Jump to content

Help needed with Malware.Trace and PUP.Optional infections


Recommended Posts

Hello,

 

Malwarebytes found a bunch of different PUP.Optional and a Malware.Trace infection on my computer. I have not yet tried to delete them, as Malwarebytes by default only checks the box next to the Malware.Trace infection.

 

The DDS log is

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 11.0.9600.16428  BrowserJavaVersion: 10.45.2
Run by KB at 23:31:38 on 2014-01-02
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.2520.849 [GMT 1:00]
.
AV: avast! Internet Security *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Internet Security *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Internet Security *Disabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\ibmpmsvc.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\system32\atieclxx.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Program Files\AVAST Software\Avast\afwServ.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\FortiSSLVPNdaemon.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\StatSoft\STATISTICA Version Manager\rgSTr.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
C:\Program Files\Lenovo\Access Connections\AcSvc.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe
C:\Program Files\LENOVO\HOTKEY\tposdsvc.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\TpShocks.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
C:\PROGRA~1\ThinkPad\UTILIT~1\SCHTASK.exe
C:\Users\KB_2\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Lenovo\Access Connections\SvcGuiHlpr.exe
C:\Program Files\Personal\bin\Personal.exe
C:\Users\KB_2\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\vssvc.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k HsfXAudioService
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\System32\svchost.exe -k swprv
.
============== Pseudo HJT Report ===============
.
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office14\GROOVEEX.DLL
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: avast! Online Security: {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [sony PC Companion] "c:\program files\sony\sony pc companion\PCCompanion.exe" /Background
uRun: [Amazon Cloud Player] "c:\users\kb\appdata\local\amazon cloud player\Amazon Music Helper.exe"
uRun: [AmazonMP3DownloaderHelper] c:\users\kb\appdata\local\program files\amazon\mp3 downloader\AmazonMP3DownloaderHelper.exe
mRun: [igfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [AcWin7Hlpr] c:\program files\lenovo\access connections\AcTBenabler.exe
mRun: [TpShocks] TpShocks.exe
mRun: [PWMTRV] rundll32 c:\progra~1\thinkpad\utilit~1\PWMTR32V.DLL,PwrMgrBkGndMonitor
mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [iAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [tsnp2uvc] c:\windows\tsnp2uvc.exe
mRun: [LENOVO.TPKNRRES] c:\program files\lenovo\communications utility\TPKNRRES.exe
mRun: [bCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [switchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [AdobeCS5.5ServiceManager] "c:\program files\common files\adobe\cs5.5servicemanager\CS5.5ServiceManager.exe" -launchedbylogin
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 10.0\acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 10.0\acrobat\Acrotray.exe"
mRun: [smartAudio] c:\program files\conexant\saii\SAIICpl.exe /t
mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [AvastUI.exe] "c:\program files\avast software\avast\AvastUI.exe" /nogui
mRunOnce: [MSPCLOCK] rundll32.exe streamci,StreamingDeviceSetup {97ebaacc-95bd-11d0-a3ea-00a0c9223196},{53172480-4791-11D0-A5D6-28DB04C10000},{53172480-4791-11D0-A5D6-28DB04C10000}
mRunOnce: [MSPQM] rundll32.exe streamci,StreamingDeviceSetup {DDF4358E-BB2C-11D0-A42F-00A0C9223196},{97EBAACB-95BD-11D0-A3EA-00A0C9223196},{97EBAACB-95BD-11D0-A3EA-00A0C9223196}
mRunOnce: [MSKSSRV] rundll32.exe streamci,StreamingDeviceSetup {96E080C7-143C-11D1-B40F-00A0C9223196},{3C0D501A-140B-11D1-B40F-00A0C9223196},{3C0D501A-140B-11D1-B40F-00A0C9223196}
mRunOnce: [MSTEE.CxTransform] rundll32.exe streamci,StreamingDeviceSetup {cfd669f1-9bc2-11d0-8299-0000f822fe8a},{CF1DDA2C-9743-11D0-A3EE-00A0C9223196},{CF1DDA2C-9743-11D0-A3EE-00A0C9223196},c:\windows\inf\ksfilter.inf,MSTEE.Interface.Install
mRunOnce: [MSTEE.Splitter] rundll32.exe streamci,StreamingDeviceSetup {cfd669f1-9bc2-11d0-8299-0000f822fe8a},{0A4252A0-7E70-11D0-A5D6-28DB04C10000},{0A4252A0-7E70-11D0-A5D6-28DB04C10000},c:\windows\inf\ksfilter.inf,MSTEE.Interface.Install
mRunOnce: [WDM_DRMKAUD] rundll32.exe streamci,StreamingDeviceSetup {EEC12DB6-AD9C-4168-8658-B03DAEF417FE},{ABD61E00-9350-47e2-A632-4438B90C6641},{FFBB6E3F-CCFE-4D84-90D9-421418B03A8E},c:\windows\inf\WDMAUDIO.inf,WDM_DRMKAUD.Interface.Install
mRunOnce: [20131224] c:\program files\avast software\avast\setup\emupdate\6e751c7a-6b4e-4e54-82d9-24668a091bda.exe /check
mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\bankid~1.lnk - c:\program files\personal\bin\Personal.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: DisallowCpl = dword:1
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: DisableCAD = dword:1
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
TCP: NameServer = 192.168.0.1 192.168.0.2
TCP: Interfaces\{25445451-E335-4ADB-8698-95422E3566B8} : DHCPNameServer = 192.168.0.1 192.168.0.2
TCP: Interfaces\{25445451-E335-4ADB-8698-95422E3566B8}\354756E637F6666616 : DHCPNameServer = 195.67.199.39 195.67.199.40
TCP: Interfaces\{25445451-E335-4ADB-8698-95422E3566B8}\64259445A51224F687 : DHCPNameServer = 192.168.178.1
TCP: Interfaces\{25445451-E335-4ADB-8698-95422E3566B8}\7596C6C656D63786F6566756 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{25445451-E335-4ADB-8698-95422E3566B8}\75C414E4D2030323436454147344447363 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{25445451-E335-4ADB-8698-95422E3566B8}\A55424 : DHCPNameServer = 192.168.201.1
TCP: Interfaces\{25445451-E335-4ADB-8698-95422E3566B8}\E494F4F4D2751474 : DHCPNameServer = 10.128.20.45 10.128.20.44
TCP: Interfaces\{E9623EF3-A578-421D-8916-7B22E88C7338} : DHCPNameServer = 130.235.63.228 130.235.63.232
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs=  
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL
LSA: Notification Packages =  scecli ACGina
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\31.0.1650.63\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\kb\appdata\roaming\mozilla\firefox\profiles\pqsrjkp4.default\
FF - plugin: c:\progra~1\micros~1\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~1\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\acrobat 10.0\acrobat\air\nppdf32.dll
FF - plugin: c:\program files\common files\adobe\oobe\pdapp\ccm\utilities\npAdobeAAMDetect32.dll
FF - plugin: c:\program files\common files\adobe\oobe\pdapp\ccm\utilities\npAdobeAAMDetect64.dll
FF - plugin: c:\program files\fortinet\sslvpnclient\npccplugin.dll
FF - plugin: c:\program files\fortinet\sslvpnclient\nptcplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.165\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\personal\bin\np_prsnl.dll
FF - plugin: c:\program files\sony\media go\npmediago.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_9_900_117.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [2013-3-15 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [2013-3-15 180248]
R0 DozeHDD;DozeHDD;c:\windows\system32\drivers\DOZEHDD.SYS [2013-1-12 25416]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2012-9-6 20328]
R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [2013-1-12 26136]
R1 aswNdisFlt;Avast! Firewall Driver;c:\windows\system32\drivers\aswNdisFlt.sys [2013-3-15 264560]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2013-1-12 775952]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswsp.sys [2013-1-12 410528]
R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [2013-1-12 13680]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2013-1-12 176128]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-1-12 67824]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2013-12-21 50344]
R2 avast! Firewall;avast! Firewall;c:\program files\avast software\avast\afwServ.exe [2013-12-21 113704]
R2 FortiSslvpnDaemon;FortiClient SSLVPN;c:\windows\system32\FortiSSLVPNdaemon.exe [2011-10-14 830056]
R2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe -k HsfXAudioService [2009-7-14 20992]
R2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\lenovo\communications utility\CamMute.exe [2013-1-12 43584]
R2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\lenovo\communications utility\TPKNRSVC.exe [2013-1-12 62016]
R2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\lenovo\virtscrl\lvvsst.exe [2013-1-12 127336]
R2 STATISTICA Version Manager;STATISTICA Version Manager;c:\program files\statsoft\statistica version manager\rgSTr.exe [2013-11-19 18944]
R2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\lenovo\hotkey\tphkload.exe [2013-1-12 131432]
R2 TPHKSVC;Anzeige am Bildschirm;c:\program files\lenovo\hotkey\TPHKSVC.exe [2013-1-12 142696]
R2 ZeroConfigService;Intel® PROSet/Wireless Zero Configuration Service;c:\program files\intel\wifi\bin\ZeroConfigService.exe [2012-6-25 2759984]
R3 ATSwpWDF;AuthenTec TruePrint WBF Driver;c:\windows\system32\drivers\ATSwpWDF.sys [2012-8-30 969192]
R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y6232.sys [2013-1-12 223960]
R3 intelkmd;intelkmd;c:\windows\system32\drivers\igdpmd32.sys [2013-1-12 9037312]
R3 LenovoRd;LenovoRd;c:\windows\system32\drivers\LenovoRd.sys [2009-5-11 88832]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2014-1-2 40776]
R3 NETwNs32;___ Intel® Wireless WiFi Link der Serie 5000 Adaptertreiber für Windows 7 32-Bit;c:\windows\system32\drivers\NETwNs32.sys [2012-1-23 7523840]
R3 pppop;PPPoP WAN Adapter;c:\windows\system32\drivers\pppop.sys [2009-7-21 36384]
R3 SmbDrvI;SmbDrvI;c:\windows\system32\drivers\Smb_driver_Intel.sys [2013-1-12 38200]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [2011-5-30 37432]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\lenovo\hotkey\micmute.exe [2013-1-12 101736]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-1-8 161536]
S3 aswStm;aswStm;c:\windows\system32\drivers\aswstm.sys [2013-12-21 64168]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2013-1-12 45736]
S3 DozeSvc;Lenovo Doze Mode Service;c:\program files\thinkpad\utilities\DOZESVC.EXE [2013-1-12 280640]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2013-6-29 12400]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\ieetwcollector.exe [2013-12-12 108032]
S3 netw5v32;Intel® Wireless WiFi Link 5000-Serie - Adaptertreiber für Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]
S3 Power Manager DBC Service;Power Manager DBC Service;c:\program files\thinkpad\utilities\PWMDBSVC.exe [2013-1-12 1666112]
S3 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files\thinkpad\utilities\PWMEWSVC.exe [2013-1-12 1665088]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2013-1-12 14848]
S3 Sony PC Companion;Sony PC Companion;c:\program files\sony\sony pc companion\PCCService.exe [2013-6-29 155824]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]
S3 StorSvc;Speicherdienst;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]
S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 Tdsshbecr;Handelsbanken card reader;c:\windows\system32\drivers\shbecr.sys [2008-9-23 42368]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2013-1-12 49664]
S3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\wat\WatAdminSvc.exe [2013-1-12 1343400]
.
=============== Created Last 30 ================
.
2014-01-02 16:51:47    40776    ----a-w-    c:\windows\system32\drivers\mbamswissarmy.sys
2014-01-02 16:51:46    --------    d-----w-    c:\users\kb\appdata\roaming\Malwarebytes
2014-01-02 16:51:34    --------    d-----w-    c:\programdata\Malwarebytes
2014-01-02 16:51:31    22856    ----a-w-    c:\windows\system32\drivers\mbam.sys
2014-01-02 16:51:31    --------    d-----w-    c:\program files\Malwarebytes' Anti-Malware
2014-01-02 06:53:53    7760024    ----a-w-    c:\programdata\microsoft\windows defender\definition updates\{52a91d32-7058-4022-ad72-efd256ebfc68}\mpengine.dll
2013-12-21 07:19:49    64168    ----a-w-    c:\windows\system32\drivers\aswstm.sys
2013-12-19 17:04:07    --------    d-----w-    c:\users\kb\appdata\local\Program Files
2013-12-19 16:41:29    --------    d-----w-    c:\users\kb\appdata\local\Amazon Cloud Player
2013-12-19 11:08:55    --------    d-----w-    c:\program files\QGIS Dufour
2013-12-12 00:37:15    12625408    ----a-w-    c:\windows\system32\wmploc.DLL
2013-12-12 00:37:14    164864    ----a-w-    c:\program files\windows media player\wmplayer.exe
2013-12-11 13:14:23    301568    ----a-w-    c:\windows\system32\msieftp.dll
2013-12-11 13:14:22    159232    ----a-w-    c:\windows\system32\imagehlp.dll
2013-12-11 13:14:21    163840    ----a-w-    c:\windows\system32\scrrun.dll
2013-12-11 13:14:21    141824    ----a-w-    c:\windows\system32\wscript.exe
2013-12-11 13:14:21    126976    ----a-w-    c:\windows\system32\cscript.exe
2013-12-11 13:14:21    121856    ----a-w-    c:\windows\system32\wshom.ocx
2013-12-11 13:14:20    417792    ----a-w-    c:\windows\system32\WMPhoto.dll
2013-12-11 13:14:18    2048    ----a-w-    c:\windows\system32\tzres.dll
2013-12-11 13:14:15    81408    ----a-w-    c:\windows\system32\drivers\drmk.sys
2013-12-11 13:14:15    2349056    ----a-w-    c:\windows\system32\win32k.sys
2013-12-11 13:14:15    177152    ----a-w-    c:\windows\system32\drivers\portcls.sys
2013-12-05 08:51:30    --------    d-----w-    c:\program files\SADIE Analysis
2013-12-05 08:39:05    --------    d-----w-    c:\program files\TumblRipper
.
==================== Find3M  ====================
.
2013-12-21 07:19:29    775952    ----a-w-    c:\windows\system32\drivers\aswSnx.sys
2013-12-21 07:19:29    67824    ----a-w-    c:\windows\system32\drivers\aswMonFlt.sys
2013-12-21 07:19:29    43152    ----a-w-    c:\windows\avastSS.scr
2013-12-21 07:19:29    180248    ----a-w-    c:\windows\system32\drivers\aswVmm.sys
2013-12-21 07:19:16    264560    ----a-w-    c:\windows\system32\drivers\aswNdisFlt.sys
2013-12-15 10:30:38    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-12-15 10:30:38    692616    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-12-11 16:36:39    204    ----a-w-    c:\windows\system32\yqge91v.dll
2013-12-11 16:36:39    100    ----a-w-    c:\windows\system32\prsgrc.dll
2013-11-26 09:23:02    2724864    ----a-w-    c:\windows\system32\mshtml.tlb
2013-11-26 09:22:11    4096    ----a-w-    c:\windows\system32\ieetwcollectorres.dll
2013-11-26 08:53:56    61952    ----a-w-    c:\windows\system32\iesetup.dll
2013-11-26 08:52:26    51200    ----a-w-    c:\windows\system32\ieetwproxystub.dll
2013-11-26 08:29:55    112128    ----a-w-    c:\windows\system32\ieUnatt.exe
2013-11-26 08:29:52    108032    ----a-w-    c:\windows\system32\ieetwcollector.exe
2013-11-26 08:28:16    553472    ----a-w-    c:\windows\system32\jscript9diag.dll
2013-11-26 08:16:12    4243968    ----a-w-    c:\windows\system32\jscript9.dll
2013-11-26 07:32:06    1928192    ----a-w-    c:\windows\system32\inetcpl.cpl
2013-11-26 06:33:33    1820160    ----a-w-    c:\windows\system32\wininet.dll
2013-11-19 02:33:38    230048    ------w-    c:\windows\system32\MpSigStub.exe
2013-10-24 07:00:05    79720    ----a-w-    c:\windows\system32\drivers\aswRdr2.sys
2013-10-24 07:00:05    49944    ----a-w-    c:\windows\system32\drivers\aswRvrt.sys
2013-10-24 06:59:51    26136    ----a-w-    c:\windows\system32\drivers\aswKbd.sys
2013-10-14 17:41:58    204784    ----a-w-    c:\windows\system32\drivers\aswNdis2.sys
2013-10-14 17:41:58    104752    ----a-w-    c:\windows\system32\drivers\aswFW.sys
2013-10-12 02:03:08    656896    ----a-w-    c:\windows\system32\nshwfp.dll
2013-10-12 02:01:41    679424    ----a-w-    c:\windows\system32\IKEEXT.DLL
2013-10-12 02:01:25    216576    ----a-w-    c:\windows\system32\FWPUCLNT.DLL
2013-10-08 05:50:41    94632    ----a-w-    c:\windows\system32\WindowsAccessBridge.dll
2013-10-05 19:57:25    1168384    ----a-w-    c:\windows\system32\crypt32.dll
.
=================== ROOTKIT  ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.1.7601 Disk: ST950042 rev.0003 -> Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: >>UNKNOWN [0x82E17000]<< >>UNKNOWN [0x8A5C3000]<< >>UNKNOWN [0x8A5B2000]<< >>UNKNOWN [0x89EBA000]<< >>UNKNOWN [0x8322A000]<< >>UNKNOWN [0x8A01C000]<<
_asm { DEC EBP; POP EDX; NOP ; ADD [EBX], AL; ADD [EAX], AL; ADD [EAX+EAX], AL; ADD [EAX], AL;  }
1 ntkrnlpa!IofCallDriver[0x82E4DBBA] -> \Device\Harddisk0\DR0[0x86944030]
\Driver\Disk[0x86943E60] -> IRP_MJ_CREATE -> 0x8A5C739F
3 [0x8A5C759E] -> ntkrnlpa!IofCallDriver[0x82E4DBBA] -> [0x85EF5100]
\Driver\ACPI[0x85198E58] -> IRP_MJ_CREATE -> 0x89EC34CC
5 [0x89EC33D4] -> ntkrnlpa!IofCallDriver[0x82E4DBBA] -> \Device\Ide\IAAStorageDevice-1[0x85F44028]
\Driver\iaStor[0x85EF5D08] -> IRP_MJ_CREATE -> 0x8A060954
kernel: MBR read successfully
_asm { JMP 0x10;  }
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 23:31:51,09 ===============
 

