| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Div WIN.Trojan.Agent- Meldungen von ClamavWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
01.01.2013, 15:55
| #1 |
 |  Div WIN.Trojan.Agent- Meldungen von Clamav WIN.Trojan.Agent- Hi habe meinen Rechner gestern mit Desinfect gecheckt. es wurden leider jede Menge Viren gemeldet - bitdefnder,avira fanden nichts - avira fand: ( Hat aber wohl keine Bedeutung ) Code:
ATTFilter /Program Files/Atmel/AVR Tools/AVR Wireless Studio/8117.pdf
Date: 07.07.2009 Time: 07:30:18 Size: 1634368
WARNING: [Archive not completly scanned. Reason: maximum uncompressed size (1073741824) reached] /Program Files/Atmel/AVR Tools/AVR Wireless Studio/8117.pdf
Code:
ATTFilter 2013-01-01 02:16:20 Scan_Objects$0006 running 1%
2013-01-01 02:16:21 /ProgramData/Browser Manager/2.3.796.11/{16cdff19-861d-48e3-a751-d99a27784753}/uninstall.exe detected not-a-virus:AdWare.Win32.Bromngr.a
2013-01-01 02:16:21 /ProgramData/Browser Manager/2.3.796.11/{16cdff19-861d-48e3-a751-d99a27784753}/browsemngr.dll detected not-a-virus:AdWare.Win32.Bromngr.b
2013-01-01 02:16:21 /ProgramData/Browser Manager/2.3.796.11/{16cdff19-861d-48e3-a751-d99a27784753}/uninstall.exe skipped
2013-01-01 02:16:21 /ProgramData/Browser Manager/2.3.796.11/{16cdff19-861d-48e3-a751-d99a27784753}/browsemngr.dll skipped
2013-01-01 02:16:21 /ProgramData/Browser Manager/2.3.796.11/{16cdff19-861d-48e3-a751-d99a27784753}/browsemngr.exe detected not-a-virus:AdWare.Win32.Bromngr.a
2013-01-01 02:16:21 /ProgramData/Browser Manager/2.3.796.11/{16cdff19-861d-48e3-a751-d99a27784753}/browsemngr.exe skipped
2013-01-01 02:16:42 /ProgramData/Browser Manager/2.3.796.11/{16cdff19-861d-48e3-a751-d99a27784753}/browsemngr.dll detected not-a-virus:AdWare.Win32.Bromngr.b
2013-01-01 02:16:43 /ProgramData/Browser Manager/2.3.796.11/{16cdff19-861d-48e3-a751-d99a27784753}/browsemngr.dll skipped
2013-01-01 02:16:43 /ProgramData/Browser Manager/2.3.796.11/{16cdff19-861d-48e3-a751-d99a27784753}/browsemngr.exe detected not-a-virus:AdWare.Win32.Bromngr.a
2013-01-01 02:16:43 /ProgramData/Browser Manager/2.3.796.11/{16cdff19-861d-48e3-a751-d99a27784753}/browsemngr.exe skipped
2013-01-01 02:16:43 /ProgramData/Browser Manager/2.3.796.11/{16cdff19-861d-48e3-a751-d99a27784753}/uninstall.exe detected not-a-virus:AdWare.Win32.Bromngr.a
2013-01-01 02:16:43 /ProgramData/Browser Manager/2.3.796.11/{16cdff19-861d-48e3-a751-d99a27784753}/uninstall.exe skipped
2013-01-01 02:31:49 /ProgramData/Browser Manager/2.3.796.11/{16cdff19-861d-48e3-a751-d99a27784753}/browsemngr.dll detected not-a-virus:AdWare.Win32.Bromngr.b
2013-01-01 02:31:49 /ProgramData/Browser Manager/2.3.796.11/{16cdff19-861d-48e3-a751-d99a27784753}/browsemngr.dll skipped
2013-01-01 02:31:49 /ProgramData/Browser Manager/2.3.796.11/{16cdff19-861d-48e3-a751-d99a27784753}/uninstall.exe detected not-a-virus:AdWare.Win32.Bromngr.a
2013-01-01 02:31:49 /ProgramData/Browser Manager/2.3.796.11/{16cdff19-861d-48e3-a751-d99a27784753}/browsemngr.exe detected not-a-virus:AdWare.Win32.Bromngr.a
2013-01-01 02:31:49 /ProgramData/Browser Manager/2.3.796.11/{16cdff19-861d-48e3-a751-d99a27784753}/uninstall.exe skipped
2013-01-01 02:31:49 /ProgramData/Browser Manager/2.3.796.11/{16cdff19-861d-48e3-a751-d99a27784753}/browsemngr.exe skipped
2013-01-01 02:42:43 /ProgramData/Browser Manager/2.3.796.11/{16cdff19-861d-48e3-a751-d99a27784753}/browsemngr.dll detected not-a-virus:AdWare.Win32.Bromngr.b
2013-01-01 02:42:43 /ProgramData/Browser Manager/2.3.796.11/{16cdff19-861d-48e3-a751-d99a27784753}/browsemngr.dll skipped
2013-01-01 02:42:43 /ProgramData/Browser Manager/2.3.796.11/{16cdff19-861d-48e3-a751-d99a27784753}/browsemngr.exe detected not-a-virus:AdWare.Win32.Bromngr.a
2013-01-01 02:42:43 /ProgramData/Browser Manager/2.3.796.11/{16cdff19-861d-48e3-a751-d99a27784753}/browsemngr.exe skipped
2013-01-01 02:42:43 /ProgramData/Browser Manager/2.3.796.11/{16cdff19-861d-48e3-a751-d99a27784753}/uninstall.exe detected not-a-virus:AdWare.Win32.Bromngr.a
2013-01-01 02:42:43 /ProgramData/Browser Manager/2.3.796.11/{16cdff19-861d-48e3-a751-d99a27784753}/uninstall.exe skipped
2013-01-01 02:53:59 /poap/PDFX_Vwr_Port/Settings.dat//data0000 password protected
2013-01-01 03:21:03 Scan_Objects$0006 completed
; --- Statistics ---
; Time Start: 2013-01-01 02:15:37
; Time Finish: 2013-01-01 03:21:03
; Completion: 100%
; Processed objects: 215437
; Total detected: 12
; Detected exact: 12
; Suspicions: 0
; Treats detected: 12
; Untreated: 12
; Disinfected: 0
; Quarantined: 0
; Deleted: 0
; Skipped: 0
; Archived: 747
; Packed: 2268
; Password protected: 1
; Corrupted: 0
; Errors: 9
; Last object:
; ------------------
Code:
ATTFilter /Windows/System32/adprovider.dll: Win.Trojan.Agent-61735 FOUND
/Windows/System32/adsnt.dll: Win.Trojan.Agent-69677 FOUND
/Windows/winsxs/x86_microsoft-windows-a..es-interface-router_31bf3856ad364e35_6.1.7600.16385_none_57cc5ccbdfdcc2b8/activeds.dll: Win.Trojan.Agent-61623 FOUND
/Windows/winsxs/x86_microsoft-windows-a..face-winnt-provider_31bf3856ad364e35_6.1.7600.16385_none_3a78ef63c81010df/adsnt.dll: Win.Trojan.Agent-69677 FOUND
/Windows/winsxs/x86_microsoft-windows-a..rface-ldap-provider_31bf3856ad364e35_6.1.7600.16385_none_1c03d2865c3d1ff4/adsldp.dll: Win.Trojan.Agent-61628 FOUND
/Windows/winsxs/x86_microsoft-windows-advapi32_31bf3856ad364e35_6.1.7600.16385_none_e31ea7cde7d54e21/advapi32.dll: Win.Trojan.Agent-69706 FOUND
/Windows/winsxs/x86_microsoft-windows-dims-keyroam_31bf3856ad364e35_6.1.7600.16385_none_5b7a6e238ef0e573/adprovider.dll: Win.Trojan.Agent-61735 FOUND
/Windows/winsxs/x86_microsoft-windows-ocsetup_31bf3856ad364e35_6.1.7600.16385_none_e3538819c09b5ce4/ocsetup.exe: Win.Trojan.7617823 FOUND
/Windows/winsxs/x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16802_none_b347f075c77b9c9d/tcpip.sys: WIN.Trojan.Agent-52272 FOUND
/Windows/winsxs/x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16986_none_b2f57423c7b8dea8/tcpip.sys: WIN.Trojan.Agent-46637 FOUND
/Windows/winsxs/x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20951_none_b39a7d5ae0c2aec5/tcpip.sys: WIN.Trojan.Agent-47229 FOUND
/Windows/winsxs/x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.21178_none_b38bb990e0ccc871/tcpip.sys: WIN.Trojan.Agent-50227 FOUND
/Windows/winsxs/x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17603_none_b52f4dc5c4a121e0/tcpip.sys: WIN.Trojan.Agent-44570 FOUND
/Windows/winsxs/x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17802_none_b52e5147c4a202d7/tcpip.sys: WIN.Trojan.Agent-47169 FOUND
/Windows/winsxs/x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17939_none_b514e56fc4b40532/tcpip.sys: WIN.Trojan.Agent-46575 FOUND
/Windows/winsxs/x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21712_none_b5ad1a5addc7c444/tcpip.sys: WIN.Trojan.Agent-46727 FOUND
/Windows/winsxs/x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21954_none_b583df0adde66104/tcpip.sys: WIN.Trojan.Agent-49336 FOUND
/Windows/winsxs/x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22097_none_b55b785ade04500f/tcpip.sys: WIN.Trojan.Agent-47080 FOUND
Code:
ATTFilter 17044 3 49664 2009-07-14 03:14 Windows/System32/adprovider.dll
17048 2 260608 2009-07-14 03:14 Windows/System32/adsnt.dll
17036 1 202752 2009-07-14 03:14 Windows/winsxs/x86_microsoft-windows-a..es-interface-router_31bf3856ad364e35_6.1.7600.16385_none_57cc5ccbdfdcc2b8/activeds.dll
17048 2 260608 2009-07-14 03:14 Windows/winsxs/x86_microsoft-windows-a..face-winnt-provider_31bf3856ad364e35_6.1.7600.16385_none_3a78ef63c81010df/adsnt.dll
17045 1 186880 2009-07-14 03:14 Windows/winsxs/x86_microsoft-windows-a..rface-ldap-provider_31bf3856ad364e35_6.1.7600.16385_none_1c03d2865c3d1ff4/adsldp.dll
17051 1 640000 2009-07-14 03:14 Windows/winsxs/x86_microsoft-windows-advapi32_31bf3856ad364e35_6.1.7600.16385_none_e31ea7cde7d54e21/advapi32.dll
17044 3 49664 2009-07-14 03:14 Windows/winsxs/x86_microsoft-windows-dims-keyroam_31bf3856ad364e35_6.1.7600.16385_none_5b7a6e238ef0e573/adprovider.dll
18942 1 197632 2009-07-14 03:14 Windows/winsxs/x86_microsoft-windows-ocsetup_31bf3856ad364e35_6.1.7600.16385_none_e3538819c09b5ce4/ocsetup.exe
68163 1 1286016 2011-04-25 06:56 Windows/winsxs/x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16802_none_b347f075c77b9c9d/tcpip.sys
64187 1 1287024 2012-03-30 12:29 Windows/winsxs/x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16986_none_b2f57423c7b8dea8/tcpip.sys
68166 1 1298816 2011-04-25 06:44 Windows/winsxs/x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20951_none_b39a7d5ae0c2aec5/tcpip.sys
64194 1 1303408 2012-03-30 12:08 Windows/winsxs/x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.21178_none_b38bb990e0ccc871/tcpip.sys
68168 1 1290624 2011-04-25 06:31 Windows/winsxs/x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17603_none_b52f4dc5c4a121e0/tcpip.sys
64191 1 1291632 2012-03-30 12:23 Windows/winsxs/x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17802_none_b52e5147c4a202d7/tcpip.sys
29732 1 1292144 2012-08-22 19:16 Windows/winsxs/x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17939_none_b514e56fc4b40532/tcpip.sys
68167 1 1301376 2011-04-25 08:31 Windows/winsxs/x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21712_none_b5ad1a5addc7c444/tcpip.sys
64192 1 1306480 2012-03-30 11:04 Windows/winsxs/x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21954_none_b583df0adde66104/tcpip.sys
29734 1 1306992 2012-08-22 19:05 Windows/winsxs/x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22097_none_b55b785ade04500f/tcpip.sys
https://www.virustotal.com/file/cf6111e3cbfdcd1aa76ae9cbfa3de520348874c891b69efe87583b8104e4c7c0/analysis/1357009380/ https://www.virustotal.com/file/39c9b08a0cf24977b0fea31d061164f32287c46333de819865fa8946b1733268/analysis/1357009565/ https://www.virustotal.com/file/c88608e9ab42093b225b6ef72f5e7a22706c07c3215372d810e6a9f60eeeb00d/analysis/1357009515/ https://www.virustotal.com/file/7a55ade75be6015b9f9b9384325e26ab9884b9f27dfef46590ef991bed2d8179/analysis/1357010105/ https://www.virustotal.com/file/f7d35915ab52a5411cf00ac031bce80a3806123d794ced6d11c0d2cd0b49bfa2/analysis/1357051499/ Ist das jetzt Schadsoftware oder Falschmeldungen? adprovider.dll kingt nach adware. Wieso findet nur ein Virusscanner die Dateien? Dateien entfernen oder belassen? Wenn entfernen, reicht es sie zu löschen? Bei adprovider.dll werden 3 links aufgezählt, die Datei erscheint aber nur einmal. Der Rechner läuft normalerweise unter Win7 vollständig upgedatet, bisher noch kein Virenbefall, im moment läuft er unter Desinfect bis zur Klärung. Im Netz hab ich nichts gefunden, Diese Meldungen scheinen recht neu zu sein. |
|
02.01.2013, 18:13
| #2 |
| /// TB-Ausbilder   | Div WIN.Trojan.Agent- Meldungen von Clamav Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen. Bitte beachte folgende Hinweise:
Die meisten Meldungen (von Avira und Calmav) sind Fehlmeldungen. Kaspersky hat Adware entdeckt, um die wir uns jetzt kümmern werden.  Nichts selber bereinigen, denn damit erschwerst du mir nur die Arbeit! Schritt 1 Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop (falls noch nicht vorhanden).
