JRT.exe
2014-07-23 11:01 - 2014-07-23 11:01 - 00000000 ____D () C:\Windows\ERUNT
2014-07-23 10:56 - 2014-07-23 10:56 - 00000000 ____D () C:\AdwCleaner
2014-07-23 10:55 - 2014-07-23 10:55 - 01354223 _____ () C:\Users\Conrad\Downloads\adwcleaner_3.216.exe
2014-07-23 10:55 - 2014-07-23 10:55 - 01354223 _____ () C:\Users\Conrad\Desktop\adwcleaner_3.216.exe
2014-07-23 10:52 - 2014-07-23 10:34 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-23 10:33 - 2014-07-23 10:33 - 00001117 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-07-23 10:33 - 2014-07-23 10:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-07-23 10:33 - 2014-07-23 10:33 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-23 10:33 - 2014-07-23 10:33 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-07-23 10:31 - 2014-07-23 10:30 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Conrad\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-23 10:30 - 2013-05-25 23:43 - 00000830 _____ () C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
2014-07-22 12:46 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2014-07-22 12:45 - 2014-07-22 10:55 - 00000000 ____D () C:\Windows\erdnt
2014-07-22 10:55 - 2014-05-31 12:01 - 00002010 ____H () C:\Users\Conrad\Documents\Default.rdp
2014-07-22 10:54 - 2014-07-22 10:53 - 05562504 ____R (Swearware) C:\Users\Conrad\Downloads\ComboFix.exe
2014-07-22 10:16 - 2014-07-22 10:07 - 340465664 _____ () C:\Users\Conrad\Downloads\kav_rescue_10-0513 (1).iso
2014-07-22 10:14 - 2014-07-22 10:14 - 05840418 _____ () C:\Users\Conrad\Downloads\scareuncrypt.zip
2014-07-22 10:14 - 2014-07-22 10:14 - 00000000 ____D () C:\Users\Conrad\Downloads\scareuncrypt
2014-07-22 09:56 - 2014-07-22 09:56 - 00000043 _____ () C:\Users\Conrad\AppData\Roaming\WB.CFG
2014-07-22 09:07 - 2014-07-22 09:06 - 00043846 _____ () C:\Users\Conrad\Downloads\Addition.txt
2014-07-22 09:07 - 2014-07-22 09:05 - 00075019 _____ () C:\Users\Conrad\Downloads\FRST.txt
2014-07-22 09:05 - 2014-07-22 09:05 - 02090496 _____ (Farbar) C:\Users\Conrad\Downloads\FRST64.exe
2014-07-22 08:41 - 2014-07-22 08:41 - 03084860 _____ () C:\Users\Conrad\Downloads\Beispielbilder_Win7.zip
2014-07-22 08:37 - 2014-07-22 08:37 - 00149694 _____ () C:\Users\Conrad\Downloads\DecryptHelper-0.5.3.exe
2014-07-22 08:37 - 2014-07-22 08:37 - 00000000 _____ () C:\Users\Conrad\Downloads\DecryptHelper.txt
2014-07-22 08:37 - 2014-07-22 08:37 - 00000000 _____ () C:\Users\Conrad\Downloads\DecryptException.txt
2014-07-22 08:32 - 2014-07-22 08:32 - 00969845 _____ (ShadowExplorer.com ) C:\Users\Conrad\Downloads\ShadowExplorer-0.9-setup.exe
2014-07-22 08:32 - 2014-07-22 08:32 - 00001900 _____ () C:\Users\Conrad\Desktop\ShadowExplorer.lnk
2014-07-22 08:32 - 2014-07-22 08:32 - 00000000 ____D () C:\Users\Conrad\AppData\Roaming\www.shadowexplorer.com
2014-07-22 08:32 - 2014-07-22 08:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShadowExplorer
2014-07-22 08:32 - 2014-07-22 08:32 - 00000000 ____D () C:\Program Files (x86)\ShadowExplorer
2014-07-22 08:26 - 2014-07-22 08:26 - 00003332 _____ () C:\Windows\System32\Tasks\ASP
2014-07-22 08:26 - 2014-07-22 08:26 - 00000000 ____D () C:\Users\Conrad\AppData\Roaming\unpacked19019
2014-07-22 08:26 - 2014-07-22 08:26 - 00000000 ____D () C:\Users\Conrad\AppData\Local\tmp19013
2014-07-22 08:26 - 2014-07-22 08:26 - 00000000 ____D () C:\Program Files (x86)\RCP
2014-07-22 08:26 - 2014-07-22 08:26 - 00000000 ____D () C:\Program Files (x86)\ASP
2014-07-22 08:25 - 2014-07-22 08:25 - 00680280 _____ ( ) C:\Users\Conrad\Downloads\ZipSetup.exe
2014-07-22 08:15 - 2014-07-22 08:14 - 00000000 ____D () C:\Users\Conrad\Downloads\Avira-RansomFileUnlocker-1.0.1
2014-07-22 08:14 - 2014-07-22 08:14 - 00062065 _____ () C:\Users\Conrad\Downloads\Avira-RansomFileUnlocker-1.0.1.zip
2014-07-21 12:42 - 2014-07-21 12:42 - 00051672 _____ () C:\Users\Conrad\Downloads\Elsinore.ScreenConnect.Client (2).exe
2014-07-21 12:42 - 2014-07-14 13:06 - 00000000 ____D () C:\Users\Conrad\AppData\Local\Deployment
2014-07-18 08:57 - 2014-07-18 08:57 - 00051672 _____ () C:\Users\Conrad\Downloads\Elsinore.ScreenConnect.Client (1).exe
2014-07-17 15:09 - 2014-07-17 15:09 - 04541084 _____ () C:\Users\Conrad\Downloads\Video FlowFact Prozess Management WMV.wmv
2014-07-17 11:00 - 2014-07-17 11:00 - 00004599 _____ () C:\Users\Conrad\Downloads\Performer CRM_  FLOWFACT Mobile .ics
2014-07-16 10:21 - 2014-07-16 10:21 - 00003580 _____ () C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-2664929658-1551457082-1331067265-1002
2014-07-16 10:21 - 2014-07-16 10:21 - 00000000 ____D () C:\Users\Conrad\AppData\Local\Citrix
2014-07-16 10:21 - 2014-07-16 10:21 - 00000000 ____D () C:\Program Files (x86)\Citrix
2014-07-14 13:06 - 2014-07-14 13:06 - 00051672 _____ () C:\Users\Conrad\Downloads\Elsinore.ScreenConnect.Client.exe
2014-07-14 13:06 - 2014-07-14 13:06 - 00000000 ____D () C:\Users\Conrad\AppData\Local\Apps\2.0
2014-07-12 13:14 - 2013-08-15 14:03 - 00000000 ____D () C:\Windows\System32\Tasks\Games
2014-07-12 13:14 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-07-12 12:46 - 2014-02-05 13:56 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-07-12 03:19 - 2009-07-14 06:45 - 00490576 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-12 03:18 - 2014-06-01 12:57 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-07-12 03:18 - 2011-12-08 22:03 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-12 03:18 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-07-12 03:18 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-07-10 17:04 - 2014-07-10 16:45 - 00000000 ____D () C:\Users\Kaja
2014-07-10 17:04 - 2014-02-10 12:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2014-07-10 17:04 - 2014-01-26 15:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElsterFormular
2014-07-10 17:04 - 2013-08-10 16:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo App Shop
2014-07-10 17:04 - 2013-08-10 16:12 - 00000000 ___SD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.0.0
2014-07-10 17:04 - 2013-08-10 15:39 - 00000000 ____D () C:\Users\Conrad
2014-07-10 17:04 - 2013-05-25 23:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dolby
2014-07-10 17:03 - 2014-07-10 16:47 - 00000000 ____D () C:\Users\Kaja\AppData\Roaming\Lenovo
2014-07-10 17:03 - 2014-07-10 16:47 - 00000000 ____D () C:\Users\Kaja\AppData\Local\Lenovo
2014-07-10 17:03 - 2014-06-09 15:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2014-07-10 17:03 - 2014-05-29 16:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-07-10 17:03 - 2014-05-25 09:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2014-07-10 17:03 - 2014-04-04 17:37 - 00000000 ____D () C:\Users\Büro
2014-07-10 17:03 - 2014-03-12 23:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eFuhrpark
2014-07-10 17:03 - 2014-02-11 11:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Full Tilt Poker.Eu
2014-07-10 17:03 - 2014-02-10 12:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotoScape
2014-07-10 17:03 - 2014-02-06 14:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-07-10 17:03 - 2014-02-05 13:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2014-07-10 17:03 - 2013-10-31 12:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steuertipps
2014-07-10 17:03 - 2013-08-30 10:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
2014-07-10 17:03 - 2013-08-10 17:14 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2014-07-10 17:03 - 2013-08-10 15:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Absolute Software
2014-07-10 17:03 - 2013-05-26 00:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel Corporation
2014-07-10 17:03 - 2013-05-26 00:03 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
2014-07-10 17:03 - 2013-05-26 00:03 - 00000000 ____D () C:\ProgramData\Norton
2014-07-10 17:03 - 2013-05-26 00:02 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
