| |
| |||||||
Log-Analyse und Auswertung: vermuteter Malware BefallWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
04.06.2013, 22:02
| #1 |
| |  vermuteter Malware Befall Hi, ich vermute auf meinem Laptop ein Problem, er braucht ewig, ist nahezu immer voll ausgelastet. bei mir läuft antivir-Premium. Das sagt, alles i.o. ich habe ein Logfile mit HijackThis erstellt. Eventuell kann mir jemand helfen. Gruß, Martin Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 22:33:49, on 04.06.2013 Platform: Windows 7 (WinNT 6.00.3504) MSIE: Internet Explorer v9.00 (9.00.8112.16476) Boot mode: Normal Running processes: C:\windows\system32\taskhost.exe C:\windows\system32\Dwm.exe C:\windows\Explorer.EXE C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files\Apoint2K\Apoint.exe C:\Program Files\Lenovo\Energy Management\utility.exe C:\Program Files\Lenovo\Energy Management\Energy Management.exe C:\Windows\System32\rundll32.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Windows\System32\spool\drivers\w32x86\3\E_TATIHTU.EXE C:\Users\Martin\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Program Files\Apoint2K\Apntex.exe C:\windows\system32\conhost.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\windows\system32\wuauclt.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe C:\PROGRA~1\ThinkPad\UTILIT~1\SCHTASK.exe C:\Users\Martin\Downloads\HiJackThis204.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo.live.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo.live.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: (no name) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - (no file) O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (file missing) O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [EnergyUtility] C:\Program Files\Lenovo\Energy Management\utility.exe O4 - HKLM\..\Run: [Energy Management] C:\Program Files\Lenovo\Energy Management\Energy Management.exe O4 - HKLM\..\Run: [PWMTRV] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWMTR32V.DLL,PwrMgrBkGndMonitor O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKCU\..\Run: [EPLTarget\P0000000000000000] C:\windows\system32\spool\DRIVERS\W32X86\3\E_TATIHTU.EXE /EPT "EPLTarget\P0000000000000000" /M "Epson Stylus Office BX535WD" /EF "HKCU" O4 - Startup: Dropbox.lnk = Martin\AppData\Roaming\Dropbox\bin\Dropbox.exe O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: Free YouTube Download - C:\Users\Martin\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Martin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm O9 - Extra button: @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm O10 - Broken Internet access because of LSP provider 'c:\windows\system32\tnnsqq5vr.dll' missing O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (file missing) O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Avira Email Schutz (AntiVirMailService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe O23 - Service: Avira Planer (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira Echtzeit-Scanner (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Avira Browser-Schutz (AntiVirWebService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe O23 - Service: IGRS - Lenovo Group Limited - C:\Program Files\Lenovo\ReadyComm\common\IGRS.exe O23 - Service: Lenovo ReadyComm AppSvc - Lenovo Group Limited - C:\Program Files\Lenovo\ReadyComm\AppSvc.exe O23 - Service: Lenovo ReadyComm ConnSvc - Lenovo Group Limited - C:\Program Files\Lenovo\ReadyComm\ConnSvc.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\windows\system32\nvvsvc.exe O23 - Service: Power Manager DBC Service - Lenovo - C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE O23 - Service: Cisco EnergyWise Enabler (PwmEWSvc) - Lenovo Group Limited - C:\Program Files\ThinkPad\Utilities\PWMEWSVC.EXE -- End of file - 7116 bytes |
|
04.06.2013, 22:04
| #2 |
| /// the machine /// TB-Ausbilder    | vermuteter Malware Befall Hi,
__________________Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden ).
__________________ |
|
05.06.2013, 05:55
| #3 |
| | vermuteter Malware Befall Guten morgen,
__________________danke für die rasche antwort, hier die 2 Log files: 1:OTL Logfile: Code:
ATTFilter OTL logfile created on: 05.06.2013 06:37:22 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Martin\Desktop Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,97 Gb Total Physical Memory | 1,31 Gb Available Physical Memory | 44,01% Memory free 5,93 Gb Paging File | 4,32 Gb Available in Paging File | 72,91% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files Drive C: | 100,00 Gb Total Space | 67,42 Gb Free Space | 67,42% Space Free | Partition Type: NTFS Drive D: | 30,25 Gb Total Space | 22,34 Gb Free Space | 73,87% Space Free | Partition Type: NTFS Drive F: | 146,48 Gb Total Space | 37,84 Gb Free Space | 25,83% Space Free | Partition Type: NTFS Drive G: | 174,07 Gb Total Space | 37,46 Gb Free Space | 21,52% Space Free | Partition Type: NTFS Computer Name: MARTIN-PC | User Name: Martin | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Martin\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\Mozilla Thunderbird\thunderbird.exe (Mozilla Corporation) PRC - C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe (Adobe Systems, Inc.) PRC - C:\Users\Martin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation) PRC - C:\Windows\System32\spool\drivers\w32x86\3\E_TATIHTU.EXE (SEIKO EPSON CORPORATION) PRC - C:\Programme\ThinkPad\Utilities\SCHTASK.EXE (Lenovo Group Limited) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Lenovo\Energy Management\utility.exe (Lenovo(beijing) Limited) PRC - C:\Programme\Lenovo\ReadyComm\common\IGRS.exe (Lenovo Group Limited) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Windows\System32\IgrsSvcs.exe (Microsoft Corporation) PRC - C:\Programme\Lenovo\Bluetooth Software\btwdins.exe (Broadcom Corporation.) PRC - C:\Programme\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited) PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) ========== Modules (No Company Name) ========== MOD - C:\Programme\Mozilla Firefox\mozjs.dll () MOD - C:\Programme\Mozilla Thunderbird\mozjs.dll () MOD - C:\Programme\Mozilla Thunderbird\nsldap32v60.dll () MOD - C:\Programme\Mozilla Thunderbird\nsldappr32v60.dll () MOD - C:\Windows\System32\Macromed\Flash\NPSWF32_11_7_700_202.dll () MOD - C:\Users\Martin\AppData\Roaming\Dropbox\bin\libcef.dll () MOD - C:\Users\Martin\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll () MOD - C:\Programme\ThinkPad\Utilities\GR\PWMRT32V.DLL () MOD - C:\Programme\Lenovo\Energy Management\KbdHook.dll () MOD - C:\Programme\Lenovo\Energy Management\HookLib.dll () ========== Services (SafeList) ========== SRV - (Dnscache) -- %SystemRoot%\System32\poualsxux.dll File not found SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirWebService) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirMailService) -- C:\Programme\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (EPSON_PM_RPCV4_05) -- C:\Programme\Common Files\EPSON\EPW!3 SSRP\E_JT50RP.EXE (SEIKO EPSON CORPORATION) SRV - (Power Manager DBC Service) -- C:\Programme\ThinkPad\Utilities\PWMDBSVC.exe (Lenovo) SRV - (PwmEWSvc) -- C:\Programme\ThinkPad\Utilities\PWMEWSVC.exe (Lenovo Group Limited) SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (Update-Service) -- C:\Windows\System32\UpdSvc.dll (Joosoft.com GmbH) SRV - (Lenovo ReadyComm ConnSvc) -- C:\Programme\Lenovo\ReadyComm\ConnSvc.exe (Lenovo Group Limited) SRV - (Lenovo ReadyComm AppSvc) -- C:\Programme\Lenovo\ReadyComm\AppSvc.exe (Lenovo Group Limited) SRV - (PS_MDP) -- C:\Programme\Lenovo\ReadyComm\PS_MDP.dll (Lenovo Group Limited) SRV - (IGRS) -- C:\Programme\Lenovo\ReadyComm\common\IGRS.exe (Lenovo Group Limited) SRV - (ReadyComm.DirectRouter) -- C:\Programme\Lenovo\ReadyComm\common\router.dll (Lenovo Group Limited) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) SRV - (btwdins) -- C:\Programme\Lenovo\Bluetooth Software\btwdins.exe (Broadcom Corporation.) SRV - (IAANTMON) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) SRV - (SQLWriter) -- c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (USBCCID) -- system32\DRIVERS\RtsUCcid.sys File not found DRV - (RtsUIR) -- system32\DRIVERS\Rts516xIR.sys File not found DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG) DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (TPPWRIF) -- C:\Windows\System32\drivers\TPPWR32V.SYS (Lenovo Group Limited) DRV - (funfrm) -- C:\windows\System32\drivers\funfrm.sys () DRV - (RSUSBSTOR) -- C:\Windows\System32\drivers\RtsUStor.sys (Realtek Semiconductor Corp.) DRV - (Bridge0) -- C:\Windows\System32\drivers\wdbridge.sys (Lenovo) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (wsvd) -- C:\Windows\System32\drivers\wsvd.sys (CyberLink) DRV - (wdmirror) -- C:\Windows\System32\drivers\WDMirror.sys (Windows (R) Codename Longhorn DDK provider) DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation) DRV - (WSDScan) -- C:\Windows\System32\drivers\WSDScan.sys (Microsoft Corporation) DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (k57nd60x) -- C:\Windows\System32\drivers\k57nd60x.sys (Broadcom Corporation) DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation) DRV - (CnxtHdAudService) -- C:\Windows\System32\drivers\CHDRT32.sys (Conexant Systems Inc.) DRV - (ACPIVPC) -- C:\Windows\System32\drivers\AcpiVpc.sys (Lenovo Corporation) DRV - (netw5v32) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation) DRV - (SNP2UVC) -- C:\Windows\System32\drivers\snp2uvc.sys () DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia) DRV - (WimFltr) -- C:\Windows\System32\drivers\WimFltr.sys (Microsoft Corporation) DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/ [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo.live.com/ IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&FORM=LENIE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/ [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo.live.com/ IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&FORM=LENIE IE - HKCU\..\SearchScopes\{EEBD267A-2CA3-49D4-9B52-153EFE3FF36D}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.suggest.enabled: false FF - prefs.js..browser.search.update: false FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.05.20 13:40:46 | 000,000,000 | ---D | M] [2011.12.06 20:19:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Martin\AppData\Roaming\mozilla\Extensions [2012.09.26 21:55:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\3twb667h.default\extensions [2013.05.26 17:21:11 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\browser\extensions [2013.05.26 17:21:11 | 000,000,000 | ---D | M] (Default) -- C:\Programme\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - No CLSID value found. O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [Energy Management] C:\Programme\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited) O4 - HKLM..\Run: [EnergyUtility] C:\Programme\Lenovo\Energy Management\utility.exe (Lenovo(beijing) Limited) O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) O4 - HKLM..\Run: [NvCplDaemon] C:\windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [PWMTRV] C:\Programme\ThinkPad\Utilities\PWMTR32V.DLL (Lenovo Group Limited) O4 - HKCU..\Run: [EPLTarget\P0000000000000000] C:\windows\System32\spool\DRIVERS\W32X86\3\E_TATIHTU.EXE (SEIKO EPSON CORPORATION) O4 - Startup: C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Martin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 221 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1 O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Free YouTube Download - C:\Users\Martin\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Martin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm () O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\windows\system32\tnnsqq5vr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O13 - gopher Prefix: missing O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 82.212.62.62 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2297C498-2845-4610-85A2-67E3F6B88568}: DhcpNameServer = 82.212.62.62 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AA9C3B8B-8089-45E7-ABE4-AD064ADBAC2C}: DhcpNameServer = 82.212.62.62 192.168.0.1 O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.06.05 06:35:39 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Martin\Desktop\OTL.exe [2013.06.04 23:05:45 | 000,000,000 | ---D | C] -- C:\windows\System32\SPReview [2013.06.04 22:36:45 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan [2013.06.04 22:36:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security Task Manager [2013.06.04 22:36:36 | 000,000,000 | ---D | C] -- C:\Program Files\Security Task Manager [2013.06.01 10:37:15 | 000,066,656 | ---- | C] (Avira GmbH) -- C:\windows\System32\drivers\avnetflt.sys [2013.05.31 19:13:37 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\WinRAR [2013.05.31 19:13:37 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR [2013.05.31 19:13:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR [2013.05.31 19:13:32 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR [2013.05.31 18:57:53 | 000,000,000 | ---D | C] -- C:\windows\pss [2013.05.31 18:27:40 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Local\Seven Zip [2013.05.31 18:26:02 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2013.05.31 18:23:10 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\Avira [2013.05.31 18:19:53 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013.05.31 18:17:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2013.05.31 18:17:31 | 000,135,136 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\windows\System32\drivers\avipbb.sys [2013.05.31 18:17:31 | 000,084,744 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\windows\System32\drivers\avgntflt.sys [2013.05.31 18:17:31 | 000,037,352 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\windows\System32\drivers\avkmgr.sys [2013.05.31 18:17:31 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\windows\System32\drivers\ssmdrv.sys [2013.05.31 18:17:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2013.05.31 18:17:30 | 000,000,000 | ---D | C] -- C:\Program Files\Avira [2013.05.31 18:10:07 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe [2013.05.31 18:10:07 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe [2013.05.31 18:10:07 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe [2013.05.31 18:10:02 | 000,000,000 | --SD | C] -- C:\ComboFix [2013.05.31 18:09:57 | 000,000,000 | ---D | C] -- C:\Qoobox [2013.05.31 18:09:41 | 000,000,000 | ---D | C] -- C:\windows\erdnt [2013.05.26 17:21:00 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2013.05.26 16:31:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader [2013.05.26 16:31:18 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\Foxit Software [2013.05.26 16:31:18 | 000,000,000 | ---D | C] -- C:\Program Files\Foxit Software [2013.05.20 13:40:46 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird [2013.05.16 21:34:27 | 000,000,000 | ---D | C] -- C:\windows\Sun [2013.05.12 14:17:31 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip [2013.05.10 11:57:06 | 000,000,000 | R--D | C] -- C:\Users\Martin\Dropbox [2013.05.10 11:55:22 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox [2013.05.10 11:55:00 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\Dropbox [2013.05.06 22:00:29 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2013.05.06 22:00:19 | 000,263,584 | ---- | C] (Oracle Corporation) -- C:\windows\System32\javaws.exe [2013.05.06 22:00:16 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\windows\System32\javaw.exe [2013.05.06 22:00:16 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\windows\System32\java.exe [2013.05.06 22:00:16 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\windows\System32\WindowsAccessBridge.dll [2013.05.06 22:00:04 | 000,000,000 | ---D | C] -- C:\Program Files\Java ========== Files - Modified Within 30 Days ========== [2013.06.05 06:35:55 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Martin\Desktop\OTL.exe [2013.06.05 06:30:35 | 000,009,696 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.06.05 06:30:35 | 000,009,696 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.06.05 06:28:00 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job [2013.06.05 06:27:53 | 000,643,866 | ---- | M] () -- C:\windows\System32\perfh007.dat [2013.06.05 06:27:53 | 000,607,190 | ---- | M] () -- C:\windows\System32\perfh009.dat [2013.06.05 06:27:53 | 000,126,394 | ---- | M] () -- C:\windows\System32\perfc007.dat [2013.06.05 06:27:53 | 000,103,568 | ---- | M] () -- C:\windows\System32\perfc009.dat [2013.06.05 06:23:14 | 000,000,306 | RHS- | M] () -- C:\ProgramData\ntuser.pol [2013.06.05 06:23:05 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2013.06.05 06:22:56 | 2388,078,592 | -HS- | M] () -- C:\hiberfil.sys [2013.06.01 10:37:04 | 000,066,656 | ---- | M] (Avira GmbH) -- C:\windows\System32\drivers\avnetflt.sys [2013.05.31 18:49:32 | 000,447,208 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT [2013.05.31 18:29:00 | 000,000,535 | ---- | M] () -- C:\windows\System32\mapisvc.inf [2013.05.31 18:17:42 | 000,002,012 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2013.05.31 18:14:16 | 000,135,136 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\windows\System32\drivers\avipbb.sys [2013.05.31 18:14:16 | 000,084,744 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\windows\System32\drivers\avgntflt.sys [2013.05.31 18:14:16 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\windows\System32\drivers\avkmgr.sys [2013.05.31 18:14:16 | 000,028,520 | ---- | M] (Avira GmbH) -- C:\windows\System32\drivers\ssmdrv.sys [2013.05.26 16:31:32 | 000,002,008 | ---- | M] () -- C:\Users\Public\Desktop\Foxit Reader.lnk [2013.05.18 14:28:19 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerApp.exe [2013.05.18 14:28:19 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerCPLApp.cpl [2013.05.12 14:12:05 | 003,122,804 | ---- | M] () -- C:\Users\Martin\Desktop\Info.izp [2013.05.10 11:57:06 | 000,001,041 | ---- | M] () -- C:\Users\Martin\Desktop\Dropbox.lnk [2013.05.10 11:55:31 | 000,001,051 | ---- | M] () -- C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2013.05.06 22:00:07 | 000,094,112 | ---- | M] (Oracle Corporation) -- C:\windows\System32\WindowsAccessBridge.dll [2013.05.06 22:00:05 | 000,866,720 | ---- | M] (Oracle Corporation) -- C:\windows\System32\npDeployJava1.dll [2013.05.06 22:00:05 | 000,788,896 | ---- | M] (Oracle Corporation) -- C:\windows\System32\deployJava1.dll [2013.05.06 22:00:05 | 000,263,584 | ---- | M] (Oracle Corporation) -- C:\windows\System32\javaws.exe [2013.05.06 22:00:05 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\windows\System32\javaw.exe [2013.05.06 22:00:05 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\windows\System32\java.exe ========== Files Created - No Company Name ========== [2013.05.31 18:17:42 | 000,002,012 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2013.05.31 18:10:07 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe [2013.05.31 18:10:07 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe [2013.05.31 18:10:07 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe [2013.05.31 18:10:07 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe [2013.05.31 18:10:07 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe [2013.05.26 16:31:32 | 000,002,008 | ---- | C] () -- C:\Users\Public\Desktop\Foxit Reader.lnk [2013.05.12 14:12:05 | 003,122,804 | ---- | C] () -- C:\Users\Martin\Desktop\Info.izp [2013.05.10 11:57:06 | 000,001,041 | ---- | C] () -- C:\Users\Martin\Desktop\Dropbox.lnk [2013.05.10 11:55:31 | 000,001,051 | ---- | C] () -- C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2013.04.05 21:21:49 | 000,000,000 | ---- | C] () -- C:\windows\EEventManager.INI [2013.04.05 18:31:57 | 000,000,174 | ---- | C] () -- C:\windows\wiso.ini [2013.03.23 19:19:08 | 000,002,100 | ---- | C] () -- C:\Users\Martin\AppData\Local\recently-used.xbel [2013.01.02 16:26:42 | 000,010,495 | ---- | C] () -- C:\Users\Martin\hinkm_elster_2048.pfx [2012.09.27 13:35:47 | 000,003,559 | ---- | C] () -- C:\Users\Martin\.ganttproject [2012.08.13 11:11:02 | 141,421,187 | ---- | C] () -- C:\Program Files\openofficeorg1.cab [2012.08.13 11:09:30 | 003,166,208 | ---- | C] () -- C:\Program Files\openofficeorg341.msi [2012.08.13 11:09:30 | 000,473,600 | ---- | C] () -- C:\Program Files\setup.exe [2012.08.13 11:09:30 | 000,000,294 | ---- | C] () -- C:\Program Files\setup.ini [2012.02.12 15:19:12 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2011.12.23 21:58:28 | 000,030,568 | ---- | C] () -- C:\windows\MusiccityDownload.exe [2011.12.23 21:58:24 | 000,974,848 | ---- | C] () -- C:\windows\System32\cis-2.4.dll [2011.12.23 21:58:24 | 000,081,920 | ---- | C] () -- C:\windows\System32\issacapi_bs-2.3.dll [2011.12.23 21:58:24 | 000,065,536 | ---- | C] () -- C:\windows\System32\issacapi_pe-2.3.dll [2011.12.23 21:58:24 | 000,057,344 | ---- | C] () -- C:\windows\System32\issacapi_se-2.3.dll [2011.12.08 00:25:46 | 000,000,353 | ---- | C] () -- C:\Users\Martin\AppData\Roaming\Network Meter_Settings.ini ========== ZeroAccess Check ========== [2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 03:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both < End of report > 2:OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 05.06.2013 06:37:22 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Martin\Desktop