 

The Attach.txt is

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 12.01.2013 16:33:56
System Uptime: 02.01.2014 10:29:04 (13 hours ago)
.
Motherboard: LENOVO |  | 2786W3C
Processor: Intel® Core2 Duo CPU     T6670  @ 2.20GHz | None | 2201/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 146 GiB total, 70,224 GiB free.
D: is FIXED (NTFS) - 319 GiB total, 256,136 GiB free.
E: is CDROM ()
F: is FIXED (NTFS) - 931 GiB total, 312,412 GiB free.
J: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: WD SES Device USB Device
Device ID: USBSTOR\OTHER&VEN_WD&PROD_SES_DEVICE&REV_1003\575836314132314135373034&1
Manufacturer:
Name: WD SES Device USB Device
PNP Device ID: USBSTOR\OTHER&VEN_WD&PROD_SES_DEVICE&REV_1003\575836314132314135373034&1
Service:
.
==== System Restore Points ===================
.
RP178: 17.12.2013 07:55:04 - Windows Update
RP179: 20.12.2013 09:16:56 - Windows Update
RP181: 21.12.2013 08:17:18 - avast! antivirus system restore point
RP182: 21.12.2013 08:20:02 - Gerätetreiber-Paketinstallation: Avast Netzwerkdienst
RP183: 23.12.2013 09:32:29 - Windows-Sicherung
RP184: 24.12.2013 09:22:35 - Windows Update
RP185: 27.12.2013 09:34:02 - Windows Update
RP186: 02.01.2014 07:53:28 - Windows Update
RP187: 02.01.2014 07:57:03 - Windows-Sicherung
.
==== Installed Programs ======================
.
7-Zip 9.20
Access Help
Adobe Acrobat X Pro - English, Français, Deutsch
Adobe AIR
Adobe Community Help
Adobe Content Viewer
Adobe Creative Suite 5.5 Design Standard
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Amazon Cloud Player
Amazon MP3-Downloader 1.0.18
Anzeige am Bildschirm
ATI Catalyst Install Manager
ATI Uninstaller
avast! Internet Security
BankID Security Application
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Dutch
CCC Help English
CCC Help French
CCC Help German
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Portuguese
CCC Help Spanish
CCC Help Swedish
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Citavi
Civilization III Complete Edition
Civilization III v1.29f
Comprehensive Meta Analysis Version 2
Conexant 20561 SmartAudio HD
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dienstprogramm "ThinkPad UltraNav"
Energie-Manager
FortiClient SSLVPN v4.0.2148
Google Chrome
Google Update Helper
GPS TrackMaker
Integrated Camera
Intel PROSet Wireless
Intel® Management Engine Interface
Intel® Network Connections Drivers
Intel® Matrix Storage Manager
Intel® PROSet/Wireless WiFi-Software
InterVideo Register Manager
InterVideo WinDVD
IrfanView (remove only)
IsoSource
Java 7 Update 45
Java Auto Updater
Lenovo Auto Scroll Utility
Lenovo Patch Utility
Lenovo Power Management Driver
Lenovo System Interface Driver
Lenovo System Update
Malwarebytes Anti-Malware Version 1.75.0.1300
Map of Europe
Media Go
Media Go Video Playback Engine 1.116.107.02030
Mendeley Desktop 1.8.3
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile DEU Language Pack
Microsoft Office Access MUI (English) 2010
Microsoft Office Access MUI (German) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Excel MUI (German) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office Groove MUI (German) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office InfoPath MUI (German) 2010
Microsoft Office Language Pack 2010 - German/Deutsch
Microsoft Office O MUI (German) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office OneNote MUI (German) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office Outlook MUI (German) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office PowerPoint MUI (German) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (German) 2010
Microsoft Office Proof (Italian) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Proofing (German) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Publisher MUI (German) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared MUI (German) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office SharePoint Designer MUI (German) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Office Word MUI (German) 2010
Microsoft Office X MUI (German) 2010
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFCLOC_x86
Mozilla Firefox 26.0 (x86 de)
Mozilla Maintenance Service
Mozilla Thunderbird 17.0.3 (x86 de)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MyPhoneExplorer
PASSaGE 2
PDF Settings CS5
PlayStation®Store
PRIMER 6
ProCite 5
PX Profile Update
Python 2.7 scipy-0.11.0
Python 2.7.3
QGIS Dufour 2.0.1 Dufour
R for Windows 2.15.2
R for Windows 2.15.3
R for Windows 3.0.2
Rescue and Recovery
RnR Sysprep Patch
SAM
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Security Update for Microsoft Excel 2010 (KB2826033) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553284) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2760781) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2826023) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2826035) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2850016) 32-Bit Edition
Security Update for Microsoft Outlook 2010 (KB2837597) 32-Bit Edition
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition
Service Pack 2 for Microsoft Office 2010 Language Pack (KB2687449) 32-Bit Edition
SigmaPlot 10.0.1
Skype™ 6.1
Sony Ericsson Update Engine
Sony PC Companion 2.10.174
STATISTICA 10.0.1011.4
STATISTICA 6
STATISTICA Version Manager
STATNOVAPDF (novaPDF 7.4 printer)
SyncBackFree
ThinkPad FullScreen Magnifier
ThinkPad Modem Adapter
ThinkPad UltraNav Driver
ThinkPad Wireless LAN Adapter Software
ThinkVantage Access Connections
ThinkVantage Communications Utility
ThinkVantage System für aktiven Festplattenschutz
TumblRipper
Uninstall N_AShell v 1.0
Uninstall SADIEShell v 2.0
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition
Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition
Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition
VLC media player 2.0.8
Windows Driver Package - Broadcom (BTHUSB) Bluetooth  (04/08/2010 6.3.5.430)
Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800)
WinRAR 4.20 (32-Bit)
.
==== End Of File ===========================
 

 

I am grateful for any help and a happy new year.

Link to post
Share on other sites

Hello and post-32477-1261866970.gif
 
P2P/Piracy Warning:
 
 

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.
Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.
If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 
Next,
 
Step 1
 
Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Clean.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner\AdwCleaner[s0].txt as well.