2014-07-10 17:03 - 2013-05-25 23:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-07-10 17:03 - 2013-05-25 23:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fingerprint Reader
2014-07-10 17:03 - 2013-05-25 23:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Corel DVD MovieFactory Lenovo Edition
2014-07-10 17:03 - 2013-05-25 23:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote
2014-07-10 17:03 - 2013-05-25 23:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Corel
2014-07-10 17:03 - 2013-05-25 23:50 - 00000000 ___HD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo ThinkVantage Tools
2014-07-10 17:03 - 2013-05-25 23:45 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel PROSet Wireless
2014-07-10 17:03 - 2013-05-25 23:42 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2014-07-10 17:03 - 2011-12-08 22:02 - 00000000 ____D () C:\Windows\ShellNew
2014-07-10 17:03 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-07-10 17:03 - 2009-07-14 05:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-07-10 17:03 - 2009-07-14 05:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-07-10 17:03 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\registration
2014-07-10 17:03 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-07-10 17:02 - 2013-08-13 11:49 - 00000000 ____D () C:\Windows\SysWOW64\Adobe
2014-07-10 17:00 - 2014-07-10 17:00 - 00000000 ____D () C:\Users\Kaja\AppData\Roaming\PwrMgr
2014-07-10 16:51 - 2014-07-10 16:51 - 00000000 ____D () C:\Users\Kaja\AppData\Local\LSC
2014-07-10 16:50 - 2014-07-10 16:50 - 00000000 ____D () C:\Users\Kaja\AppData\Roaming\LSC
2014-07-10 16:50 - 2014-07-10 16:50 - 00000000 ____D () C:\Users\Kaja\AppData\Local\Adobe
2014-07-10 16:50 - 2014-07-10 16:46 - 00000000 ____D () C:\Users\Kaja\AppData\Roaming\Adobe
2014-07-10 16:47 - 2014-07-10 16:47 - 00130392 _____ () C:\Users\Kaja\AppData\Local\GDIPFONTCACHEV1.DAT
2014-07-10 16:47 - 2014-07-10 16:47 - 00000000 ____D () C:\Users\Kaja\AppData\Roaming\Leadertech
2014-07-10 16:46 - 2014-07-10 16:46 - 00000000 _____ () C:\Users\Kaja\agent.log
2014-07-10 16:46 - 2014-07-10 16:45 - 00000000 ____D () C:\Users\Kaja\AppData\Local\Google
2014-07-10 16:46 - 2014-02-20 11:11 - 00000000 ____D () C:\Users\Conrad\Documents\Unterlagen Mietinteressenten
2014-07-10 16:46 - 2014-01-02 09:02 - 00000000 ____D () C:\Users\Conrad\Documents\Ba
2014-07-10 16:46 - 2013-10-31 12:11 - 00000000 ____D () C:\Users\Conrad\Documents\Steuerfälle
2014-07-10 16:45 - 2014-07-10 16:45 - 00000000 _SHDL () C:\Users\Kaja\Vorlagen
2014-07-10 16:45 - 2014-07-10 16:45 - 00000000 _SHDL () C:\Users\Kaja\Startmenü
2014-07-10 16:45 - 2014-07-10 16:45 - 00000000 _SHDL () C:\Users\Kaja\Netzwerkumgebung
2014-07-10 16:45 - 2014-07-10 16:45 - 00000000 _SHDL () C:\Users\Kaja\Lokale Einstellungen
2014-07-10 16:45 - 2014-07-10 16:45 - 00000000 _SHDL () C:\Users\Kaja\Eigene Dateien
2014-07-10 16:45 - 2014-07-10 16:45 - 00000000 _SHDL () C:\Users\Kaja\Druckumgebung
2014-07-10 16:45 - 2014-07-10 16:45 - 00000000 _SHDL () C:\Users\Kaja\Documents\Eigene Musik
2014-07-10 16:45 - 2014-07-10 16:45 - 00000000 _SHDL () C:\Users\Kaja\Documents\Eigene Bilder
2014-07-10 16:45 - 2014-07-10 16:45 - 00000000 _SHDL () C:\Users\Kaja\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-07-10 16:45 - 2014-07-10 16:45 - 00000000 _SHDL () C:\Users\Kaja\AppData\Local\Verlauf
2014-07-10 16:45 - 2014-07-10 16:45 - 00000000 _SHDL () C:\Users\Kaja\AppData\Local\Anwendungsdaten
2014-07-10 16:45 - 2014-07-10 16:45 - 00000000 _SHDL () C:\Users\Kaja\Anwendungsdaten
2014-07-10 16:45 - 2014-07-10 16:45 - 00000000 ____D () C:\Users\Kaja\AppData\Roaming\Intel
2014-07-10 16:42 - 2014-07-10 16:40 - 00104552 _____ () C:\Users\Conrad\Desktop\XSWXmkCZ.zip
2014-07-10 16:40 - 2014-07-10 16:40 - 00000000 ____D () C:\Users\Conrad\AppData\Local\RydPtyKD
2014-07-10 16:40 - 2014-07-10 16:40 - 00000000 ____D () C:\Users\Conrad\AppData\Local\MBRNwMij
2014-07-10 16:40 - 2014-07-10 16:40 - 00000000 ____D () C:\Users\Conrad\AppData\Local\JrggLTmV
2014-07-10 16:40 - 2014-02-18 12:09 - 00000000 ____D () C:\Users\Conrad\Desktop\Messe 2014
2014-07-10 16:40 - 2014-01-10 16:20 - 00000000 ____D () C:\Users\Conrad\Desktop\Avaya
2014-07-10 16:40 - 2014-01-10 15:33 - 00000000 ____D () C:\Users\Conrad\Desktop\Urlaub 2014
2014-07-10 16:40 - 2014-01-09 21:39 - 00000000 ____D () C:\Users\Conrad\Desktop\Englisch
2014-07-10 16:40 - 2014-01-03 12:09 - 00000000 ____D () C:\Users\Conrad\Desktop\Projekt Flowfact
2014-07-10 16:40 - 2013-12-01 14:28 - 00000000 ____D () C:\Users\Conrad\Desktop\Steuer2013
2014-07-10 16:40 - 2013-12-01 14:21 - 00000000 ____D () C:\Users\Conrad\Desktop\Lohn
2014-07-10 16:40 - 2013-08-20 12:36 - 00000000 ____D () C:\Users\Conrad\Desktop\BA
2014-07-07 15:54 - 2014-02-10 12:24 - 00002053 _____ () C:\Users\Public\Desktop\Google Slides.lnk
2014-07-07 15:54 - 2014-02-10 12:24 - 00002051 _____ () C:\Users\Public\Desktop\Google Sheets.lnk
2014-07-07 15:54 - 2014-02-10 12:24 - 00002041 _____ () C:\Users\Public\Desktop\Google Docs.lnk
2014-07-04 10:03 - 2014-07-04 10:03 - 00000000 ____D () C:\Windows\Sun
2014-06-30 04:09 - 2014-07-11 13:21 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-30 04:04 - 2014-07-11 13:21 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-23 00:46 - 2013-05-25 23:59 - 00004120 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-06-23 00:46 - 2013-05-25 23:59 - 00003868 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-12 13:07

==================== End Of Log ============================
         
--- --- ---

--- --- ---


erneut Vielen Dank für die Hilfe ! :-)


Alt 24.07.2014, 09:30   #6
schrauber
/// the machine
/// TB-Ausbilder
 

BKA Trojaner und was nun? - Standard

BKA Trojaner und was nun?




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
--> BKA Trojaner und was nun?

Alt 24.07.2014, 11:51   #7
darnoc861
 
BKA Trojaner und was nun? - Standard

BKA Trojaner und was nun?



Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=45791e0a129fdb45a33b4ed47bc709a6
# engine=19325
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-07-24 09:52:45
# local_time=2014-07-24 11:52:45 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Norton Internet Security'
# compatibility_mode=3591 16777213 100 95 29289912 168792150 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 168026 157825415 0 0
# scanned=178914
# found=6
# cleaned=0
# scan_time=3756
sh=2DAAB83B0439BC76845E58F3F7DDB84EE8E210C4 ft=1 fh=855a37aa5dbeb36f vn="Win32/InstallCore.PC evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Conrad\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z\Zip Opener Packages\uninstaller.exe.vir"
sh=0C9901BB504B8B0B186897503DF7F8E570FF53F9 ft=1 fh=5bbb197ca4951648 vn="Variante von MSIL/AdvancedSystemProtector.B evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\ASP\AspManager.exe"
sh=B3A736455F1FE0B40D585B6BB8E02A700153B008 ft=1 fh=3320d2a9bc3f6d8b vn="Variante von MSIL/AdvancedSystemProtector.B evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\ASP\filetypehelper.exe"
sh=BFE2580847B94363149D083E02ABB479983477CC ft=1 fh=c50f6c31fb2164d8 vn="Variante von MSIL/AdvancedSystemProtector.B evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\ASP\scandll.dll"
sh=A33D60E7C118DF178EF0BE1DC2841233AFF0C741 ft=1 fh=4197c0f1cbcf4ac1 vn="Win32/Bundled.Toolbar.Google.D potenziell unsichere Anwendung" ac=I fn="C:\Users\Conrad\Downloads\Shockwave_Installer_Slim.exe"
sh=9D72B3F427A55C87C32B7793D9550400F1DFB30C ft=1 fh=c71c001144b86a7c vn="Variante von Win32/InstallCore.PK evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Conrad\Downloads\ZipSetup.exe"
         
Code:
ATTFilter
 Results of screen317's Security Check version 0.99.85  
 Windows 7 Service Pack 1 x64 (UAC is disabled!)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
Norton Internet Security   
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 Java 7 Update 60  
 Adobe Flash Player 10 Flash Player out of Date! 