Code:
ATTFilter activex
netsvcs
msconfig
drivers32
safebootminimal
safebootnetwork
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
CREATERESTOREPOINT
Schritt 2 Downloade Dir bitte defogger von jpshortstuff auf Deinem Desktop.
Schritt 3 Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit. Bitte poste mit deiner nächsten Antwort
|
|
02.01.2013, 21:34
| #3 |
| | Div WIN.Trojan.Agent- Meldungen von Clamav BabylonToolbar.dll war mal drauf, ich hab das Verzeichnis gelöscht. Einträge sind noch da, hab ich gesehen.
__________________Die Toolbar und der Browsermanager sind glaube ich mit Java zusammen installiert worden. Code:
ATTFilter OTL logfile created on: 02.01.2013 19:36:57 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Admyn\Desktop Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,99 Gb Total Physical Memory | 2,23 Gb Available Physical Memory | 74,64% Memory free 3,99 Gb Paging File | 3,23 Gb Available in Paging File | 80,93% Paging File free Paging file location(s): d:\pagefile.sys 1024 2048 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 19,53 Gb Total Space | 0,86 Gb Free Space | 4,39% Space Free | Partition Type: NTFS Drive D: | 46,78 Gb Total Space | 14,76 Gb Free Space | 31,55% Space Free | Partition Type: NTFS Computer Name: COMPY | User Name: Admyn | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.01.02 18:52:28 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Admyn\Desktop\OTL.exe PRC - [2012.10.11 12:17:59 | 002,312,216 | ---- | M] () -- C:\ProgramData\Browser Manager\2.3.796.11\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe PRC - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011.11.04 15:37:16 | 000,330,304 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPONSCR.exe PRC - [2011.10.20 10:58:46 | 000,101,440 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\VIRTSCRL\virtscrl.exe PRC - [2011.07.12 18:03:32 | 000,069,568 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe PRC - [2011.07.12 17:17:04 | 000,138,680 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\ZOOM\TpScrex.exe PRC - [2011.07.12 16:54:02 | 000,127,336 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\VIRTSCRL\lvvsst.exe PRC - [2011.07.12 16:53:48 | 000,131,432 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\tphkload.exe PRC - [2011.07.12 16:53:18 | 000,142,696 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe PRC - [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2011.01.24 12:35:46 | 002,352,416 | ---- | M] (Broadcom Corporation.) -- C:\Programme\ThinkPad\Bluetooth Software\BTStackServer.exe PRC - [2011.01.24 12:35:46 | 000,804,128 | ---- | M] (Broadcom Corporation.) -- C:\Programme\ThinkPad\Bluetooth Software\BTTray.exe PRC - [2011.01.24 12:35:46 | 000,628,000 | ---- | M] (Broadcom Corporation.) -- C:\Programme\ThinkPad\Bluetooth Software\btwdins.exe PRC - [2010.11.20 03:17:58 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2010.11.20 03:17:48 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2009.11.30 12:01:30 | 000,401,408 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\AMT\atchk.exe PRC - [2009.11.30 12:01:26 | 000,176,128 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\AMT\atchksrv.exe PRC - [2009.11.30 12:01:12 | 001,458,176 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\AMT\UNS.exe PRC - [2009.11.30 12:00:32 | 000,114,688 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\AMT\LMS.exe PRC - [2009.11.24 07:59:50 | 000,093,032 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\TrackPoint\tp4serv.exe PRC - [2009.07.14 02:14:42 | 000,181,760 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\ink\TabTip.exe PRC - [2009.07.14 02:14:21 | 000,294,400 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\ink\InputPersonalization.exe PRC - [2009.06.04 19:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe PRC - [2009.06.04 19:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe PRC - [2008.07.15 16:09:52 | 000,090,112 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEADISRV.EXE PRC - [2007.08.14 15:55:20 | 000,021,504 | ---- | M] (UPEK Inc.) -- C:\Programme\ThinkVantage Fingerprint Software\upeksvr.exe ========== Modules (No Company Name) ========== MOD - [2012.10.11 12:17:59 | 002,312,216 | ---- | M] () -- C:\ProgramData\Browser Manager\2.3.796.11\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe MOD - [2012.10.11 12:17:06 | 002,069,528 | ---- | M] () -- c:\ProgramData\Browser Manager\2.3.796.11\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll MOD - [2011.01.24 12:35:58 | 000,132,384 | ---- | M] () -- C:\Programme\ThinkPad\Bluetooth Software\BTKeyInd.dll ========== Services (SafeList) ========== SRV - [2012.10.11 12:17:59 | 002,312,216 | ---- | M] () [Auto | Running] -- C:\ProgramData\Browser Manager\2.3.796.11\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe -- (Browser Manager) SRV - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.07.12 16:54:02 | 000,127,336 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\VIRTSCRL\lvvsst.exe -- (Lenovo.VIRTSCRLSVC) SRV - [2011.07.12 16:53:48 | 000,131,432 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\HOTKEY\tphkload.exe -- (TPHKLOAD) SRV - [2011.07.12 16:53:24 | 000,101,736 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Programme\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE) SRV - [2011.07.12 16:53:18 | 000,142,696 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC) SRV - [2011.01.24 12:35:46 | 000,628,000 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\ThinkPad\Bluetooth Software\btwdins.exe -- (btwdins) SRV - [2010.11.20 03:17:58 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2009.11.30 12:01:26 | 000,176,128 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\AMT\atchksrv.exe -- (atchksrv) SRV - [2009.11.30 12:01:12 | 001,458,176 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\AMT\UNS.exe -- (UNS) SRV - [2009.11.30 12:00:32 | 000,114,688 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\AMT\LMS.exe -- (LMS) SRV - [2009.08.24 21:16:36 | 000,406,016 | ---- | M] (mst software GmbH, Germany) [On_Demand | Stopped] -- C:\apps\AshampooWinOptimizer 8\DfSdkS.exe -- (DfSdkS) SRV - [2009.07.14 02:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc) SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2009.06.04 19:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) SRV - [2008.07.15 16:09:52 | 000,090,112 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEADISRV.EXE -- (AEADIFilters) ========== Driver Services (SafeList) ========== DRV - [2012.12.19 11:59:15 | 000,028,672 | ---- | M] (hxxp://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\libusb0.sys -- (libusb0) DRV - [2012.10.10 23:00:14 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV - [2012.08.23 15:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV - [2012.08.23 15:40:25 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2011.10.14 16:13:26 | 000,061,312 | ---- | M] (Silicon Laboratories) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\silabser.sys -- (silabser) DRV - [2011.10.14 16:13:26 | 000,047,176 | ---- | M] (Silicon Laboratories) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\silabenm.sys -- (silabenm) DRV - [2010.11.20 03:30:16 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus) DRV - [2010.11.20 03:30:16 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt) DRV - [2010.11.20 03:30:16 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc) DRV - [2010.11.20 00:59:46 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010.11.20 00:14:46 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID) DRV - [2010.11.20 00:14:42 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap) DRV - [2010.09.07 14:09:06 | 000,013,680 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\System32\drivers\smiif32.sys -- (lenovo.smi) DRV - [2010.04.08 23:11:06 | 000,045,736 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btusbflt.sys -- (btusbflt) DRV - [2009.09.02 12:21:38 | 000,195,424 | ---- | M] (Jungo) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\windrvr6.sys -- (WinDriver6) DRV - [2009.07.13 23:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) DRV - [2009.07.13 23:02:50 | 000,211,456 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) DRV - [2009.07.01 18:05:10 | 000,232,472 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\iaNvStor.sys -- (iaNvStor) DRV - [2007.08.14 15:46:36 | 000,010,896 | ---- | M] (UPEK Inc.) [Kernel | Auto | Running] -- C:\Programme\Common Files\ThinkVantage Fingerprint Software\Drivers\smihlp.sys -- (smihlp) DRV - [2006.11.27 16:44:52 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-760916294-433039999-1293612642-1000\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://google.de/ IE - HKU\S-1-5-21-760916294-433039999-1293612642-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/ IE - HKU\S-1-5-21-760916294-433039999-1293612642-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-760916294-433039999-1293612642-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKU\S-1-5-21-760916294-433039999-1293612642-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F3 13 7D F9 78 C1 CD 01 [binary data] IE - HKU\S-1-5-21-760916294-433039999-1293612642-1000\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKU\S-1-5-21-760916294-433039999-1293612642-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-760916294-433039999-1293612642-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-760916294-433039999-1293612642-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{b64982b1-d112-42b5-b1e4-d3867c4533f8}: C:\ProgramData\Browser Manager\2.3.796.11\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension [2012.11.17 00:22:38 | 000,000,000 | ---D | M] [2012.11.17 00:22:34 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions O1 HOSTS File: ([2012.12.31 06:25:51 | 000,000,880 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 niceleech.info O1 - Hosts: 127.0.0.1 niceleech.info O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.8.3.8\bh\BabylonToolbar.dll File not found O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (no name) - {D0F4A166-B8D4-48b8-9D63-80849FE137CB} - No CLSID value found. O4 - HKLM..\Run: [atchk] C:\Program Files\Intel\AMT\atchk.exe (Intel Corporation) O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) O4 - HKLM..\Run: [IaNvSrv] C:\Programme\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe (Intel Corporation) O4 - HKLM..\Run: [PSQLLauncher] C:\Program Files\ThinkVantage Fingerprint Software\launcher.exe (UPEK Inc.) O4 - HKLM..\Run: [TrackPointSrv] C:\Programme\Lenovo\TrackPoint\tp4serv.exe (Lenovo Group Limited) O4 - HKU\S-1-5-21-760916294-433039999-1293612642-1000..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1 O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm () O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2DD4899F-B828-437A-B160-68D184E8B9E4}: NameServer = 10.11.11.11,8.8.8.8 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{95D5B2E0-5345-45D8-836D-5A942405FF18}: NameServer = 10.11.11.11 O20 - AppInit_DLLs: (c:\progra~2\browse~1\23796~1.11\{16cdf~1\browse~1.dll) - c:\ProgramData\Browser Manager\2.3.796.11\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll () O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: GinaDLL - (vrlogon.dll) - C:\Windows\System32\vrlogon.dll (UPEK Inc.) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - Winlogon\Notify\psfus: DllName - (C:\Windows\system32\psqlpwd.dll) - C:\Windows\System32\psqlpwd.dll (UPEK Inc.) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{cfd618cc-1320-11e2-b34e-001d728c8d50}\Shell - "" = AutoRun O33 - MountPoints2\{cfd618cc-1320-11e2-b34e-001d728c8d50}\Shell\AutoRun\command - "" = R:\aoesetup.exe O33 - MountPoints2\{cfd618cc-1320-11e2-b34e-001d728c8d50}\Shell\dxsetup\command - "" = R:\directx\dxsetup.exe O33 - MountPoints2\{cfd618cc-1320-11e2-b34e-001d728c8d50}\Shell\ie30\command - "" = R:\goodies\ie30295.exe O33 - MountPoints2\{cfd618cc-1320-11e2-b34e-001d728c8d50}\Shell\ie30nt\command - "" = R:\goodies\ie302nt.exe O33 - MountPoints2\{cfd618cc-1320-11e2-b34e-001d728c8d50}\Shell\msinfo\command - "" = R:\goodies\msinfo\msinfo32.exe O33 - MountPoints2\{cfd618cc-1320-11e2-b34e-001d728c8d50}\Shell\setup\command - "" = R:\aoesetup.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) Drivers32: VIDC.IV41 - C:\Windows\System32\ir41_32.dll (Intel Corporation) SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2013.01.02 19:35:07 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Admyn\Desktop\aswMBR.exe [2013.01.02 19:35:07 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Admyn\Desktop\OTL.exe [2012.12.25 14:53:34 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll [2012.12.25 14:53:34 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll [2012.12.19 12:03:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\khazama.com [2012.12.19 12:03:14 | 000,000,000 | ---D | C] -- C:\Program Files\khazama.com [2012.12.19 00:11:34 | 000,000,000 | ---D | C] -- C:\Program Files\Silabs [2012.12.19 00:05:25 | 000,061,312 | ---- | C] (Silicon Laboratories) -- C:\Windows\System32\drivers\silabser.sys [2012.12.19 00:05:25 | 000,047,176 | ---- | C] (Silicon Laboratories) -- C:\Windows\System32\drivers\silabenm.sys [2012.12.18 20:29:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ashampoo [2012.12.18 20:29:09 | 000,028,160 | ---- | C] (mst software GmbH, Germany) -- C:\Windows\System32\DfSdkBt.exe [2012.12.18 20:29:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Ashampoo [2012.12.18 20:28:08 | 000,000,000 | ---D | C] -- C:\Users\Admyn\AppData\Local\Programs [2012.12.16 20:14:16 | 000,000,000 | ---D | C] -- C:\Users\Admyn\AppData\Roaming\WinRAR [2012.12.16 20:14:16 | 000,000,000 | ---D | C] -- C:\Users\Admyn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR [2012.12.16 20:14:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR [2012.12.16 20:13:59 | 000,000,000 | ---D | C] -- C:\aoos [2012.12.13 10:00:41 | 000,000,000 | ---D | C] -- C:\media [2012.12.12 19:27:46 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2012.12.12 19:27:45 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2012.12.12 19:27:45 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2012.12.12 19:27:45 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2012.12.12 19:27:45 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2012.12.12 19:27:44 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2012.12.12 19:27:43 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2012.12.12 19:27:42 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2012.12.12 19:26:18 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe [2012.12.12 19:26:18 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll [2012.12.12 19:26:18 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll [2012.12.12 19:26:18 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll [2012.12.12 19:26:18 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll [2012.12.12 19:26:18 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll [2012.12.12 19:26:18 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll [2012.12.12 19:26:18 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll [2012.12.12 19:26:18 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll [2012.12.12 19:26:18 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll [2012.12.12 19:26:18 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll [2012.12.12 19:26:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll [2012.12.12 19:26:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll [2012.12.12 19:26:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll [2012.12.12 19:26:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll [2012.12.12 19:26:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll [2012.12.12 19:26:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll [2012.12.12 19:26:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll [2012.12.12 19:26:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll [2012.12.12 19:26:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll [2012.12.12 19:26:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll [2012.12.12 19:26:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll [2012.12.12 19:26:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll [2012.12.12 19:26:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll [2012.12.12 19:26:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll [2012.12.12 19:26:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll [2012.12.12 19:26:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll [2012.12.12 19:26:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll [2012.12.12 19:26:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll [2012.12.12 19:26:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll [2012.12.12 19:26:14 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll [2012.12.12 19:26:12 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpnet.dll [2012.12.12 19:26:11 | 002,345,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2012.12.08 19:41:35 | 000,000,000 | ---D | C] -- C:\Users\Admyn\AppData\Roaming\MAGIX [2012.12.08 19:41:34 | 000,000,000 | ---D | C] -- C:\Users\Admyn\AppData\Local\Xara [2012.12.08 19:41:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MAGIX [2012.12.08 19:41:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MAGIX Services [2012.12.08 19:41:28 | 000,000,000 | ---D | C] -- C:\ProgramData\MAGIX [2012.12.08 19:41:24 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0 [2012.12.08 14:38:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel® Turbo Memory [2012.12.08 14:38:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel® Matrix Storage Manager [2012.12.08 14:37:42 | 000,232,472 | ---- | C] (Intel Corporation) -- C:\Windows\System32\drivers\iaNvStor.sys [2012.12.08 14:37:42 | 000,172,032 | ---- | C] (Intel Corporation) -- C:\Windows\System32\nvccoin.dll [2012.12.08 14:21:12 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\postureAgent [2012.12.08 14:21:11 | 000,911,896 | ---- | C] (Intel® Corporation) -- C:\Windows\System32\mesoludlg.exe [2012.12.08 14:20:37 | 000,000,000 | ---D | C] -- C:\Intel [2012.12.08 14:18:50 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ThinkVantage Fingerprint Software [2012.12.08 14:18:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ThinkVantage [2012.12.08 14:18:49 | 000,000,000 | ---D | C] -- C:\Program Files\ThinkVantage Fingerprint Software [2012.12.08 14:18:27 | 000,000,000 | ---D | C] -- C:\ProgramData\UIB [2012.12.08 14:18:15 | 000,000,000 | ---D | C] -- C:\Users\Admyn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth-Geräte [2012.12.08 14:18:12 | 000,000,000 | ---D | C] -- C:\Users\Admyn\AppData\Local\Broadcom [2012.12.08 14:18:12 | 000,000,000 | ---D | C] -- C:\Users\Admyn\Documents\Bluetooth-Exchange-Ordner [2012.12.08 14:17:13 | 000,000,000 | ---D | C] -- C:\Program Files\ThinkPad [2012.12.08 13:47:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Lenovo [2012.12.08 13:47:14 | 000,013,680 | ---- | C] (Lenovo Group Limited) -- C:\Windows\System32\drivers\smiif32.sys [2012.12.08 13:32:16 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX [2012.12.08 13:32:05 | 000,045,736 | ---- | C] (Broadcom Corporation.) -- C:\Windows\System32\drivers\btusbflt.sys [2012.12.08 13:32:03 | 000,000,000 | ---D | C] -- C:\syslenovo ========== Files - Modified Within 30 Days ========== [2013.01.02 19:28:56 | 000,019,152 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.01.02 19:28:56 | 000,019,152 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.01.02 19:26:30 | 000,654,166 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.01.02 19:26:30 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.01.02 19:26:30 | 000,130,006 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.01.02 19:26:30 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.01.02 19:21:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.01.02 18:55:18 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\Admyn\Desktop\aswMBR.exe [2013.01.02 18:54:06 | 000,050,477 | ---- | M] () -- C:\Users\Admyn\Desktop\Defogger.exe [2013.01.02 18:52:28 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Admyn\Desktop\OTL.exe [2012.12.25 15:23:18 | 000,271,824 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.12.19 11:59:15 | 000,043,520 | ---- | M] (hxxp://libusb-win32.sourceforge.net) -- C:\Windows\System32\libusb0.dll [2012.12.19 11:59:15 | 000,028,672 | ---- | M] (hxxp://libusb-win32.sourceforge.net) -- C:\Windows\System32\drivers\libusb0.sys [2012.12.19 00:11:54 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_silabser_01009.Wdf [2012.12.18 20:29:11 | 000,001,749 | ---- | M] () -- C:\Users\Public\Desktop\Ein-Klick-Optimierung (WO8).lnk [2012.12.18 20:29:10 | 000,000,781 | ---- | M] () -- C:\Users\Public\Desktop\Ashampoo WinOptimizer 8.lnk [2012.12.18 20:29:10 | 000,000,214 | ---- | M] () -- C:\Users\Public\Desktop\Your Software Deals.url [2012.12.18 03:14:35 | 000,007,649 | ---- | M] () -- C:\Users\Admyn\AppData\Local\Resmon.ResmonCfg [2012.12.16 15:13:28 | 000,295,424 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll [2012.12.16 15:13:20 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\System32\atmlib.dll [2012.12.08 19:41:32 | 000,000,937 | ---- | M] () -- C:\Users\Public\Desktop\MAGIX Foto & Grafik Designer 6 SE.lnk [2012.12.08 14:29:55 | 000,000,059 | ---- | M] () -- C:\Users\Admyn\Desktop\T61p_7763 [2012.12.08 14:17:26 | 000,000,890 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk ========== Files Created - No Company Name ========== [2013.01.02 19:35:07 | 000,050,477 | ---- | C] () -- C:\Users\Admyn\Desktop\Defogger.exe [2012.12.19 00:11:54 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_silabser_01009.Wdf [2012.12.18 20:29:11 | 000,001,749 | ---- | C] () -- C:\Users\Public\Desktop\Ein-Klick-Optimierung (WO8).lnk [2012.12.18 20:29:10 | 000,000,781 | ---- | C] () -- C:\Users\Public\Desktop\Ashampoo WinOptimizer 8.lnk [2012.12.18 20:29:10 | 000,000,214 | ---- | C] () -- C:\Users\Public\Desktop\Your Software Deals.url [2012.12.08 19:41:32 | 000,000,937 | ---- | C] () -- C:\Users\Public\Desktop\MAGIX Foto & Grafik Designer 6 SE.lnk [2012.12.08 14:17:15 | 000,000,890 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2012.12.08 13:49:04 | 000,000,059 | ---- | C] () -- C:\Users\Admyn\Desktop\T61p_7763 [2012.11.29 10:56:22 | 000,284,587 | ---- | C] () -- C:\Users\Admyn\alf [2012.11.22 09:47:34 | 000,007,649 | ---- | C] () -- C:\Users\Admyn\AppData\Local\Resmon.ResmonCfg [2012.10.13 17:15:05 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2012.10.11 02:38:52 | 000,654,166 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2012.10.11 02:38:52 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2012.10.11 02:38:52 | 000,130,006 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2012.10.11 02:38:52 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2012.10.10 22:22:09 | 000,106,496 | ---- | C] () -- C:\Windows\stkbtnpn.dll [2012.10.10 20:48:09 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll [2012.10.10 19:40:59 | 000,290,904 | ---- | C] () -- C:\Windows\System32\vc6-re200l.dll ========== ZeroAccess Check ========== [2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 03:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== Custom Scans ========== < hklm\software\clients\startmenuinternet|command /rs > HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2012.10.10 21:27:55 | 000,074,240 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2012.10.10 21:27:55 | 000,074,240 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2012.10.10 21:27:55 | 000,074,240 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2012.11.16 17:33:24 | 000,757,280 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2012.11.16 17:33:24 | 000,757,280 | ---- | M] (Microsoft Corporation) < hklm\software\clients\startmenuinternet|command /64 /rs > HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2012.10.10 21:27:55 | 000,074,240 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2012.10.10 21:27:55 | 000,074,240 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2012.10.10 21:27:55 | 000,074,240 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2012.11.16 17:33:24 | 000,757,280 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2012.11.16 17:33:24 | 000,757,280 | ---- | M] (Microsoft Corporation) < > < End of report > Code:
ATTFilter OTL Extras logfile created on: 02.01.2013 19:36:57 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Admyn\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,99 Gb Total Physical Memory | 2,23 Gb Available Physical Memory | 74,64% Memory free
3,99 Gb Paging File | 3,23 Gb Available in Paging File | 80,93% Paging File free
Paging file location(s): d:\pagefile.sys 1024 2048 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 19,53 Gb Total Space | 0,86 Gb Free Space | 4,39% Space Free | Partition Type: NTFS
Drive D: | 46,78 Gb Total Space | 14,76 Gb Free Space | 31,55% Space Free | Partition Type: NTFS
Computer Name: Compy | User Name: Admyn | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05CA84A7-B09B-4BCA-8E56-06DFA9E1085E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{064BAA96-5543-4107-9C20-CC9210098353}" = rport=445 | protocol=6 | dir=out | app=system |
"{0CF12DB3-28F4-471D-BE9A-43012D29DB62}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1B1B996F-EF63-4D7F-811A-7C22495313AC}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{21D02F44-2D63-4ADD-8D8F-4472A94415B3}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2DD63FCC-35AB-44A4-8E44-C28820410BB0}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{35304475-483F-4A3D-8764-F0E48EC7DCED}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{47B83475-A41D-4B66-AA85-771B968F2B0E}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4A10E1CB-3625-4704-9D60-1DC6C7E029D7}" = lport=2869 | protocol=6 | dir=in | app=system |
"{4B9744CF-5280-4E77-95C3-F3006E0D51C0}" = rport=138 | protocol=17 | dir=out | app=system |
"{51083359-1A58-411A-87E6-7112CF32CEA3}" = lport=10243 | protocol=6 | dir=in | app=system |
"{7A14DAF3-DF5F-4161-ACC8-1677B41B632E}" = lport=139 | protocol=6 | dir=in | app=system |
"{8A54D6F0-5236-48A6-934D-9609171244F9}" = rport=137 | protocol=17 | dir=out | app=system |
"{8F8B695B-475A-4B79-8C8F-ADAC2C483876}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{96EA0378-32C1-4BEB-BAF3-31DA8D1D292C}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{96EE2700-0E34-44BE-819F-19DD5DAF1BD7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9B5B1C75-EE88-4FA4-AB91-CBBFFF4FC1C9}" = lport=445 | protocol=6 | dir=in | app=system |
"{B570C296-8E5C-469B-83BD-AACFA6360D61}" = rport=10243 | protocol=6 | dir=out | app=system |
"{B702DB95-1EE9-4539-AB0B-8B96304D524F}" = rport=139 | protocol=6 | dir=out | app=system |
"{D785F4EE-BF37-4BED-A11F-86A6D5470AA5}" = lport=137 | protocol=17 | dir=in | app=system |
"{F064ADA3-36CD-4915-ACF8-1760EDC337EA}" = lport=138 | protocol=17 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{109CB723-6A57-4A1C-AB42-192629FBABE8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{1AC2BEFB-1C60-4D85-8E31-7855B8403D2E}" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"{2CAFB67F-8FCE-4510-B919-63428D27B696}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5035F7A6-F7AB-41A6-A5B5-B3243A721C9E}" = protocol=6 | dir=out | app=system |
"{766B31EF-D553-4AD6-9678-436E7E9CB8FD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7DFA7F53-6605-4A35-B9F0-14513E9201CD}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{87A8C343-71D2-4B9F-80A7-2AB4D17F3797}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{92C57F69-CEA2-42A6-BDB8-CC8DB2D5AAAD}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{94C1D5AF-3491-4946-B06C-84D90182CBDF}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{95347073-5E91-4D23-B884-29CC93DB3C19}" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires\empires.exe |
"{A442A7DB-B637-4EA7-BF24-61F679F7BD0B}" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"{B77D646D-A8A1-4289-B314-04FE6319F1E9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{BCB2BED8-4DD4-4423-8E4C-D3011E5CB629}" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires\empires.exe |
"{C2B8C947-417C-418A-8A64-050C3B4FFC9B}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{C423A97A-1B79-4811-B422-DF0D74486256}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{CAA9FFA2-89D8-4260-AA49-32A1A471285A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{CDD11FFF-9108-4450-A9CC-171442AB5983}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D1D67154-B409-4256-8B26-11A6597EC9AC}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{E3BEE1B3-2902-4525-BA4B-CBD01CA001F7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F0C014D6-E5B7-48CA-A3E0-97A53962E0DC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{1DE32722-A413-4ACC-B0C7-7C6C642740F6}C:\program files\microsoft games\age of empires\empires.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires\empires.exe |
"TCP Query User{80BCD18B-720D-45CE-A07B-1A21BFDFCB2B}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{B186AB03-956C-4015-814F-4660824BE88E}C:\windows\system32\java.exe" = protocol=6 | dir=in | app=c:\windows\system32\java.exe |
"TCP Query User{B910BD3D-CD35-415E-9339-70BE6ED6AB31}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"TCP Query User{C555F161-E997-4458-948F-64A2CA5ACC7A}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{3220341D-698B-43A1-A7EE-07A1870A1EEA}C:\program files\microsoft games\age of empires\empires.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires\empires.exe |
"UDP Query User{345A250E-9E39-4229-9D4B-1250759F45DF}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{71E65F19-FE7C-4174-91EE-EEF1CBB930F1}C:\windows\system32\java.exe" = protocol=17 | dir=in | app=c:\windows\system32\java.exe |
"UDP Query User{BCBDBC7E-3F2D-4A50-969C-0019B3626846}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"UDP Query User{CF80E473-F3F1-4741-BC76-13B30C669D2E}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0C439E7E-DE2B-4AC0-8BEB-DAD70FAE2918}" = AvrTools
"{1296CAF3-F007-4813-A95F-AD153F978DF1}" = AVRStudio4
"{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}" = Browser Manager
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{24E92E7A-6848-4747-A3EA-3AAC0576BE52}" = Lenovo Patch Utility
"{26903C89-780A-463E-8CBD-E47A73927254}" = Treiber für ThinkPad-Tabletttasten
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{31423F74-36B2-4d24-B10D-CD00BFB7C118}" = Intel® Turbo Memory
"{3A3B1409-609A-4CDC-8A60-08228B00F005}" = Khazama AVR Programmer
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4209F371-4927-659B-6665-F7524E53AE40}_is1" = Ashampoo WinOptimizer 8 v.8.14.00
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{591B29D8-4A37-4202-9F74-3B43A45EC036}" = MAGIX Foto & Grafik Designer 6 SE
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager und Intel® Turbo Memory
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = ThinkPad Bluetooth with Enhanced Data Rate Software
"{A2289997-10A3-48F2-AA03-99180D761661}" = ThinkVantage Fingerprint Software 5.6
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{D5D88F8F-FDA4-4CF4-9F3E-3F40118C2120}" = AVRStudio4
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"2004BB9EB6CEA02846881BEF1F51C11F7A90C9D6" = Windows Driver Package - Broadcom (BTHUSB) Bluetooth (04/08/2010 6.3.5.430)
"5513-1208-7298-9440" = JDownloader 0.9
"Age of Empires" = Microsoft Age of Empires
"BF20603967CFDCB2BBF91950E8A56DFBC5C833FE" = Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800)
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_10140588" = ThinkPad Modem
"DAEMON Tools Lite" = DAEMON Tools Lite
"ELECTRA_is1" = ELECTRA 2.8
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"LENOVO.SMIIF" = Lenovo System Interface Driver
"LenovoAutoScrollUtility" = Lenovo Auto Scroll Utility
"MAGIX_{591B29D8-4A37-4202-9F74-3B43A45EC036}" = MAGIX Foto & Grafik Designer 6 SE
"MESOL" = Intel(R) Active Management Technology Device Software
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"OnScreenDisplay" = Anzeige am Bildschirm
"Power Management Driver" = ThinkPad Power Management Driver
"SLABCOMM&10C4&EA60" = Silicon Laboratories CP210x USB to UART Bridge (Driver Removal)
"Target 3001! V15 distrelec" = Target 3001! V15 distrelec
"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier
"TrackPoint" = ThinkPad TrackPoint Driver
"TVWiz" = Intel(R) TV Wizard
"WinAVR-20100110" = WinAVR 20100110 (remove only)
"WinRAR archiver" = WinRAR 4.20 (32-bit)
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 25.12.2012 12:23:44 | Computer Name = Compy | Source = LMS | ID = 2
Description = LMS Service cannot connect to HECI driver
Error - 25.12.2012 12:29:29 | Computer Name = Compy | Source = LMS | ID = 2
Description = LMS Service cannot connect to HECI driver
Error - 26.12.2012 19:12:09 | Computer Name = Compy | Source = LMS | ID = 2
Description = LMS Service cannot connect to HECI driver
Error - 26.12.2012 19:40:13 | Computer Name = Compy | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7601.17567,
Zeitstempel: 0x4d6727a7 Name des fehlerhaften Moduls: btwapi.dll, Version: 6.2.1.3100,
Zeitstempel: 0x4d3dd55c Ausnahmecode: 0xc0000005 Fehleroffset: 0x0004df41 ID des fehlerhaften
Prozesses: 0xd1c Startzeit der fehlerhaften Anwendung: 0x01cde3be7e12a664 Pfad der
fehlerhaften Anwendung: C:\Windows\Explorer.EXE Pfad des fehlerhaften Moduls: C:\Program
Files\ThinkPad\Bluetooth Software\btwapi.dll Berichtskennung: 9765356f-4fb5-11e2-a0e9-001d728c8d50
Error - 28.12.2012 06:52:11 | Computer Name = Compy | Source = LMS | ID = 2
Description = LMS Service cannot connect to HECI driver
Error - 30.12.2012 09:39:36 | Computer Name = Compy | Source = LMS | ID = 2
Description = LMS Service cannot connect to HECI driver
Error - 30.12.2012 12:08:40 | Computer Name = Compy | Source = LMS | ID = 2
Description = LMS Service cannot connect to HECI driver
Error - 30.12.2012 12:22:25 | Computer Name = Compy | Source = LMS | ID = 2
Description = LMS Service cannot connect to HECI driver
Error - 31.12.2012 01:27:21 | Computer Name = Compy | Source = Application Hang | ID = 1002
Description = Programm i_view32.exe, Version 4.3.5.0 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1100 Startzeit:
01cde717776f18b7 Endzeit: 34 Anwendungspfad: C:\apps\IrfanView\i_view32.exe Berichts-ID:
bb872a72-530a-11e2-8fee-002268ef5a70
Error - 02.01.2013 14:21:53 | Computer Name = Compy | Source = LMS | ID = 2
Description = LMS Service cannot connect to HECI driver
[ System Events ]
Error - 30.12.2012 10:58:39 | Computer Name = Compy | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst Schedule erreicht.
Error - 30.12.2012 10:58:39 | Computer Name = Compy | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst WSearch erreicht.
Error - 30.12.2012 10:59:09 | Computer Name = Compy | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst wuauserv erreicht.
Error - 30.12.2012 10:59:39 | Computer Name = Compy | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst ShellHWDetection erreicht.
Error - 30.12.2012 11:00:09 | Computer Name = Compy | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst VaultSvc erreicht.
