Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
BKA Trojaner mit Virenscanner entfernt - ist jetzt alles in Ordnung?

BKA Trojaner mit Virenscanner entfernt - ist jetzt alles in Ordnung?


Log-Analyse und Auswertung: BKA Trojaner mit Virenscanner entfernt - ist jetzt alles in Ordnung?

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 02.08.2012, 13:35   #1
threeColors
 
BKA Trojaner mit Virenscanner entfernt - ist jetzt alles in Ordnung? - Standard

BKA Trojaner mit Virenscanner entfernt - ist jetzt alles in Ordnung?


Hi,

ich hatte letzte Woche plötzlich einen Sperrbildschirm vom BKA - habe von botfrei die DE-Scanner von Avira und Kapersky laufen lassen, beide haben je eine Datei gefunden (eine in Windows\Temp mit TU am Anfang, eine in einem Ordner namens 4849 unterhalb von Appdata\Roaming).
Habe danach mit Malwarebyte gescannt und es wurde nichts gefunden.

Jetzt frage ich mich: Ist alles wieder gut?
Oder muß ich noch etwas tun .. oder hat sich da vielleicht auch noch ein rootkit installiert? Ich frage mich das weil es bei mir einen Ordner hellomoto gibt, genau wie in dem Post nicht gelisteter Trojaner wo drin steht auf dem Rechner des Posters sei ein Rootkit.

Danke für jede Hilfe!

Viele Grüße,
R.

Code:
ATTFilter
OTL logfile created on: 01.08.2012 13:46:35 - Run 2
OTL by OldTimer - Version 3.2.55.0     Folder = C:\Users\***\Desktop
Windows Vista Business Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1013,75 Mb Total Physical Memory | 122,23 Mb Available Physical Memory | 12,06% Memory free
2,24 Gb Paging File | 0,49 Gb Available in Paging File | 21,66% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 69,46 Gb Total Space | 1,40 Gb Free Space | 2,02% Space Free | Partition Type: NTFS
 