 Adobe Reader XI  
 Mozilla Thunderbird (24.3.0) 
 Google Chrome 35.0.1916.153  
 Google Chrome 36.0.1985.125  
````````Process Check: objlist.exe by Laurent````````  
 Norton ccSvcHst.exe 
 Intel Intel(R) Small Business Advantage UI IntelSmallBusinessAdvantage.exe 
 Intel Intel(R) Small Business Advantage Service Intel.SmallBusinessAdvantage.WindowsService.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````
         


FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-07-2014
Ran by Conrad (administrator) on CONRAD-THINK on 24-07-2014 12:43:09
Running from C:\Users\Conrad\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AuthenTec, Inc) C:\Program Files\Lenovo Fingerprint Reader\TrueSuiteService.exe
(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
() C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Diskeeper Corporation) C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe
(Lenovo) C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(www.shadowexplorer.com) C:\Program Files (x86)\ShadowExplorer\sesvc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(Ulead Systems, Inc.) C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe
(Ricoh co.,Ltd.) C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe
(Intel Corporation) C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\mkrmsg.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Small Business Advantage\UI\IntelSmallBusinessAdvantage.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Small Business Advantage\Service\Intel.SmallBusinessAdvantage.WindowsService.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccsvchst.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccsvchst.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
(Lenovo) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(AuthenTec Inc.) C:\Program Files\Lenovo Fingerprint Reader\TouchControl.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\ismagent.exe
(AuthenTec Inc.) C:\Program Files\Lenovo Fingerprint Reader\x86\BioMonitor.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\outlook.exe
() C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\updateui.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\prevhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [BLEServicesCtrl] => C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe [177936 2012-02-17] (Intel Corporation)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12476520 2012-04-10] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1158248 2012-03-09] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2881336 2012-06-19] (Synaptics Incorporated)
HKLM\...\Run: [TpShocks] => TpShocks.exe 
HKLM\...\Run: [IntelSBA] => C:\Program Files\Intel\Intel(R) Small Business Advantage\Service\SBALaunchDelay.exe [56000 2014-01-06] (Intel Corporation)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [133400 2012-02-29] (Intel Corporation)
HKLM-x32\...\Run: [RotateImage] => C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe [55808 2008-10-30] (Ricoh co.,Ltd.)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-27] (Intel Corporation)
HKLM-x32\...\Run: [PWMTRV] => rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
HKLM-x32\...\Run: [Dolby Home Theater v4] => C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe [507744 2011-12-20] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [Fastboot] => C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe [1091376 2012-01-17] (Lenovo)
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [156000 2013-06-19] (Intel Corporation)
HKLM-x32\...\Run: [Lenovo Registration] => C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe [4351712 2011-07-13] (Lenovo, Inc.)
HKLM-x32\...\Run: [IntelSBA] => C:\Program Files (x86)\Intel\Intel(R) Small Business Advantage\UI\IntelSmallBusinessAdvantage.exe [5293248 2014-01-06] (Intel Corporation)
HKLM-x32\...\Run: [Lenovo App Shop] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [156000 2013-06-19] (Intel Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2664929658-1551457082-1331067265-1000\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [97280 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-2664929658-1551457082-1331067265-1002\...\Run: [Amazon Cloud Player] => C:\Users\Conrad\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe [3145536 2013-12-12] ()
HKU\S-1-5-21-2664929658-1551457082-1331067265-1002\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [122200 2014-05-15] (Garmin Ltd or its subsidiaries)
AppInit_DLLs: C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [260928 2012-02-07] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [215360 2012-02-07] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Conrad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk
ShortcutTarget: An OneNote senden.lnk -> C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe (Microsoft Corporation)
Startup: C:\Users\Conrad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Conrad\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers:  SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers:  SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers:  SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers:  SkyDrivePro1 (ErrorConflict) -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers:  SkyDrivePro2 (SyncInProgress) -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers:  SkyDrivePro3 (InSync) -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: GDriveBlacklistedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedEditOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedViewOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSyncedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSyncingOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: SugarSyncBackedUp -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: SugarSyncPending -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: SugarSyncRoot -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: SugarSyncShared -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers-x32:  SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32:  SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32:  SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - DefaultScope value is missing.
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: TrueSuite Browser Helper Object -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files\Lenovo Fingerprint Reader\IEBHO.DLL (AuthenTec Inc.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Symantec VIP Access Add-On -> {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} -> C:\Program Files (x86)\Symantec\VIP Access Client\64bit\VIPAddOnForIE64.dll (Symantec Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: TrueSuite Browser Helper Object -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files\Lenovo Fingerprint Reader\x86\IEBHO.dll (AuthenTec Inc.)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Symantec VIP Access Add-On -> {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} -> C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll (Symantec Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coIEPlg.dll (Symantec Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF Plugin: @garmin.com/GpsControl - C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1209149.dll (Adobe Systems, Inc.)
FF Plugin-x32: @garmin.com/GpsControl - C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF - C:\Program Files (x86)\Nitro PDF\Professional 7\npnitromozilla.dll ( )
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin - C:\Users\Conrad\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Conrad\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: intel.com/AppUp - C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp.dll (Intel)
FF Plugin HKCU: intel.com/AppUpx64 - C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp_x64.dll (Intel)
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\IPSFFPlgn
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\IPSFFPlgn [2013-08-10]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\coFFPlgn [2014-07-23]
FF HKLM-x32\...\Firefox\Extensions: [VIP5X@verisign.com] - C:\Program Files (x86)\Symantec\VIP Access Client
FF Extension: Symantec VIP Access Add-On - C:\Program Files (x86)\Symantec\VIP Access Client [2013-05-26]

Chrome: 
=======
CHR HomePage: hxxp://www.google.de/
CHR StartupUrls: "hxxp://search.conduit.com/?ctid=CT3281675&SearchSource=48&CUI=UN31174045182613080&UM=2&UP=SP1916DB11-BE10-40EA-8D41-F7EE3D72F8FF&SSPV=", "hxxp://www.google.de/", "hxxp://www.google.com/", "hxxp://www.google.com/ig/redirectdomain?brand=LENP&bmod=LENP", "hxxp://search.conduit.com/?ctid=CT3281675&SearchSource=48&CUI=UN31174045182613080&UM=2&UP=SP1916DB11-BE10-40EA-8D41-F7EE3D72F8FF&SSPV="
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\pdf.dll ()
CHR Plugin: (TrueSuite) - C:\Users\Conrad\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdkedefaddcdlpmiafhicjnkbogjiogj\2.0_0\npwebsitelogon.dll (AuthenTec, Inc)
CHR Plugin: (Norton Confidential) - C:\Users\Conrad\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.1.0.30_0\npcoplgn.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Nitro PDF Plug-In) - C:\Program Files (x86)\Nitro PDF\Professional 7\npnitromozilla.dll ( )
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll No File
CHR Extension: (Website Logon) - C:\Users\Conrad\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdkedefaddcdlpmiafhicjnkbogjiogj [2013-08-10]
CHR Extension: (Any.do Extension) - C:\Users\Conrad\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdadialhpiikehpdeejjeiikopddkjem [2014-01-21]
CHR Extension: (Norton Identity Protection) - C:\Users\Conrad\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2013-08-10]
CHR Extension: (Google Wallet) - C:\Users\Conrad\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-30]
CHR HKLM-x32\...\Chrome\Extension: [cdkedefaddcdlpmiafhicjnkbogjiogj] - C:\Program Files\Lenovo Fingerprint Reader\x86\tschrome.crx [2012-03-13]
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\Exts\Chrome.crx [2013-08-14]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AAV UpdateService; C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2356408 2014-06-19] (Microsoft Corporation)
R2 ExpressCache; C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe [79664 2012-03-30] (Diskeeper Corporation)
R2 FastbootService; C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe [169776 2012-01-17] (Lenovo)
R2 FPLService; C:\Program Files\Lenovo Fingerprint Reader\TrueSuiteService.exe [328552 2012-06-07] (AuthenTec, Inc)
R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [443224 2014-05-15] (Garmin Ltd or its subsidiaries)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-02-29] ()
R2 intelsba; C:\Program Files\Intel\Intel(R) Small Business Advantage\Service\Intel.SmallBusinessAdvantage.WindowsService.exe [54976 2014-01-06] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-29] (Intel Corporation)
R2 LENOVO.TVTVCAM; C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe [179568 2012-06-01] (Lenovo Group Limited)
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [133992 2011-07-12] (Lenovo Group Limited)
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [1674720 2013-09-25] ()
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2012-02-26] ()
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe [138272 2012-06-16] (Symantec Corporation)
R2 NitroDriverReadSpool2; C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe [216072 2012-05-23] (Nitro PDF Software)
R2 sesvc; C:\Program Files (x86)\ShadowExplorer\sesvc.exe [9216 2013-01-02] (www.shadowexplorer.com) [File not signed]
S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [22376 2013-06-26] ()
R2 UleadBurningHelper; C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [61440 2008-01-10] (Ulead Systems, Inc.) [File not signed]
R2 VIPAppService; C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe [84080 2012-04-19] (Symantec Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2669840 2012-02-26] (Intel® Corporation)
S2 pennybee; "C:\PROGRA~3\pennybee\pennybee.exe" /task=4 /InstallOn=0 /closebr=0 /active=24 /update=24 /interval=2880 /pubId=1004 /affId=10040007 /appId=116 /uId={82680281-2142-43EC-B4C5-C36575434FC9-2014_07_22} /version=1.1.0.13 /Override=0 /regAppName=pennybee /curSID=S-1-5-21-2664929658-1551457082-1331067265-1002 /logf=C:\Users\Conrad\AppData\Local\10040007_loger_23_07_10_50_34_538432491.txt /mac=B888E3F8D88C /tst=none /ts2=1
S2 wpennybeed; "C:\PROGRA~3\pennybee\wpennybeed.exe" -scm [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R3 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20130715.001\BHDrvx64.sys [1393240 2013-07-15] (Symantec Corporation)
R3 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1309010.00E\ccSetx64.sys [167072 2012-06-07] (Symantec Corporation)
R3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-08-27] (Symantec Corporation)
R1 excfs; C:\Windows\System32\DRIVERS\excfs.sys [23344 2012-03-30] (Diskeeper Corporation)
R0 excsd; C:\Windows\System32\DRIVERS\excsd.sys [95024 2012-03-30] (Diskeeper Corporation)
S3 Fastboot; C:\Windows\System32\DRIVERS\Fastboot.sys [70416 2012-01-17] (Windows (R) Win 7 DDK provider)
R3 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20130905.001\IDSvia64.sys [520280 2013-08-14] (Symantec Corporation)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20130905.033\ENG64.SYS [126040 2013-08-29] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20130905.033\EX64.SYS [2099288 2013-08-29] (Symantec Corporation)
R3 RSP2STOR; C:\Windows\System32\DRIVERS\RtsP2Stor.sys [259688 2011-10-27] (Realtek Semiconductor Corp.)