Step 2
 
Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Step 3
 
Download Zoek (By Smeenk) and save that file to your Desktop.
http://www.hijackthi...220813/zoek.zip
 
Double click zip file and extract to your  Desktop:
 
Select these lines inside CODE, right click on the selection and choose Copy.
 

autoclean;emptyclsid;torpigcheck;shortcutfix;standardsearch;

 
Right click on any white part of Zoek and select the paste option.
 
Click the button [Run Script]
 
Wait for the scan. At the end of the report will be generated C: \ zoek-results.txt
 
Copy your content and post in your next response.
 
NOTE1: If Zoek find files that you can not remove, you may have to restart your PC. Do this immediately, when asked whether to restart the PC.
 
NOTE2: This script has been prepared only for this computer, according to the files and keys present.

Link to post
Share on other sites

Dear CalrosTurco,

 

many thanks for helping me, your guidance is really appreciated. Here are the three log files

 

# AdwCleaner v3.016 - Bericht erstellt am 04/01/2014 um 18:45:32
# Aktualisiert 23/12/2013 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (32 bits)
# Benutzername : KB - KB-PC
# Gestartet von : C:\Users\KB_2\Desktop\AdwCleaner.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\Program Files\MyPC Backup
Ordner Gelöscht : C:\Users\KB\Documents\optimizer pro

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\S
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{4C836512-BB70-11D2-A5A7-00105A9C91C6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{DB797690-40E0-11D2-9BD5-0060082AE372}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{DB797681-40E0-11D2-9BD5-0060082AE372}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKCU\Software\UpdateStar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Schlüssel Gelöscht : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.16428


-\\ Mozilla Firefox v26.0 (de)

[ Datei : C:\Users\KB\AppData\Roaming\Mozilla\Firefox\Profiles\pqsrjkp4.default\prefs.js ]


[ Datei : C:\Users\KB_2\AppData\Roaming\Mozilla\Firefox\Profiles\oxre5vxf.default\prefs.js ]


-\\ Google Chrome v31.0.1650.63

[ Datei : C:\Users\KB\AppData\Local\Google\Chrome\User Data\Default\preferences ]


[ Datei : C:\Users\KB_2\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [2649 octets] - [04/01/2014 18:42:50]
AdwCleaner[s0].txt - [2576 octets] - [04/01/2014 18:45:32]

########## EOF - \AdwCleaner\AdwCleaner[s0].txt - [2636 octets] ##########
 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.9 (01.01.2014:1)
OS: Windows 7 Professional x86
Ran by KB on 04.01.2014 at 18:52:57,98
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 04.01.2014 at 18:56:01,94
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

Zoek.exe v5.0.0.0 Updated 04-Januari-2014
Tool run by KB on 04.01.2014 at 19:08:20,81.
Microsoft Windows 7 Professional  6.1.7601 Service Pack 1 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\KB\Desktop\zoek.exe [scan all users] [script inserted]

==== System Restore Info ======================

04.01.2014 19:10:08 Zoek.exe System Restore Point Created Succesfully.

==== Torpig Check ======================

HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\FileSystem {217FC9C0-3AEA-1069-A2DB-08002B30309D} %SystemRoot%\system32\shell32.dll
HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\Sharing {40dd6e20-7c17-11ce-a804-00aa003ca9f6} %SystemRoot%\system32\ntshrui.dll


==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================

HKEY_USERS\S-1-5-21-1101163928-3596118184-1829798094-1000\Software\Mozilla\Firefox\Extensions\{FCF36B88-1BBA-487f-B64B-D2E8980A9293} deleted successfully

==== Running Processes ======================

C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\ibmpmsvc.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\system32\atieclxx.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Program Files\AVAST Software\Avast\afwServ.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\FortiSSLVPNdaemon.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\StatSoft\STATISTICA Version Manager\rgSTr.exe
C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
C:\Program Files\Lenovo\Access Connections\AcSvc.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe
C:\Program Files\LENOVO\HOTKEY\tposdsvc.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\TpShocks.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
C:\Users\KB_2\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
C:\Program Files\Personal\bin\Personal.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\SCHTASK.exe
C:\Users\KB_2\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Lenovo\Access Connections\SvcGuiHlpr.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\Windows\explorer.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe
C:\Program Files\LENOVO\HOTKEY\tposdsvc.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Windows\system32\taskeng.exe
C:\Users\KB\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\TpShocks.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Personal\bin\Personal.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\SCHTASK.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe
C:\Program Files\Sony\Sony PC Companion\PCCompanionInfo.exe
C:\Program Files\Sony\Sony PC Companion\PCCService.exe
C:\Windows\explorer.exe
C:\Users\KB\Desktop\zoek.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k HsfXAudioService
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k SDRSVC

==== Deleting Services ======================


==== FireFox Fix ======================

ProfilePath: C:\Users\KB\AppData\Roaming\Mozilla\Firefox\Profiles\pqsrjkp4.default

user.js not found
---- FireFox user.js and prefs.js backups ----

prefs__1919_.backup

ProfilePath: C:\Users\KB_2\AppData\Roaming\Mozilla\Firefox\Profiles\oxre5vxf.default

user.js not found
---- Lines ask.com removed from prefs.js ----
user_pref("weboftrust.search.ask.display", "Ask.com Web Search");
---- FireFox user.js and prefs.js backups ----

prefs__1919_.backup

==== Deleting Files \ Folders ======================

C:\Users\KB_2\.android deleted
C:\found.000 deleted

==== System Specs ======================

Windows: Windows 7 Professional Edition Service Pack 1 (Build 7601)
Memory (RAM): 2521 MB
CPU Info: Intel® Core2 Duo CPU     T6670  @ 2.20GHz
CPU Speed: 2059,9 MHz
Sound Card: Lautsprecher (Conexant 20561 Sm |
SPDIF-Schnittstelle (Conexant 2 |
Display Adapters: Mobile Intel® 4 Series Express Chipset Family | Mobile Intel® 4 Series Express Chipset Family | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver
Monitors: 2x; PnP-Monitor (Standard) | Lenovo L2251pwD(Analog) |
Screen Resolution: 1680 X 1050 - 32 bit
Network: Network Present
Network Adapters: Intel® 82567LM Gigabit Network Connection | Intel® WiFi Link 5100 AGN | Microsoft Virtual WiFi Miniport Adapter
CD / DVD Drives: 1x (E: | ) E: HL-DT-STDVDRAM GT30N
Ports: COM3 LPT Port NOT Present.
Mouse: 5 Button Wheel Mouse Present
Hard Disks: C:  146,4GB | D:  319,3GB | F:  931,5GB | G:  931,5GB
Hard Disks - Free: C:  70,9GB | D:  256,1GB | F:  312,4GB | G:  298,5GB
Manufacturer *: LENOVO
BIOS Info: AT/AT COMPATIBLE | 10/17/12 | LENOVO - 3240
Time Zone: Mitteleuropäische Zeit
Motherboard *: LENOVO 2786W3C
Country: Deutschland
Language: DEU

==== System Specs (Software) ======================

Anti-Virus: avast! Internet Security On-access scanning disabled (Outdated)
Anti-Spyware: Windows Defender disabled (Outdated)
Anti-Spyware: avast! Internet Security disabled (Outdated)
Firewall: avast! Internet Security disabled
Default Browser: Firefox    26.0
Internet Explorer Version: 11.0.9600.16476
Mozilla Firefox version: 26.0 (x86 de)
Google Chrome version: 31.0.1650.63
Sun Java version: 1.7.0_45 (32-bit)
Flash Player version: 11.9.900.170

==== Files Recently Created / Modified ======================

====== C:\Windows ====
====== C:\Users\KB\AppData\Local\Temp ====
2014-01-04 18:00:51    B0900C9BD9166147E1A9CD4567FE595F    20208024    ----a-w-    C:\Users\KB\AppData\Local\Temp\Sony\Sony PC Companion\AutoUpdate\Sony PC Companion_2.10.181_NetStorage.exe
2014-01-04 17:52:47    2E0323A94915FAAB10A25F3BABF82584    157696    ----a-w-    C:\Users\KB\AppData\Local\Temp\jrt\erunt\ERUNT.EXE
====== Java Cache =====
2013-12-06 10:54:43    09960FC30A5ECA359B9BFE58B42D4468    201144    ----a-w-    C:\Users\KB_2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14\a75810e-75a3fa84-1.6.2.15-
2013-12-19 08:46:20    37C8AC49B270F6AB8A52BB2E6737B869    92    ----a-w-    C:\Users\KB_2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22\6640c556-6.0.lap
2013-12-19 08:46:26    A312DE2E92CC31D48B86E7FC3F30CCBC    24876    ----a-w-    C:\Users\KB_2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38\2fb889a6-427a1351
2013-12-06 10:54:38    C433C3F707A25CB33D2808FD5E23F560    101    ----a-w-    C:\Users\KB_2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38\31131fe6-6.0.lap
2013-12-19 08:46:23    8362FAE07B26F529EF36660E34821C93    183791    ----a-w-    C:\Users\KB_2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47\7b32e2af-161653d7
====== C:\Windows\system32 =====
2014-01-02 19:08:43    E9837BF503B480C45D88559D8F210F87    1542    ----a-w-    C:\Windows\System32\Energie1.ini
====== C:\Windows\system32\drivers =====
2014-01-02 16:51:31    4470E3C1E0C3378E4CAB137893C12C3A    22856    ----a-w-    C:\Windows\System32\drivers\mbam.sys
2013-12-21 07:19:49    37A6A39C1792BA961EE6172A0F3CA236    64168    ----a-w-    C:\Windows\System32\drivers\aswstm.sys
2013-12-11 13:14:15    EB6137D696A9B4E9718AC6F8641CB4C9    177152    ----a-w-    C:\Windows\System32\drivers\portcls.sys
2013-12-11 13:14:15    9842041E2F5ACE1E2F5FB4EF02053DC8    81408    ----a-w-    C:\Windows\System32\drivers\drmk.sys
====== C:\Windows\Tasks ======
2013-12-19 16:41:36    B19654C4AF19EE85B4F9B2B367EE0EEE    1592    ----a-w-    C:\Windows\system32\Tasks\Amazon Music Helper
2013-12-15 09:48:10    22A68FBCA39473FF24AE600EC91163DC    3822    ----a-w-    C:\Windows\system32\Tasks\Adobe Flash Player Updater
2013-12-15 09:48:10    1E1D345F0DF8174CC27684BD7ABC6D0F    884    ----a-w-    C:\Windows\Tasks\Adobe Flash Player Updater.job
====== C:\Windows\Temp ======
======= C:\Program Files =====
2013-12-19 11:08:55    --------    d-----w-    C:\Program Files\QGIS Dufour
======= C: =====
====== C:\Users\KB\AppData\Roaming ======
2013-12-19 17:07:58    --------    d-----w-    C:\Users\KB_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon Cloud Player
2013-12-19 17:07:55    --------    d-----w-    C:\Users\KB_2\AppData\Local\Amazon Cloud Player
2013-12-19 17:04:13    --------    d-----w-    C:\Users\KB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon
2013-12-19 17:04:07    --------    d-----w-    C:\Users\KB\AppData\Local\Program Files
2013-12-19 16:41:34    --------    d-----w-    C:\Users\KB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon Cloud Player
2013-12-19 16:41:29    --------    d-----w-    C:\Users\KB\AppData\Local\Amazon Cloud Player
2013-12-06 10:54:50    --------    d-----w-    C:\Users\KB_2\AppData\Local\QuosaDDM
====== C:\Users\KB ======
2014-01-04 17:51:07    5C2217C2FCA1F87DDD4FAB6C65BC7142    1036305    ----a-w-    C:\Users\KB_2\Desktop\JRT.exe
2014-01-04 17:41:55    AF5C84446657B48C9B9B870C46438261    1233962    ----a-w-    C:\Users\KB_2\Desktop\AdwCleaner.exe
2014-01-02 15:18:48    4ADCFEE16EE9978F06157634669D36FB    602112    ----a-w-    C:\Users\KB_2\Downloads\otl.exe
2014-01-02 15:16:19    683FDD3D773C58B262DC07CD0C6CE938    10285040    ----a-w-    C:\Users\KB_2\Downloads\mbam-setup-1.75.0.1300.exe
2013-12-19 11:13:19    --------    d-----w-    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QGIS Dufour