Error - 30.12.2012 11:00:39 | Computer Name = Compy | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst WSearch erreicht.
Error - 30.12.2012 11:01:09 | Computer Name = Compy | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst wuauserv erreicht.
Error - 30.12.2012 12:22:21 | Computer Name = Compy | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?30.?12.?2012 um 17:20:16 unerwartet heruntergefahren.
Error - 30.12.2012 15:20:23 | Computer Name = Compy | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
Error - 31.12.2012 05:27:48 | Computer Name = Compy | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst Netman erreicht.
< End of report >
Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 21:06 on 02/01/2013 (Admyn)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
HKCU:DAEMON Tools Lite -> Removed
Checking for services/drivers...
-=E.O.F=-
Code:
ATTFilter Der Computer wurde nach einem schwerwiegenden Fehler neu gestartet. Der Fehlercode war: 0x0000008e (0xc0000005, 0x00000200, 0xb73faa4c, 0x00000000). Ein volles Abbild wurde gespeichert
|
|
03.01.2013, 14:18
| #4 |
| /// TB-Ausbilder | Div WIN.Trojan.Agent- Meldungen von Clamav Servus, ok, dann schauen wir mal, dass wir den Mist wieder von einem Rechner bekommen. Schritt 1 Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Schritt 2 Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.  Bitte lade Junkware Removal Tool auf Deinen Desktop.
Schritt 3 Scan mit Combofix
Bitte poste mit deiner nächsten Antwort
|
|
04.01.2013, 04:25
| #5 |
| | Div WIN.Trojan.Agent- Meldungen von Clamav Hi Matthias, vielen Dank für deine Hilfe. Ich finde die logs sehen schon mal gut aus  Der Eintrag "Error - 30.12.2012 12:22:21 | Computer Name = Compy | Source = EventLog | ID = 6008" kommt vermutlich vom USB. Wenn ich die externe Platte eingesteckt habe, wurde die seit 1-2 Wochen gelegentlich nicht erkannt, bzw es dauerte unendlich lange. An dem Tag war es glaube ich auch so. hab den Rechner dann runtergefahren und er brauchte ewig 1-2 Std bis er aus ging. Obwohl ich immer darauf achte, sie "sicher zu entfernen". Der Browser Manager+Babylon Toolbar ist meiner Meinung nach mit Java gekommen. Datum/Uhrzeit ist gleich gewesen. Obwohl ich meine darauf geachtet zu haben sie auszustellen, ist sie trotzdem gekommen. AdwCleaner Code:
ATTFilter # AdwCleaner v2.104 - Datei am 04/01/2013 um 02:21:13 erstellt
# Aktualisiert am 29/12/2012 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (32 bits)
# Benutzer : Admyn - Compy
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Admyn\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
Gestoppt & Gelöscht : Browser Manager
***** [Dateien / Ordner] *****
Gelöscht mit Neustart : C:\ProgramData\Browser Manager
Ordner Gelöscht : C:\Users\Admyn\AppData\LocalLow\BabylonToolbar
Ordner Gelöscht : C:\Users\Admyn\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\Admyn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Browser Manager
Ordner Gelöscht : C:\Users\Admyn\AppData\Roaming\OpenCandy
***** [Registrierungsdatenbank] *****
Daten Gelöscht : HKLM\..\Windows [AppInit_DLLs] = c:\progra~2\browse~1\23796~1.11\{16cdf~1\browse~1.dll
Schlüssel Gelöscht : HKCU\Software\5d53db88b43ee410
Schlüssel Gelöscht : HKCU\Software\BabylonToolbar
Schlüssel Gelöscht : HKCU\Software\DataMngr
Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gelöscht : HKLM\SOFTWARE\5d53db88b43ee410
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\Software\BabylonToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\b
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Babylon.dskBnd
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Babylon.dskBnd.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\bbylnApp.appCore
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\bbylnApp.appCore.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{291BCCC1-6890-484A-89D3-318C928DAC1B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{B8276A94-891D-453C-9FF3-715C042A2575}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escortIEPane
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
Wert Gelöscht : HKCU\Software\Mozilla\Firefox\Extensions [{b64982b1-d112-42b5-b1e4-d3867c4533f8}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}]
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16457
[OK] Die Registrierungsdatenbank ist sauber.
*************************
AdwCleaner[R1].txt - [6834 octets] - [04/01/2013 02:17:37]
AdwCleaner[S1].txt - [6516 octets] - [04/01/2013 02:21:13]
########## EOF - C:\AdwCleaner[S1].txt - [6576 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.3.7 (01.03.2013:1)
OS: Windows 7 Professional x86
Ran by Admyn on 04.01.2013 at 2:32:32,25
Blog: hxxp://thisisudax.blogspot.com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 04.01.2013 at 2:35:00,11
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Combofix Logfile: Code:
ATTFilter ComboFix 13-01-03.05 - Admyn 04.01.2013 2:48.1.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.3062.2344 [GMT 1:00]
ausgeführt von:: c:\users\Admyn\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-12-04 bis 2013-01-04 ))))))))))))))))))))))))))))))
.
.
2013-01-04 01:52 . 2013-01-04 01:52 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-01-04 01:52 . 2013-01-04 01:52 -------- d-----w- c:\users\Buser\AppData\Local\temp
2013-01-04 01:32 . 2013-01-04 01:32 -------- d-----w- c:\windows\ERUNT
2013-01-04 01:32 . 2013-01-04 01:32 -------- d-----w- C:\JRT
2013-01-04 00:52 . 2013-01-04 00:52 -------- d-----w- C:\tst
2013-01-02 18:25 . 2012-11-08 18:00 6812136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B9B8A3E9-376C-40B3-B545-59BB8087CEC5}\mpengine.dll
2012-12-25 13:53 . 2012-12-16 14:13 295424 ----a-w- c:\windows\system32\atmfd.dll
2012-12-25 13:53 . 2012-12-16 14:13 34304 ----a-w- c:\windows\system32\atmlib.dll
2012-12-19 11:03 . 2012-12-19 11:03 -------- d-----w- c:\program files\khazama.com
2012-12-18 23:11 . 2012-12-18 23:11 -------- d-----w- c:\program files\Silabs
2012-12-18 23:05 . 2012-12-18 23:05 -------- d-----w- c:\users\Buser\AppData\Roaming\InstallShield Installation Information
2012-12-18 23:05 . 2011-10-14 15:13 61312 ----a-w- c:\windows\system32\drivers\silabser.sys
2012-12-18 23:05 . 2011-10-14 15:13 47176 ----a-w- c:\windows\system32\drivers\silabenm.sys
2012-12-18 19:29 . 2009-08-24 20:08 28160 ----a-w- c:\windows\system32\DfSdkBt.exe
2012-12-18 19:29 . 2012-12-18 19:29 -------- d-----w- c:\programdata\Ashampoo
2012-12-18 19:28 . 2012-12-18 19:28 -------- d-----w- c:\users\Admyn\AppData\Local\Programs
2012-12-16 19:13 . 2012-12-16 19:13 -------- d-----w- C:\aoos
2012-12-13 09:00 . 2012-12-14 19:51 -------- d-----w- C:\media
2012-12-12 18:26 . 2012-10-04 16:47 169984 ----a-w- c:\windows\system32\winsrv.dll
2012-12-08 18:41 . 2012-12-08 18:41 -------- d-----w- c:\users\Buser\AppData\Roaming\MAGIX
2012-12-08 18:41 . 2012-12-08 19:05 -------- d-----w- c:\users\Buser\AppData\Local\aaa
2012-12-08 18:41 . 2012-12-08 18:41 -------- d-----w- c:\users\Admyn\AppData\Roaming\MAGIX
2012-12-08 18:41 . 2012-12-08 18:41 -------- d-----w- c:\users\Admyn\AppData\Local\aaa
2012-12-08 18:41 . 2012-12-08 18:41 -------- d-----w- c:\programdata\MAGIX
2012-12-08 18:41 . 2012-12-08 18:41 -------- d-----w- c:\program files\Common Files\MAGIX Services
2012-12-08 18:41 . 2012-12-08 18:41 -------- d-----w- c:\program files\MSXML 4.0
2012-12-08 13:47 . 2012-12-08 13:47 -------- d-----w- c:\users\Buser\AppData\Local\Broadcom
2012-12-08 13:37 . 2009-07-01 17:05 232472 ----a-w- c:\windows\system32\drivers\iaNvStor.sys
2012-12-08 13:37 . 2009-07-01 17:01 172032 ----a-w- c:\windows\system32\nvccoin.dll
2012-12-08 13:37 . 2009-06-04 17:43 330264 ----a-w- c:\windows\system32\drivers\iaStor.sys
2012-12-08 13:21 . 2012-12-08 13:21 -------- d-----w- c:\program files\Common Files\postureAgent
2012-12-08 13:21 . 2009-11-30 11:02 911896 ----a-w- c:\windows\system32\mesoludlg.exe
2012-12-08 13:20 . 2012-12-08 13:20 -------- d-----w- C:\Intel
2012-12-08 13:18 . 2012-12-08 13:18 -------- d-----w- c:\program files\Common Files\ThinkVantage Fingerprint Software
2012-12-08 13:18 . 2012-12-08 13:38 -------- d-----w- c:\program files\ThinkVantage Fingerprint Software
2012-12-08 13:18 . 2012-12-08 13:18 -------- d-----w- c:\programdata\UIB
2012-12-08 13:18 . 2012-12-08 13:18 -------- d-----w- c:\users\Admyn\AppData\Local\Broadcom
2012-12-08 13:17 . 2010-01-15 12:22 86056 ----a-w- c:\windows\system32\drivers\btwaudio.sys
2012-12-08 13:17 . 2010-01-15 12:22 108072 ----a-w- c:\windows\system32\drivers\btwavdt.sys
2012-12-08 13:17 . 2010-01-15 12:22 18472 ----a-w- c:\windows\system32\drivers\btwrchid.sys
2012-12-08 13:17 . 2009-04-07 13:32 29472 ----a-w- c:\windows\system32\drivers\btwl2cap.sys
2012-12-08 13:17 . 2012-12-08 13:17 -------- d-----w- c:\program files\ThinkPad
2012-12-08 12:47 . 2012-12-08 12:47 -------- d-----w- c:\program files\Common Files\Lenovo
2012-12-08 12:47 . 2010-09-07 13:09 13680 ----a-w- c:\windows\system32\drivers\smiif32.sys
2012-12-08 12:32 . 2012-12-08 12:32 -------- d-----w- c:\program files\DIFX
2012-12-08 12:32 . 2010-04-08 22:11 45736 ----a-w- c:\windows\system32\drivers\btusbflt.sys
2012-12-08 12:32 . 2012-12-08 13:37 -------- d-----w- C:\syslenovo
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-19 10:59 . 2009-02-28 14:35 43520 ----a-w- c:\windows\system32\libusb0.dll
2012-12-19 10:59 . 2009-02-28 14:35 28672 ----a-w- c:\windows\system32\drivers\libusb0.sys
2012-11-16 23:21 . 2012-11-16 23:21 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-11-16 23:21 . 2012-11-16 23:21 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-11-16 23:21 . 2012-11-16 23:21 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-10-16 07:39 . 2012-12-05 14:30 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-10-13 16:28 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2012-10-10 22:00 . 2012-10-10 22:00 242240 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-10-10 20:27 . 2012-10-10 20:27 86528 ----a-w- c:\windows\system32\iesysprep.dll
2012-10-10 20:27 . 2012-10-10 20:27 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-10-10 20:27 . 2012-10-10 20:27 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-10-10 20:27 . 2012-10-10 20:27 74752 ----a-w- c:\windows\system32\iesetup.dll
2012-10-10 20:27 . 2012-10-10 20:27 63488 ----a-w- c:\windows\system32\tdc.ocx
2012-10-10 20:27 . 2012-10-10 20:27 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-10-10 20:27 . 2012-10-10 20:27 367104 ----a-w- c:\windows\system32\html.iec
2012-10-10 20:27 . 2012-10-10 20:27 35840 ----a-w- c:\windows\system32\imgutil.dll
2012-10-10 20:27 . 2012-10-10 20:27 23552 ----a-w- c:\windows\system32\licmgr10.dll
2012-10-10 20:27 . 2012-10-10 20:27 161792 ----a-w- c:\windows\system32\msls31.dll
2012-10-10 20:27 . 2012-10-10 20:27 152064 ----a-w- c:\windows\system32\wextract.exe
2012-10-10 20:27 . 2012-10-10 20:27 150528 ----a-w- c:\windows\system32\iexpress.exe
2012-10-10 20:27 . 2012-10-10 20:27 11776 ----a-w- c:\windows\system32\mshta.exe
2012-10-10 20:27 . 2012-10-10 20:27 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-10-10 20:27 . 2012-10-10 20:27 101888 ----a-w- c:\windows\system32\admparse.dll
2012-10-09 17:40 . 2012-11-14 05:13 44032 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2012-10-09 17:40 . 2012-11-14 05:13 193536 ----a-w- c:\windows\system32\dhcpcore6.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TrackPointSrv"="c:\program files\Lenovo\TrackPoint\tp4serv.exe" [2009-11-24 93032]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-08-06 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-08-06 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-08-06 150552]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2009-05-18 1314816]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"PSQLLauncher"="c:\program files\ThinkVantage Fingerprint Software\launcher.exe" [2007-08-14 48904]
"atchk"="c:\program files\Intel\AMT\atchk.exe" [2009-11-30 401408]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-04 186904]
"IaNvSrv"="c:\program files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe" [2009-07-13 33304]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2011-1-24 804128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2007-08-14 14:54 89600 ----a-w- c:\windows\System32\psqlpwd.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli psqlpwd
.