R3 SmbDrvIntel; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [27448 2012-06-19] (Synaptics Incorporated)
S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1309010.00E\SRTSP64.SYS [737952 2012-07-06] (Symantec Corporation)
R3 SRTSPX; C:\Windows\system32\drivers\NISx64\1309010.00E\SRTSPX64.SYS [37536 2012-07-06] (Symantec Corporation)
R3 SymDS; C:\Windows\system32\drivers\NISx64\1309010.00E\SYMDS64.SYS [451192 2011-07-25] (Symantec Corporation)
R3 SymEFA; C:\Windows\system32\drivers\NISx64\1309010.00E\SYMEFA64.SYS [1129120 2012-05-22] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [175736 2013-08-11] (Symantec Corporation)
R3 SymIRON; C:\Windows\system32\drivers\NISx64\1309010.00E\Ironx64.SYS [190072 2012-04-18] (Symantec Corporation)
R3 SymNetS; C:\Windows\System32\Drivers\NISx64\1309010.00E\SYMNETS.SYS [405624 2012-04-18] (Symantec Corporation)
R3 TVTI2C; C:\Windows\System32\DRIVERS\Tvti2c.sys [40248 2011-05-29] (Lenovo Information Product(ShenZhen China) Inc.)
R3 tvtvcamd; C:\Windows\System32\DRIVERS\tvtvcamd.sys [27432 2011-12-07] (ThinkVantage Communications Utility)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-07-24 12:43 - 2014-07-24 12:43 - 00033743 _____ () C:\Users\Conrad\Desktop\FRST.txt
2014-07-24 12:34 - 2014-07-24 12:34 - 00854390 _____ () C:\Users\Conrad\Downloads\SecurityCheck.exe
2014-07-24 12:34 - 2014-07-24 12:34 - 00854390 _____ () C:\Users\Conrad\Desktop\SecurityCheck.exe
2014-07-24 10:46 - 2014-07-24 10:46 - 02347384 _____ (ESET) C:\Users\Conrad\Downloads\esetsmartinstaller_deu.exe
2014-07-23 12:33 - 2014-07-24 12:43 - 02093568 _____ (Farbar) C:\Users\Conrad\Desktop\FRST64.exe
2014-07-23 12:33 - 2014-07-24 12:43 - 00000000 ____D () C:\Users\Conrad\Desktop\FRST-OlderVersion
2014-07-23 12:28 - 2014-07-23 12:28 - 00035703 _____ () C:\ComboFix.txt
2014-07-23 11:09 - 2014-07-23 11:09 - 00001591 _____ () C:\Users\Conrad\Desktop\JRT.txt
2014-07-23 11:01 - 2014-07-23 11:01 - 01016261 _____ (Thisisu) C:\Users\Conrad\Downloads\JRT.exe
2014-07-23 11:01 - 2014-07-23 11:01 - 00000000 ____D () C:\Windows\ERUNT
2014-07-23 10:56 - 2014-07-23 10:56 - 00000000 ____D () C:\AdwCleaner
2014-07-23 10:55 - 2014-07-23 10:55 - 01354223 _____ () C:\Users\Conrad\Downloads\adwcleaner_3.216.exe
2014-07-23 10:55 - 2014-07-23 10:55 - 01354223 _____ () C:\Users\Conrad\Desktop\adwcleaner_3.216.exe
2014-07-23 10:53 - 2014-07-24 12:42 - 00000000 ____D () C:\Users\Conrad\Desktop\Beseitigung
2014-07-23 10:34 - 2014-07-23 10:52 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-23 10:33 - 2014-07-23 10:33 - 00001117 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-07-23 10:33 - 2014-07-23 10:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-07-23 10:33 - 2014-07-23 10:33 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-23 10:33 - 2014-07-23 10:33 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-07-23 10:33 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-23 10:33 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-07-23 10:33 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-07-23 10:30 - 2014-07-23 10:31 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Conrad\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-22 12:30 - 2014-07-23 11:11 - 05562024 ____R (Swearware) C:\Users\Conrad\Desktop\ComboFix.exe
2014-07-22 10:55 - 2014-07-23 12:28 - 00000000 ____D () C:\Qoobox
2014-07-22 10:55 - 2014-07-22 12:45 - 00000000 ____D () C:\Windows\erdnt
2014-07-22 10:55 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-07-22 10:55 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-07-22 10:55 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-07-22 10:55 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-07-22 10:55 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-07-22 10:55 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-07-22 10:55 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-07-22 10:55 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-07-22 10:53 - 2014-07-22 10:54 - 05562504 ____R (Swearware) C:\Users\Conrad\Downloads\ComboFix.exe
2014-07-22 10:14 - 2014-07-22 10:14 - 05840418 _____ () C:\Users\Conrad\Downloads\scareuncrypt.zip
2014-07-22 10:14 - 2014-07-22 10:14 - 00000000 ____D () C:\Users\Conrad\Downloads\scareuncrypt
2014-07-22 10:07 - 2014-07-22 10:16 - 340465664 _____ () C:\Users\Conrad\Downloads\kav_rescue_10-0513 (1).iso
2014-07-22 09:56 - 2014-07-22 09:56 - 00000043 _____ () C:\Users\Conrad\AppData\Roaming\WB.CFG
2014-07-22 09:06 - 2014-07-22 09:07 - 00043846 _____ () C:\Users\Conrad\Downloads\Addition.txt
2014-07-22 09:05 - 2014-07-24 12:43 - 00000000 ____D () C:\FRST
2014-07-22 09:05 - 2014-07-22 09:07 - 00075019 _____ () C:\Users\Conrad\Downloads\FRST.txt
2014-07-22 09:05 - 2014-07-22 09:05 - 02090496 _____ (Farbar) C:\Users\Conrad\Downloads\FRST64.exe
2014-07-22 08:41 - 2014-07-22 08:41 - 03084860 _____ () C:\Users\Conrad\Downloads\Beispielbilder_Win7.zip
2014-07-22 08:37 - 2014-07-22 08:37 - 00149694 _____ () C:\Users\Conrad\Downloads\DecryptHelper-0.5.3.exe
2014-07-22 08:37 - 2014-07-22 08:37 - 00000000 _____ () C:\Users\Conrad\Downloads\DecryptHelper.txt
2014-07-22 08:37 - 2014-07-22 08:37 - 00000000 _____ () C:\Users\Conrad\Downloads\DecryptException.txt
2014-07-22 08:32 - 2014-07-22 08:32 - 00969845 _____ (ShadowExplorer.com ) C:\Users\Conrad\Downloads\ShadowExplorer-0.9-setup.exe
2014-07-22 08:32 - 2014-07-22 08:32 - 00001900 _____ () C:\Users\Conrad\Desktop\ShadowExplorer.lnk
2014-07-22 08:32 - 2014-07-22 08:32 - 00000000 ____D () C:\Users\Conrad\AppData\Roaming\www.shadowexplorer.com
2014-07-22 08:32 - 2014-07-22 08:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShadowExplorer
2014-07-22 08:32 - 2014-07-22 08:32 - 00000000 ____D () C:\Program Files (x86)\ShadowExplorer
2014-07-22 08:26 - 2014-07-22 08:26 - 00003332 _____ () C:\Windows\System32\Tasks\ASP
2014-07-22 08:26 - 2014-07-22 08:26 - 00000000 ____D () C:\Users\Conrad\AppData\Roaming\unpacked19019
2014-07-22 08:26 - 2014-07-22 08:26 - 00000000 ____D () C:\Users\Conrad\AppData\Local\tmp19013
2014-07-22 08:26 - 2014-07-22 08:26 - 00000000 ____D () C:\Program Files (x86)\RCP
2014-07-22 08:26 - 2014-07-22 08:26 - 00000000 ____D () C:\Program Files (x86)\ASP
2014-07-22 08:25 - 2014-07-22 08:25 - 00680280 _____ ( ) C:\Users\Conrad\Downloads\ZipSetup.exe
2014-07-22 08:14 - 2014-07-22 08:15 - 00000000 ____D () C:\Users\Conrad\Downloads\Avira-RansomFileUnlocker-1.0.1
2014-07-22 08:14 - 2014-07-22 08:14 - 00062065 _____ () C:\Users\Conrad\Downloads\Avira-RansomFileUnlocker-1.0.1.zip
2014-07-21 12:42 - 2014-07-21 12:42 - 00051672 _____ () C:\Users\Conrad\Downloads\Elsinore.ScreenConnect.Client (2).exe
2014-07-18 08:57 - 2014-07-18 08:57 - 00051672 _____ () C:\Users\Conrad\Downloads\Elsinore.ScreenConnect.Client (1).exe
2014-07-17 15:09 - 2014-07-17 15:09 - 04541084 _____ () C:\Users\Conrad\Downloads\Video FlowFact Prozess Management WMV.wmv
2014-07-17 11:00 - 2014-07-17 11:00 - 00004599 _____ () C:\Users\Conrad\Downloads\Performer CRM_  FLOWFACT Mobile .ics
2014-07-16 10:21 - 2014-07-24 12:13 - 00000540 _____ () C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-2664929658-1551457082-1331067265-1002.job
2014-07-16 10:21 - 2014-07-16 10:21 - 00003580 _____ () C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-2664929658-1551457082-1331067265-1002
2014-07-16 10:21 - 2014-07-16 10:21 - 00000000 ____D () C:\Users\Conrad\AppData\Local\Citrix
2014-07-16 10:21 - 2014-07-16 10:21 - 00000000 ____D () C:\Program Files (x86)\Citrix
2014-07-14 13:06 - 2014-07-21 12:42 - 00000000 ____D () C:\Users\Conrad\AppData\Local\Deployment