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,97 Gb Total Physical Memory | 1,31 Gb Available Physical Memory | 44,01% Memory free
5,93 Gb Paging File | 4,32 Gb Available in Paging File | 72,91% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 100,00 Gb Total Space | 67,42 Gb Free Space | 67,42% Space Free | Partition Type: NTFS
Drive D: | 30,25 Gb Total Space | 22,34 Gb Free Space | 73,87% Space Free | Partition Type: NTFS
Drive F: | 146,48 Gb Total Space | 37,84 Gb Free Space | 25,83% Space Free | Partition Type: NTFS
Drive G: | 174,07 Gb Total Space | 37,46 Gb Free Space | 21,52% Space Free | Partition Type: NTFS
Computer Name: MARTIN-PC | User Name: Martin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{032C26F1-9A6E-43A8-A075-5F26B2C878F5}" = lport=445 | protocol=6 | dir=in | app=system |
"{0673425E-DB82-4994-8486-CE7C61250971}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{094AB46C-9C6C-45DE-A2D5-28DF807B90B6}" = lport=2869 | protocol=6 | dir=in | app=system |
"{16948452-BD43-4F4C-9943-87144D668E72}" = rport=445 | protocol=6 | dir=out | app=system |
"{19149A53-466D-45E4-AA3D-0881C17BA7E7}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{1EDCAF4C-BAD7-4565-B7FD-9B2C5976D716}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{331784AE-84CA-4EFD-B02B-06CA36A443ED}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{370D4CC9-6BD9-43C3-9C9F-08E2E75B3F31}" = lport=10244 | protocol=6 | dir=in | app=system |
"{3B97BB6F-FEEB-4041-86DD-27D1E076C896}" = lport=10244 | protocol=6 | dir=in | app=system |
"{411F3EB4-0F80-4282-8F2D-BE7D41B07B19}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{59D958CF-0C3F-4134-A5BD-A2E14473E8CB}" = lport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{63C05E50-10A5-45B6-BC5B-AD3844EA1ED6}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{675C7826-7E79-4E57-A7A3-F9577E86B0E0}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{6D06E2ED-8472-4070-82A9-8489507AA558}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6D2EB7B8-C299-4A76-AB95-1685787F35D8}" = rport=139 | protocol=6 | dir=out | app=system |
"{6E42E609-9AE3-46CF-8774-F518934EBF9F}" = rport=138 | protocol=17 | dir=out | app=system |
"{72295B11-4A69-4DB3-A396-9A3295705743}" = lport=2869 | protocol=6 | dir=in | app=system |
"{88724D48-57BC-49B2-8DE8-D5A00D69035D}" = lport=138 | protocol=17 | dir=in | app=system |
"{8963EC19-9607-4D42-952F-2C65CC781B81}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8F66D02C-8EAC-4027-94A8-4B83F103729E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{92927D5D-166D-4F7D-B756-1096E104E2A3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{998B23D5-59DC-4B5F-BB32-2F4A511D348A}" = lport=139 | protocol=6 | dir=in | app=system |
"{9B4C67B0-03D7-4E57-9602-512F6BE2DC7F}" = lport=3390 | protocol=6 | dir=in | app=system |
"{A4A5A8CA-4A6C-4A8B-ABF3-8CAFB07BD4F9}" = lport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A632A43E-0348-41A3-AC7D-88C693B56484}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A670B960-B4ED-4FE2-B09D-1C89C22A5CC1}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{A87D8F78-F18C-4534-84A1-3E5086C7CD9F}" = lport=3390 | protocol=6 | dir=in | app=system |
"{B13A7DE0-4EE9-4AC9-BD68-94128E8B43EF}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B3E25F0B-0CCA-4DFE-9B4D-F73B2097B21B}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BE1CDF9C-08A8-46BD-9F47-806C5958622E}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CA68B580-4183-46C8-B81F-149744042611}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CCFEAB47-C554-4D0A-8896-B3A2CAB9425C}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{D8F7D2CC-B84C-475A-BBDC-1F82B921A99B}" = lport=137 | protocol=17 | dir=in | app=system |
"{D982428C-AD5F-47D9-B995-587177C12D49}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E1649F28-9125-42D2-9293-C5FE1264247A}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E77B59A2-81DD-4338-9D6A-32C1B407F11E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{F00B9706-48D1-499F-9554-4C498CE11982}" = rport=137 | protocol=17 | dir=out | app=system |
"{FEB504E9-5122-4E6E-9577-D88C0F2CCA97}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08C9D321-3571-43AE-A80E-3687DA9EDAB4}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{0C47B76F-CEA9-4BBA-B391-4CE728ED8A53}" = dir=out | app=c:\program files\lenovo\readycomm\common\igrs.exe |
"{0D5437E4-3D6F-413A-977E-931FBCD74088}" = dir=out | app=c:\windows\system32\igrssvcs.exe |
"{0DF9465E-C7A4-4A01-8883-D6260E1BFC33}" = dir=out | app=c:\program files\lenovo\readycomm\readycomm.exe |
"{2FA7B683-1FEE-4606-ADFE-D6C54F0B0D80}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{301C3719-A4A1-4083-AA06-229E10B2B1D4}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{308569D4-D0BF-495D-A76D-A90BE91751F4}" = protocol=6 | dir=in | app=c:\program files\epson software\ecprintersetup\enpapp.exe |
"{3B193607-CFAE-48DB-ADDE-0BA51A9F4F75}" = protocol=6 | dir=in | app=e:\network\epsonnetsetup\eneasyapp.exe |
"{3DB2062B-C1A8-4AD8-83EA-20B11C80CB48}" = protocol=6 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{4FFD86BC-FCF9-4B86-988D-48020DFD256A}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe |
"{53BEB3FC-DA3B-47A4-A7FE-303C7988CFBF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6D1CE614-C903-4DE4-ACCE-DE4AF305DA6B}" = dir=out | app=c:\program files\lenovo\readycomm\common\igrs.exe |
"{733A9B6E-F3DF-422B-94E5-7E3B8D161896}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe |
"{7368A7DE-69DA-4271-A950-4D2B4194AEE7}" = dir=out | app=c:\program files\lenovo\readycomm\appsvc.exe |
"{749694AD-AB2B-4107-8DB7-183DC3BB27B3}" = dir=in | app=c:\windows\system32\igrssvcs.exe |
"{7D2D5FA4-5885-48F2-BFD6-65F8072322C5}" = protocol=17 | dir=in | app=e:\network\epsonnetsetup\eneasyapp.exe |
"{884E3691-4123-4D09-A4E6-E20EC319BCB4}" = dir=in | app=c:\program files\lenovo\readycomm\common\igrs.exe |
"{893DFB42-24EF-42E2-BC24-8720DEC40035}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{8A71E731-E6F6-4B68-BAAA-A5E0AC88F31D}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{8DF2AF65-5864-427E-8501-BE79F9318343}" = dir=in | app=c:\program files\lenovo\readycomm\common\igrs.exe |
"{92138714-641E-4CD5-A5CF-A0EF88782A83}" = dir=in | app=c:\program files\lenovo\readycomm\appsvc.exe |
"{9356AAC3-DD7E-4E49-AAC8-1C97B667097D}" = protocol=17 | dir=in | app=c:\program files\epson software\ecprintersetup\enpapp.exe |
"{983B51C3-CE26-42DD-8746-9A60BD157F47}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{9AF186E6-07DB-4F3C-9760-DBDD7DF5AB42}" = dir=in | app=c:\program files\lenovo\readycomm\projectionist.exe |
"{B2B1A8EF-9170-4C90-A504-3D0856F87216}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{B59EF72A-B51F-443D-9006-D667E6A21CD6}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{B908669C-E2A6-4DD3-A058-4C4E7460CBF1}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{BFD22F70-DC2F-4713-ADB9-CC1698A133FD}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{C07A57AD-4A19-42EA-8F96-2346F4FFDA46}" = dir=out | app=c:\program files\lenovo\readycomm\projectionist.exe |
"{C3BBD7A1-AF60-4A88-B67D-BFFD9BD2E996}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcrmgr.exe |
"{C50C12B9-C5C8-4B68-9D91-19FD9BCD7122}" = protocol=6 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{C51D704B-43EA-49CD-9BA3-E007BBA885DA}" = protocol=6 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe |
"{DD067A4E-FF22-4270-8F3B-74DFDEF9A92F}" = protocol=6 | dir=in | app=c:\users\martin\appdata\roaming\dropbox\bin\dropbox.exe |
"{DE832482-4ED9-44EE-B344-95C48AA0B9F9}" = protocol=17 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe |
"{EB55D631-948C-439B-BEFC-0CEB9CCB6348}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{EBE09E8D-F486-4FA5-85AE-49310A725346}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{ED49E9FA-41E7-4368-B1B8-F8FA403A466C}" = dir=out | app=c:\program files\lenovo\readycomm\connsvc.exe |
"{F49820FD-3A1D-4588-A6CC-22F579504532}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcrmgr.exe |
"{F934F81B-66DA-4FFF-9277-D0EE85328D19}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{FA98EC33-0239-43FC-ADE9-861295E1C280}" = dir=in | app=c:\program files\lenovo\readycomm\connsvc.exe |
"{FE7204AD-D01B-4E20-8C67-C8207312CB70}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{FE8E39A8-90A4-48C9-A707-F10A036DC32D}" = protocol=17 | dir=in | app=c:\users\martin\appdata\roaming\dropbox\bin\dropbox.exe |
"{FEAAEC88-85BE-4BA3-81A7-01D172F65752}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{FEAB198E-1A3F-4D23-A47B-736056937244}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{1395B4AE-4BE2-49EF-BB42-D893F4507F7F}C:\users\martin\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\martin\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{4F28B047-ED03-4FBD-BA3A-CD10AD3AC808}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe |
"UDP Query User{03FF4745-8C70-493E-9BD9-40CE22739C7C}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe |
"UDP Query User{F7E2E809-4F30-4BFD-B42E-C2829C570ADF}C:\users\martin\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\martin\appdata\roaming\dropbox\bin\dropbox.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02F0B8AE-7501-4333-AFBE-6BAABFEC7637}" = WISO Steuer-Sparbuch 2011
"{0B914F2C-6CC2-4328-B84E-411A81B50FA4}" = Steuer-Sparer 2013
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{26A24AE4-039D-4CA4-87B4-2F83217021FF}" = Java 7 Update 21
"{46B70DEB-97B3-4E38-B746-EC16905E6A8F}" = WISO Steuer 2010
"{49F3D04B-B849-4C89-AB31-2366A004EA28}" = Broadcom Gigabit Integrated Controller
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer
"{5E1375CB-6792-4464-8715-CC3EC83D48FA}" = VirtualDJ Home FREE
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6E6E7725-C7BC-4C39-8B3F-14B67331A120}" = Lenovo Patch Utility
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{76C66170-C538-4E77-B54D-48E136B5B533}" = Lenovo ReadyComm 5.0 Service
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = Lenovo Bluetooth with Enhanced Data Rate Software
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI - Deutsch
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B8ECD0D3-AE08-4891-B6C7-32F96B75EB6C}" = EPSON Printer Finder
"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
"{CCD2BAD2-0919-40CB-80CC-E9538B0E4C2E}" = Steuer-Spar-Erklärung 2012
"{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}" = Epson Connect Printer Setup
"{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}" = Energie-Manager
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{FA9D303D-0FB2-49C7-9397-8E6B11EA892D}" = Epson Event Manager
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Antivirus Premium
"B4DFFB06B716298277125094C48185BFE8B5A7E1" = Windows-Treiberpaket - Ross-Tech USB Driver Package (06/16/2010 2.06.02)
"CNXT_AUDIO_HDA" = Conexant HD Audio
"Dev-C++" = Dev-C++ 5 beta 9 release (4.9.9.2)
"EAGLE 6.4.0" = EAGLE 6.4.0
"EasyCapture4.0" = EasyCapture
"EPSON BX535WD Series" = EPSON BX535WD Series Printer Uninstall
"EPSON Scanner" = EPSON Scan
"Foxit Reader_is1" = Foxit Reader
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 7.2
"Free YouTube Download_is1" = Free YouTube Download version 3.1.37.918
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.32.918
"GanttProject" = GanttProject
"GIMP-2_is1" = GIMP 2.8.2
"Mozilla Firefox 21.0 (x86 de)" = Mozilla Firefox 21.0 (x86 de)
"Mozilla Thunderbird 17.0.6 (x86 de)" = Mozilla Thunderbird 17.0.6 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIA Drivers" = NVIDIA Drivers
"Security Task Manager" = Security Task Manager 1.8g
"VLC media player" = VLC media player 2.0.1
"WavePad" = WavePad Audiobearbeitungs-Software
"WinRAR archiver" = WinRAR 4.20 (32-Bit)
"Wise Registry Cleaner_is1" = Wise Registry Cleaner 7.67
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 07.12.2012 07:30:07 | Computer Name = Martin-PC | Source = RpcNs | ID = 2
Description =
Error - 02.01.2013 09:56:36 | Computer Name = Martin-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 17.0.1.4715,
Zeitstempel: 0x50b71a4b Name des fehlerhaften Moduls: xul.dll, Version: 17.0.1.4715,
Zeitstempel: 0x50b7198b Ausnahmecode: 0xc0000005 Fehleroffset: 0x00144ed8 ID des fehlerhaften
Prozesses: 0xfe0 Startzeit der fehlerhaften Anwendung: 0x01cde8f049dc7d5a Pfad der
fehlerhaften Anwendung: C:\Program Files\Mozilla Firefox\firefox.exe Pfad des fehlerhaften
Moduls: C:\Program Files\Mozilla Firefox\xul.dll Berichtskennung: 38c0fe9f-54e4-11e2-bf7c-002622d7ab25
Error - 10.01.2013 11:18:06 | Computer Name = Martin-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: McUicnt.exe, Version: 4.0.228.0,
Zeitstempel: 0x4d50670d Name des fehlerhaften Moduls: ieframe.dll, Version: 9.0.8112.16457,
Zeitstempel: 0x50a2fe39 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000f22d2 ID des fehlerhaften
Prozesses: 0x1704 Startzeit der fehlerhaften Anwendung: 0x01cdef4571eec326 Pfad der
fehlerhaften Anwendung: C:\Program Files\McAfee Security Scan\3.0.285\McUicnt.exe
Pfad
des fehlerhaften Moduls: C:\Windows\System32\ieframe.dll Berichtskennung: eece3793-5b38-11e2-be31-0c6076badff3
Error - 10.01.2013 11:18:15 | Computer Name = Martin-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: McUicnt.exe, Version: 4.0.228.0,
Zeitstempel: 0x4d50670d Name des fehlerhaften Moduls: ieframe.dll, Version: 9.0.8112.16457,
Zeitstempel: 0x50a2fe39 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000f22d2 ID des fehlerhaften
Prozesses: 0x1704 Startzeit der fehlerhaften Anwendung: 0x01cdef4571eec326 Pfad der
fehlerhaften Anwendung: C:\Program Files\McAfee Security Scan\3.0.285\McUicnt.exe
Pfad
des fehlerhaften Moduls: C:\Windows\System32\ieframe.dll Berichtskennung: f3c22474-5b38-11e2-be31-0c6076badff3
Error - 20.01.2013 06:59:19 | Computer Name = Martin-PC | Source = EventSystem | ID = 4621
Description =
Error - 29.01.2013 14:09:28 | Computer Name = Martin-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 18.0.1.4764,
Zeitstempel: 0x50f705c6 Name des fehlerhaften Moduls: xul.dll, Version: 18.0.1.4764,
Zeitstempel: 0x50f704c6 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00117a68 ID des fehlerhaften
Prozesses: 0x170c Startzeit der fehlerhaften Anwendung: 0x01cdfe489b15915f Pfad der
fehlerhaften Anwendung: C:\Program Files\Mozilla Firefox\firefox.exe Pfad des fehlerhaften
Moduls: C:\Program Files\Mozilla Firefox\xul.dll Berichtskennung: 0506ef78-6a3f-11e2-8a55-0c6076badff3
Error - 29.01.2013 14:09:34 | Computer Name = Martin-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: wmplayer.exe, Version: 12.0.7600.16667,
Zeitstempel: 0x4c7dc5a1 Name des fehlerhaften Moduls: gdiplus.dll, Version: 6.1.7600.17007,
Zeitstempel: 0x4f923628 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000aa1fe ID des fehlerhaften
Prozesses: 0x6bb0 Startzeit der fehlerhaften Anwendung: 0x01cdfe4bc73dd415 Pfad der
fehlerhaften Anwendung: C:\Program Files\Windows Media Player\wmplayer.exe Pfad
des fehlerhaften Moduls: C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.17007_none_72f44f3186198a88\gdiplus.dll
Berichtskennung:
0872179b-6a3f-11e2-8a55-0c6076badff3
Error - 29.01.2013 14:16:22 | Computer Name = Martin-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: wmpnetwk.exe, Version: 12.0.7600.16385,
Zeitstempel: 0x4a5bccb3 Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7600.17135,
Zeitstempel: 0x506dbeae Ausnahmecode: 0x0000046b Fehleroffset: 0x0000969b ID des fehlerhaften
Prozesses: 0x133c Startzeit der fehlerhaften Anwendung: 0x01cdfe4868c1628f Pfad der
fehlerhaften Anwendung: C:\Program Files\Windows Media Player\wmpnetwk.exe Pfad
des fehlerhaften Moduls: C:\windows\system32\KERNELBASE.dll Berichtskennung: fbb5c4c4-6a3f-11e2-8a55-0c6076badff3
Error - 22.02.2013 12:15:51 | Computer Name = Martin-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 18.0.1.4764 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1128 Startzeit:
01ce111738aaf065 Endzeit: 15 Anwendungspfad: C:\Program Files\Mozilla Firefox\firefox.exe
Berichts-ID:
1e926233-7d0b-11e2-8693-0c6076badff3
Error - 11.03.2013 12:31:33 | Computer Name = Martin-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 19.0.0.4794,