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.07.31 11:41:22 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
PRC - [2012.07.11 22:55:40 | 000,935,008 | ---- | M] () -- C:\Programme\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
PRC - [2012.07.11 22:55:34 | 001,209,952 | ---- | M] () -- C:\Programme\Common Files\AVG Secure Search\ScriptHelperInstaller\11.2.0\ScriptHelper.exe
PRC - [2012.07.11 22:55:33 | 001,107,552 | ---- | M] () -- C:\Programme\AVG Secure Search\vprot.exe
PRC - [2012.07.04 17:25:54 | 005,160,568 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2012\avgidsagent.exe
PRC - [2012.06.13 03:48:26 | 000,758,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2012\avgrsx.exe
PRC - [2012.06.13 03:48:24 | 001,255,544 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2012\avgnsx.exe
PRC - [2012.06.13 03:48:04 | 000,990,840 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2012\avgscanx.exe
PRC - [2012.04.05 05:12:34 | 002,587,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2012\avgtray.exe
PRC - [2012.03.19 05:18:12 | 000,979,840 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2012\avgemcx.exe
PRC - [2012.02.14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2012\avgwdsvc.exe
PRC - [2012.02.14 04:52:38 | 000,338,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2012\avgcsrvx.exe
PRC - [2011.11.28 22:01:39 | 000,247,968 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil11e_ActiveX.exe
PRC - [2011.10.13 18:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft\BingBar\SeaPort.EXE
PRC - [2011.05.28 08:09:21 | 000,638,232 | ---- | M] (Microsoft Corporation) -- C:\Programme\Internet Explorer\iexplore.exe
PRC - [2010.12.10 18:30:50 | 000,086,880 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2010.12.10 18:29:30 | 000,238,944 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe
PRC - [2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.03.04 07:28:48 | 000,035,616 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\TrackPoint\tp4servinst.exe
PRC - [2008.03.04 07:28:44 | 000,092,960 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\TrackPoint\tp4serv.exe
PRC - [2008.01.19 09:33:30 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2008.01.16 10:51:44 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2007.03.09 15:24:04 | 000,124,464 | ---- | M] (Lenovo) -- C:\Programme\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
PRC - [2007.03.09 15:23:36 | 000,120,368 | ---- | M] (Lenovo) -- C:\Programme\ThinkPad\ConnectUtilities\ACWLIcon.exe
PRC - [2007.03.09 15:23:18 | 000,419,376 | ---- | M] (Lenovo) -- C:\Programme\ThinkPad\ConnectUtilities\ACTray.exe
PRC - [2007.03.09 15:23:08 | 000,194,096 | ---- | M] (Lenovo) -- C:\Programme\ThinkPad\ConnectUtilities\AcSvc.exe
PRC - [2007.03.09 15:23:02 | 000,083,504 | ---- | M] (Lenovo) -- C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
PRC - [2007.02.06 12:44:24 | 000,069,632 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEADISRV.EXE
PRC - [2007.01.17 20:01:00 | 000,058,416 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\NPDIRECT\tpfnf7sp.exe
PRC - [2006.12.15 17:50:52 | 000,011,776 | ---- | M] ( ) -- c:\Programme\Lenovo\System Update\SUService.exe
PRC - [2006.12.14 00:13:02 | 000,569,344 | ---- | M] () -- C:\Programme\Lenovo\Rescue and Recovery\rrpservice.exe
PRC - [2006.12.13 23:59:04 | 000,022,016 | ---- | M] () -- C:\Programme\Common Files\Lenovo\Logger\logmon.exe
PRC - [2006.12.13 22:46:08 | 000,045,056 | ---- | M] () -- C:\Programme\Lenovo\Rescue and Recovery\ADM\IUService.exe
PRC - [2006.12.13 13:18:38 | 000,927,296 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\Client Security Solution\tvtpwm_tray.exe
PRC - [2006.12.13 12:43:16 | 000,644,672 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Common Files\Lenovo\tvt_reg_monitor_svc.exe
PRC - [2006.11.20 07:14:14 | 000,108,080 | ---- | M] (Lenovo Group Limited) -- C:\Windows\System32\IPSSVC.EXE
PRC - [2006.11.15 17:21:56 | 000,217,176 | ---- | M] (Diskeeper Corporation) -- C:\Programme\Diskeeper Corporation\Diskeeper\DkIcon.exe
PRC - [2006.11.15 17:20:46 | 000,634,988 | ---- | M] (Diskeeper Corporation) -- C:\Programme\Diskeeper Corporation\Diskeeper\DkService.exe
PRC - [2006.11.10 06:26:08 | 000,064,128 | ---- | M] () -- C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe
PRC - [2006.11.07 12:51:40 | 000,091,688 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\AwayTask\AwaySch.EXE
PRC - [2006.10.13 06:09:00 | 000,073,256 | ---- | M] () -- C:\Programme\Lenovo\HOTKEY\TPONSCR.exe
PRC - [2006.10.13 06:08:56 | 000,055,928 | ---- | M] () -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe
PRC - [2006.09.06 09:39:10 | 000,091,688 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\ZOOM\TpScrex.exe
PRC - [2006.02.24 01:38:22 | 001,138,688 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Sun\StarOffice 8\program\soffice.bin