2014-07-14 13:06 - 2014-07-14 13:06 - 00051672 _____ () C:\Users\Conrad\Downloads\Elsinore.ScreenConnect.Client.exe
2014-07-14 13:06 - 2014-07-14 13:06 - 00000000 ____D () C:\Users\Conrad\AppData\Local\Apps\2.0
2014-07-11 13:21 - 2014-06-30 04:09 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-07-11 13:21 - 2014-06-30 04:04 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-07-11 13:21 - 2014-06-18 04:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-07-11 13:21 - 2014-06-18 03:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-07-11 13:21 - 2014-06-18 03:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-11 13:21 - 2014-06-06 12:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-11 13:21 - 2014-06-06 11:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-07-11 13:18 - 2014-05-30 10:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-07-11 13:18 - 2014-05-30 10:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-07-11 13:18 - 2014-05-30 10:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-07-11 13:18 - 2014-05-30 10:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-07-11 13:18 - 2014-05-30 10:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-07-11 13:18 - 2014-05-30 10:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-07-11 13:18 - 2014-05-30 10:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-07-11 13:18 - 2014-05-30 09:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-07-11 13:18 - 2014-05-30 09:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-07-11 13:18 - 2014-05-30 09:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-07-11 13:18 - 2014-05-30 09:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-07-11 13:18 - 2014-05-30 09:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-07-11 13:18 - 2014-05-30 09:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-07-11 13:18 - 2014-05-30 09:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-07-11 13:18 - 2014-05-30 08:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-11 13:17 - 2014-06-20 22:14 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-11 13:17 - 2014-06-20 21:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-11 13:17 - 2014-06-19 03:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-11 13:17 - 2014-06-19 03:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-11 13:17 - 2014-06-19 03:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-07-11 13:17 - 2014-06-19 02:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-11 13:17 - 2014-06-19 02:42 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-11 13:17 - 2014-06-19 02:42 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-11 13:17 - 2014-06-19 02:41 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-07-11 13:17 - 2014-06-19 02:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-07-11 13:17 - 2014-06-19 02:32 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-11 13:17 - 2014-06-19 02:31 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-11 13:17 - 2014-06-19 02:26 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-11 13:17 - 2014-06-19 02:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-11 13:17 - 2014-06-19 02:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-07-11 13:17 - 2014-06-19 02:23 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-07-11 13:17 - 2014-06-19 02:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-11 13:17 - 2014-06-19 02:14 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-11 13:17 - 2014-06-19 02:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-11 13:17 - 2014-06-19 01:59 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-11 13:17 - 2014-06-19 01:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-11 13:17 - 2014-06-19 01:53 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-11 13:17 - 2014-06-19 01:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-11 13:17 - 2014-06-19 01:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-11 13:17 - 2014-06-19 01:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-11 13:17 - 2014-06-19 01:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-11 13:17 - 2014-06-19 01:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-07-11 13:17 - 2014-06-19 01:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-11 13:17 - 2014-06-19 01:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-07-11 13:17 - 2014-06-19 01:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-07-11 13:17 - 2014-06-19 01:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-11 13:17 - 2014-06-19 01:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-11 13:17 - 2014-06-19 01:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-11 13:17 - 2014-06-19 01:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-11 13:17 - 2014-06-19 01:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-11 13:17 - 2014-06-19 01:27 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-07-11 13:17 - 2014-06-19 01:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-11 13:17 - 2014-06-19 01:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-07-11 13:17 - 2014-06-19 01:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-07-11 13:17 - 2014-06-19 01:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-11 13:17 - 2014-06-19 01:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-11 13:17 - 2014-06-19 01:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-11 13:17 - 2014-06-19 00:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-11 13:17 - 2014-06-19 00:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-11 13:17 - 2014-06-19 00:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-11 13:17 - 2014-06-19 00:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-11 13:17 - 2014-06-19 00:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-11 13:17 - 2014-06-19 00:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-11 13:17 - 2014-06-19 00:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-07-11 13:17 - 2014-06-19 00:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-11 13:17 - 2014-06-19 00:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-11 13:17 - 2014-06-19 00:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-11 13:17 - 2014-06-19 00:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-11 13:17 - 2014-06-19 00:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-11 13:17 - 2014-06-19 00:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-11 13:17 - 2014-06-19 00:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-07-11 13:16 - 2014-06-05 16:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-07-11 13:16 - 2014-06-05 16:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-07-11 13:15 - 2014-06-05 16:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-10 17:00 - 2014-07-10 17:00 - 00000000 ____D () C:\Users\Kaja\AppData\Roaming\PwrMgr
2014-07-10 16:51 - 2014-07-10 16:51 - 00000000 ____D () C:\Users\Kaja\AppData\Local\LSC
2014-07-10 16:50 - 2014-07-10 16:50 - 00000000 ____D () C:\Users\Kaja\AppData\Roaming\LSC
2014-07-10 16:50 - 2014-07-10 16:50 - 00000000 ____D () C:\Users\Kaja\AppData\Local\Adobe
2014-07-10 16:47 - 2014-07-10 17:03 - 00000000 ____D () C:\Users\Kaja\AppData\Roaming\Lenovo
2014-07-10 16:47 - 2014-07-10 17:03 - 00000000 ____D () C:\Users\Kaja\AppData\Local\Lenovo
2014-07-10 16:47 - 2014-07-10 16:47 - 00130392 _____ () C:\Users\Kaja\AppData\Local\GDIPFONTCACHEV1.DAT
2014-07-10 16:47 - 2014-07-10 16:47 - 00000000 ____D () C:\Users\Kaja\AppData\Roaming\Leadertech
2014-07-10 16:46 - 2014-07-10 16:50 - 00000000 ____D () C:\Users\Kaja\AppData\Roaming\Adobe
2014-07-10 16:46 - 2014-07-10 16:46 - 00000000 _____ () C:\Users\Kaja\agent.log