Zeitstempel: 0x511ed1c1 Name des fehlerhaften Moduls: xul.dll, Version: 19.0.0.4794,
Zeitstempel: 0x511ed0fe Ausnahmecode: 0xc0000005 Fehleroffset: 0x00155858 ID des fehlerhaften
Prozesses: 0x14a0 Startzeit der fehlerhaften Anwendung: 0x01ce1e75dd475695 Pfad der
fehlerhaften Anwendung: C:\Program Files\Mozilla Firefox\firefox.exe Pfad des fehlerhaften
Moduls: C:\Program Files\Mozilla Firefox\xul.dll Berichtskennung: 2270e82e-8a69-11e2-8762-0c6076badff3
[ System Events ]
Error - 05.06.2013 00:27:16 | Computer Name = Martin-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "DNS-Client" wurde mit folgendem Fehler beendet: %%126
Error - 05.06.2013 00:28:22 | Computer Name = Martin-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "DNS-Client" wurde mit folgendem Fehler beendet: %%126
Error - 05.06.2013 00:28:34 | Computer Name = Martin-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "DNS-Client" wurde mit folgendem Fehler beendet: %%126
Error - 05.06.2013 00:30:20 | Computer Name = Martin-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "DNS-Client" wurde mit folgendem Fehler beendet: %%126
Error - 05.06.2013 00:32:26 | Computer Name = Martin-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "DNS-Client" wurde mit folgendem Fehler beendet: %%126
Error - 05.06.2013 00:37:26 | Computer Name = Martin-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "DNS-Client" wurde mit folgendem Fehler beendet: %%126
Error - 05.06.2013 00:39:34 | Computer Name = Martin-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "DNS-Client" wurde mit folgendem Fehler beendet: %%126
Error - 05.06.2013 00:44:34 | Computer Name = Martin-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "DNS-Client" wurde mit folgendem Fehler beendet: %%126
Error - 05.06.2013 00:46:42 | Computer Name = Martin-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "DNS-Client" wurde mit folgendem Fehler beendet: %%126
Error - 05.06.2013 00:51:42 | Computer Name = Martin-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "DNS-Client" wurde mit folgendem Fehler beendet: %%126
< End of report >
|
|
05.06.2013, 08:18
| #4 |
| /// the machine /// TB-Ausbilder | vermuteter Malware Befall Definitiv BEfall: Code:
ATTFilter HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Telephony\Providers
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation /S
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache /S
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost
HKEY_LOCAL_MACHINE\SOFTWARE\Joosoft.com
%SystemRoot%\system32\*.tsp
C:\Windows\system32\*.dll /600
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
05.06.2013, 15:36
| #5 |
| | vermuteter Malware Befall Hi, bitteschönOTL Logfile: Code:
ATTFilter OTL logfile created on: 05.06.2013 16:02:45 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Martin\Desktop Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,97 Gb Total Physical Memory | 1,76 Gb Available Physical Memory | 59,21% Memory free 5,93 Gb Paging File | 4,66 Gb Available in Paging File | 78,60% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files Drive C: | 100,00 Gb Total Space | 68,37 Gb Free Space | 68,37% Space Free | Partition Type: NTFS Drive D: | 30,25 Gb Total Space | 22,34 Gb Free Space | 73,87% Space Free | Partition Type: NTFS Drive F: | 146,48 Gb Total Space | 37,84 Gb Free Space | 25,83% Space Free | Partition Type: NTFS Drive G: | 174,07 Gb Total Space | 37,46 Gb Free Space | 21,52% Space Free | Partition Type: NTFS Computer Name: MARTIN-PC | User Name: Martin | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Martin\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\Mozilla Thunderbird\thunderbird.exe (Mozilla Corporation) PRC - C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe (Adobe Systems, Inc.) PRC - C:\Users\Martin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation) PRC - C:\Windows\System32\spool\drivers\w32x86\3\E_TATIHTU.EXE (SEIKO EPSON CORPORATION) PRC - C:\Programme\ThinkPad\Utilities\SCHTASK.EXE (Lenovo Group Limited) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Lenovo\Energy Management\utility.exe (Lenovo(beijing) Limited) PRC - C:\Programme\Lenovo\ReadyComm\common\IGRS.exe (Lenovo Group Limited) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Windows\System32\IgrsSvcs.exe (Microsoft Corporation) PRC - C:\Programme\Lenovo\Bluetooth Software\btwdins.exe (Broadcom Corporation.) PRC - C:\Programme\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited) PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) ========== Modules (No Company Name) ========== MOD - C:\Programme\Mozilla Firefox\mozjs.dll () MOD - C:\Programme\Mozilla Thunderbird\mozjs.dll () MOD - C:\Programme\Mozilla Thunderbird\nsldap32v60.dll () MOD - C:\Programme\Mozilla Thunderbird\nsldappr32v60.dll () MOD - C:\Windows\System32\Macromed\Flash\NPSWF32_11_7_700_202.dll () MOD - C:\Users\Martin\AppData\Roaming\Dropbox\bin\libcef.dll () MOD - C:\Users\Martin\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll () MOD - C:\Programme\ThinkPad\Utilities\GR\PWMRT32V.DLL () MOD - C:\Programme\Lenovo\Energy Management\KbdHook.dll () MOD - C:\Programme\Lenovo\Energy Management\HookLib.dll () ========== Services (SafeList) ========== SRV - (Dnscache) -- %SystemRoot%\System32\poualsxux.dll File not found SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirWebService) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirMailService) -- C:\Programme\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (EPSON_PM_RPCV4_05) -- C:\Programme\Common Files\EPSON\EPW!3 SSRP\E_JT50RP.EXE (SEIKO EPSON CORPORATION) SRV - (Power Manager DBC Service) -- C:\Programme\ThinkPad\Utilities\PWMDBSVC.exe (Lenovo) SRV - (PwmEWSvc) -- C:\Programme\ThinkPad\Utilities\PWMEWSVC.exe (Lenovo Group Limited) SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (Update-Service) -- C:\Windows\System32\UpdSvc.dll (Joosoft.com GmbH) SRV - (Lenovo ReadyComm ConnSvc) -- C:\Programme\Lenovo\ReadyComm\ConnSvc.exe (Lenovo Group Limited) SRV - (Lenovo ReadyComm AppSvc) -- C:\Programme\Lenovo\ReadyComm\AppSvc.exe (Lenovo Group Limited) SRV - (PS_MDP) -- C:\Programme\Lenovo\ReadyComm\PS_MDP.dll (Lenovo Group Limited) SRV - (IGRS) -- C:\Programme\Lenovo\ReadyComm\common\IGRS.exe (Lenovo Group Limited) SRV - (ReadyComm.DirectRouter) -- C:\Programme\Lenovo\ReadyComm\common\router.dll (Lenovo Group Limited) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) SRV - (btwdins) -- C:\Programme\Lenovo\Bluetooth Software\btwdins.exe (Broadcom Corporation.) SRV - (IAANTMON) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) SRV - (SQLWriter) -- c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (USBCCID) -- system32\DRIVERS\RtsUCcid.sys File not found DRV - (RtsUIR) -- system32\DRIVERS\Rts516xIR.sys File not found DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG) DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (TPPWRIF) -- C:\Windows\System32\drivers\TPPWR32V.SYS (Lenovo Group Limited) DRV - (funfrm) -- C:\windows\System32\drivers\funfrm.sys () DRV - (RSUSBSTOR) -- C:\Windows\System32\drivers\RtsUStor.sys (Realtek Semiconductor Corp.) DRV - (Bridge0) -- C:\Windows\System32\drivers\wdbridge.sys (Lenovo) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (wsvd) -- C:\Windows\System32\drivers\wsvd.sys (CyberLink) DRV - (wdmirror) -- C:\Windows\System32\drivers\WDMirror.sys (Windows (R) Codename Longhorn DDK provider) DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation) DRV - (WSDScan) -- C:\Windows\System32\drivers\WSDScan.sys (Microsoft Corporation) DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (k57nd60x) -- C:\Windows\System32\drivers\k57nd60x.sys (Broadcom Corporation) DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation) DRV - (CnxtHdAudService) -- C:\Windows\System32\drivers\CHDRT32.sys (Conexant Systems Inc.) DRV - (ACPIVPC) -- C:\Windows\System32\drivers\AcpiVpc.sys (Lenovo Corporation) DRV - (netw5v32) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation) DRV - (SNP2UVC) -- C:\Windows\System32\drivers\snp2uvc.sys () DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia) DRV - (WimFltr) -- C:\Windows\System32\drivers\WimFltr.sys (Microsoft Corporation) DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/ [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo.live.com/ IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&FORM=LENIE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/ [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo.live.com/ IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&FORM=LENIE IE - HKCU\..\SearchScopes\{EEBD267A-2CA3-49D4-9B52-153EFE3FF36D}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.suggest.enabled: false FF - prefs.js..browser.search.update: false FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.05.20 13:40:46 | 000,000,000 | ---D | M] [2011.12.06 20:19:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Martin\AppData\Roaming\mozilla\Extensions [2012.09.26 21:55:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\3twb667h.default\extensions [2013.05.26 17:21:11 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\browser\extensions [2013.05.26 17:21:11 | 000,000,000 | ---D | M] (Default) -- C:\Programme\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - No CLSID value found. O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [Energy Management] C:\Programme\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited) O4 - HKLM..\Run: [EnergyUtility] C:\Programme\Lenovo\Energy Management\utility.exe (Lenovo(beijing) Limited) O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) O4 - HKLM..\Run: [NvCplDaemon] C:\windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [PWMTRV] C:\Programme\ThinkPad\Utilities\PWMTR32V.DLL (Lenovo Group Limited) O4 - HKCU..\Run: [EPLTarget\P0000000000000000] C:\windows\System32\spool\DRIVERS\W32X86\3\E_TATIHTU.EXE (SEIKO EPSON CORPORATION) O4 - Startup: C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Martin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 221 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1 O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Free YouTube Download - C:\Users\Martin\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Martin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm () O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\windows\system32\tnnsqq5vr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O13 - gopher Prefix: missing O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 82.212.62.62 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2297C498-2845-4610-85A2-67E3F6B88568}: DhcpNameServer = 82.212.62.62 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AA9C3B8B-8089-45E7-ABE4-AD064ADBAC2C}: DhcpNameServer = 82.212.62.62 192.168.0.1 O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.06.05 06:57:51 | 000,000,000 | ---D | C] -- C:\windows\System32\SPReview [2013.06.05 06:35:39 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Martin\Desktop\OTL.exe [2013.06.04 22:36:45 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan [2013.06.04 22:36:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security Task Manager [2013.06.04 22:36:36 | 000,000,000 | ---D | C] -- C:\Program Files\Security Task Manager [2013.06.01 10:37:15 | 000,066,656 | ---- | C] (Avira GmbH) -- C:\windows\System32\drivers\avnetflt.sys [2013.05.31 19:13:37 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\WinRAR [2013.05.31 19:13:37 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR [2013.05.31 19:13:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR [2013.05.31 19:13:32 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR [2013.05.31 18:57:53 | 000,000,000 | ---D | C] -- C:\windows\pss [2013.05.31 18:27:40 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Local\Seven Zip [2013.05.31 18:26:02 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2013.05.31 18:23:10 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\Avira [2013.05.31 18:19:53 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013.05.31 18:17:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2013.05.31 18:17:31 | 000,135,136 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\windows\System32\drivers\avipbb.sys [2013.05.31 18:17:31 | 000,084,744 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\windows\System32\drivers\avgntflt.sys [2013.05.31 18:17:31 | 000,037,352 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\windows\System32\drivers\avkmgr.sys [2013.05.31 18:17:31 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\windows\System32\drivers\ssmdrv.sys [2013.05.31 18:17:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2013.05.31 18:17:30 | 000,000,000 | ---D | C] -- C:\Program Files\Avira [2013.05.31 18:10:07 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe [2013.05.31 18:10:07 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe [2013.05.31 18:10:07 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe [2013.05.31 18:10:02 | 000,000,000 | --SD | C] -- C:\ComboFix [2013.05.31 18:09:57 | 000,000,000 | ---D | C] -- C:\Qoobox [2013.05.31 18:09:41 | 000,000,000 | ---D | C] -- C:\windows\erdnt [2013.05.26 17:21:00 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2013.05.26 16:31:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader [2013.05.26 16:31:18 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\Foxit Software [2013.05.26 16:31:18 | 000,000,000 | ---D | C] -- C:\Program Files\Foxit Software [2013.05.20 13:40:46 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird [2013.05.16 21:34:27 | 000,000,000 | ---D | C] -- C:\windows\Sun [2013.05.12 14:17:31 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip [2013.05.10 11:57:06 | 000,000,000 | R--D | C] -- C:\Users\Martin\Dropbox [2013.05.10 11:55:22 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox [2013.05.10 11:55:00 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\Dropbox [2013.05.06 22:00:29 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2013.05.06 22:00:19 | 000,263,584 | ---- | C] (Oracle Corporation) -- C:\windows\System32\javaws.exe [2013.05.06 22:00:16 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\windows\System32\javaw.exe [2013.05.06 22:00:16 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\windows\System32\java.exe [2013.05.06 22:00:16 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\windows\System32\WindowsAccessBridge.dll [2013.05.06 22:00:04 | 000,000,000 | ---D | C] -- C:\Program Files\Java ========== Files - Modified Within 30 Days ========== [2013.06.05 16:07:07 | 000,009,696 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.06.05 16:07:07 | 000,009,696 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.06.05 16:06:11 | 000,643,866 | ---- | M] () -- C:\windows\System32\perfh007.dat [2013.06.05 16:06:11 | 000,607,190 | ---- | M] () -- C:\windows\System32\perfh009.dat [2013.06.05 16:06:11 | 000,126,394 | ---- | M] () -- C:\windows\System32\perfc007.dat [2013.06.05 16:06:11 | 000,103,568 | ---- | M] () -- C:\windows\System32\perfc009.dat [2013.06.05 15:59:51 | 000,000,306 | RHS- | M] () -- C:\ProgramData\ntuser.pol [2013.06.05 15:59:45 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2013.06.05 15:59:37 | 2388,078,592 | -HS- | M] () -- C:\hiberfil.sys [2013.06.05 06:35:55 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Martin\Desktop\OTL.exe [2013.06.05 06:28:00 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job [2013.06.01 10:37:04 | 000,066,656 | ---- | M] (Avira GmbH) -- C:\windows\System32\drivers\avnetflt.sys [2013.05.31 18:49:32 | 000,447,208 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT [2013.05.31 18:29:00 | 000,000,535 | ---- | M] () -- C:\windows\System32\mapisvc.inf [2013.05.31 18:17:42 | 000,002,012 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2013.05.31 18:14:16 | 000,135,136 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\windows\System32\drivers\avipbb.sys [2013.05.31 18:14:16 | 000,084,744 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\windows\System32\drivers\avgntflt.sys [2013.05.31 18:14:16 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\windows\System32\drivers\avkmgr.sys [2013.05.31 18:14:16 | 000,028,520 | ---- | M] (Avira GmbH) -- C:\windows\System32\drivers\ssmdrv.sys [2013.05.26 16:31:32 | 000,002,008 | ---- | M] () -- C:\Users\Public\Desktop\Foxit Reader.lnk [2013.05.18 14:28:19 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerApp.exe [2013.05.18 14:28:19 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerCPLApp.cpl [2013.05.12 14:12:05 | 003,122,804 | ---- | M] () -- C:\Users\Martin\Desktop\Info.izp [2013.05.10 11:57:06 | 000,001,041 | ---- | M] () -- C:\Users\Martin\Desktop\Dropbox.lnk [2013.05.10 11:55:31 | 000,001,051 | ---- | M] () -- C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2013.05.06 22:00:07 | 000,094,112 | ---- | M] (Oracle Corporation) -- C:\windows\System32\WindowsAccessBridge.dll [2013.05.06 22:00:05 | 000,866,720 | ---- | M] (Oracle Corporation) -- C:\windows\System32\npDeployJava1.dll [2013.05.06 22:00:05 | 000,788,896 | ---- | M] (Oracle Corporation) -- C:\windows\System32\deployJava1.dll [2013.05.06 22:00:05 | 000,263,584 | ---- | M] (Oracle Corporation) -- C:\windows\System32\javaws.exe [2013.05.06 22:00:05 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\windows\System32\javaw.exe [2013.05.06 22:00:05 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\windows\System32\java.exe ========== Files Created - No Company Name ========== [2013.05.31 18:17:42 | 000,002,012 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2013.05.31 18:10:07 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe [2013.05.31 18:10:07 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe [2013.05.31 18:10:07 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe [2013.05.31 18:10:07 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe [2013.05.31 18:10:07 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe [2013.05.26 16:31:32 | 000,002,008 | ---- | C] () -- C:\Users\Public\Desktop\Foxit Reader.lnk [2013.05.12 14:12:05 | 003,122,804 | ---- | C] () -- C:\Users\Martin\Desktop\Info.izp [2013.05.10 11:57:06 | 000,001,041 | ---- | C] () -- C:\Users\Martin\Desktop\Dropbox.lnk [2013.05.10 11:55:31 | 000,001,051 | ---- | C] () -- C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2013.04.05 21:21:49 | 000,000,000 | ---- | C] () -- C:\windows\EEventManager.INI [2013.04.05 18:31:57 | 000,000,174 | ---- | C] () -- C:\windows\wiso.ini [2013.03.23 19:19:08 | 000,002,100 | ---- | C] () -- C:\Users\Martin\AppData\Local\recently-used.xbel [2013.01.02 16:26:42 | 000,010,495 | ---- | C] () -- C:\Users\Martin\hinkm_elster_2048.pfx [2012.09.27 13:35:47 | 000,003,559 | ---- | C] () -- C:\Users\Martin\.ganttproject [2012.08.13 11:11:02 | 141,421,187 | ---- | C] () -- C:\Program Files\openofficeorg1.cab [2012.08.13 11:09:30 | 003,166,208 | ---- | C] () -- C:\Program Files\openofficeorg341.msi [2012.08.13 11:09:30 | 000,473,600 | ---- | C] () -- C:\Program Files\setup.exe [2012.08.13 11:09:30 | 000,000,294 | ---- | C] () -- C:\Program Files\setup.ini [2012.02.12 15:19:12 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2011.12.23 21:58:28 | 000,030,568 | ---- | C] () -- C:\windows\MusiccityDownload.exe [2011.12.23 21:58:24 | 000,974,848 | ---- | C] () -- C:\windows\System32\cis-2.4.dll [2011.12.23 21:58:24 | 000,081,920 | ---- | C] () -- C:\windows\System32\issacapi_bs-2.3.dll [2011.12.23 21:58:24 | 000,065,536 | ---- | C] () -- C:\windows\System32\issacapi_pe-2.3.dll [2011.12.23 21:58:24 | 000,057,344 | ---- | C] () -- C:\windows\System32\issacapi_se-2.3.dll [2011.12.08 00:25:46 | 000,000,353 | ---- | C] () -- C:\Users\Martin\AppData\Roaming\Network Meter_Settings.ini ========== ZeroAccess Check ========== [2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 03:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== Custom Scans ========== < HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Telephony\Providers > "ProviderID0" = 1 "ProviderID1" = 2 "ProviderID2" = 3 "ProviderID3" = 4 "NextProviderID" = 6 "ProviderFileName0" = unimdm.tsp -- [2009.07.14 03:14:11 | 000,281,088 | ---- | M] (Microsoft Corporation) "ProviderFileName1" = kmddsp.tsp -- [2009.07.14 03:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) "ProviderFileName2" = ndptsp.tsp -- [2009.07.14 03:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) "ProviderFileName3" = hidphone.tsp -- [2009.07.14 03:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) "NumProviders" = 5 "ProviderID4" = 5 "ProviderFilename4" = incvoyi0y.tsp < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation /S > "DisplayName" = @%systemroot%\system32\wkssvc.dll,-100 "Group" = NetworkProvider "ImagePath" = %SystemRoot%\System32\svchost.exe -k NetworkService -- [2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) "Description" = @%systemroot%\system32\wkssvc.dll,-101 "ObjectName" = NT AUTHORITY\NetworkService "ErrorControl" = 1 "Start" = 2 "Type" = 32 "DependOnService" = BowserMRxSmb10MRxSmb20NSI [binary data] "ServiceSidType" = 1 "RequiredPrivileges" = SeChangeNotifyPrivilegeSeImperson [Binary data over 200 bytes] "FailureActions" = 80 51 01 00 00 00 00 00 00 00 00 00 03 00 00 00 14 00 00 00 01 00 00 00 60 EA 00 00 01 00 00 00 C0 D4 01 00 00 00 00 00 00 00 00 00 [binary data] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Linkage] "Bind" = \Device\Smb_Tcpip_{9811ECB5-E8F9-4 [Binary data over 200 bytes] "Route" = "Smb" "Tcpip" "{9811ECB5-E8F9-48B9 [Binary data over 200 bytes] "Export" = \Device\LanmanWorkstation_Smb_Tcpi [Binary data over 200 bytes] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\NetworkProvider] "DeviceName" = \Device\LanmanRedirector "Name" = Microsoft Windows Network "DisplayName" = @%systemroot%\system32\wkssvc.dll,-102 "ProviderPath" = %SystemRoot%\System32\ntlanman.dll -- [2009.07.14 03:16:11 | 000,069,120 | ---- | M] (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters] "ServiceDll" = %SystemRoot%\System32\wkssvc.dll -- [2009.07.14 03:16:19 | 000,084,480 | ---- | M] (Microsoft Corporation) "ServiceDllUnloadOnStop" = 1 "EnablePlainTextPassword" = 0 "EnableSecuritySignature" = 1 "RequireSecuritySignature" = 0 "OtherDomains" = [binary data] "MaxCollectionCount" = 32 "MaxThreads" = 30 "MaxCmds" = 30 < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache /S > "DisplayName" = @%SystemRoot%\System32\dnsapi.dll,-101 "Group" = TDI "ImagePath" = %SystemRoot%\system32\svchost.exe -k NetworkService -- [2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) "Description" = @%SystemRoot%\System32\dnsapi.dll,-102 "ObjectName" = NT AUTHORITY\NetworkService "ErrorControl" = 1 "Start" = 2 "Type" = 32 "DependOnService" = Tdxnsi [binary data] "ServiceSidType" = 1 "RequiredPrivileges" = SeChangeNotifyPrivilegeSeCreateGlobalPrivilege [binary data] "FailureActions" = 80 51 01 00 00 00 00 00 00 00 00 00 03 00 00 00 14 00 00 00 01 00 00 00 C0 D4 01 00 01 00 00 00 E0 93 04 00 00 00 00 00 00 00 00 00 [binary data] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache\Parameters] "ServiceDll" = %SystemRoot%\System32\poualsxux.dll "ServiceDllUnloadOnStop" = 1 "extension" = %SystemRoot%\System32\dnsext.dll -- [2009.07.14 03:15:12 | 000,006,656 | ---- | M] (Microsoft Corporation) "ServiceMain" = SetAccessPolicy [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache\Parameters\DnsCache] "ShutdownOnIdle" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache\Security] "Security" = 01 00 14 80 F8 00 00 00 04 01 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 C8 00 08 00 00 00 00 02 18 00 9D 01 02 00 01 02 00 00 00 00 00 05 20 00 00 00 21 02 00 00 00 02 18 00 FF 01 0F 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 02 14 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 14 00 8D 01 02 00 01 01 00 00 00 00 00 05 04 00 00 00 00 02 14 00 8D 00 02 00 01 01 00 00 00 00 00 05 14 00 00 00 00 02 14 00 8D 00 02 00 01 01 00 00 00 00 00 05 13 00 00 00 00 02 18 00 CD 00 02 00 01 02 00 00 00 00 00 05 20 00 00 00 2C 02 00 00 00 02 28 00 CD 01 02 00 01 06 00 00 00 00 00 05 50 00 00 00 04 C9 44 AF 94 D9 D3 E5 2B E1 B7 1C 17 84 87 13 6E 1A FA 65 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00 [Binary data over 200 bytes] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache\TriggerInfo] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache\TriggerInfo\0] "Type" = 4 "Action" = 1 "GUID" = 07 9E 56 B7 21 84 E0 4E AD 10 86 91 5A FD AD 09 [binary data] "Data0" = 5355UDP [binary data] "DataType0" = 2 < HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost > "RPCSS" = RpcEptMapperRpcSs [binary data] "defragsvc" = defragsvc [binary data] -- [2009.07.14 03:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) "LocalSystemNetworkRestricted" = UxSmsWdiSystemHostNetmantrkwks [Binary data over 200 bytes] "LocalService" = nsiWdiServiceHostw32timeEventSy [Binary data over 200 bytes] "netsvcs" = AeLookupSvcCertPropSvcSCPolicySv [Binary data over 200 bytes] "WerSvcGroup" = wersvc [binary data] -- [2009.07.14 03:16:18 | 000,065,024 | ---- | M] (Microsoft Corporation) "LocalServiceNoNetwork" = DPSPLABFEmpssvcWwanSvc [binary data] "termsvcs" = TermService [binary data] "swprv" = swprv [binary data] -- [2009.07.14 03:16:15 | 000,313,856 | ---- | M] (Microsoft Corporation) "LocalServiceNetworkRestricted" = DHCPeventlogAudioSrvBthHFSrvLm [Binary data over 200 bytes] "LocalServicePeerNet" = PNRPSvcp2pimsvcp2psvcPnrpAutoReg [binary data] "NetworkServiceAndNoImpersonation" = KtmRm [binary data] "regsvc" = RemoteRegistry [binary data] "LocalServiceAndNoImpersonation" = SSDPSRVupnphostSCardSvrTBSFont [Binary data over 200 bytes] "DcomLaunch" = PowerPlugPlayDcomLaunch [binary data] "NetworkServiceNetworkRestricted" = PolicyAgent [binary data] "NetworkService" = CryptSvcDHCPTermServiceDNSCache [Binary data over 200 bytes] "sdrsvc" = sdrsvc [binary data] -- [2009.07.14 03:16:13 | 000,125,952 | ---- | M] (Microsoft Corporation) "WbioSvcGroup" = WbioSrvc [binary data] -- [2009.07.14 03:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) "imgsvc" = StiSvc [binary data] "wcssvc" = WcsPlugInService [binary data] -- [2009.07.14 03:16:18 | 000,032,768 | ---- | M] (Microsoft Corporation) "AxInstSVGroup" = AxInstSV [binary data] -- [2009.07.14 03:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) "secsvcs" = WinDefend [binary data] "bthsvcs" = bthserv [binary data] -- [2009.07.14 03:15:00 | 000,064,512 | ---- | M] (Microsoft Corporation) "IgrsSvcs" = ReadyComm.DirectRouterPS_MDP [binary data] "" = "Update-Service-Installer-Service" = Update-Service-Installer-Service [binary data] "Update-Service" = Update-Service [binary data] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\AxInstSVGroup] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\defragsvc] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\LocalService] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\LocalServiceAndNoImpersonation] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\LocalServiceNetworkRestricted] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\LocalServiceNoNetwork] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\LocalSystemNetworkRestricted] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\netsvcs] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\NetworkService] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\NetworkServiceRemoteDesktopHyperVAgent] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\NetworkServiceRemoteDesktopPublishing] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\SDRSVC] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\swprv] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\termsvcs] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\wcssvc] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\wercplsupport] < HKEY_LOCAL_MACHINE\SOFTWARE\Joosoft.com > [HKEY_LOCAL_MACHINE\SOFTWARE\Joosoft.com\UpdateClient] < %SystemRoot%\system32\*.tsp > [2009.07.14 03:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\windows\system32\hidphone.tsp [2009.07.14 03:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\windows\system32\kmddsp.tsp [2009.07.14 03:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\windows\system32\ndptsp.tsp [2009.07.14 03:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\windows\system32\remotesp.tsp [2009.07.14 03:14:11 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\windows\system32\unimdm.tsp < C:\Windows\system32\*.dll /600 > [2013.02.12 17:07:48 | 000,131,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\aaclient.dll [2012.03.09 20:18:38 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\admparse.dll [2013.01.04 06:43:52 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll [2013.01.04 06:43:52 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll [2013.01.04 06:43:52 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll [2013.01.04 06:43:52 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll [2013.01.04 06:43:52 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll [2013.01.04 06:43:52 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll [2013.01.04 06:43:52 | 000,005,120 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll [2013.01.04 06:43:53 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll [2013.01.04 06:43:53 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll [2013.01.04 06:43:53 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll [2013.01.04 06:43:53 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll [2013.01.04 06:43:53 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll [2013.01.04 06:43:53 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll [2013.01.04 06:43:53 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll [2013.01.04 06:43:53 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll [2013.01.04 06:43:53 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll [2013.01.04 06:43:54 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll [2013.01.04 06:43:54 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll [2013.01.04 06:43:54 | 000,004,608 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll [2013.01.04 06:43:54 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll [2013.01.04 06:43:54 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll [2013.01.04 06:43:54 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll [2013.01.04 06:43:54 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll [2013.01.04 06:43:54 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll [2013.01.04 04:43:34 | 000,004,608 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll [2013.01.04 04:43:34 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll [2013.01.04 04:43:35 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll [2013.01.04 04:43:34 | 000,006,144 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll [2012.12.16 16:25:27 | 000,295,424 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\system32\atmfd.dll [2012.12.16 16:25:19 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\system32\atmlib.dll [2012.07.04 23:23:55 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\browcli.dll [2012.07.04 23:23:55 | 000,102,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\browser.dll [2012.03.09 20:16:51 | 000,107,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\cdd.dll [2011.12.23 21:58:24 | 000,974,848 | ---- | M] () -- C:\Windows\system32\cis-2.4.dll [2012.06.02 06:45:21 | 001,157,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\crypt32.dll [2012.06.02 06:45:21 | 000,103,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\cryptnet.dll [2012.06.02 06:45:21 | 000,139,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\cryptsvc.dll [2013.03.19 06:54:22 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\csrsrv.dll [2012.03.03 07:40:09 | 000,739,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\d2d1.dll [2012.03.03 07:40:10 | 001,170,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\d3d10warp.dll [2012.03.03 07:40:09 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\d3d10_1.dll [2012.03.03 07:40:09 | 000,218,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\d3d10_1core.dll [2013.05.06 22:00:05 | 000,788,896 | ---- | M] (Oracle Corporation) -- C:\Windows\system32\deployJava1.dll [2011.12.23 21:58:18 | 000,821,824 | ---- | M] (Devguru Co., Ltd.) -- C:\Windows\system32\dgderapi.dll [2012.11.02 06:48:28 | 000,376,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\dpnet.dll [2012.03.03 07:40:21 | 001,074,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\DWrite.dll [2012.03.09 20:18:39 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\dxtmsft.dll [2012.03.09 20:18:39 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\dxtrans.dll [2011.10.15 07:48:52 | 000,534,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\EncDec.dll [2012.03.09 20:16:52 | 001,495,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ExplorerFrame.dll [2012.12.07 13:29:57 | 000,008,192 | ---- | M] (SEIKO EPSON CORP.) -- C:\Windows\system32\E_DCINST.DLL [2012.12.07 13:29:57 | 000,081,408 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Windows\system32\E_TD4BHTU.DLL [2012.12.07 13:29:57 | 000,095,232 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Windows\system32\E_TLBHTU.DLL [2012.03.09 20:16:52 | 000,801,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\FntCache.dll [2012.03.09 20:18:39 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\icardie.dll [2012.03.09 20:18:40 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\IEAdvpack.dll [2012.03.09 20:18:40 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ieakeng.dll [2012.03.09 20:18:38 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ieaksie.dll [2012.03.09 20:18:38 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ieakui.dll [2012.03.09 20:18:39 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ieapfltr.dll [2012.03.09 20:18:39 | 000,353,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\iedkcs32.dll [2013.02.22 05:47:17 | 009,738,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ieframe.dll [2012.03.09 20:18:38 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\iepeers.dll [2012.03.09 20:18:39 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\iernonce.dll [2013.02.22 05:32:05 | 001,796,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\iertutil.dll [2012.03.09 20:18:39 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\iesetup.dll [2012.03.09 20:18:40 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\iesysprep.dll [2013.02.22 05:28:48 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ieui.dll [2012.03.01 07:45:05 | 000,158,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\imagehlp.dll [2012.03.09 20:18:38 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\imgutil.dll [2012.03.09 20:18:39 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\inseng.dll [2011.12.23 21:58:24 | 000,081,920 | ---- | M] () -- C:\Windows\system32\issacapi_bs-2.3.dll [2011.12.23 21:58:24 | 000,065,536 | ---- | M] () -- C:\Windows\system32\issacapi_pe-2.3.dll [2011.12.23 21:58:24 | 000,057,344 | ---- | M] () -- C:\Windows\system32\issacapi_se-2.3.dll [2013.02.22 05:34:18 | 000,717,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\jscript.dll [2013.02.22 05:46:00 | 001,800,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\jscript9.dll [2013.02.22 05:35:31 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\jsproxy.dll [2012.08.11 01:54:04 | 000,541,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kerberos.dll [2013.01.04 06:46:33 | 000,868,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kernel32.dll [2013.01.04 06:46:33 | 000,293,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\KernelBase.dll [2012.03.09 20:18:39 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\licmgr10.dll [2012.05.14 06:37:47 | 000,768,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\localspl.dll [2011.11.17 07:38:39 | 001,037,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\lsasrv.dll [2011.12.23 21:58:24 | 000,045,056 | ---- | M] ((주) 마크애니) -- C:\Windows\system32\MACXMLProto.dll [2011.12.23 21:58:24 | 000,118,784 | ---- | M] ((주)마크애니) -- C:\Windows\system32\MaDRM.dll [2011.12.23 21:58:24 | 000,049,152 | ---- | M] ((주) 마크애니) -- C:\Windows\system32\MaJGUILib.dll [2011.12.23 21:58:24 | 000,040,960 | ---- | M] (마크애니연구소) -- C:\Windows\system32\MAMACExtract.dll [2011.12.23 21:58:24 | 000,045,056 | ---- | M] ((주) 마크애니) -- C:\Windows\system32\MaXMLProto.dll [2012.03.09 20:16:51 | 003,181,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\mf.dll [2012.03.09 20:16:50 | 000,196,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\mfreadwrite.dll [2011.12.23 21:58:24 | 000,057,344 | ---- | M] (Marktek) -- C:\Windows\system32\MK_Lyric.dll [2011.12.23 21:58:24 | 000,245,760 | ---- | M] (Teruten Inc.) -- C:\Windows\system32\MSCLib.dll [2013.02.22 05:33:11 | 000,607,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msfeeds.dll [2012.03.09 20:18:41 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msfeedsbs.dll [2011.12.23 21:58:24 | 000,155,648 | ---- | M] (Teruten Inc.) -- C:\Windows\system32\MSFLib.dll [2013.02.22 06:05:50 | 012,324,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\mshtml.dll [2013.02.22 05:31:55 | 000,073,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\mshtmled.dll [2012.03.09 20:18:40 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\mshtmler.dll [2012.03.09 20:18:41 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msls31.dll [2011.12.23 21:58:24 | 000,352,256 | ---- | M] (Sample Corporation) -- C:\Windows\system32\MSLUR71.dll [2012.03.09 20:18:41 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msrating.dll [2013.02.12 17:13:55 | 