====== C: exe-files ==
2014-01-04 18:01:10    6E0105823B4FE91632C9DA8314418417    655536    ----a-w-    C:\Program Files\InstallShield Installation Information\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}\setup.exe
2014-01-04 18:00:51    B0900C9BD9166147E1A9CD4567FE595F    20208024    ----a-w-    C:\Users\KB\AppData\Local\Temp\Sony\Sony PC Companion\AutoUpdate\Sony PC Companion_2.10.181_NetStorage.exe
2014-01-04 17:52:47    2E0323A94915FAAB10A25F3BABF82584    157696    ----a-w-    C:\Users\KB\AppData\Local\Temp\jrt\erunt\ERUNT.EXE
2014-01-04 17:51:07    5C2217C2FCA1F87DDD4FAB6C65BC7142    1036305    ----a-w-    C:\Users\KB_2\Desktop\JRT.exe
2014-01-04 17:41:55    AF5C84446657B48C9B9B870C46438261    1233962    ----a-w-    C:\Users\KB_2\Desktop\AdwCleaner.exe
2014-01-02 15:18:48    4ADCFEE16EE9978F06157634669D36FB    602112    ----a-w-    C:\Users\KB_2\Downloads\otl.exe
2014-01-02 15:16:19    683FDD3D773C58B262DC07CD0C6CE938    10285040    ----a-w-    C:\Users\KB_2\Downloads\mbam-setup-1.75.0.1300.exe
=== C: other files ==
2014-01-04 17:52:46    DABF8DE82A47FA9BD95CCD37FA2A2B41    10261    ----a-w-    C:\Users\KB\AppData\Local\Temp\jrt\JRT.bat
2014-01-04 17:52:46    CC6C23C02BE66014AD87F2678BBB3A1D    8117    ----a-w-    C:\Users\KB\AppData\Local\Temp\jrt\modules.bat
2014-01-04 17:52:46    C4A5476A9D54B400F1623A2EE7DDA5C5    13955    ----a-w-    C:\Users\KB\AppData\Local\Temp\jrt\chrome.bat
2014-01-04 17:52:46    BAD6C67C870CC81C48DBA53089929884    153331    ----a-w-    C:\Users\KB\AppData\Local\Temp\jrt\firefox.bat
2014-01-04 17:52:46    B964B792D3692699CD7D4FDB63EE470E    1239    ----a-w-    C:\Users\KB\AppData\Local\Temp\jrt\FWPolicy.bat
2014-01-04 17:52:46    B7D46D5BC21F69EFEEFFC15060E423AC    154167    ----a-w-    C:\Users\KB\AppData\Local\Temp\jrt\misc.bat
2014-01-04 17:52:46    B45931E5313CB14CAA0F2BC3DA30E6FC    29648    ----a-w-    C:\Users\KB\AppData\Local\Temp\jrt\ask.bat
2014-01-04 17:52:46    A6CC6D343828E5003C52323B20F0F8D8    16063    ----a-w-    C:\Users\KB\AppData\Local\Temp\jrt\get.bat
2014-01-04 17:52:46    80D02380F1AC33E459324B088392A1EC    732    ----a-w-    C:\Users\KB\AppData\Local\Temp\jrt\ev_clear.bat
2014-01-04 17:52:46    75C9C20DD9839BF287B43B0E179822DC    31414    ----a-w-    C:\Users\KB\AppData\Local\Temp\jrt\iexplore.bat
2014-01-04 17:52:46    7178963AEE641F3E47E1CE22416F8A3A    9295    ----a-w-    C:\Users\KB\AppData\Local\Temp\jrt\runvalues.bat
2014-01-04 17:52:46    654E9FE74B930A454EE5BDE165794B65    85    ----a-w-    C:\Users\KB\AppData\Local\Temp\jrt\delorphans.bat
2014-01-04 17:52:46    58605DA3492FB918D3D40B1FB88046AE    39471    ----a-w-    C:\Users\KB\AppData\Local\Temp\jrt\prelim.bat
2014-01-04 17:52:46    372EA6F783198102CF5779072EE78C79    24751    ----a-w-    C:\Users\KB\AppData\Local\Temp\jrt\searchlnk.bat
2014-01-04 17:52:46    1FBF882AA934A741530741FC134872A3    1243    ----a-w-    C:\Users\KB\AppData\Local\Temp\jrt\TDL4.bat
2014-01-04 17:52:46    14D6EE8B672684E2232FB430D8C4A928    18668    ----a-w-    C:\Users\KB\AppData\Local\Temp\jrt\medfos.bat
2014-01-04 17:52:46    0768E560CCD86C18F35FAD29DCEA7B80    1820    ----a-w-    C:\Users\KB\AppData\Local\Temp\jrt\delfolders.bat
2014-01-02 16:51:31    4470E3C1E0C3378E4CAB137893C12C3A    22856    ----a-w-    C:\Windows\System32\drivers\mbam.sys

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-21-1101163928-3596118184-1829798094-1000\Software\Microsoft\Windows\CurrentVersion\Run]
"Sony PC Companion"="C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe /Background"
"Amazon Cloud Player"="C:\Users\KB\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe"
"AmazonMP3DownloaderHelper"="C:\Users\KB\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe"

[HKEY_USERS\S-1-5-21-1101163928-3596118184-1829798094-1001\Software\Microsoft\Windows\CurrentVersion\Run]
"Adobe Acrobat Synchronizer"="C:\Program Files\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe"
"OfficeSyncProcess"="C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE"
"Amazon Cloud Player"="C:\Users\KB_2\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\Windows\system32\igfxtray.exe"
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe"
"Persistence"="C:\Windows\system32\igfxpers.exe"
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe MSRun"
"AcWin7Hlpr"="C:\Program Files\Lenovo\Access Connections\AcTBenabler.exe"
"TpShocks"="TpShocks.exe"
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe"
"tsnp2uvc"="C:\Windows\tsnp2uvc.exe"
"LENOVO.TPKNRRES"="C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe"
"BCSSync"="C:\Program Files\Microsoft Office\Office14\BCSSync.exe /DelayServices"
"AdobeAAMUpdater-1.0"="C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
"SwitchBoard"="C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe"
"AdobeCS5.5ServiceManager"="C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe -launchedbylogin"
"Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Acrobat Speed Launcher"="C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
"SmartAudio"="C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t"
"SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe"
"AvastUI.exe"="C:\Program Files\AVAST Software\Avast\AvastUI.exe /nogui"
"SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe "

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sony PC Companion"="C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe /Background"
"Amazon Cloud Player"="C:\Users\KB\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe"
"AmazonMP3DownloaderHelper"="C:\Users\KB\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe"

==== Startup Registry Disabled ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PasswordManager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PasswordManager"
"hkey"="HKLM"
"command"="C:\\Program Files\\Lenovo\\Password Manager\\password_manager.exe"


==== Startup Folders ======================

2013-05-21 13:23:56    1010    ----a-w-    C:\Users\KB_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
2013-01-14 09:28:05    1089    ----a-w-    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\BankID Security Application.lnk

==== Task Scheduler Jobs ======================

C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [15.12.2013 11:30]
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ [undetermined Task]
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [07.04.2013 14:57]

==== Other Scheduled Tasks ======================

"C:\Windows\system32\tasks\Adobe Flash Player Updater" [C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\Windows\system32\tasks\AdobeAAMUpdater-1.0-KB-PC-KB_2" [C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe]
"C:\Windows\system32\tasks\Amazon Music Helper" [C:\Users\KB\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe]
"C:\Windows\system32\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files\Google\Update\GoogleUpdate.exe]
"C:\Windows\system32\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files\Google\Update\GoogleUpdate.exe]
"C:\Windows\system32\tasks\{191DA675-98A9-4BC8-B9DD-83743E1EEA5A}" ["c:\program files\mozilla firefox\firefox.exe"]
"C:\Windows\system32\tasks\{5DF0A56D-4CCF-47AC-B672-CC57C75632EC}" ["c:\program files\mozilla firefox\firefox.exe"]
"C:\Windows\system32\tasks\{7E072328-2BC5-44B5-A488-7723668191D7}" ["c:\program files\mozilla firefox\firefox.exe"]
"C:\Windows\system32\tasks\{BE9A44C6-3409-4C06-974F-4A67455E559B}" ["c:\program files\mozilla firefox\firefox.exe"]
"C:\Windows\system32\tasks\{DCB37D6C-7F8B-44B4-8AD2-0404E44D08E8}" ["c:\program files\mozilla firefox\firefox.exe"]
"C:\Windows\system32\tasks\{E0CBD5CD-6BDF-4C42-BC24-B4E0A19C9D3E}" ["C:\Program Files\Mozilla Firefox\firefox.exe"]
"C:\Windows\system32\tasks\{E4861772-E127-4F1A-AB1F-FB49330D85EA}" ["c:\program files\mozilla firefox\firefox.exe"]
"C:\Windows\system32\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc]
"C:\Windows\system32\tasks\TVT\ChangePWD" [%RR%\rrcmd.exe]
"C:\Windows\system32\tasks\TVT\LaunchRnR" [C:\Program Files\Lenovo\Rescue and Recovery\rrcmd.exe]
"C:\Windows\system32\tasks\TVT\TVSUUpdateTask" ["C:\Program Files\Lenovo\System Update\tvsuShim.exe"]
"C:\Windows\system32\tasks\TVT\UpdateRnR" [%TVTCOMMON%\Scheduler\tvtsetsched.exe]

==== Folders in C:\ProgramData 0-6 Months Old ======================

2013-07-26 13:32:57    --------    d-----w-    C:\ProgramData\Sun
2013-10-22 08:38:00    --------    d-----w-    C:\ProgramData\Oracle
2013-10-22 08:48:50    --------    d-----w-    C:\ProgramData\TEMP
2013-11-19 12:15:40    --------    d-----w-    C:\ProgramData\InstallShield
2014-01-02 16:51:34    --------    d-----w-    C:\ProgramData\Malwarebytes

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{8AA36F4F-6DC7-4c06-77AF-5035170634FE}"="C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox" [23.04.2013 14:22]

==== Firefox Extensions ======================

ProfilePath: C:\Users\KB\AppData\Roaming\Mozilla\Firefox\Profiles\pqsrjkp4.default
- Citavi Picker - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox

ProfilePath: C:\Users\KB_2\AppData\Roaming\Mozilla\Firefox\Profiles\oxre5vxf.default
- Citavi Picker - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox
- avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF
- WOT - %ProfilePath%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
- NoScript - %ProfilePath%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

AppDir: C:\Program Files\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\KB\AppData\Roaming\Mozilla\Firefox\Profiles\pqsrjkp4.default
F891089A6AB9E12FEDEBCC5EC0F40D66    - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll -    Shockwave Flash
C36444D7301A8C881FC7296B092609C7    - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll -    Google Update
6768C724599214E4F9ADD9F8FF5097EB    - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll -    Java Platform SE 7 U45
F1CD6E22E5AE5CEEB7712E546A5FC853    - C:\Program Files\Java\jre7\bin\dtplugin\npdeployJava1.dll -    Java Deployment Toolkit 7.0.450.18
04ACC61B47857E779CD92D1D88770BF1    - C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll -    Adobe Acrobat
77B09C2C6F407531447DA75E3ACD1C5B    - C:\Program Files\Adobe\Acrobat 10.0\Acrobat\browser\nppdf32.dll -    Adobe Acrobat
260488E2BC07C276D1EDD54CCA086809    - C:\Program Files\VideoLAN\VLC\npvlc.dll -    VLC Web Plugin
E09A55AB513C4D5145F1C318ED024747    - C:\Users\KB\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll -    AmazonMP3DownloaderPlugin
BC14E71CDF13C6AE8C1250F1CA129822    - C:\Program Files\Sony\Media Go\npmediago.dll -    Media Go Detector
C4F8C5C1FA6C83132E5D57DAA98C0A40    - C:\Program Files\Personal\bin\np_prsnl.dll -    Nexus Personal
F00DA1A135FCA11D4426D9A5AB72CF0F    - C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll -    AdobeAAMDetect
E938DED72100695BFE7F9644F1F08E97    - C:\Program Files\Fortinet\SslvpnClient\nptcplugin.dll -    FortiClient SSLVPN Tunnel Service
A70381F8D59FC365BED24B517DAE4A3A    - C:\Program Files\Fortinet\SslvpnClient\npccplugin.dll -    FortiClient SSLVPN CacheClean Service
41561B8AE9E551BD08304D48DAA900FA    - C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll -    AdobeAAMDetect