PRC - [2006.02.24 01:38:18 | 000,991,232 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Sun\StarOffice 8\program\soffice.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.07.11 22:55:43 | 000,132,704 | ---- | M] () -- C:\Programme\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\SiteSafety.dll
MOD - [2012.07.11 22:55:34 | 001,209,952 | ---- | M] () -- C:\Programme\Common Files\AVG Secure Search\ScriptHelperInstaller\11.2.0\ScriptHelper.exe
MOD - [2012.07.11 22:55:33 | 001,107,552 | ---- | M] () -- C:\Programme\AVG Secure Search\vprot.exe
MOD - [2009.08.23 19:58:06 | 000,094,208 | ---- | M] () -- C:\Programme\FileZilla FTP Client\fzshellext.dll
MOD - [2007.01.31 19:01:00 | 000,063,024 | ---- | M] () -- C:\Programme\ThinkVantage\PrdCtr\GR\LPRESMGR.DLL
MOD - [2007.01.17 20:01:00 | 000,235,056 | ---- | M] () -- C:\Programme\Lenovo\NPDIRECT\tpfnf7.dll
MOD - [2007.01.17 20:01:00 | 000,071,216 | ---- | M] () -- C:\Programme\Lenovo\NPDIRECT\OEMDSP4I.DLL
MOD - [2007.01.17 20:01:00 | 000,063,024 | ---- | M] () -- C:\Programme\Lenovo\NPDIRECT\OEMDSPIF.DLL
MOD - [2006.12.19 19:01:00 | 000,120,368 | ---- | M] () -- C:\Programme\ThinkPad\Utilities\PWMIF32V.DLL
MOD - [2006.12.19 19:01:00 | 000,035,376 | ---- | M] () -- C:\Programme\ThinkPad\Utilities\GR\PWMRT32V.DLL
MOD - [2006.12.13 23:58:20 | 000,139,264 | ---- | M] () -- C:\Programme\Common Files\Lenovo\CDRecord.dll
MOD - [2006.12.13 12:24:40 | 000,110,592 | ---- | M] () -- C:\Programme\Common Files\Lenovo\xml4cmessages5_5.dll
MOD - [2006.11.28 19:30:00 | 000,063,024 | ---- | M] () -- C:\Programme\ThinkPad\Utilities\GR\EZMAPRES.DLL
MOD - [2006.11.10 06:26:08 | 000,064,128 | ---- | M] () -- C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe
MOD - [2006.11.10 06:26:02 | 000,030,256 | ---- | M] () -- C:\Programme\Lenovo\HOTKEY\TPOSDSVC.dll
MOD - [2006.10.13 06:09:00 | 000,073,256 | ---- | M] () -- C:\Programme\Lenovo\HOTKEY\TPONSCR.exe
MOD - [2006.09.06 09:37:02 | 000,079,400 | ---- | M] () -- C:\Programme\Lenovo\HOTKEY\TPLHMM.dll
MOD - [2006.02.10 22:31:10 | 000,828,416 | ---- | M] () -- C:\Programme\Sun\StarOffice 8\program\libxml2.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Auto | Stopped] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatisches LiveUpdate - Scheduler)
SRV - [2012.07.27 17:10:03 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.07.11 22:55:40 | 000,935,008 | ---- | M] () [Auto | Running] -- C:\Programme\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe -- (vToolbarUpdater11.2.0)
SRV - [2012.07.04 17:25:54 | 005,160,568 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Programme\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012.02.14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Programme\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011.10.21 16:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Programme\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011.10.13 18:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2011.07.20 05:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2010.12.10 18:30:50 | 000,086,880 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2010.12.10 18:29:30 | 029,293,408 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$MSSMLBIZ)
SRV - [2010.12.10 18:29:30 | 000,238,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2010.12.10 18:29:30 | 000,044,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Programme\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
SRV - [2009.06.17 11:18:42 | 006,582,912 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\wamp\bin\mysql\mysql5.1.36\bin\mysqld.exe -- (wampmysqld)
SRV - [2008.12.10 01:10:14 | 000,024,636 | ---- | M] (Apache Software Foundation) [On_Demand | Stopped] -- C:\Programme\wamp\bin\apache\Apache2.2.11\bin\httpd.exe -- (wampapache)
SRV - [2008.03.04 07:28:48 | 000,035,616 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\TrackPoint\tp4servinst.exe -- (tp4serv)
SRV - [2008.01.19 09:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.01.19 09:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2008.01.16 10:51:44 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2007.03.09 15:23:08 | 000,194,096 | ---- | M] (Lenovo) [Auto | Running] -- C:\Programme\ThinkPad\ConnectUtilities\AcSvc.exe -- (AcSvc)
SRV - [2007.03.09 15:23:02 | 000,083,504 | ---- | M] (Lenovo) [Auto | Running] -- C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe -- (AcPrfMgrSvc)
SRV - [2007.02.06 12:44:24 | 000,069,632 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEADISRV.EXE -- (AEADIFilters)
SRV - [2006.12.15 17:50:52 | 000,011,776 | ---- | M] ( ) [Auto | Running] -- c:\Programme\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2006.12.14 00:13:02 | 000,569,344 | ---- | M] () [Auto | Running] -- C:\Programme\Lenovo\Rescue and Recovery\rrpservice.exe -- (TVT Backup Protection Service)