002,691,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\mstscax.dll [2011.12.16 09:59:17 | 000,690,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msvcrt.dll [2012.06.06 07:09:46 | 001,236,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msxml3.dll [2012.11.02 06:50:33 | 001,388,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msxml6.dll [2011.12.23 21:58:24 | 000,040,960 | ---- | M] (Telechips Inc.,) -- C:\Windows\system32\MTTELECHIP.dll [2011.12.23 21:58:24 | 000,057,344 | ---- | M] (Marktek Inc.) -- C:\Windows\system32\MTXSYNCICON.dll [2011.12.23 21:58:24 | 000,135,168 | ---- | M] (Musiccity Co.Ltd.) -- C:\Windows\system32\muzaf1.dll [2011.12.23 21:58:24 | 000,491,520 | ---- | M] (Musiccity Co.Ltd.) -- C:\Windows\system32\muzapp.dll [2011.12.23 21:58:24 | 000,200,704 | ---- | M] ( (c) MusicCity) -- C:\Windows\system32\muzwmts.dll [2012.11.20 07:10:07 | 000,219,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ncrypt.dll [2012.07.04 23:26:19 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\netapi32.dll [2013.05.06 22:00:05 | 000,866,720 | ---- | M] (Oracle Corporation) -- C:\Windows\system32\npDeployJava1.dll [2011.11.17 07:41:38 | 001,288,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ntdll.dll [2012.03.09 20:18:38 | 000,123,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\occache.dll [2011.11.19 16:06:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\packager.dll [2012.03.09 20:18:38 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\pngfilt.dll [2011.10.26 06:28:25 | 000,514,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\qdvd.dll [2011.10.26 06:28:26 | 001,328,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\quartz.dll [2012.02.15 07:44:57 | 000,826,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\rdpcore.dll [2012.04.26 06:48:52 | 000,129,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\rdpcorekmts.dll [2012.04.26 06:48:52 | 000,057,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\rdpwsx.dll [2011.12.23 21:58:54 | 004,659,712 | ---- | M] (Dmitry Streblechenko) -- C:\Windows\system32\Redemption.dll [2012.06.02 06:48:35 | 000,225,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\schannel.dll [2011.11.17 07:39:21 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\secur32.dll [2012.06.09 06:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\shell32.dll [2011.11.17 07:39:24 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\sspicli.dll [2011.11.17 07:39:24 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\sspisrv.dll [2012.09.25 23:55:17 | 000,078,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\synceng.dll [2013.02.12 15:59:49 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\tsgqec.dll [2012.11.09 06:49:37 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\tzres.dll [2011.12.06 21:55:56 | 000,114,000 | ---- | M] (Joosoft.com GmbH) -- C:\Windows\system32\UpdSvc.dll [2013.02.22 05:36:35 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\url.dll [2013.02.22 05:38:39 | 001,104,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\urlmon.dll [2013.02.22 05:34:03 | 000,420,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\vbscript.dll [2011.12.08 06:22:26 | 001,416,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\WdfCoInstaller01005.dll [2012.03.09 20:18:39 | 000,203,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\webcheck.dll [2011.11.17 07:39:28 | 000,314,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\webio.dll [2012.11.09 06:49:55 | 000,492,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\win32spl.dll [2013.05.06 22:00:07 | 000,094,112 | ---- | M] (Oracle Corporation) -- C:\Windows\system32\WindowsAccessBridge.dll [2013.02.22 05:38:00 | 001,129,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wininet.dll [2013.01.04 06:50:40 | 000,169,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\winsrv.dll [2012.08.24 19:10:47 | 000,172,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wintrust.dll [2012.09.28 23:14:05 | 000,851,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\WinUSBCoInstaller2.dll [2012.03.01 07:40:44 | 000,005,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wmi.dll [2012.03.09 20:16:53 | 001,619,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\WMVDECOD.DLL [2012.06.03 00:19:23 | 000,577,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wuapi.dll [2012.06.03 00:19:17 | 001,933,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wuaueng.dll [2012.06.03 00:12:32 | 002,422,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wucltux.dll [2012.06.03 00:12:13 | 000,088,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wudriver.dll [2012.06.03 00:19:32 | 000,035,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wups.dll [2012.06.03 00:19:33 | 000,045,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wups2.dll [2012.06.02 15:19:42 | 000,171,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wuwebv.dll [2012.03.09 20:16:52 | 000,283,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\XpsGdiConverter.dll [2012.03.09 20:16:51 | 000,442,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\XpsPrint.dll [2012.03.09 20:16:52 | 000,135,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\XpsRasterService.dll < End of report > |
|
05.06.2013, 16:28
| #6 |
| /// the machine /// TB-Ausbilder | vermuteter Malware BefallFixen mit OTL
Code:
ATTFilter :OTL
[2011.12.06 21:55:56 | 000,114,000 | ---- | M] (Joosoft.com GmbH) -- C:\Windows\system32\UpdSvc.dll
:reg
[HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Telephony\Providers]
"ProviderFilename4"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache\Parameters]
"ServiceDll"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\
00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
64,00,6e,00,73,00,72,00,73,00,6c,00,76,00,72,00,2e,00,64,00,6c,00,6c,00,00,\
00
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
"Update-Service-Installer-Service"=-
"Update-Service"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Joosoft.com]
:files
C:\Windows\System32\poualsxux.dll
C:\Windows\System32\incvoyi0y.tsp
:Commands
[emptytemp]
Und dann bitte ein frisches OTL Scanlog mit dem gleichen Customscan wie eben.
__________________ --> vermuteter Malware Befall |
|
06.06.2013, 06:56
| #7 |
| | vermuteter Malware Befall Guten morgen, bitteschönOTL Logfile: Code:
ATTFilter OTL logfile created on: 06.06.2013 07:36:37 - Run 3 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Martin\Desktop Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,97 Gb Total Physical Memory | 1,74 Gb Available Physical Memory | 58,76% Memory free 5,93 Gb Paging File | 4,68 Gb Available in Paging File | 78,91% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files Drive C: | 100,00 Gb Total Space | 69,46 Gb Free Space | 69,46% Space Free | Partition Type: NTFS Drive D: | 30,25 Gb Total Space | 22,34 Gb Free Space | 73,87% Space Free | Partition Type: NTFS Drive F: | 146,48 Gb Total Space | 39,44 Gb Free Space | 26,92% Space Free | Partition Type: NTFS Drive G: | 174,07 Gb Total Space | 37,46 Gb Free Space | 21,52% Space Free | Partition Type: NTFS Computer Name: MARTIN-PC | User Name: Martin | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Martin\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\Mozilla Thunderbird\thunderbird.exe (Mozilla Corporation) PRC - C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe (Adobe Systems, Inc.) PRC - C:\Users\Martin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation) PRC - C:\Windows\System32\spool\drivers\w32x86\3\E_TATIHTU.EXE (SEIKO EPSON CORPORATION) PRC - C:\Programme\ThinkPad\Utilities\SCHTASK.EXE (Lenovo Group Limited) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Lenovo\Energy Management\utility.exe (Lenovo(beijing) Limited) PRC - C:\Programme\Lenovo\ReadyComm\common\IGRS.exe (Lenovo Group Limited) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - \\?\C:\windows\System32\wbem\WMIADAP.EXE () PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Windows\System32\IgrsSvcs.exe (Microsoft Corporation) PRC - C:\Programme\Lenovo\Bluetooth Software\btwdins.exe (Broadcom Corporation.) PRC - C:\Programme\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited) PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) ========== Modules (No Company Name) ========== MOD - C:\Programme\Mozilla Firefox\mozjs.dll () MOD - C:\Programme\Mozilla Thunderbird\mozjs.dll () MOD - C:\Programme\Mozilla Thunderbird\nsldap32v60.dll () MOD - C:\Programme\Mozilla Thunderbird\nsldappr32v60.dll () MOD - C:\Windows\System32\Macromed\Flash\NPSWF32_11_7_700_202.dll () MOD - C:\Users\Martin\AppData\Roaming\Dropbox\bin\libcef.dll () MOD - C:\Users\Martin\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll () MOD - C:\Programme\ThinkPad\Utilities\GR\PWMRT32V.DLL () MOD - C:\Programme\Lenovo\Energy Management\KbdHook.dll () MOD - C:\Programme\Lenovo\Energy Management\HookLib.dll () ========== Services (SafeList) ========== SRV - (Update-Service) -- %SystemRoot%\System32\UpdSvc.dll File not found SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirWebService) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirMailService) -- C:\Programme\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (EPSON_PM_RPCV4_05) -- C:\Programme\Common Files\EPSON\EPW!3 SSRP\E_JT50RP.EXE (SEIKO EPSON CORPORATION) SRV - (Power Manager DBC Service) -- C:\Programme\ThinkPad\Utilities\PWMDBSVC.exe (Lenovo) SRV - (PwmEWSvc) -- C:\Programme\ThinkPad\Utilities\PWMEWSVC.exe (Lenovo Group Limited) SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (Lenovo ReadyComm ConnSvc) -- C:\Programme\Lenovo\ReadyComm\ConnSvc.exe (Lenovo Group Limited) SRV - (Lenovo ReadyComm AppSvc) -- C:\Programme\Lenovo\ReadyComm\AppSvc.exe (Lenovo Group Limited) SRV - (PS_MDP) -- C:\Programme\Lenovo\ReadyComm\PS_MDP.dll (Lenovo Group Limited) SRV - (IGRS) -- C:\Programme\Lenovo\ReadyComm\common\IGRS.exe (Lenovo Group Limited) SRV - (ReadyComm.DirectRouter) -- C:\Programme\Lenovo\ReadyComm\common\router.dll (Lenovo Group Limited) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) SRV - (btwdins) -- C:\Programme\Lenovo\Bluetooth Software\btwdins.exe (Broadcom Corporation.) SRV - (IAANTMON) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) SRV - (SQLWriter) -- c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (USBCCID) -- system32\DRIVERS\RtsUCcid.sys File not found DRV - (RtsUIR) -- system32\DRIVERS\Rts516xIR.sys File not found DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG) DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (TPPWRIF) -- C:\Windows\System32\drivers\TPPWR32V.SYS (Lenovo Group Limited) DRV - (funfrm) -- C:\windows\System32\drivers\funfrm.sys () DRV - (RSUSBSTOR) -- C:\Windows\System32\drivers\RtsUStor.sys (Realtek Semiconductor Corp.) DRV - (Bridge0) -- C:\Windows\System32\drivers\wdbridge.sys (Lenovo) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (wsvd) -- C:\Windows\System32\drivers\wsvd.sys (CyberLink) DRV - (wdmirror) -- C:\Windows\System32\drivers\WDMirror.sys (Windows (R) Codename Longhorn DDK provider) DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation) DRV - (WSDScan) -- C:\Windows\System32\drivers\WSDScan.sys (Microsoft Corporation) DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (k57nd60x) -- C:\Windows\System32\drivers\k57nd60x.sys (Broadcom Corporation) DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation) DRV - (CnxtHdAudService) -- C:\Windows\System32\drivers\CHDRT32.sys (Conexant Systems Inc.) DRV - (ACPIVPC) -- C:\Windows\System32\drivers\AcpiVpc.sys (Lenovo Corporation) DRV - (netw5v32) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation) DRV - (SNP2UVC) -- C:\Windows\System32\drivers\snp2uvc.sys () DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia) DRV - (WimFltr) -- C:\Windows\System32\drivers\WimFltr.sys (Microsoft Corporation) DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/ [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo.live.com/ IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&FORM=LENIE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/ [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo.live.com/ IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&FORM=LENIE IE - HKCU\..\SearchScopes\{EEBD267A-2CA3-49D4-9B52-153EFE3FF36D}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.suggest.enabled: false FF - prefs.js..browser.search.update: false FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.05.20 13:40:46 | 000,000,000 | ---D | M] [2011.12.06 20:19:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Martin\AppData\Roaming\mozilla\Extensions [2012.09.26 21:55:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\3twb667h.default\extensions [2013.05.26 17:21:11 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\browser\extensions [2013.05.26 17:21:11 | 000,000,000 | ---D | M] (Default) -- C:\Programme\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - No CLSID value found. O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [Energy Management] C:\Programme\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited) O4 - HKLM..\Run: [EnergyUtility] C:\Programme\Lenovo\Energy Management\utility.exe (Lenovo(beijing) Limited) O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) O4 - HKLM..\Run: [NvCplDaemon] C:\windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [PWMTRV] C:\Programme\ThinkPad\Utilities\PWMTR32V.DLL (Lenovo Group Limited) O4 - HKCU..\Run: [EPLTarget\P0000000000000000] C:\windows\System32\spool\DRIVERS\W32X86\3\E_TATIHTU.EXE (SEIKO EPSON CORPORATION) O4 - Startup: C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Martin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 221 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1 O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Free YouTube Download - C:\Users\Martin\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Martin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm () O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\windows\system32\tnnsqq5vr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O13 - gopher Prefix: missing O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 82.212.62.62 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2297C498-2845-4610-85A2-67E3F6B88568}: DhcpNameServer = 82.212.62.62 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AA9C3B8B-8089-45E7-ABE4-AD064ADBAC2C}: DhcpNameServer = 82.212.62.62 192.168.0.1 O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.06.06 07:18:54 | 000,000,000 | ---D | C] -- C:\_OTL [2013.06.06 07:15:59 | 000,000,000 | ---D | C] -- C:\Users\Martin\Desktop\archiv [2013.06.05 16:39:51 | 000,000,000 | ---D | C] -- C:\windows\System32\SPReview [2013.06.05 06:35:39 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Martin\Desktop\OTL.exe [2013.06.04 22:36:45 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan [2013.06.04 22:36:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security Task Manager [2013.06.04 22:36:36 | 000,000,000 | ---D | C] -- C:\Program Files\Security Task Manager [2013.06.01 10:37:15 | 000,066,656 | ---- | C] (Avira GmbH) -- C:\windows\System32\drivers\avnetflt.sys [2013.05.31 19:13:37 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\WinRAR [2013.05.31 19:13:37 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR [2013.05.31 19:13:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR [2013.05.31 19:13:32 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR [2013.05.31 18:57:53 | 000,000,000 | ---D | C] -- C:\windows\pss [2013.05.31 18:27:40 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Local\Seven Zip [2013.05.31 18:26:02 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2013.05.31 18:23:10 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\Avira [2013.05.31 18:19:53 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013.05.31 18:17:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2013.05.31 18:17:31 | 000,135,136 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\windows\System32\drivers\avipbb.sys [2013.05.31 18:17:31 | 000,084,744 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\windows\System32\drivers\avgntflt.sys [2013.05.31 18:17:31 | 000,037,352 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\windows\System32\drivers\avkmgr.sys [2013.05.31 18:17:31 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\windows\System32\drivers\ssmdrv.sys [2013.05.31 18:17:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2013.05.31 18:17:30 | 000,000,000 | ---D | C] -- C:\Program Files\Avira [2013.05.31 18:10:07 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe [2013.05.31 18:10:07 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe [2013.05.31 18:10:07 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe [2013.05.31 18:10:02 | 000,000,000 | --SD | C] -- C:\ComboFix [2013.05.31 18:09:57 | 000,000,000 | ---D | C] -- C:\Qoobox [2013.05.31 18:09:41 | 000,000,000 | ---D | C] -- C:\windows\erdnt [2013.05.26 17:21:00 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2013.05.26 16:31:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader [2013.05.26 16:31:18 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\Foxit Software [2013.05.26 16:31:18 | 000,000,000 | ---D | C] -- C:\Program Files\Foxit Software [2013.05.20 13:40:46 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird [2013.05.16 21:34:27 | 000,000,000 | ---D | C] -- C:\windows\Sun [2013.05.12 14:17:31 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip [2013.05.10 11:57:06 | 000,000,000 | R--D | C] -- C:\Users\Martin\Dropbox [2013.05.10 11:55:22 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox [2013.05.10 11:55:00 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\Dropbox ========== Files - Modified Within 30 Days ========== [2013.06.06 07:37:27 | 000,009,696 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.06.06 07:37:27 | 000,009,696 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.06.06 07:36:29 | 000,643,866 | ---- | M] () -- C:\windows\System32\perfh007.dat [2013.06.06 07:36:29 | 000,607,190 | ---- | M] () -- C:\windows\System32\perfh009.dat [2013.06.06 07:36:29 | 000,126,394 | ---- | M] () -- C:\windows\System32\perfc007.dat [2013.06.06 07:36:29 | 000,103,568 | ---- | M] () -- C:\windows\System32\perfc009.dat [2013.06.06 07:30:06 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2013.06.06 07:29:57 | 2388,078,592 | -HS- | M] () -- C:\hiberfil.sys [2013.06.06 07:28:04 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job [2013.06.05 15:59:51 | 000,000,306 | RHS- | M] () -- C:\ProgramData\ntuser.pol [2013.06.05 06:35:55 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Martin\Desktop\OTL.exe [2013.06.01 10:37:04 | 000,066,656 | ---- | M] (Avira GmbH) -- C:\windows\System32\drivers\avnetflt.sys [2013.05.31 18:49:32 | 000,447,208 