==== Chrome Look ======================

Google Wallet - KB\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Google Docs - KB_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - KB_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - KB_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - KB_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Chrome In-App Payments service - KB_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - KB_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google  Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

==== shortcuts on Users Desktops ======================

C:\Users\KB\Desktop\1by1.lnk - C:\Program Files\1by1\1by1.exe
C:\Users\KB\Desktop\Amazon Cloud Player.lnk - C:\Users\KB\AppData\Local\Amazon Cloud Player\Amazon Cloud Player.exe
C:\Users\KB\Desktop\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\KB\Desktop\IrfanView.lnk - C:\Program Files\IrfanView\i_view32.exe
C:\Users\KB\Desktop\QGIS Browser 2.0.1.lnk - C:\Program Files\QGIS Dufour\bin\nircmd.exe exec hide C:\PROGRA~1\QGISDU~1\bin\qgis-browser.bat
C:\Users\KB\Desktop\QGIS Desktop 2.0.1.lnk - C:\Program Files\QGIS Dufour\bin\nircmd.exe exec hide C:\PROGRA~1\QGISDU~1\bin\qgis.bat
C:\Users\KB\Desktop\SyncBackFree.lnk - C:\Program Files\2BrightSparks\SyncBackFree\SyncBackFree.exe
C:\Users\KB_2\Desktop\1by1.lnk - C:\Program Files\1by1\1by1.exe
C:\Users\KB_2\Desktop\Microsoft Excel 2010.lnk - C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\xlicons.exe
C:\Users\KB_2\Desktop\Microsoft PowerPoint 2010.lnk - C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\pptico.exe
C:\Users\KB_2\Desktop\Microsoft Word 2010.lnk - C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\wordicon.exe
C:\Users\KB_2\Desktop\To do.lnk - F:\Eigene Artikel\To Do.docx

==== shortcuts on All Users Desktop ======================

C:\Users\Public\Desktop\Adobe Acrobat X Pro.lnk - C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat.exe
C:\Users\Public\Desktop\avast Internet Security.lnk -  
C:\Users\Public\Desktop\avast SafeZone.lnk -  
C:\Users\Public\Desktop\Citavi 3.lnk - C:\Program Files\Citavi 3\bin\Citavi.exe
C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk - C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Users\Public\Desktop\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Public\Desktop\Mozilla Thunderbird.lnk - C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Users\Public\Desktop\R i386 3.0.2.lnk - C:\Program Files\R\R-3.0.2\bin\i386\Rgui.exe
C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk - C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe
C:\Users\Public\Desktop\STATISTICA.lnk - C:\Program Files\StatSoft\STATISTICA 10\statist.exe

==== shortcuts in Users Start Menu ======================

C:\Users\KB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon\Amazon MP3-Downloader\Amazon MP3-Downloader.lnk - C:\Users\KB\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3Downloader.exe
C:\Users\KB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon\Amazon MP3-Downloader\Uninstall Amazon MP3-Downloader.lnk - C:\Users\KB\AppData\Local\Program Files\Amazon\MP3 Downloader\Uninstall.exe
C:\Users\KB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon Cloud Player\Amazon Cloud Player.lnk - C:\Users\KB\AppData\Local\Amazon Cloud Player\Amazon Cloud Player.exe
C:\Users\KB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon Cloud Player\Uninstall Amazon Cloud Player.lnk - C:\Users\KB\AppData\Local\Amazon Cloud Player\Uninstall.exe
C:\Users\KB_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon Cloud Player\Amazon Cloud Player.lnk - C:\Users\KB\AppData\Local\Amazon Cloud Player\Amazon Cloud Player.exe
C:\Users\KB_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon Cloud Player\Uninstall Amazon Cloud Player.lnk - C:\Users\KB\AppData\Local\Amazon Cloud Player\Uninstall.exe

==== shortcuts in All Users Start Menu ======================

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk - C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:1
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast\avast Internet Security.lnk -  
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast\avast SafeZone.lnk -  
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware\Malwarebytes Anti-Malware entfernen.lnk - C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware\Malwarebytes Anti-Malware Help.lnk - C:\Program Files\Malwarebytes' Anti-Malware\mbam.chm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware\Malwarebytes Anti-Malware.lnk - C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware\Tools\Malwarebytes Anti-Malware Chameleon.lnk - C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\chameleon.chm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QGIS Dufour\MSYS Shell.lnk - C:\Program Files\QGIS Dufour\apps\msys\msys.bat  
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QGIS Dufour\OSGeo4W.lnk - C:\Program Files\QGIS Dufour\OSGeo4W.bat  
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QGIS Dufour\QGIS Browser 2.0.1.lnk - C:\Program Files\QGIS Dufour\bin\nircmd.exe exec hide C:\PROGRA~1\QGISDU~1\bin\qgis-browser.bat
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QGIS Dufour\QGIS Desktop 2.0.1.lnk - C:\Program Files\QGIS Dufour\bin\nircmd.exe exec hide C:\PROGRA~1\QGISDU~1\bin\qgis.bat
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QGIS Dufour\Setup.lnk -  
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QGIS Dufour\GRASS GIS 6.4.3\GRASS 6.4.3 Command Line.lnk - C:\Program Files\QGIS Dufour\bin\grass64.bat -text
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QGIS Dufour\GRASS GIS 6.4.3\GRASS 6.4.3 GUI.lnk - C:\Program Files\QGIS Dufour\bin\grass64.bat -wx
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QGIS Dufour\GRASS GIS 6.4.3\GRASS 6.4.3 Old TclTk GUI.lnk - C:\Program Files\QGIS Dufour\bin\grass64.bat -tcltk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony\Sony PC Companion\Deinstallieren.lnk - C:\Program Files\InstallShield Installation Information\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}\setup.exe -uninst -runfromtemp
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony\Sony PC Companion\Sony PC Companion 2.1.lnk - C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe

==== shortcuts in Quick Launch ======================

C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
C:\Users\KB\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\KB\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\KB\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk - C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Users\KB\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\KB\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
C:\Users\KB\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\KB\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\KB\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\KB\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe
C:\Users\KB\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:1
C:\Users\KB_2\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\KB_2\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\KB_2\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk - C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Users\KB_2\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\KB_2\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
C:\Users\KB_2\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\pinned.lnk - C:\Windows\system32\control.exe
C:\Users\KB_2\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\9d91276b0be3e46b\pinned.lnk -  
C:\Users\KB_2\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\7-Zip File Manager.lnk - C:\Program Files\7-Zip\7zFM.exe
C:\Users\KB_2\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Adobe Acrobat X Pro.lnk - C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat.exe
C:\Users\KB_2\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Adobe Illustrator CS5.1.lnk - C:\Program Files\Adobe\Adobe Illustrator CS5.1\Support Files\Contents\Windows\Illustrator.exe
C:\Users\KB_2\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Adobe Photoshop CS5.1.lnk - C:\Program Files\Adobe\Adobe Photoshop CS5.1\Photoshop.exe
C:\Users\KB_2\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Amazon Cloud Player.lnk - C:\Users\KB\AppData\Local\Amazon Cloud Player\Amazon Cloud Player.exe
C:\Users\KB_2\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Comprehensive Meta Analysis V2.lnk - C:\Windows\Installer\{613F5947-9535-4F3D-A8D3-7F245942F9A4}\Icon613F59472.ico
C:\Users\KB_2\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\FortiClient SSLVPN.lnk - C:\Program Files\Fortinet\SslvpnClient\FortiSSLVPNclient.exe
C:\Users\KB_2\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\GPS TrackMaker.lnk - C:\Program Files\TrackMaker\trackmaker.exe
C:\Users\KB_2\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\InterVideo WinDVD.lnk - C:\Program Files\InterVideo\WinDVD\WinDVD.exe
C:\Users\KB_2\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\IrfanView.lnk - C:\Program Files\IrfanView\i_view32.exe
C:\Users\KB_2\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Mendeley Desktop.lnk - C:\Program Files\Mendeley Desktop\MendeleyDesktop.exe
C:\Users\KB_2\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Microsoft Excel 2010.lnk - C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\xlicons.exe
C:\Users\KB_2\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Microsoft PowerPoint 2010.lnk - C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\pptico.exe
C:\Users\KB_2\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Microsoft Word 2010.lnk - C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\wordicon.exe
C:\Users\KB_2\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\KB_2\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Mozilla Thunderbird.lnk - C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Users\KB_2\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\PASSaGE 2.lnk - C:\Program Files\PASSaGE 2\PASSaGE.exe
C:\Users\KB_2\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Past.lnk - C:\Program Files\Past\Past.exe
C:\Users\KB_2\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\PRIMER 6 & PERMANOVA+.lnk - C:\Windows\Installer\{3AFDB27A-CE54-4C98-89A4-AB26FE9A0419}\_C83711F89EB4B0D1DDFE34.exe
C:\Users\KB_2\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\R i386 3.0.2.lnk - C:\Program Files\R\R-3.0.2\bin\i386\Rgui.exe
C:\Users\KB_2\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\SAM v4.0.lnk - C:\Program Files\SAM\SAM.exe
C:\Users\KB_2\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\SigmaPlot 10.0.lnk - C:\Program Files\SigmaPlot\SPW10\Spw.exe
C:\Users\KB_2\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Skype.lnk - C:\Program Files\Skype\Phone\Skype.exe
C:\Users\KB_2\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\STATISTICA 10.lnk - C:\Program Files\StatSoft\STATISTICA 10\statist.exe
C:\Users\KB_2\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\STATISTICA 6.0.lnk - C:\Program Files\StatSoft\STATISTICA 6\statist.exe
C:\Users\KB_2\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\SyncBack Free.lnk - C:\Program Files\2BrightSparks\SyncBackFree\SyncBackFree.exe
C:\Users\KB_2\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\VLC media player.lnk - C:\Program Files\VideoLAN\VLC\vlc.exe
C:\Users\KB_2\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Windows Media Player.lnk - C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:1
C:\Users\KB_2\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\KB_2\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Thunderbird.lnk - C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Users\KB_2\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\TpFnF5.exe - Verknüpfung.lnk -  
C:\Users\KB_2\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PasswordManager deleted successfully

==== HijackThis Entries ======================

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [AcWin7Hlpr] C:\Program Files\Lenovo\Access Connections\AcTBenabler.exe
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [PWMTRV] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWMTR32V.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [tsnp2uvc] C:\Windows\tsnp2uvc.exe
O4 - HKLM\..\Run: [LENOVO.TPKNRRES] C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe
O4 - HKLM\..\Run: [bCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [switchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [smartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKCU\..\Run: [sony PC Companion] "C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe" /Background
O4 - HKCU\..\Run: [Amazon Cloud Player] "C:\Users\KB\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe"
O4 - HKCU\..\Run: [AmazonMP3DownloaderHelper] C:\Users\KB\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-21-1101163928-3596118184-1829798094-1001\..\Run: [AdobeBridge]  (User 'KB_2')
O4 - S-1-5-21-1101163928-3596118184-1829798094-1001 Startup: Dropbox.lnk = C:\Users\KB_2\AppData\Roaming\Dropbox\bin\Dropbox.exe (User 'KB_2')
O4 - S-1-5-21-1101163928-3596118184-1829798094-1001 User Startup: Dropbox.lnk = C:\Users\KB_2\AppData\Roaming\Dropbox\bin\Dropbox.exe (User 'KB_2')
O4 - Global Startup: BankID Security Application.lnk = C:\Program Files\Personal\bin\Personal.exe
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs:  
O23 - Service: AcPrfMgrSvc - Lenovo - C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe
O23 - Service: AcSvc - Lenovo - C:\Program Files\Lenovo\Access Connections\AcSvc.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: avast! Firewall - AVAST Software - C:\Program Files\AVAST Software\Avast\afwServ.exe
O23 - Service: Lenovo Doze Mode Service (DozeSvc) - Lenovo. - C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: FortiClient SSLVPN (FortiSslvpnDaemon) - Fortinet Inc. - C:\Windows\system32\FortiSSLVPNdaemon.exe
O23 - Service: Google Update-Dienst (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-Dienst (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: Lenovo PM Service (IBMPMSVC) - Lenovo. - C:\Windows\system32\ibmpmsvc.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Lenovo Camera Mute (LENOVO.CAMMUTE) - Lenovo Group Limited - C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
O23 - Service: Lenovo Microphone Mute (LENOVO.MICMUTE) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
O23 - Service: Lenovo Keyboard Noise Reduction (LENOVO.TPKNRSVC) - Lenovo Group Limited - C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
O23 - Service: Lenovo Auto Scroll (Lenovo.VIRTSCRLSVC) - Lenovo Group Limited - C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Power Manager DBC Service - Lenovo - C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
O23 - Service: Cisco EnergyWise Enabler (PwmEWSvc) - Lenovo Group Limited - C:\Program Files\ThinkPad\Utilities\PWMEWSVC.EXE
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Sony PC Companion - Avanquest Software - C:\Program Files\Sony\Sony PC Companion\PCCService.exe
O23 - Service: STATISTICA Version Manager - Unknown owner - C:\Program Files\StatSoft\STATISTICA Version Manager\rgSTr.exe
O23 - Service: System Update (SUService) - Unknown owner - C:\Program Files\Lenovo\System Update\SUService.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\Windows\System32\TPHDEXLG.exe
O23 - Service: Lenovo Hotkey Client Loader (TPHKLOAD) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
O23 - Service: Anzeige am Bildschirm (TPHKSVC) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
O23 - Service: Intel® PROSet/Wireless Zero Configuration Service (ZeroConfigService) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe

==== Empty IE Cache ======================

C:\Users\KB\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\KB_2\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\KB_2\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\KB_2\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\KB\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S4U8F1M9 will be deleted at reboot

==== Empty FireFox Cache ======================

C:\Users\KB\AppData\Local\Mozilla\Firefox\Profiles\pqsrjkp4.default\Cache emptied successfully
C:\Users\KB_2\AppData\Local\Mozilla\Firefox\Profiles\oxre5vxf.default\Cache emptied successfully

==== Empty Chrome Cache ======================

C:\Users\KB\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\KB_2\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=7 folders=2 1136571 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\KB_2\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Users\KB\AppData\Local\Temp  will be emptied at reboot
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\KB\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\KB_2\AppData\Local\Temp\qtsingleapp-Amazon-bdab-1-lockfile" not deleted
"C:\Users\KB\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S4U8F1M9" not found

==== EOF on 04.01.2014 at 19:36:26,54 ======================
 

Link to post
Share on other sites

leucorchestris,

 

Please download and run RogueKiller 32 bit to your desktop.

RogueKiller<---use this one for 64 bit systems

Which system am I using?

Quit all running programs.

For Windows XP, double-click to start.
For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.


Click Scan to scan the system.
When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

Link to post
Share on other sites

CarlosTurco,

 

this is the report from RogueKiller

 

RogueKiller V8.8.0 [Dec 27 2013] durch Tigzy
mail: tigzyRK<at>gmail<dot>com

mail : tigzyRK<at>gmail<dot>com
Kommentare : http://www.adlice.com/forum/
Webseite : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Betriebssystem : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Gestartet in : Normaler Modus
Benutzer : KB [Admin Rechte]
Funktion : Scannen -- Datum : 01/04/2014 20:09:14
| ARK || FAK || MBR |

¤¤¤ Böswillige Prozesse : 1 ¤¤¤
[sUSP PATH] AmazonMP3DownloaderHelper.exe -- C:\Users\KB\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe [7] -> GELÖSCHT [TermProc]

¤¤¤ Registry-Einträge : 6 ¤¤¤
[RUN][sUSP PATH] HKCU\[...]\Run : AmazonMP3DownloaderHelper (C:\Users\KB\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe [7]) -> GEFUNDEN
[HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> GEFUNDEN
[HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> GEFUNDEN
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> GEFUNDEN
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> GEFUNDEN
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> GEFUNDEN

¤¤¤ Geplante Tasks : 0 ¤¤¤

¤¤¤ Autostart-Einträge : 0 ¤¤¤

¤¤¤ Web-Browsern : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Bestimmte Dateien / Ordner: ¤¤¤

¤¤¤ Treiber : [NICHT GELADEN 0xc0000033] ¤¤¤

¤¤¤ Externe Hives: ¤¤¤

¤¤¤ Infektion :  ¤¤¤

¤¤¤ Hosts-Datei: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts




¤¤¤ MBR überprüfen: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST9500420AS +++++
--- User ---
[MBR] a208439c4e9000012ad08c3093f44bc9
[bSP] 250fe9afcee7ff31a6b68c9b6ab344d9 : Lenovo MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 149900 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 307202048 | Size: 326938 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ USB) WD My Passport 0740 USB Device +++++
--- User ---
[MBR] f1e65e625ad50e2139debabe8b2458f7
[bSP] a2afca834be8506a95112da9d22fbe5f : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 953836 Mo
User = LL1 ... OK!
Error reading LL2 MBR! ([0x32] Die Anforderung wird nicht unterstützt. )

+++++ PhysicalDrive2: (\\.\PHYSICALDRIVE2 @ USB) USB Device +++++
--- User ---
[MBR] df081d9a1a15e9794af3ae9dd810c3b2
[bSP] 6ee11b1e7170ff717321933bbf854c24 : MBR Code unknown
Partition table:
0 - [XXXXXX] UNKNOWN (0x00) [VISIBLE] Offset (sectors): 1701998624 | Size: 795662 Mo
1 - [XXXXXX] UNKNOWN (0x00) [VISIBLE] Offset (sectors): 1330184192 | Size: 263172 Mo
2 - [XXXXXX] DISKMNG (0x53) [VISIBLE] Offset (sectors): 538989391 | Size: 682794 Mo
3 - [XXXXXX] BTWIZ (0xbb) [HIDDEN!] Offset (sectors): 3910009470 | Size: 31 Mo
User = LL1 ... OK!
Error reading LL2 MBR! ([0x32] Die Anforderung wird nicht unterstützt. )

Abgeschlossen : << RKreport[0]_S_01042014_200914.txt >>



 

Link to post
Share on other sites

Ok,

 

Let's do an online scan!

 

 

ESET Online Scanner

--------------------

I'd like us to scan your machine with ESET OnlineScan This process may may take several hours, that is normal

  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click Run ESET Online Scanner.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Copy and paste the information in your next reply. Note: If no malware was found you will not get a log.
  • Click the Back button.
  • Click the Finish button.
Link to post
Share on other sites

Hello,

 

Hi CarlosTurco,

 

I just wanted to let you know that the online scan is still running. It is at 81% after 12h30, I hope this is normal. I will post the list as soon as it is completed.

 

cheers

 

Yes, depends on the amount of files to be analyzed.

Link to post
Share on other sites

Hi CarlosTurco,

 

please find attached the list of threats

 

C:\Users\KB_2\Downloads\installer.exe    Win32/InstallCore.DY application    cleaned by deleting - quarantined
C:\Users\KB_2\Downloads\MyPhoneExplorer_Setup_1.8.4.exe    multiple threats    cleaned by deleting - quarantined
C:\Users\KB_2\Downloads\PDFXVwer207.exe    a variant of Win32/Bundled.Toolbar.Ask application    cleaned by deleting - quarantined
C:\Users\KB_2\Downloads\winamp565_full_emusic-7plus_all.exe    Win32/OpenCandy application    cleaned by deleting - quarantined
F:\Eigene Dateien\Setup\cdbxp_setup_4.3.8.2560.exe    Win32/OpenCandy application    cleaned by deleting - quarantined
F:\KB-PC\Backup Set 2013-02-02 171256\Backup Files 2013-02-02 171256\Backup files 3.zip    a variant of Win32/Bundled.Toolbar.Ask application    deleted - quarantined
F:\KB-PC\Backup Set 2013-02-11 090036\Backup Files 2013-02-11 090036\Backup files 3.zip    a variant of Win32/Bundled.Toolbar.Ask application    deleted - quarantined
F:\KB-PC\Backup Set 2013-04-15 082952\Backup Files 2013-04-15 082952\Backup files 3.zip    a variant of Win32/Bundled.Toolbar.Ask application    deleted - quarantined
F:\KB-PC\Backup Set 2013-06-16 190001\Backup Files 2013-06-16 190001\Backup files 4.zip    a variant of Win32/Bundled.Toolbar.Ask application    deleted - quarantined
F:\KB-PC\Backup Set 2013-06-16 190001\Backup Files 2013-08-26 085200\Backup files 2.zip    multiple threats    deleted - quarantined
F:\KB-PC\Backup Set 2013-10-20 190004\Backup Files 2013-10-20 190004\Backup files 5.zip    multiple threats    deleted - quarantined
F:\KB-PC\Backup Set 2013-10-20 190004\Backup Files 2013-10-27 214101\Backup files 1.zip    Win32/InstallCore.DY application    deleted - quarantined
F:\KB-PC\Backup Set 2013-10-20 190004\Backup Files 2013-11-04 085551\Backup files 1.zip    Win32/OpenCandy application    deleted - quarantined
F:\KB-PC\Backup Set 2013-11-11 073124\Backup Files 2013-11-11 073124\Backup files 5.zip    Win32/InstallCore.DY application    deleted - quarantined
F:\KB-PC\Backup Set 2013-11-11 073124\Backup Files 2013-11-11 073124\Backup files 6.zip    multiple threats    deleted - quarantined
F:\KB-PC\Backup Set 2013-11-11 073124\Backup Files 2013-11-11 073124\Backup files 9.zip    Win32/OpenCandy application    deleted - quarantined
 

Link to post
Share on other sites

CarlosTurco,

 

unfortunatley I still receive a warning about a possible rootkit infection at the end of the dds file