R2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [x]
R3 DfSdkS;Defragmentation-Service;c:\apps\AshampooWinOptimizer 8\DfsdkS.exe [x]
R3 libusb0;LibUsb-Win32 - Kernel Driver 03/20/2007, 0.1.12.1;c:\windows\system32\DRIVERS\libusb0.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 silabenm;Silicon Labs CP210x USB to UART Bridge Serial Port Enumerator Driver;c:\windows\system32\DRIVERS\silabenm.sys [x]
R3 silabser;Silicon Labs CP210x USB to UART Bridge Driver;c:\windows\system32\DRIVERS\silabser.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
S0 iaNvStor;Intel(R) Turbo Memory Controller;c:\windows\system32\DRIVERS\iaNvStor.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiif32.sys [x]
S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [x]
S2 smihlp;SMI Helper Driver (smihlp);c:\program files\Common Files\ThinkVantage Fingerprint Software\Drivers\smihlp.sys [x]
S2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [x]
S2 TPHKSVC;Anzeige am Bildschirm;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [x]
S2 UNS;Intel(R) Active Management Technology User Notification Service;c:\program files\Intel\AMT\UNS.exe [x]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000-Serie - Adaptertreiber für Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [x]
S3 Tp4Track;PS/2 TrackPoint Driver;c:\windows\system32\DRIVERS\tp4track.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
GPSvcGroup REG_MULTI_SZ GPSvc
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://google.de/
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm
TCP: Interfaces\{2DD4899F-B828-437A-B160-68D184E8B9E4}: NameServer = x.x.x.x,8.8.8.8
TCP: Interfaces\{95D5B2E0-5345-45D8-836D-5A942405FF18}: NameServer = x.x.x.x
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-SLABCOMM&10C4&EA60 - c:\program files\Silabs\MCU\DriverUninstall\DriverUninstaller.exe VCP CP210x Cardinal\SLABCOMM&10C4&EA60
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'lsass.exe'(512)
c:\windows\system32\psqlpwd.DLL
c:\program files\ThinkVantage Fingerprint Software\homefus2.dll
c:\program files\ThinkVantage Fingerprint Software\infra.dll
.
- - - - - - - > 'Explorer.exe'(1296)
c:\program files\ThinkPad\Bluetooth Software\btmmhook.dll
.
Zeit der Fertigstellung: 2013-01-04 02:53:47
ComboFix-quarantined-files.txt 2013-01-04 01:53
.
Vor Suchlauf: 1.333.862.400 Bytes frei
Nach Suchlauf: 1.468.010.496 Bytes frei
.
- - End Of File - - D76751D6406B9C33F98387F862DF7D56
Probleme mit dem Registrierungsschlüssel gab es nicht. Ist alles problemlos durchgelaufen. |
|
04.01.2013, 12:36
| #6 |
| /// TB-Ausbilder | Div WIN.Trojan.Agent- Meldungen von Clamav Servus, ja, sieht soweit gut aus. Wir werfen noch mal einen tieferen Blick ins System, wir wollen ja, dass sich nicht doch noch was auf deinem Rechner befindet. Schritt 1 Starte bitte OTL.exe und drücke den Quick Scan Button. Poste die OTL.txt hier in deinen Thread. Schritt 2 Lade SystemLook von jpshortstuff von einem der folgenden Spiegel herunter und speichere das Tool auf dem Desktop. Download Mirror #1 - Download Mirror #2
Gibt es noch Probleme mit Browser Manager oder anderer Malware? Wenn ja, in welchem Browser? Bitte poste mit deiner nächsten Antwort
|
|
07.01.2013, 17:01
| #7 |
| /// TB-Ausbilder | Div WIN.Trojan.Agent- Meldungen von Clamav Fehlende Rückmeldung Dieses Thema wurde aus den Abos gelöscht. Somit bekomme ich keine Benachrichtigung über neue Antworten. PM an mich falls Du denoch weiter machen willst. Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner schon sauber ist. Jeder andere bitte hier klicken und einen eigenen Thread erstellen! |
|
09.01.2013, 13:08
| #8 |
| | Div WIN.Trojan.Agent- Meldungen von Clamav >Gibt es noch Probleme mit Browser Manager oder anderer Malware? Wenn ja, in welchem Browser? Direkte Probleme hab ich eigentlich keine bemerkt. Ich nutze den Chrome portable. OTL.txt OTL Logfile: Code:
ATTFilter OTL logfile created on: 08.01.2013 01:42:54 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Admyn\Desktop Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,99 Gb Total Physical Memory | 2,11 Gb Available Physical Memory | 70,57% Memory free 3,99 Gb Paging File | 3,12 Gb Available in Paging File | 78,15% Paging File free Paging file location(s): d:\pagefile.sys 1024 2048 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 19,53 Gb Total Space | 1,93 Gb Free Space | 9,86% Space Free | Partition Type: NTFS Drive D: | 46,78 Gb Total Space | 14,75 Gb Free Space | 31,54% Space Free | Partition Type: NTFS Computer Name: Compy | User Name: Admyn | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.01.02 18:52:28 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Admyn\Desktop\OTL.exe PRC - [2012.11.16 17:33:24 | 000,757,280 | ---- | M] (Microsoft Corporation) -- C:\Programme\Internet Explorer\iexplore.exe PRC - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011.11.04 15:37:16 | 000,330,304 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPONSCR.exe PRC - [2011.10.20 10:58:46 | 000,101,440 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\VIRTSCRL\virtscrl.exe PRC - [2011.07.12 18:03:32 | 000,069,568 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe PRC - [2011.07.12 17:17:04 | 000,138,680 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\ZOOM\TpScrex.exe PRC - [2011.07.12 16:54:02 | 000,127,336 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\VIRTSCRL\lvvsst.exe PRC - [2011.07.12 16:53:48 | 000,131,432 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\tphkload.exe PRC - [2011.07.12 16:53:18 | 000,142,696 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe PRC - [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2011.01.24 12:35:46 | 002,352,416 | ---- | M] (Broadcom Corporation.) -- C:\Programme\ThinkPad\Bluetooth Software\BTStackServer.exe PRC - [2011.01.24 12:35:46 | 000,804,128 | ---- | M] (Broadcom Corporation.) -- C:\Programme\ThinkPad\Bluetooth Software\BTTray.exe PRC - [2011.01.24 12:35:46 | 000,628,000 | ---- | M] (Broadcom Corporation.) -- C:\Programme\ThinkPad\Bluetooth Software\btwdins.exe PRC - [2010.11.20 03:17:58 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2010.11.20 03:17:48 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2009.11.30 12:01:30 | 000,401,408 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\AMT\atchk.exe PRC - [2009.11.30 12:01:26 | 000,176,128 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\AMT\atchksrv.exe PRC - [2009.11.30 12:01:12 | 001,458,176 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\AMT\UNS.exe PRC - [2009.11.30 12:00:32 | 000,114,688 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\AMT\LMS.exe PRC - [2009.11.24 07:59:50 | 000,093,032 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\TrackPoint\tp4serv.exe PRC - [2009.07.14 02:14:42 | 000,181,760 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\ink\TabTip.exe PRC - [2009.07.14 02:14:21 | 000,294,400 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\ink\InputPersonalization.exe PRC - [2009.06.04 19:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe PRC - [2009.06.04 19:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe PRC - [2008.07.15 16:09:52 | 000,090,112 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEADISRV.EXE PRC - [2007.08.14 15:55:20 | 000,021,504 | ---- | M] (UPEK Inc.) -- C:\Programme\ThinkVantage Fingerprint Software\upeksvr.exe ========== Modules (No Company Name) ========== MOD - [2013.01.08 01:33:58 | 000,155,648 | ---- | M] () -- C:\Windows\Downloaded Program Files\DVM_IPCam2.ocx MOD - [2011.01.24 12:35:58 | 000,132,384 | ---- | M] () -- C:\Programme\ThinkPad\Bluetooth Software\BTKeyInd.dll ========== Services (SafeList) ========== SRV - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.07.12 16:54:02 | 000,127,336 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\VIRTSCRL\lvvsst.exe -- (Lenovo.VIRTSCRLSVC) SRV - [2011.07.12 16:53:48 | 000,131,432 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\HOTKEY\tphkload.exe -- (TPHKLOAD) SRV - [2011.07.12 16:53:24 | 000,101,736 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Programme\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE) SRV - [2011.07.12 16:53:18 | 000,142,696 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC) SRV - [2011.01.24 12:35:46 | 000,628,000 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\ThinkPad\Bluetooth Software\btwdins.exe -- (btwdins) SRV - [2010.11.20 03:17:58 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2009.11.30 12:01:26 | 000,176,128 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\AMT\atchksrv.exe -- (atchksrv) SRV - [2009.11.30 12:01:12 | 001,458,176 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\AMT\UNS.exe -- (UNS) SRV - [2009.11.30 12:00:32 | 000,114,688 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\AMT\LMS.exe -- (LMS) SRV - [2009.08.24 21:16:36 | 000,406,016 | ---- | M] (mst software GmbH, Germany) [On_Demand | Stopped] -- C:\apps\AshampooWinOptimizer 8\DfSdkS.exe -- (DfSdkS) SRV - [2009.07.14 02:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc) SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2009.06.04 19:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) SRV - [2008.07.15 16:09:52 | 000,090,112 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEADISRV.EXE -- (AEADIFilters) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Admyn\AppData\Local\Temp\catchme.sys -- (catchme) DRV - [2012.12.19 11:59:15 | 000,028,672 | ---- | M] (hxxp://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\libusb0.sys -- (libusb0) DRV - [2012.10.10 23:00:14 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV - [2012.08.23 15:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV - [2012.08.23 15:40:25 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2011.10.14 16:13:26 | 000,061,312 | ---- | M] (Silicon Laboratories) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\silabser.sys -- (silabser) DRV - [2011.10.14 16:13:26 | 000,047,176 | ---- | M] (Silicon Laboratories) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\silabenm.sys -- (silabenm) DRV - [2010.11.20 03:30:16 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus) DRV - [2010.11.20 03:30:16 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt) DRV - [2010.11.20 03:30:16 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc) DRV - [2010.11.20 00:59:46 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010.11.20 00:14:46 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID) DRV - [2010.11.20 00:14:42 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap) DRV - [2010.09.07 14:09:06 | 000,013,680 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\System32\drivers\smiif32.sys -- (lenovo.smi) DRV - [2010.04.08 23:11:06 | 000,045,736 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btusbflt.sys -- (btusbflt) DRV - [2009.09.02 12:21:38 | 000,195,424 | ---- | M] (Jungo) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\windrvr6.sys -- (WinDriver6) DRV - [2009.07.13 23:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) DRV - [2009.07.13 23:02:50 | 000,211,456 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) DRV - [2009.07.01 18:05:10 | 000,232,472 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\iaNvStor.sys -- (iaNvStor) DRV - [2007.08.14 15:46:36 | 000,010,896 | ---- | M] (UPEK Inc.) [Kernel | Auto | Running] -- C:\Programme\Common Files\ThinkVantage Fingerprint Software\Drivers\smihlp.sys -- (smihlp) DRV - [2006.11.27 16:44:52 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F3 13 7D F9 78 C1 CD 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) [2012.11.17 00:22:34 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions O1 HOSTS File: ([2012.12.31 06:25:51 | 000,000,880 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 me O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4 - HKLM..