SRV - [2006.12.13 22:46:08 | 000,045,056 | ---- | M] () [Auto | Running] -- C:\Programme\Lenovo\Rescue and Recovery\ADM\IUService.exe -- (tvtnetwk)
SRV - [2006.12.13 12:43:16 | 000,644,672 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)
SRV - [2006.11.20 07:14:14 | 000,108,080 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Windows\System32\IPSSVC.EXE -- (IPSSVC)
SRV - [2006.11.15 17:20:46 | 000,634,988 | ---- | M] (Diskeeper Corporation) [Auto | Running] -- C:\Programme\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper)
SRV - [2006.10.26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006.10.13 06:08:56 | 000,055,928 | ---- | M] () [Auto | Running] -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\UIUSYS.SYS -- (UIUSys)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\SymIM.sys -- (SymIMMP)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2012.04.19 04:50:26 | 000,024,896 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2012.03.19 05:17:28 | 000,301,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2012.02.22 05:25:32 | 000,235,216 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2012.01.31 04:46:50 | 000,031,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2011.12.23 13:32:14 | 000,041,040 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011.12.23 13:32:08 | 000,017,232 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2011.12.23 13:32:06 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgidsfilterx.sys -- (AVGIDSFilter)
DRV - [2011.12.23 13:32:00 | 000,139,856 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2009.10.22 13:54:18 | 000,037,392 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\65230672.sys -- (65230672)
DRV - [2009.10.09 23:31:02 | 000,311,312 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\System32\drivers\6523067.sys -- (setup_9.0.0.722_07.07.2012_12-34drv)
DRV - [2009.09.25 17:59:42 | 000,128,016 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\System32\drivers\65230671.sys -- (65230671)
DRV - [2007.10.15 20:29:28 | 000,737,280 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2006.12.19 19:01:00 | 000,012,080 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\TPPWR32V.SYS -- (TPPWRIF)
DRV - [2006.12.14 05:32:08 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2006.11.27 17:44:52 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2006.11.06 10:24:56 | 000,012,080 | ---- | M] (Lenovo Group Limited) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\PROCDD.SYS -- (PROCDD)
DRV - [2006.09.13 13:42:44 | 000,035,264 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tvti2c.sys -- (TVTI2C)
DRV - [2006.09.13 07:42:18 | 000,028,224 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\psadd.sys -- (psadd)
DRV - [2006.08.30 12:04:04 | 000,013,744 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\System32\drivers\smiif32.sys -- (lenovo.smi)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo.live.com
IE - HKLM\..\SearchScopes,DefaultScope = {14E66683-C83B-4580-BD9E-569D4396E209}
IE - HKLM\..\SearchScopes\{14E66683-C83B-4580-BD9E-569D4396E209}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&entrypoint={referrer:source?}&FORM=LENIE
IE - HKLM\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-559201451-4058377737-3668885732-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-559201451-4058377737-3668885732-1003\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-559201451-4058377737-3668885732-1003\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKU\S-1-5-21-559201451-4058377737-3668885732-1003\..\SearchScopes\{14E66683-C83B-4580-BD9E-569D4396E209}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&entrypoint={referrer:source?}&FORM=LENIE
IE - HKU\S-1-5-21-559201451-4058377737-3668885732-1003\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = hxxp://isearch.avg.com/search?cid={E6CB145B-555B-45EF-95B6-637E05292147}&mid=7652ab69105e30af62d5667de3c6d6bb-14a1cfcc2cd3033a734069eb5e436630d4c1a06f&lang=de&ds=AVG&pr=fr&d=2012-07-11 22:55:49&v=11.1.0.12&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-559201451-4058377737-3668885732-1003\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = hxxp://search.avg.com/route/?d=4b3d2cf0&i=23&tp=chrome&q={searchTerms}&lng={language}&ychte=us&nt=1
IE - HKU\S-1-5-21-559201451-4058377737-3668885732-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Program Files\Picasa2\npPicasa2.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012.07.17 08:20:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack\ [2012.07.11 22:50:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\11.1.0.12\ [2012.07.11 22:56:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.27 17:10:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.04.11 22:02:39 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{FCF36B88-1BBA-487f-B64B-D2E8980A9293}: C:\Program Files\Lenovo\Client Security Solution\PWM Firefox Extension [2009.11.18 20:23:47 | 000,000,000 | ---D | M]
 