2014-07-10 16:45 - 2014-07-10 17:04 - 00000000 ____D () C:\Users\Kaja
2014-07-10 16:45 - 2014-07-10 16:46 - 00000000 ____D () C:\Users\Kaja\AppData\Local\Google
2014-07-10 16:45 - 2014-07-10 16:45 - 00000000 _SHDL () C:\Users\Kaja\Vorlagen
2014-07-10 16:45 - 2014-07-10 16:45 - 00000000 _SHDL () C:\Users\Kaja\Startmenü
2014-07-10 16:45 - 2014-07-10 16:45 - 00000000 _SHDL () C:\Users\Kaja\Netzwerkumgebung
2014-07-10 16:45 - 2014-07-10 16:45 - 00000000 _SHDL () C:\Users\Kaja\Lokale Einstellungen
2014-07-10 16:45 - 2014-07-10 16:45 - 00000000 _SHDL () C:\Users\Kaja\Eigene Dateien
2014-07-10 16:45 - 2014-07-10 16:45 - 00000000 _SHDL () C:\Users\Kaja\Druckumgebung
2014-07-10 16:45 - 2014-07-10 16:45 - 00000000 _SHDL () C:\Users\Kaja\Documents\Eigene Musik
2014-07-10 16:45 - 2014-07-10 16:45 - 00000000 _SHDL () C:\Users\Kaja\Documents\Eigene Bilder
2014-07-10 16:45 - 2014-07-10 16:45 - 00000000 _SHDL () C:\Users\Kaja\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-07-10 16:45 - 2014-07-10 16:45 - 00000000 _SHDL () C:\Users\Kaja\AppData\Local\Verlauf
2014-07-10 16:45 - 2014-07-10 16:45 - 00000000 _SHDL () C:\Users\Kaja\AppData\Local\Anwendungsdaten
2014-07-10 16:45 - 2014-07-10 16:45 - 00000000 _SHDL () C:\Users\Kaja\Anwendungsdaten
2014-07-10 16:45 - 2014-07-10 16:45 - 00000000 ____D () C:\Users\Kaja\AppData\Roaming\Intel
2014-07-10 16:45 - 2013-05-25 23:51 - 00000000 ____D () C:\Users\Kaja\AppData\Roaming\Macromedia
2014-07-10 16:40 - 2014-07-10 16:42 - 00104552 _____ () C:\Users\Conrad\Desktop\XSWXmkCZ.zip
2014-07-10 16:40 - 2014-07-10 16:40 - 00000000 ____D () C:\Users\Conrad\AppData\Local\RydPtyKD
2014-07-10 16:40 - 2014-07-10 16:40 - 00000000 ____D () C:\Users\Conrad\AppData\Local\MBRNwMij
2014-07-10 16:40 - 2014-07-10 16:40 - 00000000 ____D () C:\Users\Conrad\AppData\Local\JrggLTmV
2014-07-04 10:03 - 2014-07-04 10:03 - 00000000 ____D () C:\Windows\Sun

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-07-24 12:43 - 2014-07-24 12:43 - 00033743 _____ () C:\Users\Conrad\Desktop\FRST.txt
2014-07-24 12:43 - 2014-07-23 12:33 - 02093568 _____ (Farbar) C:\Users\Conrad\Desktop\FRST64.exe
2014-07-24 12:43 - 2014-07-23 12:33 - 00000000 ____D () C:\Users\Conrad\Desktop\FRST-OlderVersion
2014-07-24 12:43 - 2014-07-22 09:05 - 00000000 ____D () C:\FRST
2014-07-24 12:42 - 2014-07-23 10:53 - 00000000 ____D () C:\Users\Conrad\Desktop\Beseitigung
2014-07-24 12:35 - 2013-05-25 23:40 - 01942231 _____ () C:\Windows\WindowsUpdate.log
2014-07-24 12:34 - 2014-07-24 12:34 - 00854390 _____ () C:\Users\Conrad\Downloads\SecurityCheck.exe
2014-07-24 12:34 - 2014-07-24 12:34 - 00854390 _____ () C:\Users\Conrad\Desktop\SecurityCheck.exe
2014-07-24 12:31 - 2014-05-31 12:01 - 00002010 ____H () C:\Users\Conrad\Documents\Default.rdp
2014-07-24 12:13 - 2014-07-16 10:21 - 00000540 _____ () C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-2664929658-1551457082-1331067265-1002.job
2014-07-24 11:51 - 2013-05-25 23:59 - 00001124 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-24 10:46 - 2014-07-24 10:46 - 02347384 _____ (ESET) C:\Users\Conrad\Downloads\esetsmartinstaller_deu.exe
2014-07-24 10:44 - 2013-05-25 23:43 - 00000830 _____ () C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
2014-07-24 01:27 - 2013-05-25 23:59 - 00001120 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-23 12:28 - 2014-07-23 12:28 - 00035703 _____ () C:\ComboFix.txt
2014-07-23 12:28 - 2014-07-22 10:55 - 00000000 ____D () C:\Qoobox
2014-07-23 12:27 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-07-23 12:23 - 2009-07-14 06:45 - 00031472 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-23 12:23 - 2009-07-14 06:45 - 00031472 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-23 12:21 - 2013-05-26 09:27 - 00718150 _____ () C:\Windows\system32\perfh007.dat
2014-07-23 12:21 - 2013-05-26 09:27 - 00155646 _____ () C:\Windows\system32\perfc007.dat
2014-07-23 12:21 - 2009-07-14 07:13 - 01658436 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-23 12:19 - 2013-08-10 15:44 - 00000000 ____D () C:\Users\Conrad\AppData\Roaming\Nitro PDF
2014-07-23 12:17 - 2014-05-22 20:11 - 00000000 ____D () C:\Users\Conrad\AppData\Roaming\DropboxMaster
2014-07-23 12:17 - 2013-08-11 10:50 - 00000000 ____D () C:\Users\Conrad\AppData\Roaming\Dropbox
2014-07-23 12:17 - 2013-05-25 23:43 - 00000828 _____ () C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2014-07-23 12:16 - 2010-11-21 05:47 - 00175268 _____ () C:\Windows\PFRO.log
2014-07-23 12:16 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-23 12:16 - 2009-07-14 06:51 - 00069063 _____ () C:\Windows\setupact.log
2014-07-23 11:11 - 2014-07-22 12:30 - 05562024 ____R (Swearware) C:\Users\Conrad\Desktop\ComboFix.exe
2014-07-23 11:09 - 2014-07-23 11:09 - 00001591 _____ () C:\Users\Conrad\Desktop\JRT.txt
2014-07-23 11:09 - 2013-08-10 15:39 - 00105592 _____ () C:\Users\Conrad\AppData\Roaming\AbsoluteReminder.xml
2014-07-23 11:01 - 2014-07-23 11:01 - 01016261 _____ (Thisisu) C:\Users\Conrad\Downloads\JRT.exe
2014-07-23 11:01 - 2014-07-23 11:01 - 00000000 ____D () C:\Windows\ERUNT
2014-07-23 10:56 - 2014-07-23 10:56 - 00000000 ____D () C:\AdwCleaner
2014-07-23 10:55 - 2014-07-23 10:55 - 01354223 _____ () C:\Users\Conrad\Downloads\adwcleaner_3.216.exe
2014-07-23 10:55 - 2014-07-23 10:55 - 01354223 _____ () C:\Users\Conrad\Desktop\adwcleaner_3.216.exe
2014-07-23 10:52 - 2014-07-23 10:34 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-23 10:33 - 2014-07-23 10:33 - 00001117 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-07-23 10:33 - 2014-07-23 10:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-07-23 10:33 - 2014-07-23 10:33 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-23 10:33 - 2014-07-23 10:33 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-07-23 10:31 - 2014-07-23 10:30 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Conrad\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-22 12:46 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2014-07-22 12:45 - 2014-07-22 10:55 - 00000000 ____D () C:\Windows\erdnt
2014-07-22 10:54 - 2014-07-22 10:53 - 05562504 ____R (Swearware) C:\Users\Conrad\Downloads\ComboFix.exe
2014-07-22 10:16 - 2014-07-22 10:07 - 340465664 _____ () C:\Users\Conrad\Downloads\kav_rescue_10-0513 (1).iso
2014-07-22 10:14 - 2014-07-22 10:14 - 05840418 _____ () C:\Users\Conrad\Downloads\scareuncrypt.zip
2014-07-22 10:14 - 2014-07-22 10:14 - 00000000 ____D () C:\Users\Conrad\Downloads\scareuncrypt
2014-07-22 09:56 - 2014-07-22 09:56 - 00000043 _____ () C:\Users\Conrad\AppData\Roaming\WB.CFG
2014-07-22 09:07 - 2014-07-22 09:06 - 00043846 _____ () C:\Users\Conrad\Downloads\Addition.txt
2014-07-22 09:07 - 2014-07-22 09:05 - 00075019 _____ () C:\Users\Conrad\Downloads\FRST.txt
2014-07-22 09:05 - 2014-07-22 09:05 - 02090496 _____ (Farbar) C:\Users\Conrad\Downloads\FRST64.exe
2014-07-22 08:41 - 2014-07-22 08:41 - 03084860 _____ () C:\Users\Conrad\Downloads\Beispielbilder_Win7.zip
2014-07-22 08:37 - 2014-07-22 08:37 - 00149694 _____ () C:\Users\Conrad\Downloads\DecryptHelper-0.5.3.exe
2014-07-22 08:37 - 2014-07-22 08:37 - 00000000 _____ () C:\Users\Conrad\Downloads\DecryptHelper.txt
2014-07-22 08:37 - 2014-07-22 08:37 - 00000000 _____ () C:\Users\Conrad\Downloads\DecryptException.txt
2014-07-22 08:32 - 2014-07-22 08:32 - 00969845 _____ (ShadowExplorer.com ) C:\Users\Conrad\Downloads\ShadowExplorer-0.9-setup.exe
2014-07-22 08:32 - 2014-07-22 08:32 - 00001900 _____ () C:\Users\Conrad\Desktop\ShadowExplorer.lnk
2014-07-22 08:32 - 2014-07-22 08:32 - 00000000 ____D () C:\Users\Conrad\AppData\Roaming\www.shadowexplorer.com