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 12.01.2013 16:33:56
System Uptime: 04.01.2014 22:51:57 (20 hours ago)
.
Motherboard: LENOVO |  | 2786W3C
Processor: Intel® Core2 Duo CPU     T6670  @ 2.20GHz | None | 2201/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 146 GiB total, 69,605 GiB free.
D: is FIXED (NTFS) - 319 GiB total, 256,136 GiB free.
E: is CDROM ()
F: is FIXED (NTFS) - 931 GiB total, 314,248 GiB free.
J: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: WD SES Device USB Device
Device ID: USBSTOR\OTHER&VEN_WD&PROD_SES_DEVICE&REV_1003\575836314132314135373034&1
Manufacturer:
Name: WD SES Device USB Device
PNP Device ID: USBSTOR\OTHER&VEN_WD&PROD_SES_DEVICE&REV_1003\575836314132314135373034&1
Service:
.
==== System Restore Points ===================
.
RP179: 20.12.2013 09:16:56 - Windows Update
RP181: 21.12.2013 08:17:18 - avast! antivirus system restore point
RP182: 21.12.2013 08:20:02 - Gerätetreiber-Paketinstallation: Avast Netzwerkdienst
RP183: 23.12.2013 09:32:29 - Windows-Sicherung
RP184: 24.12.2013 09:22:35 - Windows Update
RP185: 27.12.2013 09:34:02 - Windows Update
RP186: 02.01.2014 07:53:28 - Windows Update
RP187: 02.01.2014 07:57:03 - Windows-Sicherung
RP188: 04.01.2014 19:09:55 - zoek.exe restore point
.
==== Installed Programs ======================
.
7-Zip 9.20
Access Help
Adobe Acrobat X Pro - English, Français, Deutsch
Adobe AIR
Adobe Community Help
Adobe Content Viewer
Adobe Creative Suite 5.5 Design Standard
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Amazon Cloud Player
Amazon MP3-Downloader 1.0.18
Anzeige am Bildschirm
ATI Catalyst Install Manager
ATI Uninstaller
avast! Internet Security
BankID Security Application
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Dutch
CCC Help English
CCC Help French
CCC Help German
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Portuguese
CCC Help Spanish
CCC Help Swedish
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Citavi
Civilization III Complete Edition
Civilization III v1.29f
Comprehensive Meta Analysis Version 2
Conexant 20561 SmartAudio HD
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dienstprogramm "ThinkPad UltraNav"
Energie-Manager
ESET Online Scanner v3
FortiClient SSLVPN v4.0.2148
Google Chrome
Google Update Helper
GPS TrackMaker
Integrated Camera
Intel PROSet Wireless
Intel® Management Engine Interface
Intel® Network Connections Drivers
Intel® Matrix Storage Manager
Intel® PROSet/Wireless WiFi-Software
InterVideo Register Manager
InterVideo WinDVD
IrfanView (remove only)
IsoSource
Java 7 Update 45
Java Auto Updater
Lenovo Auto Scroll Utility
Lenovo Patch Utility
Lenovo Power Management Driver
Lenovo System Interface Driver
Lenovo System Update
Malwarebytes Anti-Malware Version 1.75.0.1300
Map of Europe
Media Go
Media Go Video Playback Engine 1.116.107.02030
Mendeley Desktop 1.8.3
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile DEU Language Pack
Microsoft Office Access MUI (English) 2010
Microsoft Office Access MUI (German) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Excel MUI (German) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office Groove MUI (German) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office InfoPath MUI (German) 2010
Microsoft Office Language Pack 2010 - German/Deutsch
Microsoft Office O MUI (German) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office OneNote MUI (German) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office Outlook MUI (German) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office PowerPoint MUI (German) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (German) 2010
Microsoft Office Proof (Italian) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Proofing (German) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Publisher MUI (German) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared MUI (German) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office SharePoint Designer MUI (German) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Office Word MUI (German) 2010
Microsoft Office X MUI (German) 2010
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFCLOC_x86
Mozilla Firefox 26.0 (x86 de)
Mozilla Maintenance Service
Mozilla Thunderbird 17.0.3 (x86 de)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MyPhoneExplorer
PASSaGE 2
PDF Settings CS5
PlayStation®Store
PRIMER 6
ProCite 5
PX Profile Update
Python 2.7 scipy-0.11.0
Python 2.7.3
QGIS Dufour 2.0.1 Dufour
R for Windows 2.15.2
R for Windows 2.15.3
R for Windows 3.0.2
Rescue and Recovery
RnR Sysprep Patch
SAM
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Security Update for Microsoft Excel 2010 (KB2826033) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553284) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2760781) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2826023) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2826035) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2850016) 32-Bit Edition
Security Update for Microsoft Outlook 2010 (KB2837597) 32-Bit Edition
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition
Service Pack 2 for Microsoft Office 2010 Language Pack (KB2687449) 32-Bit Edition
SigmaPlot 10.0.1
Skype™ 6.1
Sony Ericsson Update Engine
Sony PC Companion 2.10.181
STATISTICA 10.0.1011.4
STATISTICA 6
STATISTICA Version Manager
STATNOVAPDF (novaPDF 7.4 printer)
SyncBackFree
ThinkPad FullScreen Magnifier
ThinkPad Modem Adapter
ThinkPad UltraNav Driver
ThinkPad Wireless LAN Adapter Software
ThinkVantage Access Connections
ThinkVantage Communications Utility
ThinkVantage System für aktiven Festplattenschutz
TumblRipper
Uninstall N_AShell v 1.0
Uninstall SADIEShell v 2.0
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition
Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition
Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition
VLC media player 2.0.8
Windows Driver Package - Broadcom (BTHUSB) Bluetooth  (04/08/2010 6.3.5.430)
Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800)
WinRAR 4.20 (32-Bit)
.
==== End Of File ===========================
 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 11.0.9600.16428  BrowserJavaVersion: 10.45.2
Run by KB at 18:36:31 on 2014-01-05
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.2520.935 [GMT 1:00]
.
AV: avast! Internet Security *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Internet Security *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Internet Security *Enabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\ibmpmsvc.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\system32\atieclxx.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Program Files\AVAST Software\Avast\afwServ.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\FortiSSLVPNdaemon.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\StatSoft\STATISTICA Version Manager\rgSTr.exe
C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe
C:\Program Files\LENOVO\HOTKEY\tposdsvc.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\TpShocks.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
C:\PROGRA~1\ThinkPad\UTILIT~1\SCHTASK.exe
C:\Users\KB_2\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
C:\Program Files\Personal\bin\Personal.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Lenovo\Access Connections\SvcGuiHlpr.exe
C:\Users\KB_2\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\taskhost.exe
C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe
C:\Program Files\LENOVO\HOTKEY\tposdsvc.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Users\KB\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\TpShocks.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe
C:\Program Files\Personal\bin\Personal.exe
C:\Program Files\Sony\Sony PC Companion\PCCompanionInfo.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\SCHTASK.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
C:\Program Files\Microsoft Office\Office14\POWERPNT.EXE
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k HsfXAudioService
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k SDRSVC
.
============== Pseudo HJT Report ===============
.
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office14\GROOVEEX.DLL
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: avast! Online Security: {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [sony PC Companion] "c:\program files\sony\sony pc companion\PCCompanion.exe" /Background
uRun: [Amazon Cloud Player] "c:\users\kb\appdata\local\amazon cloud player\Amazon Music Helper.exe"
uRun: [AmazonMP3DownloaderHelper] c:\users\kb\appdata\local\program files\amazon\mp3 downloader\AmazonMP3DownloaderHelper.exe
mRun: [igfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [AcWin7Hlpr] c:\program files\lenovo\access connections\AcTBenabler.exe
mRun: [TpShocks] TpShocks.exe
mRun: [PWMTRV] rundll32 c:\progra~1\thinkpad\utilit~1\PWMTR32V.DLL,PwrMgrBkGndMonitor
mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [iAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [tsnp2uvc] c:\windows\tsnp2uvc.exe
mRun: [LENOVO.TPKNRRES] c:\program files\lenovo\communications utility\TPKNRRES.exe
mRun: [bCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [switchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [AdobeCS5.5ServiceManager] "c:\program files\common files\adobe\cs5.5servicemanager\CS5.5ServiceManager.exe" -launchedbylogin
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 10.0\acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 10.0\acrobat\Acrotray.exe"
mRun: [smartAudio] c:\program files\conexant\saii\SAIICpl.exe /t
mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [AvastUI.exe] "c:\program files\avast software\avast\AvastUI.exe" /nogui
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\bankid~1.lnk - c:\program files\personal\bin\Personal.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: DisallowCpl = dword:1
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: DisableCAD = dword:1
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
TCP: NameServer = 192.168.0.1 192.168.0.2
TCP: Interfaces\{25445451-E335-4ADB-8698-95422E3566B8} : DHCPNameServer = 192.168.0.1 192.168.0.2
TCP: Interfaces\{25445451-E335-4ADB-8698-95422E3566B8}\354756E637F6666616 : DHCPNameServer = 195.67.199.39 195.67.199.40
TCP: Interfaces\{25445451-E335-4ADB-8698-95422E3566B8}\64259445A51224F687 : DHCPNameServer = 192.168.178.1
TCP: Interfaces\{25445451-E335-4ADB-8698-95422E3566B8}\7596C6C656D63786F6566756 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{25445451-E335-4ADB-8698-95422E3566B8}\75C414E4D2030323436454147344447363 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{25445451-E335-4ADB-8698-95422E3566B8}\A55424 : DHCPNameServer = 192.168.201.1
TCP: Interfaces\{25445451-E335-4ADB-8698-95422E3566B8}\E494F4F4D2751474 : DHCPNameServer = 10.128.20.45 10.128.20.44
TCP: Interfaces\{E9623EF3-A578-421D-8916-7B22E88C7338} : DHCPNameServer = 130.235.63.228 130.235.63.232
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs=  
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL
LSA: Notification Packages =  scecli ACGina
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\31.0.1650.63\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\kb\appdata\roaming\mozilla\firefox\profiles\pqsrjkp4.default\
FF - plugin: c:\progra~1\micros~1\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~1\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\acrobat 10.0\acrobat\air\nppdf32.dll
FF - plugin: c:\program files\common files\adobe\oobe\pdapp\ccm\utilities\npAdobeAAMDetect32.dll
FF - plugin: c:\program files\common files\adobe\oobe\pdapp\ccm\utilities\npAdobeAAMDetect64.dll
FF - plugin: c:\program files\fortinet\sslvpnclient\npccplugin.dll
FF - plugin: c:\program files\fortinet\sslvpnclient\nptcplugin.dll
FF - plugin: c:\program files\google\update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\personal\bin\np_prsnl.dll
FF - plugin: c:\program files\sony\media go\npmediago.dll
FF - plugin: c:\users\kb\appdata\local\program files\amazon\mp3 downloader\npAmazonMP3DownloaderPlugin10181.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_9_900_170.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [2013-3-15 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [2013-3-15 180248]
R0 DozeHDD;DozeHDD;c:\windows\system32\drivers\DOZEHDD.SYS [2013-1-12 25416]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2012-9-6 20328]
R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [2013-1-12 26136]
R1 aswNdisFlt;Avast! Firewall Driver;c:\windows\system32\drivers\aswNdisFlt.sys [2013-3-15 264560]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2013-1-12 775952]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswsp.sys [2013-1-12 410528]
R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [2013-1-12 13680]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2013-1-12 176128]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-1-12 67824]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2013-12-21 50344]
R2 avast! Firewall;avast! Firewall;c:\program files\avast software\avast\afwServ.exe [2013-12-21 113704]
R2 FortiSslvpnDaemon;FortiClient SSLVPN;c:\windows\system32\FortiSSLVPNdaemon.exe [2011-10-14 830056]
R2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe -k HsfXAudioService [2009-7-14 20992]
R2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\lenovo\communications utility\CamMute.exe [2013-1-12 43584]
R2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\lenovo\communications utility\TPKNRSVC.exe [2013-1-12 62016]
R2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\lenovo\virtscrl\lvvsst.exe [2013-1-12 127336]
R2 STATISTICA Version Manager;STATISTICA Version Manager;c:\program files\statsoft\statistica version manager\rgSTr.exe [2013-11-19 18944]
R2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\lenovo\hotkey\tphkload.exe [2013-1-12 131432]
R2 TPHKSVC;Anzeige am Bildschirm;c:\program files\lenovo\hotkey\TPHKSVC.exe [2013-1-12 142696]
R2 ZeroConfigService;Intel® PROSet/Wireless Zero Configuration Service;c:\program files\intel\wifi\bin\ZeroConfigService.exe [2012-6-25 2759984]
R3 aswStm;aswStm;c:\windows\system32\drivers\aswstm.sys [2013-12-21 64168]
R3 ATSwpWDF;AuthenTec TruePrint WBF Driver;c:\windows\system32\drivers\ATSwpWDF.sys [2012-8-30 969192]
R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y6232.sys [2013-1-12 223960]
R3 intelkmd;intelkmd;c:\windows\system32\drivers\igdpmd32.sys [2013-1-12 9037312]
R3 LenovoRd;LenovoRd;c:\windows\system32\drivers\LenovoRd.sys [2009-5-11 88832]
R3 NETwNs32;___ Intel® Wireless WiFi Link der Serie 5000 Adaptertreiber für Windows 7 32-Bit;c:\windows\system32\drivers\NETwNs32.sys [2012-1-23 7523840]
R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files\thinkpad\utilities\PWMDBSVC.exe [2013-1-12 1666112]
R3 pppop;PPPoP WAN Adapter;c:\windows\system32\drivers\pppop.sys [2009-7-21 36384]
R3 SmbDrvI;SmbDrvI;c:\windows\system32\drivers\Smb_driver_Intel.sys [2013-1-12 38200]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [2011-5-30 37432]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\lenovo\hotkey\micmute.exe [2013-1-12 101736]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-1-8 161536]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2013-1-12 45736]
S3 DozeSvc;Lenovo Doze Mode Service;c:\program files\thinkpad\utilities\DOZESVC.EXE [2013-1-12 280640]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2013-6-29 12400]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\ieetwcollector.exe [2013-12-12 108032]
S3 netw5v32;Intel® Wireless WiFi Link 5000-Serie - Adaptertreiber für Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]
S3 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files\thinkpad\utilities\PWMEWSVC.exe [2013-1-12 1665088]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2013-1-12 14848]
S3 Sony PC Companion;Sony PC Companion;c:\program files\sony\sony pc companion\PCCService.exe [2013-6-29 155824]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]
S3 StorSvc;Speicherdienst;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]
S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 Tdsshbecr;Handelsbanken card reader;c:\windows\system32\drivers\shbecr.sys [2008-9-23 42368]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2013-1-12 49664]
S3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\wat\WatAdminSvc.exe [2013-1-12 1343400]
.
=============== Created Last 30 ================
.
2014-01-04 19:31:24    --------    d-----w-    c:\program files\ESET
2014-01-04 18:36:32    --------    d-sh--w-    C:\$RECYCLE.BIN
2014-01-04 18:26:48    24064    ----a-w-    c:\windows\zoek-delete.exe
2014-01-04 18:26:43    --------    d-----w-    c:\users\kb\appdata\local\Temp
2014-01-04 18:08:16    --------    d-----w-    C:\zoek_backup
2014-01-04 18:01:27    --------    d-----w-    c:\users\kb\appdata\local\Macromedia
2014-01-04 18:00:43    62576    ----a-w-    c:\programdata\microsoft\windows defender\definition updates\{da71ea00-3c98-48d6-847e-31a3f614603c}\offreg.dll
2014-01-04 17:52:56    --------    d-----w-    c:\windows\ERUNT
2014-01-04 17:42:45    --------    d-----w-    C:\AdwCleaner
2014-01-03 06:32:38    7760024    ----a-w-    c:\programdata\microsoft\windows defender\definition updates\{da71ea00-3c98-48d6-847e-31a3f614603c}\mpengine.dll
2014-01-02 16:51:46    --------    d-----w-    c:\users\kb\appdata\roaming\Malwarebytes
2014-01-02 16:51:34    --------    d-----w-    c:\programdata\Malwarebytes
2014-01-02 16:51:31    22856    ----a-w-    c:\windows\system32\drivers\mbam.sys
2014-01-02 16:51:31    --------    d-----w-    c:\program files\Malwarebytes' Anti-Malware
2013-12-21 07:19:49    64168    ----a-w-    c:\windows\system32\drivers\aswstm.sys
2013-12-19 17:04:07    --------    d-----w-    c:\users\kb\appdata\local\Program Files
2013-12-19 16:41:29    --------    d-----w-    c:\users\kb\appdata\local\Amazon Cloud Player
2013-12-19 11:08:55    --------    d-----w-    c:\program files\QGIS Dufour
2013-12-12 00:37:15    12625408    ----a-w-    c:\windows\system32\wmploc.DLL
2013-12-12 00:37:14    164864    ----a-w-    c:\program files\windows media player\wmplayer.exe
2013-12-11 13:14:23    301568    ----a-w-    c:\windows\system32\msieftp.dll
2013-12-11 13:14:22    159232    ----a-w-    c:\windows\system32\imagehlp.dll
2013-12-11 13:14:21    163840    ----a-w-    c:\windows\system32\scrrun.dll
2013-12-11 13:14:21    141824    ----a-w-    c:\windows\system32\wscript.exe
2013-12-11 13:14:21    126976    ----a-w-    c:\windows\system32\cscript.exe
2013-12-11 13:14:21    121856    ----a-w-    c:\windows\system32\wshom.ocx
2013-12-11 13:14:20    417792    ----a-w-    c:\windows\system32\WMPhoto.dll
2013-12-11 13:14:18    2048    ----a-w-    c:\windows\system32\tzres.dll
2013-12-11 13:14:15    81408    ----a-w-    c:\windows\system32\drivers\drmk.sys
2013-12-11 13:14:15    2349056    ----a-w-    c:\windows\system32\win32k.sys
2013-12-11 13:14:15    177152    ----a-w-    c:\windows\system32\drivers\portcls.sys
.
==================== Find3M  ====================
.
2014-01-04 19:08:59    284672    ----a-w-    c:\windows\system32\drivers\usbport.sys.bak
2014-01-04 19:07:59    86608    ----a-w-    c:\windows\system32\drivers\arcsas.sys.bak
2013-12-21 07:19:29    775952    ----a-w-    c:\windows\system32\drivers\aswSnx.sys
2013-12-21 07:19:29    67824    ----a-w-    c:\windows\system32\drivers\aswMonFlt.sys
2013-12-21 07:19:29    43152    ----a-w-    c:\windows\avastSS.scr
2013-12-21 07:19:29    180248    ----a-w-    c:\windows\system32\drivers\aswVmm.sys
2013-12-21 07:19:16    264560    ----a-w-    c:\windows\system32\drivers\aswNdisFlt.sys
2013-12-15 10:30:38    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-12-15 10:30:38    692616    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-12-11 16:36:39    204    ----a-w-    c:\windows\system32\yqge91v.dll
2013-12-11 16:36:39    100    ----a-w-    c:\windows\system32\prsgrc.dll
2013-11-26 09:23:02    2724864    ----a-w-    c:\windows\system32\mshtml.tlb
2013-11-26 09:22:11    4096    ----a-w-    c:\windows\system32\ieetwcollectorres.dll
2013-11-26 08:53:56    61952    ----a-w-    c:\windows\system32\iesetup.dll
2013-11-26 08:52:26    51200    ----a-w-    c:\windows\system32\ieetwproxystub.dll
2013-11-26 08:29:55    112128    ----a-w-    c:\windows\system32\ieUnatt.exe
2013-11-26 08:29:52    108032    ----a-w-    c:\windows\system32\ieetwcollector.exe
2013-11-26 08:28:16    553472    ----a-w-    c:\windows\system32\jscript9diag.dll
2013-11-26 08:16:12    4243968    ----a-w-    c:\windows\system32\jscript9.dll
2013-11-26 07:32:06    1928192    ----a-w-    c:\windows\system32\inetcpl.cpl
2013-11-26 06:33:33    1820160    ----a-w-    c:\windows\system32\wininet.dll
2013-11-19 02:33:38    230048    ------w-    c:\windows\system32\MpSigStub.exe
2013-10-24 07:00:05    79720    ----a-w-    c:\windows\system32\drivers\aswRdr2.sys
2013-10-24 07:00:05    49944    ----a-w-    c:\windows\system32\drivers\aswRvrt.sys
2013-10-24 06:59:51    26136    ----a-w-    c:\windows\system32\drivers\aswKbd.sys
2013-10-14 17:41:58    204784    ----a-w-    c:\windows\system32\drivers\aswNdis2.sys
2013-10-14 17:41:58    104752    ----a-w-    c:\windows\system32\drivers\aswFW.sys
2013-10-12 02:03:08    656896    ----a-w-    c:\windows\system32\nshwfp.dll
2013-10-12 02:01:41    679424    ----a-w-    c:\windows\system32\IKEEXT.DLL
2013-10-12 02:01:25    216576    ----a-w-    c:\windows\system32\FWPUCLNT.DLL
2013-10-08 05:50:41    94632    ----a-w-    c:\windows\system32\WindowsAccessBridge.dll
.
=================== ROOTKIT  ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.1.7601 Disk: ST950042 rev.0003 -> Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: >>UNKNOWN [0x82E55000]<< >>UNKNOWN [0x8A5CF000]<< >>UNKNOWN [0x8A5BE000]<< >>UNKNOWN [0x89EAF000]<< >>UNKNOWN [0x82E1E000]<< >>UNKNOWN [0x8A014000]<<
_asm { DEC EBP; POP EDX; NOP ; ADD [EBX], AL; ADD [EAX], AL; ADD [EAX+EAX], AL; ADD [EAX], AL;  }
1 ntkrnlpa!IofCallDriver[0x82E8BBBA] -> \Device\Harddisk0\DR0[0x86944350]
\Driver\Disk[0x86943238] -> IRP_MJ_CREATE -> 0x8A5D339F
3 [0x8A5D359E] -> ntkrnlpa!IofCallDriver[0x82E8BBBA] -> [0x85F0A3A8]
\Driver\ACPI[0x85198C60] -> IRP_MJ_CREATE -> 0x89EB84CC
5 [0x89EB83D4] -> ntkrnlpa!IofCallDriver[0x82E8BBBA] -> \Device\Ide\IAAStorageDevice-1[0x85F69028]
\Driver\iaStor[0x85EF88F0] -> IRP_MJ_CREATE -> 0x8A058954
kernel: MBR read successfully
_asm { JMP 0x10;  }
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 18:37:33,05 ===============
 