[2009.11.27 23:22:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2009.11.27 23:22:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\uploadr@flickr.com
[2012.07.30 23:06:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\4dv4qp29.default\extensions
[2011.03.27 22:36:59 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\4dv4qp29.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012.07.27 17:10:26 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.07.27 17:10:04 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2007.08.24 21:52:00 | 000,300,400 | ---- | M] (Symantec Corporation) -- C:\Program Files\mozilla firefox\components\coFFPlgn.dll
[2012.07.27 17:10:00 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.07.11 22:55:23 | 000,003,748 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2012.07.27 17:10:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.07.27 17:10:00 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.07.27 17:10:00 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.07.27 17:10:00 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.07.27 17:10:00 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Programme\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programme\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Programme\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (CPwmIEBrowserHelper Object) - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Programme\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Programme\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\S-1-5-21-559201451-4058377737-3668885732-1003\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-559201451-4058377737-3668885732-1003\..\Toolbar\WebBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No CLSID value found.
O3 - HKU\S-1-5-21-559201451-4058377737-3668885732-1003\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\S-1-5-21-559201451-4058377737-3668885732-1003\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4 - HKLM..\Run: [ACTray] C:\Programme\ThinkPad\ConnectUtilities\ACTray.exe (Lenovo)
O4 - HKLM..\Run: [ACWLIcon] C:\Programme\ThinkPad\ConnectUtilities\ACWLIcon.exe (Lenovo)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [AwaySch] C:\Programme\Lenovo\AwayTask\AwaySch.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [BLOG] C:\Programme\ThinkPad\Utilities\BTVLOGEX.DLL ()
O4 - HKLM..\Run: [DiskeeperSystray] C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe (Diskeeper Corporation)
O4 - HKLM..\Run: [LenovoOobeOffers] c:\swtools\LenovoWelcome\LenovoOobeOffers.exe (Lenovo)
O4 - HKLM..\Run: [LenovoRegistration] C:\SWTOOLS\LenovoWelcome\LenovoRegistration.exe (Lenovo)
O4 - HKLM..\Run: [PWMTRV] C:\Programme\ThinkPad\Utilities\PWMTR32V.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TPHOTKEY] C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe ()
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\setup_9.0.0.722_07.07.2012_12-34.lnk = C:\Users\***\Desktop\DE-Cleaner powered by Kaspersky\setup_9.0.0.722_07.07.2012_12-34\startup.exe ()
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\StarOffice 8.lnk = C:\Programme\Sun\StarOffice 8\program\quickstart.exe ()
O7 - HKU\S-1-5-21-559201451-4058377737-3668885732-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Programme\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Programme\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-559201451-4058377737-3668885732-1003\..Trusted Domains: xing.com ([www] https in Trusted sites)
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-48.cab (EPUImageControl Class)
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} hxxp://static.pe.studivz.net/photouploader/ImageUploader4.cab?nocache=1204124616 (Image Uploader Control)
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} hxxp://cid-a4a0c25285dc5c20.spaces.live.com/PhotoUpload/VistaMsnPUpldde-de.cab (Windows Live Photo Upload Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} hxxp://www.adobe.com/products/acrobat/nos/gp.cab (get_atlcom Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8440AC40-B18B-4481-B99B-43740385BC96}: NameServer = 195.50.140.118 195.50.140.180
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programme\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Programme\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll ()
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img11.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img11.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.07.31 11:41:07 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2012.07.31 07:34:40 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2012.07.31 07:33:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.07.31 07:33:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.07.31 07:33:57 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.07.31 07:33:57 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.07.30 23:23:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2012.07.30 23:20:12 | 000,037,392 | ---- | C] (Kaspersky Lab) -- C:\Windows\System32\drivers\65230672.sys
[2012.07.30 23:20:11 | 000,128,016 | ---- | C] (Kaspersky Lab) -- C:\Windows\System32\drivers\65230671.sys
[2012.07.30 23:20:10 | 000,311,312 | ---- | C] (Kaspersky Lab) -- C:\Windows\System32\drivers\6523067.sys
[2012.07.30 23:19:53 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\DE-Cleaner powered by Kaspersky
[2012.07.30 22:54:24 | 010,652,120 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\***\Desktop\mbam-setup-1.62.0.1300.exe
[2012.07.30 22:23:03 | 000,000,000 | ---D | C] -- C:\J
[2012.07.30 22:15:05 | 000,000,000 | ---D | C] -- C:\I
[2012.07.30 15:26:22 | 000,000,000 | ---D | C] -- C:\H
[2012.07.30 14:24:32 | 000,000,000 | ---D | C] -- C:\G
[2012.07.30 14:20:07 | 000,000,000 | ---D | C] -- C:\F
[2012.07.30 14:17:19 | 000,000,000 | ---D | C] -- C:\E
[2012.07.30 14:05:34 | 000,000,000 | ---D | C] -- C:\D
[2012.07.30 13:42:30 | 000,000,000 | ---D | C] -- C:\C
[2012.07.30 13:31:18 | 000,000,000 | ---D | C] -- C:\B
[2012.07.28 07:53:43 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\hellomoto
[2012.07.27 17:10:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012.07.27 17:10:28 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012.07.24 13:55:23 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\von_bp
[2012.07.17 08:20:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2012.07.11 22:56:37 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\AVG Secure Search
[2012.07.11 22:55:44 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Secure Search
[2012.07.11 22:55:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVG Secure Search
[2012.07.11 22:55:32 | 000,000,000 | ---D | C] -- C:\Program Files\AVG Secure Search
[2012.07.11 22:49:27 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\AVG2012
[2012.07.11 22:48:09 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012
 