2014-07-22 08:32 - 2014-07-22 08:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShadowExplorer
2014-07-22 08:32 - 2014-07-22 08:32 - 00000000 ____D () C:\Program Files (x86)\ShadowExplorer
2014-07-22 08:26 - 2014-07-22 08:26 - 00003332 _____ () C:\Windows\System32\Tasks\ASP
2014-07-22 08:26 - 2014-07-22 08:26 - 00000000 ____D () C:\Users\Conrad\AppData\Roaming\unpacked19019
2014-07-22 08:26 - 2014-07-22 08:26 - 00000000 ____D () C:\Users\Conrad\AppData\Local\tmp19013
2014-07-22 08:26 - 2014-07-22 08:26 - 00000000 ____D () C:\Program Files (x86)\RCP
2014-07-22 08:26 - 2014-07-22 08:26 - 00000000 ____D () C:\Program Files (x86)\ASP
2014-07-22 08:25 - 2014-07-22 08:25 - 00680280 _____ ( ) C:\Users\Conrad\Downloads\ZipSetup.exe
2014-07-22 08:15 - 2014-07-22 08:14 - 00000000 ____D () C:\Users\Conrad\Downloads\Avira-RansomFileUnlocker-1.0.1
2014-07-22 08:14 - 2014-07-22 08:14 - 00062065 _____ () C:\Users\Conrad\Downloads\Avira-RansomFileUnlocker-1.0.1.zip
2014-07-21 12:42 - 2014-07-21 12:42 - 00051672 _____ () C:\Users\Conrad\Downloads\Elsinore.ScreenConnect.Client (2).exe
2014-07-21 12:42 - 2014-07-14 13:06 - 00000000 ____D () C:\Users\Conrad\AppData\Local\Deployment
2014-07-18 08:57 - 2014-07-18 08:57 - 00051672 _____ () C:\Users\Conrad\Downloads\Elsinore.ScreenConnect.Client (1).exe
2014-07-17 15:09 - 2014-07-17 15:09 - 04541084 _____ () C:\Users\Conrad\Downloads\Video FlowFact Prozess Management WMV.wmv
2014-07-17 11:00 - 2014-07-17 11:00 - 00004599 _____ () C:\Users\Conrad\Downloads\Performer CRM_  FLOWFACT Mobile .ics
2014-07-16 10:21 - 2014-07-16 10:21 - 00003580 _____ () C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-2664929658-1551457082-1331067265-1002
2014-07-16 10:21 - 2014-07-16 10:21 - 00000000 ____D () C:\Users\Conrad\AppData\Local\Citrix
2014-07-16 10:21 - 2014-07-16 10:21 - 00000000 ____D () C:\Program Files (x86)\Citrix
2014-07-14 13:06 - 2014-07-14 13:06 - 00051672 _____ () C:\Users\Conrad\Downloads\Elsinore.ScreenConnect.Client.exe
2014-07-14 13:06 - 2014-07-14 13:06 - 00000000 ____D () C:\Users\Conrad\AppData\Local\Apps\2.0
2014-07-12 13:14 - 2013-08-15 14:03 - 00000000 ____D () C:\Windows\System32\Tasks\Games
2014-07-12 13:14 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-07-12 12:46 - 2014-02-05 13:56 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-07-12 03:19 - 2009-07-14 06:45 - 00490576 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-12 03:18 - 2014-06-01 12:57 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-07-12 03:18 - 2011-12-08 22:03 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-12 03:18 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-07-12 03:18 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-07-10 17:04 - 2014-07-10 16:45 - 00000000 ____D () C:\Users\Kaja
2014-07-10 17:04 - 2014-02-10 12:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2014-07-10 17:04 - 2014-01-26 15:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElsterFormular
2014-07-10 17:04 - 2013-08-10 16:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo App Shop
2014-07-10 17:04 - 2013-08-10 16:12 - 00000000 ___SD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.0.0
2014-07-10 17:04 - 2013-08-10 15:39 - 00000000 ____D () C:\Users\Conrad
2014-07-10 17:04 - 2013-05-25 23:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dolby
2014-07-10 17:03 - 2014-07-10 16:47 - 00000000 ____D () C:\Users\Kaja\AppData\Roaming\Lenovo
2014-07-10 17:03 - 2014-07-10 16:47 - 00000000 ____D () C:\Users\Kaja\AppData\Local\Lenovo
2014-07-10 17:03 - 2014-06-09 15:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2014-07-10 17:03 - 2014-05-29 16:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-07-10 17:03 - 2014-05-25 09:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2014-07-10 17:03 - 2014-04-04 17:37 - 00000000 ____D () C:\Users\Büro
2014-07-10 17:03 - 2014-03-12 23:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eFuhrpark
2014-07-10 17:03 - 2014-02-11 11:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Full Tilt Poker.Eu
2014-07-10 17:03 - 2014-02-10 12:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotoScape
2014-07-10 17:03 - 2014-02-06 14:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-07-10 17:03 - 2014-02-05 13:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2014-07-10 17:03 - 2013-10-31 12:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steuertipps
2014-07-10 17:03 - 2013-08-30 10:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
2014-07-10 17:03 - 2013-08-10 17:14 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2014-07-10 17:03 - 2013-08-10 15:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Absolute Software
2014-07-10 17:03 - 2013-05-26 00:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel Corporation
2014-07-10 17:03 - 2013-05-26 00:03 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
2014-07-10 17:03 - 2013-05-26 00:03 - 00000000 ____D () C:\ProgramData\Norton
2014-07-10 17:03 - 2013-05-26 00:02 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
2014-07-10 17:03 - 2013-05-25 23:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-07-10 17:03 - 2013-05-25 23:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fingerprint Reader
2014-07-10 17:03 - 2013-05-25 23:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Corel DVD MovieFactory Lenovo Edition
2014-07-10 17:03 - 2013-05-25 23:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote
2014-07-10 17:03 - 2013-05-25 23:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Corel
2014-07-10 17:03 - 2013-05-25 23:50 - 00000000 ___HD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo ThinkVantage Tools
2014-07-10 17:03 - 2013-05-25 23:45 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel PROSet Wireless
2014-07-10 17:03 - 2013-05-25 23:42 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2014-07-10 17:03 - 2011-12-08 22:02 - 00000000 ____D () C:\Windows\ShellNew
2014-07-10 17:03 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-07-10 17:03 - 2009-07-14 05:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-07-10 17:03 - 2009-07-14 05:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-07-10 17:03 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\registration
2014-07-10 17:03 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-07-10 17:02 - 2013-08-13 11:49 - 00000000 ____D () C:\Windows\SysWOW64\Adobe
2014-07-10 17:00 - 2014-07-10 17:00 - 00000000 ____D () C:\Users\Kaja\AppData\Roaming\PwrMgr
2014-07-10 16:51 - 2014-07-10 16:51 - 00000000 ____D () C:\Users\Kaja\AppData\Local\LSC
2014-07-10 16:50 - 2014-07-10 16:50 - 00000000 ____D () C:\Users\Kaja\AppData\Roaming\LSC
2014-07-10 16:50 - 2014-07-10 16:50 - 00000000 ____D () C:\Users\Kaja\AppData\Local\Adobe
2014-07-10 16:50 - 2014-07-10 16:46 - 00000000 ____D () C:\Users\Kaja\AppData\Roaming\Adobe
2014-07-10 16:47 - 2014-07-10 16:47 - 00130392 _____ () C:\Users\Kaja\AppData\Local\GDIPFONTCACHEV1.DAT
2014-07-10 16:47 - 2014-07-10 16:47 - 00000000 ____D () C:\Users\Kaja\AppData\Roaming\Leadertech
2014-07-10 16:46 - 2014-07-10 16:46 - 00000000 _____ () C:\Users\Kaja\agent.log
2014-07-10 16:46 - 2014-07-10 16:45 - 00000000 ____D () C:\Users\Kaja\AppData\Local\Google
2014-07-10 16:46 - 2014-02-20 11:11 - 00000000 ____D () C:\Users\Conrad\Documents\Unterlagen Mietinteressenten
2014-07-10 16:46 - 2014-01-02 09:02 - 00000000 ____D () C:\Users\Conrad\Documents\Ba
2014-07-10 16:46 - 2013-10-31 12:11 - 00000000 ____D () C:\Users\Conrad\Documents\Steuerfälle
2014-07-10 16:45 - 2014-07-10 16:45 - 00000000 _SHDL () C:\Users\Kaja\Vorlagen