Link to post
Share on other sites

Ok,

 

Let's check,,,

 

Please download the latest version of TDSSKiller from here and save it to your Desktop.

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
    image000q.png
  • Put a checkmark beside loaded modules.
    2012081514h0118.png
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
    2012081517h0349.png
  • Click the Start Scan button.
    19695967.jpg
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
    67776163.jpg
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
    Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    62117367.jpg
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
Link to post
Share on other sites

I cannot manage to post the whole report as it is too long, but the final section is

 

19:44:26.0656 0x180c  Scan finished
19:44:26.0656 0x180c  ============================================================
19:44:26.0656 0x1444  Detected object count: 0
19:44:26.0656 0x1444  Actual detected object count: 0
19:44:29.0620 0x045c  Deinitialize success
 

Link to post
Share on other sites

leucorchestris,

 

TDSSKiller is all right with your MBR. We can confirm this in the log RogueKiller.

 

Let's check the security programs.

 

Download Security Check by screen317 from HERE or HERE.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • If you get Unsupported operating system. Aborting now, just reboot and try again.
  • A Notepad document should open automatically called checkup.txt.
  • Please Post the contents of that document.
  • Do Not Attach It!!!
Link to post
Share on other sites

CarlosTurco,

 

this is the content of checkup.txt

 

 Results of screen317's Security Check version 0.99.78  
 Windows 7 Service Pack 1 x86 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
avast! Internet Security   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware Version 1.75.0.1300  
 Java 7 Update 45  
 Adobe Flash Player     11.9.900.170  
 Mozilla Firefox (26.0)
 Mozilla Thunderbird (17.0.3)
 Google Chrome 31.0.1650.57  
 Google Chrome 31.0.1650.63  
````````Process Check: objlist.exe by Laurent````````  
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast afwServ.exe  
 AVAST Software Avast AvastUI.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````

 

Thanks again for your help

Link to post
Share on other sites

Okay,

 

To finish.

 

Download "Delfix by Xplode" and save it to your desktop.

 

Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator

 

Make Sure the following items are checked:

 

   

  • Activate UAC

       

  • Remove disinfection tools

       

  • Create registry backup

       

  • Purge System Restore

       

  • Reset system settings

     

 

Now click on "Run" and wait patiently until the tool has completed.

 

The tool will create a log when it has completed. We don't need you to post this.

 

Part of the routine will be to create a registry back up with ERUNT,  the back up will be created here:

 

C:\Windows\ERUNT

 

When all is known to be well with your system you can delete that back up folder unless you want to keep it....

 

Let me know if there are any remaining issues or concerns....

 

Read the following link to fully understand PC security and best practices, you may find it useful....

 

http://www.bleepingc...s/#entry2316629

Link to post
Share on other sites

Thanks CarlosTurco,

 

I ran Delfix. To check if there are any remaining issues I used a quick scan in Malwarebytes and this time it came up with a

 

PUM:Hijack.StartMenu

 

warning. This warning was not present on the initial, complete scan a few days ago. What should I do?

 

cheers

Link to post
Share on other sites

Hi,

 

no I did not download anything. the log is

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.01.02.03

Windows 7 Service Pack 1 x86 FAT
Internet Explorer 11.0.9600.16476
KB_2 :: KB-PC [limited]

06.01.2014 17:26:23
MBAM-log-2014-01-06 (18-20-56).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 174370
Time elapsed: 7 minute(s), 33 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 

Link to post
Share on other sites

The last log I posted was running Malwarebytes under my user account. If I run Malwarebytes as administrator Malware.Trace is still present. This is the log-file as administratot:

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2014.01.06.06

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 11.0.9600.16476
KB :: KB-PC [Administrator]

06.01.2014 20:34:07
MBAM-log-2014-01-06 (20-45-15).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 233366
Laufzeit: 8 Minute(n), 51 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowCpl|1 (Malware.Trace) -> Daten: @biocpl.dll,-1 -> Keine Aktion durchgeführt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
 

Link to post
Share on other sites

Sorry CarlosTurco, here is the last log file in english

 

alwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.01.06.06

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 11.0.9600.16476
KB :: KB-PC [administrator]

06.01.2014 20:49:02
MBAM-log-2014-01-06 (20-57-21).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 233399
Time elapsed: 8 minute(s), 10 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowCpl|1 (Malware.Trace) -> Data: @biocpl.dll,-1 -> No action taken.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 

Link to post
Share on other sites

Archived

This topic is now archived and is closed to further replies.

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.