\Run: [atchk] C:\Program Files\Intel\AMT\atchk.exe (Intel Corporation) O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) O4 - HKLM..\Run: [IaNvSrv] C:\Programme\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe (Intel Corporation) O4 - HKLM..\Run: [PSQLLauncher] C:\Program Files\ThinkVantage Fingerprint Software\launcher.exe (UPEK Inc.) O4 - HKLM..\Run: [TrackPointSrv] C:\Programme\Lenovo\TrackPoint\tp4serv.exe (Lenovo Group Limited) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm () O16 - DPF: {A4150320-98EC-4DB6-9BFB-EBF4B6FBEB16} hxxp://x.x.x.x/codebase/DVM_IPCam2.ocx (DVM_IPCam2 Control) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2DD4899F-B828-437A-B160-68D184E8B9E4}: NameServer = x.x.x.x,8.8.8.8 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{95D5B2E0-5345-45D8-836D-5A942405FF18}: NameServer = x.x.x.x O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: GinaDLL - (vrlogon.dll) - C:\Windows\System32\vrlogon.dll (UPEK Inc.) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - Winlogon\Notify\psfus: DllName - (C:\Windows\system32\psqlpwd.dll) - C:\Windows\System32\psqlpwd.dll (UPEK Inc.) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.01.08 00:52:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IPCamClient Manage Software [2013.01.08 00:51:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield [2013.01.04 12:14:17 | 000,086,016 | ---- | C] (MindVision Software) -- C:\Windows\unvise32.exe [2013.01.04 12:14:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IP Camera [2013.01.04 02:53:25 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013.01.04 02:46:59 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013.01.04 02:46:59 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013.01.04 02:46:59 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013.01.04 02:46:53 | 000,000,000 | ---D | C] -- C:\Qoobox [2013.01.04 02:46:46 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013.01.04 02:46:22 | 005,018,515 | R--- | C] (Swearware) -- C:\Users\Admyn\Desktop\ComboFix.exe [2013.01.04 02:32:31 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2013.01.04 02:32:01 | 000,000,000 | ---D | C] -- C:\JRT [2013.01.04 02:12:59 | 000,000,000 | ---D | C] -- C:\Users\Admyn\Desktop\antivir [2013.01.04 01:52:01 | 000,000,000 | ---D | C] -- C:\tst [2013.01.02 21:05:02 | 000,000,000 | ---D | C] -- C:\Users\Admyn\Desktop\Neuer Ordner [2013.01.02 19:35:07 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Admyn\Desktop\OTL.exe [2012.12.19 12:03:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\khazama.com [2012.12.19 12:03:14 | 000,000,000 | ---D | C] -- C:\Program Files\khazama.com [2012.12.19 00:11:34 | 000,000,000 | ---D | C] -- C:\Program Files\Silabs [2012.12.19 00:05:25 | 000,061,312 | ---- | C] (Silicon Laboratories) -- C:\Windows\System32\drivers\silabser.sys [2012.12.19 00:05:25 | 000,047,176 | ---- | C] (Silicon Laboratories) -- C:\Windows\System32\drivers\silabenm.sys [2012.12.18 20:29:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ashampoo [2012.12.18 20:29:09 | 000,028,160 | ---- | C] (mst software GmbH, Germany) -- C:\Windows\System32\DfSdkBt.exe [2012.12.18 20:29:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Ashampoo [2012.12.18 20:28:08 | 000,000,000 | ---D | C] -- C:\Users\Admyn\AppData\Local\Programs [2012.12.16 20:14:16 | 000,000,000 | ---D | C] -- C:\Users\Admyn\AppData\Roaming\WinRAR [2012.12.16 20:14:16 | 000,000,000 | ---D | C] -- C:\Users\Admyn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR [2012.12.16 20:14:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR [2012.12.16 20:13:59 | 000,000,000 | ---D | C] -- C:\aoos [2012.12.13 10:00:41 | 000,000,000 | ---D | C] -- C:\media ========== Files - Modified Within 30 Days ========== [2013.01.08 01:45:24 | 007,179,776 | ---- | M] () -- C:\Users\Public\Documents\Black_20130108014459.Avi [2013.01.08 01:37:22 | 004,227,584 | ---- | M] () -- C:\Users\Public\Documents\Black_20130108013707.Avi [2013.01.08 01:07:20 | 000,019,152 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.01.08 01:07:20 | 000,019,152 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.01.08 01:05:50 | 000,654,166 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.01.08 01:05:50 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.01.08 01:05:50 | 000,130,006 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.01.08 01:05:50 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.01.08 01:00:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.01.08 00:52:14 | 000,001,423 | ---- | M] () -- C:\Users\Public\Desktop\IPCamClient.lnk [2013.01.08 00:52:14 | 000,001,403 | ---- | M] () -- C:\Users\Public\Desktop\RecFPlayer.lnk [2013.01.04 12:14:17 | 000,000,850 | ---- | M] () -- C:\Users\Public\Desktop\IP Camera Tool.lnk [2013.01.04 02:41:24 | 005,018,515 | R--- | M] (Swearware) -- C:\Users\Admyn\Desktop\ComboFix.exe [2013.01.02 21:06:57 | 000,000,156 | ---- | M] () -- C:\Users\Admyn\defogger_reenable [2013.01.02 20:17:48 | 000,019,923 | ---- | M] () -- C:\Users\Admyn\Desktop\OTL.zip [2013.01.02 18:52:28 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Admyn\Desktop\OTL.exe [2012.12.25 15:23:18 | 000,271,824 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.12.19 11:59:15 | 000,043,520 | ---- | M] (hxxp://libusb-win32.sourceforge.net) -- C:\Windows\System32\libusb0.dll [2012.12.19 11:59:15 | 000,028,672 | ---- | M] (hxxp://libusb-win32.sourceforge.net) -- C:\Windows\System32\drivers\libusb0.sys [2012.12.19 00:11:54 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_silabser_01009.Wdf [2012.12.18 20:29:11 | 000,001,749 | ---- | M] () -- C:\Users\Public\Desktop\Ein-Klick-Optimierung (WO8).lnk [2012.12.18 20:29:10 | 000,000,781 | ---- | M] () -- C:\Users\Public\Desktop\Ashampoo WinOptimizer 8.lnk [2012.12.18 03:14:35 | 000,007,649 | ---- | M] () -- C:\Users\Admyn\AppData\Local\Resmon.ResmonCfg ========== Files Created - No Company Name ========== [2013.01.08 01:44:59 | 007,179,776 | ---- | C] () -- C:\Users\Public\Documents\Black_20130108014459.Avi [2013.01.08 01:37:07 | 004,227,584 | ---- | C] () -- C:\Users\Public\Documents\Black_20130108013707.Avi [2013.01.08 00:52:14 | 000,001,423 | ---- | C] () -- C:\Users\Public\Desktop\IPCamClient.lnk [2013.01.08 00:52:14 | 000,001,403 | ---- | C] () -- C:\Users\Public\Desktop\RecFPlayer.lnk [2013.01.04 12:14:17 | 000,000,850 | ---- | C] () -- C:\Users\Public\Desktop\IP Camera Tool.lnk [2013.01.04 02:46:59 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013.01.04 02:46:59 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013.01.04 02:46:59 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013.01.04 02:46:59 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013.01.04 02:46:59 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013.01.02 21:06:56 | 000,000,156 | ---- | C] () -- C:\Users\Admyn\defogger_reenable [2013.01.02 20:17:48 | 000,019,923 | ---- | C] () -- C:\Users\Admyn\Desktop\OTL.zip [2012.12.19 00:11:54 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_silabser_01009.Wdf [2012.12.18 20:29:11 | 000,001,749 | ---- | C] () -- C:\Users\Public\Desktop\Ein-Klick-Optimierung (WO8).lnk [2012.12.18 20:29:10 | 000,000,781 | ---- | C] () -- C:\Users\Public\Desktop\Ashampoo WinOptimizer 8.lnk [2012.11.29 10:56:22 | 000,284,587 | ---- | C] () -- C:\Users\Admyn\alf [2012.11.22 09:47:34 | 000,007,649 | ---- | C] () -- C:\Users\Admyn\AppData\Local\Resmon.ResmonCfg [2012.10.13 17:15:05 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2012.10.11 02:38:52 | 000,654,166 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2012.10.11 02:38:52 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2012.10.11 02:38:52 | 000,130,006 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2012.10.11 02:38:52 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2012.10.10 22:22:09 | 000,106,496 | ---- | C] () -- C:\Windows\stkbtnpn.dll [2012.10.10 20:48:09 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll [2012.10.10 19:40:59 | 000,290,904 | ---- | C] () -- C:\Windows\System32\vc6-re200l.dll ========== ZeroAccess Check ========== [2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 03:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2012.10.10 23:07:06 | 000,000,000 | ---D | M] -- C:\Users\Admyn\AppData\Roaming\DAEMON Tools Lite [2012.10.20 13:19:31 | 000,000,000 | ---D | M] -- C:\Users\Admyn\AppData\Roaming\ibf [2012.12.08 19:41:35 | 000,000,000 | ---D | M] -- C:\Users\Admyn\AppData\Roaming\MAGIX [2012.10.10 23:01:44 | 000,000,000 | ---D | M] -- C:\Users\Admyn\AppData\Roaming\TuneUp Software ========== Purity Check ========== < End of report > SystemLook.txt Code:
ATTFilter
SystemLook 30.07.11 by jpshortstuff
Log created at 01:50 on 08/01/2013 by Admyn
Administrator - Elevation successful
========== filefind ==========
Searching for "*Browser Manager*"
C:\Windows\System32\Tasks\Browser Manager --a---- 3434 bytes [01:20 04/01/2013] [01:20 04/01/2013] 3DA7B2B656DE12D67C7983DCCB9D0844
Searching for "*bProtect*"
No files found.
Searching for "*Babylon*"
C:\Program Files\Microsoft Games\Age of Empires\campaign\Stimmen aus Babylon.cpn -r----- 913682 bytes [23:19 10/10/2012] [23:19 10/10/2012] 16E685EF1B62F4559D8C7DEBECE25F5F
C:\Program Files\Microsoft Games\Age of Empires\data\Auf Leben und Tod Babylon.ai ------- 3686 bytes [23:19 10/10/2012] [23:19 10/10/2012] 70330ABC18E7EE52EFFD23D275020A8F
C:\Program Files\Microsoft Games\Age of Empires\data\Babylon Schwertkämpfer.ai ------- 3467 bytes [23:19 10/10/2012] [23:19 10/10/2012] AD9B93F6EBC90543998B0B15DF62738F
C:\Program Files\Microsoft Games\Age of Empires\data\Babylon Späher.ai ------- 3784 bytes [23:19 10/10/2012] [23:19 10/10/2012] 3AF7F90F21C6A984BF521090AE0E8304
========== folderfind ==========
Searching for "*Browser Manager*"
No folders found.