========== Files - Modified Within 30 Days ==========
 
[2012.08.01 15:01:03 | 000,003,552 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.08.01 15:01:03 | 000,003,552 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.08.01 13:12:54 | 102,697,338 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2012.08.01 13:00:14 | 000,025,269 | ---- | M] () -- C:\Windows\System32\PROCDB.INI
[2012.08.01 13:00:13 | 000,000,480 | ---- | M] () -- C:\Windows\System32\IPSCtrl.INI
[2012.08.01 12:59:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.31 11:41:22 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2012.07.31 07:34:11 | 000,000,916 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.30 23:56:52 | 000,646,466 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.07.30 23:56:51 | 000,690,080 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.07.30 23:56:51 | 000,123,294 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.07.30 23:56:50 | 000,151,654 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.07.30 23:23:08 | 000,002,329 | ---- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\setup_9.0.0.722_07.07.2012_12-34.lnk
[2012.07.30 22:54:30 | 010,652,120 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\***\Desktop\mbam-setup-1.62.0.1300.exe
[2012.07.30 22:51:53 | 138,252,688 | ---- | M] (                                                            ) -- C:\Users\***\Desktop\setup_9.0.0.722_07.07.2012_12-34.exe
[2012.07.30 22:28:54 | 000,000,144 | ---- | M] () -- C:\Users\***\AppData\Roaming\503599849
[2012.07.30 20:00:07 | 000,000,714 | ---- | M] () -- C:\Windows\tasks\Norton Internet Security - Systemprüfung ausführen - ***.job
[2012.07.30 17:18:46 | 000,001,876 | ---- | M] () -- C:\Users\***\Desktop\Entfernen des Avira DE-Cleaners.lnk
[2012.07.30 17:18:46 | 000,001,805 | ---- | M] () -- C:\Users\***\Desktop\Avira DE-Cleaner.lnk
[2012.07.30 17:03:17 | 000,883,840 | ---- | M] () -- C:\Users\***\Desktop\Avira-DE-Cleaner.exe
[2012.07.27 18:56:25 | 004,919,784 | ---- | M] () -- C:\Users\***\Desktop\wordpress-3.4.1.zip
[2012.07.25 17:44:42 | 000,032,538 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
[2012.07.03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
 
========== Files Created - No Company Name ==========
 
[2012.07.31 07:34:11 | 000,000,916 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.30 23:23:08 | 000,002,329 | ---- | C] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\setup_9.0.0.722_07.07.2012_12-34.lnk
[2012.07.30 22:51:25 | 138,252,688 | ---- | C] (                                                            ) -- C:\Users\***\Desktop\setup_9.0.0.722_07.07.2012_12-34.exe
[2012.07.30 22:28:54 | 000,000,144 | ---- | C] () -- C:\Users\***\AppData\Roaming\503599849
[2012.07.30 17:18:46 | 000,001,876 | ---- | C] () -- C:\Users\***\Desktop\Entfernen des Avira DE-Cleaners.lnk
[2012.07.30 17:18:46 | 000,001,805 | ---- | C] () -- C:\Users\***\Desktop\Avira DE-Cleaner.lnk
[2012.07.30 17:03:01 | 000,883,840 | ---- | C] () -- C:\Users\***\Desktop\Avira-DE-Cleaner.exe
[2012.07.27 18:56:05 | 004,919,784 | ---- | C] () -- C:\Users\***\Desktop\wordpress-3.4.1.zip
[2008.02.27 19:41:00 | 000,000,032 | ---- | C] () -- C:\ProgramData\ezsid.dat
[2008.01.09 15:13:48 | 000,008,704 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.01.09 14:30:08 | 000,000,680 | ---- | C] () -- C:\Users\***\AppData\Local\d3d9caps.dat
 