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT [2013.05.31 18:29:00 | 000,000,535 | ---- | M] () -- C:\windows\System32\mapisvc.inf [2013.05.31 18:17:42 | 000,002,012 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2013.05.31 18:14:16 | 000,135,136 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\windows\System32\drivers\avipbb.sys [2013.05.31 18:14:16 | 000,084,744 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\windows\System32\drivers\avgntflt.sys [2013.05.31 18:14:16 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\windows\System32\drivers\avkmgr.sys [2013.05.31 18:14:16 | 000,028,520 | ---- | M] (Avira GmbH) -- C:\windows\System32\drivers\ssmdrv.sys [2013.05.26 16:31:32 | 000,002,008 | ---- | M] () -- C:\Users\Public\Desktop\Foxit Reader.lnk [2013.05.18 14:28:19 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerApp.exe [2013.05.18 14:28:19 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerCPLApp.cpl [2013.05.12 14:12:05 | 003,122,804 | ---- | M] () -- C:\Users\Martin\Desktop\Info.izp [2013.05.10 11:57:06 | 000,001,041 | ---- | M] () -- C:\Users\Martin\Desktop\Dropbox.lnk [2013.05.10 11:55:31 | 000,001,051 | ---- | M] () -- C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ========== Files Created - No Company Name ========== [2013.05.31 18:17:42 | 000,002,012 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2013.05.31 18:10:07 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe [2013.05.31 18:10:07 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe [2013.05.31 18:10:07 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe [2013.05.31 18:10:07 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe [2013.05.31 18:10:07 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe [2013.05.26 16:31:32 | 000,002,008 | ---- | C] () -- C:\Users\Public\Desktop\Foxit Reader.lnk [2013.05.12 14:12:05 | 003,122,804 | ---- | C] () -- C:\Users\Martin\Desktop\Info.izp [2013.05.10 11:57:06 | 000,001,041 | ---- | C] () -- C:\Users\Martin\Desktop\Dropbox.lnk [2013.05.10 11:55:31 | 000,001,051 | ---- | C] () -- C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2013.04.05 21:21:49 | 000,000,000 | ---- | C] () -- C:\windows\EEventManager.INI [2013.04.05 18:31:57 | 000,000,174 | ---- | C] () -- C:\windows\wiso.ini [2013.03.23 19:19:08 | 000,002,100 | ---- | C] () -- C:\Users\Martin\AppData\Local\recently-used.xbel [2013.01.02 16:26:42 | 000,010,495 | ---- | C] () -- C:\Users\Martin\hinkm_elster_2048.pfx [2012.09.27 13:35:47 | 000,003,559 | ---- | C] () -- C:\Users\Martin\.ganttproject [2012.08.13 11:11:02 | 141,421,187 | ---- | C] () -- C:\Program Files\openofficeorg1.cab [2012.08.13 11:09:30 | 003,166,208 | ---- | C] () -- C:\Program Files\openofficeorg341.msi [2012.08.13 11:09:30 | 000,473,600 | ---- | C] () -- C:\Program Files\setup.exe [2012.08.13 11:09:30 | 000,000,294 | ---- | C] () -- C:\Program Files\setup.ini [2012.02.12 15:19:12 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2011.12.23 21:58:28 | 000,030,568 | ---- | C] () -- C:\windows\MusiccityDownload.exe [2011.12.23 21:58:24 | 000,974,848 | ---- | C] () -- C:\windows\System32\cis-2.4.dll [2011.12.23 21:58:24 | 000,081,920 | ---- | C] () -- C:\windows\System32\issacapi_bs-2.3.dll [2011.12.23 21:58:24 | 000,065,536 | ---- | C] () -- C:\windows\System32\issacapi_pe-2.3.dll [2011.12.23 21:58:24 | 000,057,344 | ---- | C] () -- C:\windows\System32\issacapi_se-2.3.dll [2011.12.08 00:25:46 | 000,000,353 | ---- | C] () -- C:\Users\Martin\AppData\Roaming\Network Meter_Settings.ini ========== ZeroAccess Check ========== [2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 03:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== Custom Scans ========== < HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Telephony\Providers > "ProviderID0" = 1 "ProviderID1" = 2 "ProviderID2" = 3 "ProviderID3" = 4 "NextProviderID" = 6 "ProviderFileName0" = unimdm.tsp -- [2009.07.14 03:14:11 | 000,281,088 | ---- | M] (Microsoft Corporation) "ProviderFileName1" = kmddsp.tsp -- [2009.07.14 03:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) "ProviderFileName2" = ndptsp.tsp -- [2009.07.14 03:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) "ProviderFileName3" = hidphone.tsp -- [2009.07.14 03:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) "NumProviders" = 5 "ProviderID4" = 5 < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation /S > "DisplayName" = @%systemroot%\system32\wkssvc.dll,-100 "Group" = NetworkProvider "ImagePath" = %SystemRoot%\System32\svchost.exe -k NetworkService -- [2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) "Description" = @%systemroot%\system32\wkssvc.dll,-101 "ObjectName" = NT AUTHORITY\NetworkService "ErrorControl" = 1 "Start" = 2 "Type" = 32 "DependOnService" = BowserMRxSmb10MRxSmb20NSI [binary data] "ServiceSidType" = 1 "RequiredPrivileges" = SeChangeNotifyPrivilegeSeImperson [Binary data over 200 bytes] "FailureActions" = 80 51 01 00 00 00 00 00 00 00 00 00 03 00 00 00 14 00 00 00 01 00 00 00 60 EA 00 00 01 00 00 00 C0 D4 01 00 00 00 00 00 00 00 00 00 [binary data] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Linkage] "Bind" = \Device\Smb_Tcpip_{9811ECB5-E8F9-4 [Binary data over 200 bytes] "Route" = "Smb" "Tcpip" "{9811ECB5-E8F9-48B9 [Binary data over 200 bytes] "Export" = \Device\LanmanWorkstation_Smb_Tcpi [Binary data over 200 bytes] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\NetworkProvider] "DeviceName" = \Device\LanmanRedirector "Name" = Microsoft Windows Network "DisplayName" = @%systemroot%\system32\wkssvc.dll,-102 "ProviderPath" = %SystemRoot%\System32\ntlanman.dll -- [2009.07.14 03:16:11 | 000,069,120 | ---- | M] (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters] "ServiceDll" = %SystemRoot%\System32\wkssvc.dll -- [2009.07.14 03:16:19 | 000,084,480 | ---- | M] (Microsoft Corporation) "ServiceDllUnloadOnStop" = 1 "EnablePlainTextPassword" = 0 "EnableSecuritySignature" = 1 "RequireSecuritySignature" = 0 "OtherDomains" = [binary data] "MaxCollectionCount" = 32 "MaxThreads" = 30 "MaxCmds" = 30 < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache /S > "DisplayName" = @%SystemRoot%\System32\dnsapi.dll,-101 "Group" = TDI "ImagePath" = %SystemRoot%\system32\svchost.exe -k NetworkService -- [2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) "Description" = @%SystemRoot%\System32\dnsapi.dll,-102 "ObjectName" = NT AUTHORITY\NetworkService "ErrorControl" = 1 "Start" = 2 "Type" = 32 "DependOnService" = Tdxnsi [binary data] "ServiceSidType" = 1 "RequiredPrivileges" = SeChangeNotifyPrivilegeSeCreateGlobalPrivilege [binary data] "FailureActions" = 80 51 01 00 00 00 00 00 00 00 00 00 03 00 00 00 14 00 00 00 01 00 00 00 C0 D4 01 00 01 00 00 00 E0 93 04 00 00 00 00 00 00 00 00 00 [binary data] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache\Parameters] "ServiceDll" = %SystemRoot%\System32\dnsrslvr.dll -- [2011.03.03 07:29:23 | 000,132,608 | ---- | M] (Microsoft Corporation) "ServiceDllUnloadOnStop" = 1 "extension" = %SystemRoot%\System32\dnsext.dll -- [2009.07.14 03:15:12 | 000,006,656 | ---- | M] (Microsoft Corporation) "ServiceMain" = SetAccessPolicy [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache\Parameters\DnsCache] "ShutdownOnIdle" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache\Security] "Security" = 01 00 14 80 F8 00 00 00 04 01 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 C8 00 08 00 00 00 00 02 18 00 9D 01 02 00 01 02 00 00 00 00 00 05 20 00 00 00 21 02 00 00 00 02 18 00 FF 01 0F 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 02 14 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 14 00 8D 01 02 00 01 01 00 00 00 00 00 05 04 00 00 00 00 02 14 00 8D 00 02 00 01 01 00 00 00 00 00 05 14 00 00 00 00 02 14 00 8D 00 02 00 01 01 00 00 00 00 00 05 13 00 00 00 00 02 18 00 CD 00 02 00 01 02 00 00 00 00 00 05 20 00 00 00 2C 02 00 00 00 02 28 00 CD 01 02 00 01 06 00 00 00 00 00 05 50 00 00 00 04 C9 44 AF 94 D9 D3 E5 2B E1 B7 1C 17 84 87 13 6E 1A FA 65 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00 [Binary data over 200 bytes] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache\TriggerInfo] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache\TriggerInfo\0] "Type" = 4 "Action" = 1 "GUID" = 07 9E 56 B7 21 84 E0 4E AD 10 86 91 5A FD AD 09 [binary data] "Data0" = 5355UDP [binary data] "DataType0" = 2 < HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost > "RPCSS" = RpcEptMapperRpcSs [binary data] "defragsvc" = defragsvc [binary data] -- [2009.07.14 03:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) "LocalSystemNetworkRestricted" = UxSmsWdiSystemHostNetmantrkwks [Binary data over 200 bytes] "LocalService" = nsiWdiServiceHostw32timeEventSy [Binary data over 200 bytes] "netsvcs" = AeLookupSvcCertPropSvcSCPolicySv [Binary data over 200 bytes] "WerSvcGroup" = wersvc [binary data] -- [2009.07.14 03:16:18 | 000,065,024 | ---- | M] (Microsoft Corporation) "LocalServiceNoNetwork" = DPSPLABFEmpssvcWwanSvc [binary data] "termsvcs" = TermService [binary data] "swprv" = swprv [binary data] -- [2009.07.14 03:16:15 | 000,313,856 | ---- | M] (Microsoft Corporation) "LocalServiceNetworkRestricted" = DHCPeventlogAudioSrvBthHFSrvLm [Binary data over 200 bytes] "LocalServicePeerNet" = PNRPSvcp2pimsvcp2psvcPnrpAutoReg [binary data] "NetworkServiceAndNoImpersonation" = KtmRm [binary data] "regsvc" = RemoteRegistry [binary data] "LocalServiceAndNoImpersonation" = SSDPSRVupnphostSCardSvrTBSFont [Binary data over 200 bytes] "DcomLaunch" = PowerPlugPlayDcomLaunch [binary data] "NetworkServiceNetworkRestricted" = PolicyAgent [binary data] "NetworkService" = CryptSvcDHCPTermServiceDNSCache [Binary data over 200 bytes] "sdrsvc" = sdrsvc [binary data] -- [2009.07.14 03:16:13 | 000,125,952 | ---- | M] (Microsoft Corporation) "WbioSvcGroup" = WbioSrvc [binary data] -- [2009.07.14 03:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) "imgsvc" = StiSvc [binary data] "wcssvc" = WcsPlugInService [binary data] -- [2009.07.14 03:16:18 | 000,032,768 | ---- | M] (Microsoft Corporation) "AxInstSVGroup" = AxInstSV [binary data] -- [2009.07.14 03:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) "secsvcs" = WinDefend [binary data] "bthsvcs" = bthserv [binary data] -- [2009.07.14 03:15:00 | 000,064,512 | ---- | M] (Microsoft Corporation) "IgrsSvcs" = ReadyComm.DirectRouterPS_MDP [binary data] "" = [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\AxInstSVGroup] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\defragsvc] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\LocalService] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\LocalServiceAndNoImpersonation] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\LocalServiceNetworkRestricted] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\LocalServiceNoNetwork] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\LocalSystemNetworkRestricted] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\netsvcs] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\NetworkService] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\NetworkServiceRemoteDesktopHyperVAgent] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\NetworkServiceRemoteDesktopPublishing] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\SDRSVC] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\swprv] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\termsvcs] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\wcssvc] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\wercplsupport] < HKEY_LOCAL_MACHINE\SOFTWARE\Joosoft.com > < %SystemRoot%\system32\*.tsp > [2009.07.14 03:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\windows\system32\hidphone.tsp [2009.07.14 03:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\windows\system32\kmddsp.tsp [2009.07.14 03:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\windows\system32\ndptsp.tsp [2009.07.14 03:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\windows\system32\remotesp.tsp [2009.07.14 03:14:11 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\windows\system32\unimdm.tsp < C:\Windows\system32\*.dll /600 > [2013.02.12 17:07:48 | 000,131,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\aaclient.dll [2012.03.09 20:18:38 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\admparse.dll [2013.01.04 06:43:52 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll [2013.01.04 06:43:52 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll [2013.01.04 06:43:52 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll [2013.01.04 06:43:52 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll [2013.01.04 06:43:52 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll [2013.01.04 06:43:52 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll [2013.01.04 06:43:52 | 000,005,120 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll [2013.01.04 06:43:53 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll [2013.01.04 06:43:53 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll [2013.01.04 06:43:53 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll [2013.01.04 06:43:53 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll [2013.01.04 06:43:53 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll [2013.01.04 06:43:53 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll [2013.01.04 06:43:53 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll [2013.01.04 06:43:53 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll [2013.01.04 06:43:53 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll [2013.01.04 06:43:54 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll [2013.01.04 06:43:54 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll [2013.01.04 06:43:54 | 000,004,608 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll [2013.01.04 06:43:54 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll [2013.01.04 06:43:54 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll [2013.01.04 06:43:54 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll [2013.01.04 06:43:54 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll [2013.01.04 06:43:54 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll [2013.01.04 04:43:34 | 000,004,608 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll [2013.01.04 04:43:34 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll [2013.01.04 04:43:35 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll [2013.01.04 04:43:34 | 000,006,144 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll [2012.12.16 16:25:27 | 000,295,424 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\system32\atmfd.dll [2012.12.16 16:25:19 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\system32\atmlib.dll [2012.07.04 23:23:55 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\browcli.dll [2012.07.04 23:23:55 | 000,102,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\browser.dll [2012.03.09 20:16:51 | 000,107,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\cdd.dll [2011.12.23 21:58:24 | 000,974,848 | ---- | M] () -- C:\Windows\system32\cis-2.4.dll [2012.06.02 06:45:21 | 001,157,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\crypt32.dll [2012.06.02 06:45:21 | 000,103,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\cryptnet.dll [2012.06.02 06:45:21 | 000,139,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\cryptsvc.dll [2013.03.19 06:54:22 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\csrsrv.dll [2012.03.03 07:40:09 | 000,739,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\d2d1.dll [2012.03.03 07:40:10 | 001,170,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\d3d10warp.dll [2012.03.03 07:40:09 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\d3d10_1.dll [2012.03.03 07:40:09 | 000,218,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\d3d10_1core.dll [2013.05.06 22:00:05 | 000,788,896 | ---- | M] (Oracle Corporation) -- C:\Windows\system32\deployJava1.dll [2011.12.23 21:58:18 | 000,821,824 | ---- | M] (Devguru Co., Ltd.) -- C:\Windows\system32\dgderapi.dll [2012.11.02 06:48:28 | 000,376,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\dpnet.dll [2012.03.03 07:40:21 | 001,074,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\DWrite.dll [2012.03.09 20:18:39 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\dxtmsft.dll [2012.03.09 20:18:39 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\dxtrans.dll [2012.03.09 20:16:52 | 001,495,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ExplorerFrame.dll [2012.12.07 13:29:57 | 000,008,192 | ---- | M] (SEIKO EPSON CORP.) -- C:\Windows\system32\E_DCINST.DLL [2012.12.07 13:29:57 | 000,081,408 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Windows\system32\E_TD4BHTU.DLL [2012.12.07 13:29:57 | 000,095,232 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Windows\system32\E_TLBHTU.DLL [2012.03.09 20:16:52 | 000,801,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\FntCache.dll [2012.03.09 20:18:39 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\icardie.dll [2012.03.09 20:18:40 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\IEAdvpack.dll [2012.03.09 20:18:40 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ieakeng.dll [2012.03.09 20:18:38 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ieaksie.dll [2012.03.09 20:18:38 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ieakui.dll [2012.03.09 20:18:39 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ieapfltr.dll [2012.03.09 20:18:39 | 000,353,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\iedkcs32.dll [2013.02.22 05:47:17 | 009,738,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ieframe.dll [2012.03.09 20:18:38 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\iepeers.dll [2012.03.09 20:18:39 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\iernonce.dll [2013.02.22 05:32:05 | 001,796,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\iertutil.dll [2012.03.09 20:18:39 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\iesetup.dll [2012.03.09 20:18:40 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\iesysprep.dll [2013.02.22 05:28:48 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ieui.dll [2012.03.01 07:45:05 | 000,158,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\imagehlp.dll [2012.03.09 20:18:38 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\imgutil.dll [2012.03.09 20:18:39 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\inseng.dll [2011.12.23 21:58:24 | 000,081,920 | ---- | M] () -- C:\Windows\system32\issacapi_bs-2.3.dll [2011.12.23 21:58:24 | 000,065,536 | ---- | M] () -- C:\Windows\system32\issacapi_pe-2.3.dll [2011.12.23 21:58:24 | 000,057,344 | ---- | M] () -- C:\Windows\system32\issacapi_se-2.3.dll [2013.02.22 05:34:18 | 000,717,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\jscript.dll [2013.02.22 05:46:00 | 001,800,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\jscript9.dll [2013.02.22 05:35:31 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\jsproxy.dll [2012.08.11 01:54:04 | 000,541,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kerberos.dll [2013.01.04 06:46:33 | 000,868,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kernel32.dll [2013.01.04 06:46:33 | 000,293,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\KernelBase.dll [2012.03.09 20:18:39 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\licmgr10.dll [2012.05.14 06:37:47 | 000,768,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\localspl.dll [2011.11.17 07:38:39 | 001,037,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\lsasrv.dll [2011.12.23 21:58:24 | 000,045,056 | ---- | M] ((주) 마크애니) -- C:\Windows\system32\MACXMLProto.dll [2011.12.23 21:58:24 | 000,118,784 | ---- | M] ((주)마크애니) -- C:\Windows\system32\MaDRM.dll [2011.12.23 21:58:24 | 000,049,152 | ---- | M] ((주) 마크애니) -- C:\Windows\system32\MaJGUILib.dll [2011.12.23 21:58:24 | 000,040,960 | ---- | M] (마크애니연구소) -- C:\Windows\system32\MAMACExtract.dll [2011.12.23 21:58:24 | 000,045,056 | ---- | M] ((주) 마크애니) -- C:\Windows\system32\MaXMLProto.dll [2012.03.09 20:16:51 | 003,181,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\mf.dll [2012.03.09 20:16:50 | 000,196,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\mfreadwrite.dll [2011.12.23 21:58:24 | 000,057,344 | ---- | M] (Marktek) -- C:\Windows\system32\MK_Lyric.dll [2011.12.23 21:58:24 | 000,245,760 | ---- | M] (Teruten Inc.) -- C:\Windows\system32\MSCLib.dll [2013.02.22 05:33:11 | 000,607,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msfeeds.dll [2012.03.09 20:18:41 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msfeedsbs.dll [2011.12.23 21:58:24 | 000,155,648 | ---- | M] (Teruten Inc.) -- C:\Windows\system32\MSFLib.dll [2013.02.22 06:05:50 | 012,324,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\mshtml.dll [2013.02.22 05:31:55 | 000,073,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\mshtmled.dll [2012.03.09 20:18:40 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\mshtmler.dll [2012.03.09 20:18:41 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msls31.dll [2011.12.23 21:58:24 | 000,352,256 | ---- | M] (Sample Corporation) -- C:\Windows\system32\MSLUR71.dll [2012.03.09 20:18:41 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msrating.dll [2013.02.12 17:13:55 | 002,691,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\mstscax.dll [2011.12.16 09:59:17 | 000,690,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msvcrt.dll [2012.06.06 07:09:46 | 001,236,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msxml3.dll [2012.11.02 06:50:33 | 001,388,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msxml6.dll [2011.12.23 21:58:24 | 000,040,960 | ---- | M] (Telechips Inc.,) -- C:\Windows\system32\MTTELECHIP.dll [2011.12.23 21:58:24 | 000,057,344 | ---- | M] (Marktek Inc.) -- C:\Windows\system32\MTXSYNCICON.dll [2011.12.23 21:58:24 | 000,135,168 | ---- | M] (Musiccity Co.Ltd.) -- C:\Windows\system32\muzaf1.dll [2011.12.23 21:58:24 | 000,491,520 | ---- | M] (Musiccity Co.Ltd.) -- C:\Windows\system32\muzapp.dll [2011.12.23 21:58:24 | 000,200,704 | ---- | M] ( (c) MusicCity) -- C:\Windows\system32\muzwmts.dll [2012.11.20 07:10:07 | 000,219,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ncrypt.dll [2012.07.04 23:26:19 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\netapi32.dll [2013.05.06 22:00:05 | 000,866,720 | ---- | M] (Oracle Corporation) -- C:\Windows\system32\npDeployJava1.dll [2011.11.17 07:41:38 | 001,288,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ntdll.dll [2012.03.09 20:18:38 | 000,123,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\occache.dll [2011.11.19 16:06:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\packager.dll [2012.03.09 20:18:38 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\pngfilt.dll [2011.10.26 06:28:25 | 000,514,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\qdvd.dll [2011.10.26 06:28:26 | 001,328,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\quartz.dll [2012.02.15 07:44:57 | 000,826,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\rdpcore.dll [2012.04.26 06:48:52 | 000,129,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\rdpcorekmts.dll [2012.04.26 06:48:52 | 000,057,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\rdpwsx.dll [2011.12.23 21:58:54 | 004,659,712 | ---- | M] (Dmitry Streblechenko) -- C:\Windows\system32\Redemption.dll [2012.06.02 06:48:35 | 000,225,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\schannel.dll [2011.11.17 07:39:21 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\secur32.dll [2012.06.09 06:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\shell32.dll [2011.11.17 07:39:24 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\sspicli.dll [2011.11.17 07:39:24 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\sspisrv.dll [2012.09.25 23:55:17 | 000,078,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\synceng.dll [2013.02.12 15:59:49 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\tsgqec.dll [2012.11.09 06:49:37 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\tzres.dll [2013.02.22 05:36:35 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\url.dll [2013.02.22 05:38:39 | 001,104,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\urlmon.dll [2013.02.22 05:34:03 | 000,420,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\vbscript.dll [2011.12.08 06:22:26 | 001,416,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\WdfCoInstaller01005.dll [2012.03.09 20:18:39 | 000,203,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\webcheck.dll [2011.11.17 07:39:28 | 000,314,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\webio.dll [2012.11.09 06:49:55 | 000,492,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\win32spl.dll [2013.05.06 22:00:07 | 000,094,112 | ---- | M] (Oracle Corporation) -- C:\Windows\system32\WindowsAccessBridge.dll [2013.02.22 05:38:00 | 001,129,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wininet.dll [2013.01.04 06:50:40 | 000,169,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\winsrv.dll [2012.08.24 19:10:47 | 000,172,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wintrust.dll [2012.09.28 23:14:05 | 000,851,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\WinUSBCoInstaller2.dll [2012.03.01 07:40:44 | 000,005,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wmi.dll [2012.03.09 20:16:53 | 001,619,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\WMVDECOD.DLL [2012.06.03 00:19:23 | 000,577,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wuapi.dll [2012.06.03 00:19:17 | 001,933,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wuaueng.dll [2012.06.03 00:12:32 | 002,422,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wucltux.dll [2012.06.03 00:12:13 | 000,088,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wudriver.dll [2012.06.03 00:19:32 | 000,035,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wups.dll [2012.06.03 00:19:33 | 000,045,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wups2.dll [2012.06.02 15:19:42 | 000,171,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wuwebv.dll [2012.03.09 20:16:52 | 000,283,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\XpsGdiConverter.dll [2012.03.09 20:16:51 | 000,442,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\XpsPrint.dll [2012.03.09 20:16:52 | 000,135,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\XpsRasterService.dll < > < End of report > |
|
06.06.2013, 09:55
| #8 |
| /// the machine /// TB-Ausbilder | vermuteter Malware BefallFixen mit OTL
Code:
ATTFilter :OTL
SRV - (Update-Service) -- %SystemRoot%\System32\UpdSvc.dll File not found
IE - HKCU\..\SearchScopes\{EEBD267A-2CA3-49D4-9B52-153EFE3FF36D}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
:reg
[HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Telephony\Providers]
"ProviderFilename4"=-
"ProviderID4"=-
"NextProviderID"=dword:00000005
"NumProviders"=dword:00000004
Bitte downloade dir LSPFix
und ein frisches OTL log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
08.06.2013, 10:53
| #9 |
| | vermuteter Malware Befall Hi, zuerst das Protokoll vom Fix. ========== OTL ========== Service Update-Service stopped successfully! Service Update-Service deleted successfully! File %SystemRoot%\System32\UpdSvc.dll File not found not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEBD267A-2CA3-49D4-9B52-153EFE3FF36D}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEBD267A-2CA3-49D4-9B52-153EFE3FF36D}\ not found. ========== REGISTRY ========== Registry value HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Telephony\Providers\\ProviderFilename4 not found. Registry value HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Telephony\Providers\\ProviderID4 deleted successfully. HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Telephony\Providers\\"NextProviderID"|dword:00000005 /E : value set successfully! HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Telephony\Providers\\"NumProviders"|dword:00000004 /E : value set successfully! OTL by OldTimer - Version 3.2.69.0 log created on 06082013_112857 Dann noch das Protokoll vom frischen OTL ScanOTL Logfile: Code:
ATTFilter OTL logfile created on: 08.06.2013 11:34:39 - Run 4 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Martin\Desktop Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,97 Gb Total Physical Memory | 1,56 Gb Available Physical Memory | 52,58% Memory free 5,93 Gb Paging File | 4,42 Gb Available in Paging File | 74,52% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files Drive C: | 100,00 Gb Total Space | 70,11 Gb Free Space | 70,11% Space Free | Partition Type: NTFS Drive D: | 30,25 Gb Total Space | 22,34 Gb Free Space | 73,87% Space Free | Partition Type: NTFS Drive F: | 146,48 Gb Total Space | 39,44 Gb Free Space | 26,92% Space Free | Partition Type: NTFS Drive G: | 174,07 Gb Total Space | 37,46 Gb Free Space | 21,52% Space Free | Partition Type: NTFS Computer Name: MARTIN-PC | User Name: Martin | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Martin\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Users\Martin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) PRC - C:\Programme\Mozilla Thunderbird\thunderbird.exe (Mozilla Corporation) PRC - C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe (Adobe Systems, Inc.) PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation) PRC - C:\Windows\System32\spool\drivers\w32x86\3\E_TATIHTU.EXE (SEIKO EPSON CORPORATION) PRC - C:\Programme\ThinkPad\Utilities\SCHTASK.EXE (Lenovo Group Limited) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Lenovo\Energy Management\utility.exe (Lenovo(beijing) Limited) PRC - C:\Programme\Lenovo\ReadyComm\common\IGRS.exe (Lenovo Group Limited) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Windows\System32\IgrsSvcs.exe (Microsoft Corporation) PRC - C:\Programme\Lenovo\Bluetooth Software\btwdins.exe (Broadcom Corporation.) PRC - C:\Programme\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited) PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) ========== Modules (No Company Name) ========== MOD - C:\Programme\Mozilla Firefox\mozjs.dll () MOD - C:\Programme\Mozilla Thunderbird\mozjs.dll () MOD - C:\Programme\Mozilla Thunderbird\nsldap32v60.dll () MOD - C:\Programme\Mozilla Thunderbird\nsldappr32v60.dll () MOD - C:\Windows\System32\Macromed\Flash\NPSWF32_11_7_700_202.dll () MOD - C:\Users\Martin\AppData\Roaming\Dropbox\bin\libcef.dll () MOD - C:\Users\Martin\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll () MOD - C:\Programme\ThinkPad\Utilities\GR\PWMRT32V.DLL () MOD - C:\Programme\Lenovo\Energy Management\KbdHook.dll () MOD - C:\Programme\Lenovo\Energy Management\HookLib.dll () ========== Services (SafeList) ========== SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirWebService) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirMailService) -- C:\Programme\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (EPSON_PM_RPCV4_05) -- C:\Programme\Common Files\EPSON\EPW!3 SSRP\E_JT50RP.EXE (SEIKO EPSON CORPORATION) SRV - (Power Manager DBC Service) -- C:\Programme\ThinkPad\Utilities\PWMDBSVC.exe (Lenovo) SRV - (PwmEWSvc) -- C:\Programme\ThinkPad\Utilities\PWMEWSVC.exe (Lenovo Group Limited) SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (Lenovo ReadyComm ConnSvc) -- C:\Programme\Lenovo\ReadyComm\ConnSvc.exe (Lenovo Group Limited) SRV - (Lenovo ReadyComm AppSvc) -- C:\Programme\Lenovo\ReadyComm\AppSvc.exe (Lenovo Group Limited) SRV - (PS_MDP) -- C:\Programme\Lenovo\ReadyComm\PS_MDP.dll (Lenovo Group Limited) SRV - (IGRS) -- C:\Programme\Lenovo\ReadyComm\common\IGRS.exe (Lenovo Group Limited) SRV - (ReadyComm.DirectRouter) -- C:\Programme\Lenovo\ReadyComm\common\router.dll (Lenovo Group Limited) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) SRV - (btwdins) -- C:\Programme\Lenovo\Bluetooth Software\btwdins.exe (Broadcom Corporation.) SRV - (IAANTMON) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) SRV - (SQLWriter) -- c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (USBCCID) -- system32\DRIVERS\RtsUCcid.sys File not found DRV - (RtsUIR) -- system32\DRIVERS\Rts516xIR.sys File not found DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG) DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (TPPWRIF) -- C:\Windows\System32\drivers\TPPWR32V.SYS (Lenovo Group Limited) DRV - (funfrm) -- C:\windows\System32\drivers\funfrm.sys () DRV - (RSUSBSTOR) -- C:\Windows\System32\drivers\RtsUStor.sys (Realtek Semiconductor Corp.) DRV - (Bridge0) -- C:\Windows\System32\drivers\wdbridge.sys (Lenovo) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (wsvd) -- C:\Windows\System32\drivers\wsvd.sys (CyberLink) DRV - (wdmirror) -- C:\Windows\System32\drivers\WDMirror.sys (Windows (R) Codename Longhorn DDK provider) DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation) DRV - (WSDScan) -- C:\Windows\System32\drivers\WSDScan.sys (Microsoft Corporation) DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (k57nd60x) -- C:\Windows\System32\drivers\k57nd60x.sys (Broadcom Corporation) DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation) DRV - (CnxtHdAudService) -- C:\Windows\System32\drivers\CHDRT32.sys (Conexant Systems Inc.) DRV - (ACPIVPC) -- C:\Windows\System32\drivers\AcpiVpc.sys (Lenovo Corporation) DRV - (netw5v32) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation) DRV - (SNP2UVC) -- C:\Windows\System32\drivers\snp2uvc.sys () DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia) DRV - (WimFltr) -- C:\Windows\System32\drivers\WimFltr.sys (Microsoft Corporation) DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/ [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo.live.com/ IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&FORM=LENIE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/ [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo.live.com/ IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&FORM=LENIE IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.suggest.enabled: false FF - prefs.js..browser.search.update: false FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.05.20 13:40:46 | 000,000,000 | ---D | M] [2011.12.06 20:19:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Martin\AppData\Roaming\mozilla\Extensions [2012.09.26 21:55:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\3twb667h.default\extensions [2013.05.26 17:21:11 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\browser\extensions [2013.05.26 17:21:11 | 000,000,000 | ---D | M] (Default) -- C:\Programme\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - No CLSID value found. O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [Energy Management] C:\Programme\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited) O4 - HKLM..\Run: [EnergyUtility] C:\Programme\Lenovo\Energy Management\utility.exe (Lenovo(beijing) Limited) O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) O4 - HKLM..\Run: [NvCplDaemon] C:\windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [PWMTRV] C:\Programme\ThinkPad\Utilities\PWMTR32V.DLL (Lenovo Group Limited) O4 - HKCU..