Searching for "*bProtect*"
No folders found.
Searching for "*Babylon*"
C:\Users\Admyn\AppData\Local\Microsoft\Windows\WER\ReportQueue\AppCrash_BabylonToolbarsr_4b7cf999152fc8eb2ca91b80c6f56ce23ddbaf1_cab_0bf82f0b d----c- [21:46 17/11/2012]
========== regfind ==========
Searching for "Browser Manager"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\TypedPaths]
"url1"="C:\ProgramData\Browser Manager\2.3.796.11\{16cdff19-861d-48e3-a751-d99a27784753}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B88D164F-9813-47EB-91B1-D87B9F21C407}]
"Path"="\Browser Manager"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Browser Manager]
[HKEY_USERS\S-1-5-21-760916294-433039999-1293612642-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\TypedPaths]
"url1"="C:\ProgramData\Browser Manager\2.3.796.11\{16cdff19-861d-48e3-a751-d99a27784753}"
Searching for "bProtect"
No data found.
Searching for "Babylon"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-760916294-433039999-1293612642-1000\Software\BabylonToolbar]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-760916294-433039999-1293612642-1000\Software\BabylonToolbar\BabylonToolbar]
[HKEY_USERS\S-1-5-21-760916294-433039999-1293612642-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-760916294-433039999-1293612642-1000\Software\BabylonToolbar]
[HKEY_USERS\S-1-5-21-760916294-433039999-1293612642-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-760916294-433039999-1293612642-1000\Software\BabylonToolbar\BabylonToolbar]
Searching for " "
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Plugin\Microsoft.PowerShell]
"ConfigXML"=" <PlugInConfiguration xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Name="microsoft.powershell" Filename="%windir%\system32\pwrshplugin.dll" SDKVersion="1" XmlRenderingType="text" > <InitializationParameters> <Param Name="PSVersion" Value="2.0"/> </InitializationParameters> <Resources> <Resource ResourceUri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell" SupportsOptions="true" ExactMatch="true"> <Security xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Uri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell" ExactMatch="true" Sddl="O:NSG:BAD:P(A;;GA;;;BA)S:P(AU;FA;GA;;;WD)(AU;SA;GXGW;;;WD)"/> <Capability Type="Shell"/> </Resource> </Res
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_&PROD_&REV_1100#B1208030000442&0#]
"DeviceDesc"=" "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_INTENSO&PROD_PREMIUM&REV_0.00#10080900047446&0#]
"DeviceDesc"="Premium "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_USB2.0&PROD_DISK&REV_0.00#0000000000000120&0#]
"DeviceDesc"="Disk "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_&PROD_&REV_1100#B1208030000442&0#]
"DeviceDesc"=" "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_INTENSO&PROD_PREMIUM&REV_0.00#10080900047446&0#]
"DeviceDesc"="Premium "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_USB2.0&PROD_DISK&REV_0.00#0000000000000120&0#]
"DeviceDesc"="Disk "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_&PROD_&REV_1100#B1208030000442&0#]
"DeviceDesc"=" "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_INTENSO&PROD_PREMIUM&REV_0.00#10080900047446&0#]
"DeviceDesc"="Premium "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_USB2.0&PROD_DISK&REV_0.00#0000000000000120&0#]
"DeviceDesc"="Disk "
-= EOF =-
|
|
09.01.2013, 17:00
| #9 |
| /// TB-Ausbilder | Div WIN.Trojan.Agent- Meldungen von Clamav Servus, alles klar, wir bereinigen noch Reste und kontrollieren nochmal: Schritt 1 Fixen mit OTL
Code:
ATTFilter :files
C:\Windows\System32\Tasks\Browser Manager
:reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Browser Manager]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B88D164F-9813-47EB-91B1-D87B9F21C407}]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-760916294-433039999-1293612642-1000\Software\BabylonToolbar]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-760916294-433039999-1293612642-1000\Software\BabylonToolbar\BabylonToolbar]
[-HKEY_USERS\S-1-5-21-760916294-433039999-1293612642-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-760916294-433039999-1293612642-1000\Software\BabylonToolbar]
[-HKEY_USERS\S-1-5-21-760916294-433039999-1293612642-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-760916294-433039999-1293612642-1000\Software\BabylonToolbar\BabylonToolbar]
:Commands
[emptytemp]
Schritt 2 Downloade Dir bitte Malwarebytes' Anti-Malware
Schritt 3 ESET Online Scanner
Schritt 4 Downloade Dir bitte SecurityCheck
Bitte poste mit deiner nächsten Antwort
|
|
10.01.2013, 14:38
| #10 |
| | Div WIN.Trojan.Agent- Meldungen von Clamav Hi Matthias, So, hab es geschafft OTL Angeblich hat er 440mb gelöscht, was vermutlich MB sein soll, denn milli macht ja nicht viel Sinn. Aber davor waren fast 2GB Platz, danach waren nur noch ~170MB aud C: frei. Mit den 440MB die angeblich gelöscht sind, wäre dann übe 2,2GB verschwunden. Habe jetzt arge Bedenken gegenüber OTL, jede Menge Platz verschwindet, kennt den Unterschied zwischen Milli und Mega nicht, da kann man nur hoffe das da nichts kaputt gemacht wurde. Ausserdem killt das Programm gnadenlos alle Anwendungen ohne Rücksicht, so wurde auch ne offene Datei im Editor vernichtet, gute Programme sollten hier nochmal eindringlich warnen. Kann ich irgendwo eine Log einsehen, was da gelöscht wurde? die Logdatei von OTL, Code:
ATTFilter All processes killed
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <C:\Windows\System32\Tasks\Browser Manager> in the current context!
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Browser Manager\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B88D164F-9813-47EB-91B1-D87B9F21C407}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B88D164F-9813-47EB-91B1-D87B9F21C407}\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-760916294-433039999-1293612642-1000\Software\BabylonToolbar\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-760916294-433039999-1293612642-1000\Software\BabylonToolbar\BabylonToolbar\ not found.
Registry key HKEY_USERS\S-1-5-21-760916294-433039999-1293612642-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-760916294-433039999-1293612642-1000\Software\BabylonToolbar\ not found.
Registry key HKEY_USERS\S-1-5-21-760916294-433039999-1293612642-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-760916294-433039999-1293612642-1000\Software\BabylonToolbar\BabylonToolbar\ not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Buser
->Temp folder emptied: 254523337 bytes
->Temporary Internet Files folder emptied: 74240525 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 122071239 bytes
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Admyn
->Temp folder emptied: 2397360 bytes
->Temporary Internet Files folder emptied: 7723959 bytes
->Java cache emptied: 0 bytes
User: Public
->Temp folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 24936 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 440,00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 01092013_170737
Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\atchksrv.log scheduled to be moved on reboot.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
Ich habe alle angelassen, so wie sie waren. Eine Option war pro Version. die anderen beiden weis ich nicht mehr. Hier solltet ihr die Beschreibung evt ergänzen was man da einstellen soll. die Logdatei von MBAM, Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.01.09.09 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 Admyn :: COMPY [Administrator] Schutz: Aktiviert 09.01.2013 22:57:04 mbam-log-2013-01-09 (22-57-04).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 215885 Laufzeit: 2 Minute(n), 25 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) die Logdatei von ESET, Code:
ATTFilter ESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internet# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6844
# api_version=3.0.2
# EOSSerial=26ee4d79d4275842bd6f349206615eab
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-01-09 11:28:32
# local_time=2013-01-10 12:28:32 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776573 100 94 146152 109405303 0 0
# scanned=104487
# found=0
# cleaned=0
# scan_time=2922
die Logdatei von SecurityCheck. Code:
ATTFilter Results of screen317's Security Check version 0.99.56 Windows 7 Service Pack 1 x86 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware Version 1.70.0.1100 Java 7 Update 9 Adobe Reader 10.1.4 Adobe Reader out of Date! ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe Malwarebytes' Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` |
|
10.01.2013, 15:18
| #11 |
| /// TB-Ausbilder | Div WIN.Trojan.Agent- Meldungen von Clamav Servus, Wenn du keine Probleme mehr hast, dann sind wir hier fertig. Deine Logdateien sind sauber.  Zum Schluss müssen wir noch ein paar abschließende Schritte unternehmen, um deinen Pc aufzuräumen und abzusichern. Schritt 1 Dein Java ist nicht mehr aktuell. Älter Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.
Schritt 2 Deinstalliere bitte deine aktuelle Version von Adobe Reader Start--> Systemsteuerung--> Software / Programme deinstallieren--> Adobe Reader und lade dir die neue Version von Hier herunter- Entferne den Hacken für den McAfee SecurityScan bzw. Google Chrome. Schritt 3 Starte DeFogger und klicke auf Re-enable. Gegebenenfalls muss dein Rechner neu gestartet werden. Schritt 4 Bitte vor der folgenden Aktion wieder temporär Antivirus-Programm, evtl. vorhandenes Skript-Blocking und Anti-Malware Programme deaktivieren. Windows-Taste + R drücke. Kopiere nun folgende Zeile in die Kommandozeile und klicke OK. Code:
ATTFilter Combofix /Uninstall
 Damit wird Combofix komplett entfernt und der Cache der Systemwiederherstellung geleert, damit auch aus dieser die Schädlinge verschwinden. Nun die eben deaktivierten Programme wieder aktivieren. Schritt 5 Downloade dir bitte delfix auf deinen Desktop.
Schritt 6 Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so dass ich dieses Thema aus meinen Abos löschen kann. |
|
10.01.2013, 16:11
| #12 |
| | Div WIN.Trojan.Agent- Meldungen von Clamav Das mit Java hatte ich auch schon versucht, bekam aber angehängte Fehlermeldung. Werde Deinen Weg gleich mal Probieren. Adobe hat sich zwischenzeitlich (gestern abend) schon upgedatet, ist also aktuell. Habs gerade nochmal überprüft, meldet keine Update verfügbar. Melde mich wieder wenn ich durch bin. Die Datei die ich bekommen habe heißt jre-7u10-windows-i586.exe und nicht jxpiinstall.exe ist das richtig? Geändert von JohnB (10.01.2013 um 16:21 Uhr) |
|
10.01.2013, 17:38
| #13 |
| /// TB-Ausbilder | Div WIN.Trojan.Agent- Meldungen von Clamav Servus, jre-7u10-windows-i586.exe ist der richtige Dateiname, ja. Ich warte auf deine Rückmeldung. |
|
13.01.2013, 12:19
| #14 |
| /// TB-Ausbilder | Div WIN.Trojan.Agent- Meldungen von Clamav Ich bin froh, dass wir helfen konnten  Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Solltest Du das Thema erneut brauchen, schicke mir bitte eine PM. Jeder andere bitte hier klicken und einen eigenen Thread erstellen. |
|
15.01.2013, 10:16
| #15 |
| | Div WIN.Trojan.Agent- Meldungen von Clamav Hi Beim Ausführen der jre-7u10-windows-i586.exe wurde ich nicht nach der Installation einer Toolbar gefragt. Auch wurde keine ältere Version gefunden, die ich hätte deinstallieren können. Habe ich heute nochmal gemacht mit der u11, hab gehört das die u10 gefährlich ist. Auch dort kam keine Frage nach einer Toolbar, und es wurde auch keine ältere Version gefunden. >Ich bin froh, dass wir helfen konnten Vielen Dank für die Hilfe. >Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. ich denke auch das es erledigt ist. Mir ist nur aufgefallen das einige Einstellungen gelöscht wurden. z.B. Dateiendungen anzeigen. Aber sonst läuft jetzt alles. Matthias vielen Dank! |
|
| Themen zu Div WIN.Trojan.Agent- Meldungen von Clamav |
| archive, avira, bedeutung, befall, ccc, clamav, code, dateien, entfernen, ics, links, löschen, melden, meldungen, neu, not, rechner, recht, scan, scanner, start, total, viren, virusscan, win.trojan.agent-, win7, wireless |
Textbox.
WARNUNG an die MITLESER: 
Linear-Darstellung