2014-07-10 16:45 - 2014-07-10 16:45 - 00000000 _SHDL () C:\Users\Kaja\Startmenü
2014-07-10 16:45 - 2014-07-10 16:45 - 00000000 _SHDL () C:\Users\Kaja\Netzwerkumgebung
2014-07-10 16:45 - 2014-07-10 16:45 - 00000000 _SHDL () C:\Users\Kaja\Lokale Einstellungen
2014-07-10 16:45 - 2014-07-10 16:45 - 00000000 _SHDL () C:\Users\Kaja\Eigene Dateien
2014-07-10 16:45 - 2014-07-10 16:45 - 00000000 _SHDL () C:\Users\Kaja\Druckumgebung
2014-07-10 16:45 - 2014-07-10 16:45 - 00000000 _SHDL () C:\Users\Kaja\Documents\Eigene Musik
2014-07-10 16:45 - 2014-07-10 16:45 - 00000000 _SHDL () C:\Users\Kaja\Documents\Eigene Bilder
2014-07-10 16:45 - 2014-07-10 16:45 - 00000000 _SHDL () C:\Users\Kaja\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-07-10 16:45 - 2014-07-10 16:45 - 00000000 _SHDL () C:\Users\Kaja\AppData\Local\Verlauf
2014-07-10 16:45 - 2014-07-10 16:45 - 00000000 _SHDL () C:\Users\Kaja\AppData\Local\Anwendungsdaten
2014-07-10 16:45 - 2014-07-10 16:45 - 00000000 _SHDL () C:\Users\Kaja\Anwendungsdaten
2014-07-10 16:45 - 2014-07-10 16:45 - 00000000 ____D () C:\Users\Kaja\AppData\Roaming\Intel
2014-07-10 16:42 - 2014-07-10 16:40 - 00104552 _____ () C:\Users\Conrad\Desktop\XSWXmkCZ.zip
2014-07-10 16:40 - 2014-07-10 16:40 - 00000000 ____D () C:\Users\Conrad\AppData\Local\RydPtyKD
2014-07-10 16:40 - 2014-07-10 16:40 - 00000000 ____D () C:\Users\Conrad\AppData\Local\MBRNwMij
2014-07-10 16:40 - 2014-07-10 16:40 - 00000000 ____D () C:\Users\Conrad\AppData\Local\JrggLTmV
2014-07-10 16:40 - 2014-02-18 12:09 - 00000000 ____D () C:\Users\Conrad\Desktop\Messe 2014
2014-07-10 16:40 - 2014-01-10 16:20 - 00000000 ____D () C:\Users\Conrad\Desktop\Avaya
2014-07-10 16:40 - 2014-01-10 15:33 - 00000000 ____D () C:\Users\Conrad\Desktop\Urlaub 2014
2014-07-10 16:40 - 2014-01-09 21:39 - 00000000 ____D () C:\Users\Conrad\Desktop\Englisch
2014-07-10 16:40 - 2014-01-03 12:09 - 00000000 ____D () C:\Users\Conrad\Desktop\Projekt Flowfact
2014-07-10 16:40 - 2013-12-01 14:28 - 00000000 ____D () C:\Users\Conrad\Desktop\Steuer2013
2014-07-10 16:40 - 2013-12-01 14:21 - 00000000 ____D () C:\Users\Conrad\Desktop\Lohn
2014-07-10 16:40 - 2013-08-20 12:36 - 00000000 ____D () C:\Users\Conrad\Desktop\BA
2014-07-07 15:54 - 2014-02-10 12:24 - 00002053 _____ () C:\Users\Public\Desktop\Google Slides.lnk
2014-07-07 15:54 - 2014-02-10 12:24 - 00002051 _____ () C:\Users\Public\Desktop\Google Sheets.lnk
2014-07-07 15:54 - 2014-02-10 12:24 - 00002041 _____ () C:\Users\Public\Desktop\Google Docs.lnk
2014-07-04 10:03 - 2014-07-04 10:03 - 00000000 ____D () C:\Windows\Sun
2014-06-30 04:09 - 2014-07-11 13:21 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-30 04:04 - 2014-07-11 13:21 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-12 13:07

==================== End Of Log ============================
         
--- --- ---

--- --- ---

--- --- ---

So ist jetzt alles entfernt was Stress macht? Wenn es jetzt noch ne funktionierende Variante gibt die gesperrten Dokumente zu entsperren, dann wäre es perfekt, aber offenbar kann man nicht alles haben! :-)

Alt 24.07.2014, 19:23   #8
schrauber
/// the machine
/// TB-Ausbilder
 

BKA Trojaner und was nun? - Standard

BKA Trojaner und was nun?



Flash updaten.

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
C:\Program Files (x86)\ASP
S2 pennybee; "C:\PROGRA~3\pennybee\pennybee.exe" /task=4 /InstallOn=0 /closebr=0 /active=24 /update=24 /interval=2880 /pubId=1004 /affId=10040007 /appId=116 /uId={82680281-2142-43EC-B4C5-C36575434FC9-2014_07_22} /version=1.1.0.13 /Override=0 /regAppName=pennybee /curSID=S-1-5-21-2664929658-1551457082-1331067265-1002 /logf=C:\Users\Conrad\AppData\Local\10040007_loger_23_07_10_50_34_538432491.txt /mac=B888E3F8D88C /tst=none /ts2=1
S2 wpennybeed; "C:\PROGRA~3\pennybee\wpennybeed.exe" -scm [X]
2014-07-22 08:26 - 2014-07-22 08:26 - 00003332 _____ () C:\Windows\System32\Tasks\ASP
2014-07-22 08:26 - 2014-07-22 08:26 - 00000000 ____D () C:\Users\Conrad\AppData\Roaming\unpacked19019
2014-07-22 08:26 - 2014-07-22 08:26 - 00000000 ____D () C:\Users\Conrad\AppData\Local\tmp19013
2014-07-22 08:26 - 2014-07-22 08:26 - 00000000 ____D () C:\Program Files (x86)\RCP
2014-07-22 08:26 - 2014-07-22 08:26 - 00000000 ____D () C:\Program Files (x86)\ASP
2014-07-22 08:25 - 2014-07-22 08:25 - 00680280 _____ ( ) C:\Users\Conrad\Downloads\ZipSetup.exe
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.




Frisches FRST log bitte.

Gesperrt bedeutet verschlüsselt? Dann keine Chance.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 25.07.2014, 08:17   #9
darnoc861
 
BKA Trojaner und was nun? - Standard

BKA Trojaner und was nun?



Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 24-07-2014
Ran by Conrad at 2014-07-25 09:16:00 Run:1
Running from C:\Users\Conrad\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
C:\Program Files (x86)\ASP
S2 pennybee; "C:\PROGRA~3\pennybee\pennybee.exe" /task=4 /InstallOn=0 /closebr=0 /active=24 /update=24 /interval=2880 /pubId=1004 /affId=10040007 /appId=116 /uId={82680281-2142-43EC-B4C5-C36575434FC9-2014_07_22} /version=1.1.0.13 /Override=0 /regAppName=pennybee /curSID=S-1-5-21-2664929658-1551457082-1331067265-1002 /logf=C:\Users\Conrad\AppData\Local\10040007_loger_23_07_10_50_34_538432491.txt /mac=B888E3F8D88C /tst=none /ts2=1
S2 wpennybeed; "C:\PROGRA~3\pennybee\wpennybeed.exe" -scm [X]
2014-07-22 08:26 - 2014-07-22 08:26 - 00003332 _____ () C:\Windows\System32\Tasks\ASP
2014-07-22 08:26 - 2014-07-22 08:26 - 00000000 ____D () C:\Users\Conrad\AppData\Roaming\unpacked19019
2014-07-22 08:26 - 2014-07-22 08:26 - 00000000 ____D () C:\Users\Conrad\AppData\Local\tmp19013
2014-07-22 08:26 - 2014-07-22 08:26 - 00000000 ____D () C:\Program Files (x86)\RCP
2014-07-22 08:26 - 2014-07-22 08:26 - 00000000 ____D () C:\Program Files (x86)\ASP
2014-07-22 08:25 - 2014-07-22 08:25 - 00680280 _____ ( ) C:\Users\Conrad\Downloads\ZipSetup.exe
*****************

C:\Program Files (x86)\ASP => Moved successfully.
pennybee => Service deleted successfully.
wpennybeed => Service deleted successfully.
C:\Windows\System32\Tasks\ASP => Moved successfully.
C:\Users\Conrad\AppData\Roaming\unpacked19019 => Moved successfully.
C:\Users\Conrad\AppData\Local\tmp19013 => Moved successfully.
C:\Program Files (x86)\RCP => Moved successfully.
"C:\Program Files (x86)\ASP" => File/Directory not found.
C:\Users\Conrad\Downloads\ZipSetup.exe => Moved successfully.

==== End of Fixlog ====
         

ja gesperrt ist verschlüsselt, selbst die Dropbox is befallen, das sind Schweine!

Alt 25.07.2014, 17:45   #10
schrauber
/// the machine
/// TB-Ausbilder
 

BKA Trojaner und was nun? - Standard

BKA Trojaner und was nun?



Joah, wenn Du die gängigen Entschlüsselungstools versucht hast und die Schattenkopien kannste da leider nix machen.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu BKA Trojaner und was nun?
bka trojaner, msil/advancedsystemprotector.b, pennybee, pup.optional.conduit.a, pup.optional.installcore.a, pup.optional.mysearchdial.a, pup.optional.opencandy, pup.optional.regcleanerpro.a, pup.optional.regcleanerpro.j, pup.optional.regcleanpro.a, pup.optional.rocketfind.a, pup.optional.somoto.a, pup.optional.systemspeedup, pup.optional.updater.a, win32/bundled.toolbar.google.d, win32/installcore.pc, win32/installcore.pk



Zum Thema BKA Trojaner und was nun? - Hallo Liebe Leute habe mir offenbar auch einen BKA Trojaner eingefangen. Ich poste hier mal gleich um die Sache abzukürzen die Logfiles die benötigt werden. Wäre wirklich schön wenn mir - BKA Trojaner und was nun?...
Archiv
Du betrachtest: BKA Trojaner und was nun? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.