========== LOP Check ==========
 
[2012.07.11 22:49:27 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\AVG2012
[2010.03.06 09:06:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\AVG9
[2012.07.24 18:30:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\CoreFTP
[2009.09.28 16:21:05 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FileZilla
[2009.11.27 23:22:05 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Flickr
[2012.07.28 07:54:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\hellomoto
[2008.04.19 12:29:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Lenovo
[2012.08.01 13:03:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\StarOffice8
[2012.08.01 08:14:28 | 000,032,514 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >

 

Themen zu BKA Trojaner mit Virenscanner entfernt - ist jetzt alles in Ordnung?
avg secure search, avg security toolbar, avira, bho, bingbar, bonjour, cid, entfernen, firefox, format, frage, ftp, kaspersky, lenovo, logfile, monitor, mozilla, object, plug-in, registry, rootkit, scan, secure search, security, server, software, sperrbildschirm, symantec, trojaner, vista, vtoolbarupdater, windows


« GVU Trojaner (mit Cam), ebenfalls nur ein Benutzerkonto betroffen (ein nicht Adminkonto) | Live Security Premium eingefangen »


Ähnliche Themen: BKA Trojaner mit Virenscanner entfernt - ist jetzt alles in Ordnung?


  1. Viren/Trojaner/Warnungen Ist mit meinem Laptop alles in Ordnung?
    Log-Analyse und Auswertung - 07.11.2011 (1)
  2. Schadsoftware HDD-Repair entdeckt und entfernt, jetzt alles wieder gut?
    Log-Analyse und Auswertung - 31.08.2011 (5)
  3. Trojan.Dropper.PGen gefunden und mit MBAM entfernt, jetzt alles sauber?
    Log-Analyse und Auswertung - 17.11.2010 (6)
  4. av security suite, gelöscht nach anleitung, jetzt alles in ordnung ?
    Log-Analyse und Auswertung - 30.08.2010 (3)
  5. AV Security Suite nach Anleitung entfernt. Alles ok jetzt?
    Plagegeister aller Art und deren Bekämpfung - 11.07.2010 (1)
  6. AV Security Suite nach Anleitung entfernt. Alles weg jetzt?
    Plagegeister aller Art und deren Bekämpfung - 11.07.2010 (0)
  7. Malware gefunden und eliminiert: ist jetzt alles wieder in Ordnung?
    Plagegeister aller Art und deren Bekämpfung - 23.11.2009 (5)
  8. Ist alles in Ordnung?
    Log-Analyse und Auswertung - 03.02.2009 (0)
  9. Ist alles in ordnung?
    Log-Analyse und Auswertung - 09.05.2008 (2)
  10. Alles in Ordnung ??
    Log-Analyse und Auswertung - 03.04.2007 (4)
  11. alles in ordnung?
    Log-Analyse und Auswertung - 07.12.2006 (2)
  12. ist alles in ordnung???
    Mülltonne - 14.11.2006 (0)
  13. Alles in Ordnung?
    Mülltonne - 30.10.2006 (1)
  14. Trojaner gefunden und gelöscht - ist jetzt alles in ordnung ?!?
    Log-Analyse und Auswertung - 01.10.2006 (1)
  15. ???Alles in Ordnung???
    Log-Analyse und Auswertung - 07.04.2006 (4)
  16. Ist jetzt alles in Ordnung?
    Log-Analyse und Auswertung - 13.06.2005 (1)
  17. Virenscanner weg und alles voller Trojaner!
    Plagegeister aller Art und deren Bekämpfung - 10.12.2004 (4)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema BKA Trojaner mit Virenscanner entfernt - ist jetzt alles in Ordnung? - Hi, ich hatte letzte Woche plötzlich einen Sperrbildschirm vom BKA - habe von botfrei die DE-Scanner von Avira und Kapersky laufen lassen, beide haben je eine Datei gefunden (eine in - BKA Trojaner mit Virenscanner entfernt - ist jetzt alles in Ordnung?...
Archiv
Du betrachtest: BKA Trojaner mit Virenscanner entfernt - ist jetzt alles in Ordnung? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131