\Run: [EPLTarget\P0000000000000000] C:\windows\System32\spool\DRIVERS\W32X86\3\E_TATIHTU.EXE (SEIKO EPSON CORPORATION) O4 - Startup: C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Martin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 221 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1 O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Free YouTube Download - C:\Users\Martin\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Martin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm () O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O13 - gopher Prefix: missing O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 82.212.62.62 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2297C498-2845-4610-85A2-67E3F6B88568}: DhcpNameServer = 82.212.62.62 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AA9C3B8B-8089-45E7-ABE4-AD064ADBAC2C}: DhcpNameServer = 82.212.62.62 192.168.0.1 O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.06.06 07:57:52 | 000,000,000 | ---D | C] -- C:\windows\System32\SPReview [2013.06.06 07:18:54 | 000,000,000 | ---D | C] -- C:\_OTL [2013.06.06 07:15:59 | 000,000,000 | ---D | C] -- C:\Users\Martin\Desktop\archiv [2013.06.05 06:35:39 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Martin\Desktop\OTL.exe [2013.06.04 22:36:45 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan [2013.06.04 22:36:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security Task Manager [2013.06.04 22:36:36 | 000,000,000 | ---D | C] -- C:\Program Files\Security Task Manager [2013.06.01 10:37:15 | 000,066,656 | ---- | C] (Avira GmbH) -- C:\windows\System32\drivers\avnetflt.sys [2013.05.31 19:13:37 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\WinRAR [2013.05.31 19:13:37 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR [2013.05.31 19:13:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR [2013.05.31 19:13:32 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR [2013.05.31 18:57:53 | 000,000,000 | ---D | C] -- C:\windows\pss [2013.05.31 18:27:40 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Local\Seven Zip [2013.05.31 18:26:02 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2013.05.31 18:23:10 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\Avira [2013.05.31 18:19:53 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013.05.31 18:17:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2013.05.31 18:17:31 | 000,135,136 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\windows\System32\drivers\avipbb.sys [2013.05.31 18:17:31 | 000,084,744 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\windows\System32\drivers\avgntflt.sys [2013.05.31 18:17:31 | 000,037,352 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\windows\System32\drivers\avkmgr.sys [2013.05.31 18:17:31 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\windows\System32\drivers\ssmdrv.sys [2013.05.31 18:17:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2013.05.31 18:17:30 | 000,000,000 | ---D | C] -- C:\Program Files\Avira [2013.05.31 18:10:07 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe [2013.05.31 18:10:07 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe [2013.05.31 18:10:07 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe [2013.05.31 18:10:02 | 000,000,000 | --SD | C] -- C:\ComboFix [2013.05.31 18:09:57 | 000,000,000 | ---D | C] -- C:\Qoobox [2013.05.31 18:09:41 | 000,000,000 | ---D | C] -- C:\windows\erdnt [2013.05.26 17:21:00 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2013.05.26 16:31:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader [2013.05.26 16:31:18 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\Foxit Software [2013.05.26 16:31:18 | 000,000,000 | ---D | C] -- C:\Program Files\Foxit Software [2013.05.20 13:40:46 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird [2013.05.16 21:34:27 | 000,000,000 | ---D | C] -- C:\windows\Sun [2013.05.12 14:17:31 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip [2013.05.10 11:57:06 | 000,000,000 | R--D | C] -- C:\Users\Martin\Dropbox [2013.05.10 11:55:22 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox [2013.05.10 11:55:00 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\Dropbox ========== Files - Modified Within 30 Days ========== [2013.06.08 11:30:20 | 000,009,696 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.06.08 11:30:20 | 000,009,696 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.06.08 11:28:35 | 000,643,866 | ---- | M] () -- C:\windows\System32\perfh007.dat [2013.06.08 11:28:35 | 000,607,190 | ---- | M] () -- C:\windows\System32\perfh009.dat [2013.06.08 11:28:35 | 000,126,394 | ---- | M] () -- C:\windows\System32\perfc007.dat [2013.06.08 11:28:35 | 000,103,568 | ---- | M] () -- C:\windows\System32\perfc009.dat [2013.06.08 11:28:00 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job [2013.06.08 11:22:19 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2013.06.08 11:22:11 | 2388,078,592 | -HS- | M] () -- C:\hiberfil.sys [2013.06.07 06:06:58 | 000,001,051 | ---- | M] () -- C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2013.06.07 06:06:46 | 000,001,021 | ---- | M] () -- C:\Users\Martin\Desktop\Dropbox.lnk [2013.06.05 15:59:51 | 000,000,306 | RHS- | M] () -- C:\ProgramData\ntuser.pol [2013.06.05 06:35:55 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Martin\Desktop\OTL.exe [2013.06.01 10:37:04 | 000,066,656 | ---- | M] (Avira GmbH) -- C:\windows\System32\drivers\avnetflt.sys [2013.05.31 18:49:32 | 000,447,208 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT [2013.05.31 18:29:00 | 000,000,535 | ---- | M] () -- C:\windows\System32\mapisvc.inf [2013.05.31 18:17:42 | 000,002,012 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2013.05.31 18:14:16 | 000,135,136 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\windows\System32\drivers\avipbb.sys [2013.05.31 18:14:16 | 000,084,744 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\windows\System32\drivers\avgntflt.sys [2013.05.31 18:14:16 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\windows\System32\drivers\avkmgr.sys [2013.05.31 18:14:16 | 000,028,520 | ---- | M] (Avira GmbH) -- C:\windows\System32\drivers\ssmdrv.sys [2013.05.26 16:31:32 | 000,002,008 | ---- | M] () -- C:\Users\Public\Desktop\Foxit Reader.lnk [2013.05.18 14:28:19 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerApp.exe [2013.05.18 14:28:19 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerCPLApp.cpl [2013.05.12 14:12:05 | 003,122,804 | ---- | M] () -- C:\Users\Martin\Desktop\Info.izp ========== Files Created - No Company Name ========== [2013.05.31 18:17:42 | 000,002,012 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2013.05.31 18:10:07 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe [2013.05.31 18:10:07 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe [2013.05.31 18:10:07 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe [2013.05.31 18:10:07 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe [2013.05.31 18:10:07 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe [2013.05.26 16:31:32 | 000,002,008 | ---- | C] () -- C:\Users\Public\Desktop\Foxit Reader.lnk [2013.05.12 14:12:05 | 003,122,804 | ---- | C] () -- C:\Users\Martin\Desktop\Info.izp [2013.05.10 11:57:06 | 000,001,021 | ---- | C] () -- C:\Users\Martin\Desktop\Dropbox.lnk [2013.05.10 11:55:31 | 000,001,051 | ---- | C] () -- C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2013.04.05 21:21:49 | 000,000,000 | ---- | C] () -- C:\windows\EEventManager.INI [2013.04.05 18:31:57 | 000,000,174 | ---- | C] () -- C:\windows\wiso.ini [2013.03.23 19:19:08 | 000,002,100 | ---- | C] () -- C:\Users\Martin\AppData\Local\recently-used.xbel [2013.01.02 16:26:42 | 000,010,495 | ---- | C] () -- C:\Users\Martin\hinkm_elster_2048.pfx [2012.09.27 13:35:47 | 000,003,559 | ---- | C] () -- C:\Users\Martin\.ganttproject [2012.08.13 11:11:02 | 141,421,187 | ---- | C] () -- C:\Program Files\openofficeorg1.cab [2012.08.13 11:09:30 | 003,166,208 | ---- | C] () -- C:\Program Files\openofficeorg341.msi [2012.08.13 11:09:30 | 000,473,600 | ---- | C] () -- C:\Program Files\setup.exe [2012.08.13 11:09:30 | 000,000,294 | ---- | C] () -- C:\Program Files\setup.ini [2012.02.12 15:19:12 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2011.12.23 21:58:28 | 000,030,568 | ---- | C] () -- C:\windows\MusiccityDownload.exe [2011.12.23 21:58:24 | 000,974,848 | ---- | C] () -- C:\windows\System32\cis-2.4.dll [2011.12.23 21:58:24 | 000,081,920 | ---- | C] () -- C:\windows\System32\issacapi_bs-2.3.dll [2011.12.23 21:58:24 | 000,065,536 | ---- | C] () -- C:\windows\System32\issacapi_pe-2.3.dll [2011.12.23 21:58:24 | 000,057,344 | ---- | C] () -- C:\windows\System32\issacapi_se-2.3.dll [2011.12.08 00:25:46 | 000,000,353 | ---- | C] () -- C:\Users\Martin\AppData\Roaming\Network Meter_Settings.ini ========== ZeroAccess Check ========== [2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 03:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both < End of report > |
|
08.06.2013, 11:25
| #10 |
| /// the machine /// TB-Ausbilder | vermuteter Malware Befall Supi  Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
ESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches OTL log bitte. Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
08.06.2013, 14:52
| #11 |
| | vermuteter Malware Befall Hi, AWD_log:AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v2.302 - Datei am 08/06/2013 um 12:32:34 erstellt
# Aktualisiert am 06/06/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium (32 bits)
# Benutzer : Martin - MARTIN-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Martin\Downloads\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\END
Ordner Gelöscht : C:\Program Files\Common Files\DVDVideoSoft\TB
Ordner Gelöscht : C:\Program Files\Conduit
Ordner Gelöscht : C:\Program Files\SiteRanker
Ordner Gelöscht : C:\Users\Martin\AppData\Local\Conduit
Ordner Gelöscht : C:\Users\Martin\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\Martin\AppData\LocalLow\PriceGong
Ordner Gelöscht : C:\Users\Martin\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gelöscht : C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\3twb667h.default\Smartbar
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\APN PIP
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\PriceGong
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D3F69D07-0AEE-47AF-87D0-1A67D4F70C68}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2269050
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Schlüssel Gelöscht : HKLM\Software\PIP
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16476
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v21.0 (de)
Datei : C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\3twb667h.default\prefs.js
Gelöscht : user_pref("CT2269050.1000082.isDisplayHidden", "true");
Gelöscht : user_pref("CT2269050.1000082.state", "{\"state\":\"stopped\",\"text\":\"Hotmix 108\",\"description\"[...]
Gelöscht : user_pref("CT2269050.1000234.TWC_TMP_city", "STUTTGART");
Gelöscht : user_pref("CT2269050.1000234.TWC_TMP_country", "DE");
Gelöscht : user_pref("CT2269050.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Gelöscht : user_pref("CT2269050.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
Gelöscht : user_pref("CT2269050.FirstTime", "true");
Gelöscht : user_pref("CT2269050.FirstTimeFF3", "true");
Gelöscht : user_pref("CT2269050.UserID", "UN93022917787636029");
Gelöscht : user_pref("CT2269050.addressBarTakeOverEnabledInHidden", "true");
Gelöscht : user_pref("CT2269050.autoDisableScopes", -1);
Gelöscht : user_pref("CT2269050.defaultSearch", "FALSE");
Gelöscht : user_pref("CT2269050.embeddedsData", "[{\"appId\":\"128834881989343895\",\"apiPermissions\":{\"cross[...]
Gelöscht : user_pref("CT2269050.enableAlerts", "always");
Gelöscht : user_pref("CT2269050.firstTimeDialogOpened", "true");
Gelöscht : user_pref("CT2269050.fixPageNotFoundErrorInHidden", "true");
Gelöscht : user_pref("CT2269050.fixUrls", true);
Gelöscht : user_pref("CT2269050.installType", "Unknown");
Gelöscht : user_pref("CT2269050.isCheckedStartAsHidden", true);
Gelöscht : user_pref("CT2269050.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Gelöscht : user_pref("CT2269050.isFirstTimeToolbarLoading", "false");
Gelöscht : user_pref("CT2269050.isNewTabEnabled", false);
Gelöscht : user_pref("CT2269050.isPerformedSmartBarTransition", "true");
Gelöscht : user_pref("CT2269050.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Gelöscht : user_pref("CT2269050.migrateAppsAndComponents", true);
Gelöscht : user_pref("CT2269050.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"gsr 750\",\"EB_MAIN_FRAME_URL\":[...]
Gelöscht : user_pref("CT2269050.newSettings", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Gelöscht : user_pref("CT2269050.openThankYouPage", "FALSE");
Gelöscht : user_pref("CT2269050.openUninstallPage", "FALSE");
Gelöscht : user_pref("CT2269050.search.searchAppId", "128834881989343895");
Gelöscht : user_pref("CT2269050.search.searchCount", "0");
Gelöscht : user_pref("CT2269050.searchInNewTabEnabled", "false");
Gelöscht : user_pref("CT2269050.searchInNewTabEnabledInHidden", "true");
Gelöscht : user_pref("CT2269050.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Gelöscht : user_pref("CT2269050.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
Gelöscht : user_pref("CT2269050.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"2\[...]
Gelöscht : user_pref("CT2269050.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
Gelöscht : user_pref("CT2269050.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
Gelöscht : user_pref("CT2269050.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]
Gelöscht : user_pref("CT2269050.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]
Gelöscht : user_pref("CT2269050.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1348682049348");
Gelöscht : user_pref("CT2269050.serviceLayer_services_appsMetadata_lastUpdate", "1348682049183");
Gelöscht : user_pref("CT2269050.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1348682050169");
Gelöscht : user_pref("CT2269050.serviceLayer_services_login_10.13.1.89_lastUpdate", "1348682049798");
Gelöscht : user_pref("CT2269050.serviceLayer_services_optimizer_lastUpdate", "1348682049878");
Gelöscht : user_pref("CT2269050.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1348682050260");
Gelöscht : user_pref("CT2269050.serviceLayer_services_searchAPI_lastUpdate", "1348682048324");
Gelöscht : user_pref("CT2269050.serviceLayer_services_serviceMap_lastUpdate", "1348682048217");
Gelöscht : user_pref("CT2269050.serviceLayer_services_toolbarContextMenu_lastUpdate", "1348682050300");
Gelöscht : user_pref("CT2269050.serviceLayer_services_toolbarSettings_lastUpdate", "1348689248591");
Gelöscht : user_pref("CT2269050.serviceLayer_services_translation_lastUpdate", "1348682049131");
Gelöscht : user_pref("CT2269050.settingsINI", true);
Gelöscht : user_pref("CT2269050.shouldFirstTimeDialog", "FALSE");
Gelöscht : user_pref("CT2269050.smartbar.CTID", "CT2269050");
Gelöscht : user_pref("CT2269050.smartbar.Uninstall", "0");
Gelöscht : user_pref("CT2269050.smartbar.toolbarName", "DVDVideoSoftTB ");
Gelöscht : user_pref("CT2269050.startPage", "FALSE");
Gelöscht : user_pref("CT2269050.toolbarBornServerTime", "26-9-2012");
Gelöscht : user_pref("CT2269050.toolbarCurrentServerTime", "26-9-2012");
Gelöscht : user_pref("CT2269050_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...]
Datei : C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\64nijgn9.default\prefs.js
[OK] Die Datei ist sauber.
*************************
AdwCleaner[S1].txt - [8355 octets] - [08/06/2013 12:32:34]
########## EOF - C:\AdwCleaner[S1].txt - [8415 octets] ##########
Junkware_remove_log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 4.9.4 (05.06.2013:1) OS: Windows 7 Home Premium x86 Ran by Martin on 08.06.2013 at 12:46:55,76 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL ~~~ Registry Keys ~~~ Files ~~~ Folders ~~~ FireFox Emptied folder: C:\Users\Martin\AppData\Roaming\mozilla\firefox\profiles\3twb667h.default\minidumps [353 files] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 08.06.2013 at 12:48:48,98 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Eset_Log: ESETSmartInstaller@High as downloader log: all ok # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6920 # api_version=3.0.2 # EOSSerial=673ac99a6cf85a4296be6d090f82374d # engine=14025 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=false # unsafe_checked=false # antistealth_checked=true # utc_time=2013-06-08 12:49:05 # local_time=2013-06-08 02:49:05 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1033 # osver=6.1.7600 NT # compatibility_mode=1279 16777215 0 0 0 0 0 0 # compatibility_mode=5893 16776573 100 94 10616 122326936 0 0 # scanned=190861 # found=0 # cleaned=0 # scan_time=6797 Security check bricht ab wegen nicht unterstüztem Betriebssystem OTL_log:OTL Logfile: Code:
ATTFilter OTL logfile created on: 08.06.2013 15:39:46 - Run 5 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Martin\Desktop Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,97 Gb Total Physical Memory | 1,66 Gb Available Physical Memory | 56,05% Memory free 5,93 Gb Paging File | 4,52 Gb Available in Paging File | 76,21% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files Drive C: | 100,00 Gb Total Space | 69,84 Gb Free Space | 69,84% Space Free | Partition Type: NTFS Drive D: | 30,25 Gb Total Space | 22,34 Gb Free Space | 73,87% Space Free | Partition Type: NTFS Drive F: | 146,48 Gb Total Space | 39,44 Gb Free Space | 26,92% Space Free | Partition Type: NTFS Drive G: | 174,07 Gb Total Space | 37,46 Gb Free Space | 21,52% Space Free | Partition Type: NTFS Drive H: | 29,75 Gb Total Space | 14,19 Gb Free Space | 47,69% Space Free | Partition Type: exFAT Computer Name: MARTIN-PC | User Name: Martin | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Martin\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Users\Martin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) PRC - C:\Programme\Mozilla Thunderbird\thunderbird.exe (Mozilla Corporation) PRC - C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe (Adobe Systems, Inc.) PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation) PRC - C:\Windows\System32\spool\drivers\w32x86\3\E_TATIHTU.EXE (SEIKO EPSON CORPORATION) PRC - C:\Programme\ThinkPad\Utilities\SCHTASK.EXE (Lenovo Group Limited) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Lenovo\Energy Management\utility.exe (Lenovo(beijing) Limited) PRC - C:\Programme\Lenovo\ReadyComm\common\IGRS.exe (Lenovo Group Limited) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Windows\System32\IgrsSvcs.exe (Microsoft Corporation) PRC - C:\Programme\Lenovo\Bluetooth Software\btwdins.exe (Broadcom Corporation.) PRC - C:\Programme\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited) PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) ========== Modules (No Company Name) ========== MOD - C:\Programme\Mozilla Firefox\mozjs.dll () MOD - C:\Programme\Mozilla Thunderbird\mozjs.dll () MOD - C:\Programme\Mozilla Thunderbird\nsldap32v60.dll () MOD - C:\Programme\Mozilla Thunderbird\nsldappr32v60.dll () MOD - C:\Windows\System32\Macromed\Flash\NPSWF32_11_7_700_202.dll () MOD - C:\Users\Martin\AppData\Roaming\Dropbox\bin\libcef.dll () MOD - C:\Users\Martin\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll () MOD - C:\Programme\Lenovo\Energy Management\KbdHook.dll () MOD - C:\Programme\Lenovo\Energy Management\HookLib.dll () ========== Services (SafeList) ========== SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirWebService) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirMailService) -- C:\Programme\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (EPSON_PM_RPCV4_05) -- C:\Programme\Common Files\EPSON\EPW!3 SSRP\E_JT50RP.EXE (SEIKO EPSON CORPORATION) SRV - (Power Manager DBC Service) -- C:\Programme\ThinkPad\Utilities\PWMDBSVC.exe (Lenovo) SRV - (PwmEWSvc) -- C:\Programme\ThinkPad\Utilities\PWMEWSVC.exe (Lenovo Group Limited) SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (Lenovo ReadyComm ConnSvc) -- C:\Programme\Lenovo\ReadyComm\ConnSvc.exe (Lenovo Group Limited) SRV - (Lenovo ReadyComm AppSvc) -- C:\Programme\Lenovo\ReadyComm\AppSvc.exe (Lenovo Group Limited) SRV - (PS_MDP) -- C:\Programme\Lenovo\ReadyComm\PS_MDP.dll (Lenovo Group Limited) SRV - (IGRS) -- C:\Programme\Lenovo\ReadyComm\common\IGRS.exe (Lenovo Group Limited) SRV - (ReadyComm.DirectRouter) -- C:\Programme\Lenovo\ReadyComm\common\router.dll (Lenovo Group Limited) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) SRV - (btwdins) -- C:\Programme\Lenovo\Bluetooth Software\btwdins.exe (Broadcom Corporation.) SRV - (IAANTMON) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) SRV - (SQLWriter) -- c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (USBCCID) -- system32\DRIVERS\RtsUCcid.sys File not found DRV - (RtsUIR) -- system32\DRIVERS\Rts516xIR.sys File not found DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG) DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (TPPWRIF) -- C:\Windows\System32\drivers\TPPWR32V.SYS (Lenovo Group Limited) DRV - (funfrm) -- C:\windows\System32\drivers\funfrm.sys () DRV - (RSUSBSTOR) -- C:\Windows\System32\drivers\RtsUStor.sys (Realtek Semiconductor Corp.) DRV - (Bridge0) -- C:\Windows\System32\drivers\wdbridge.sys (Lenovo) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (wsvd) -- C:\Windows\System32\drivers\wsvd.sys (CyberLink) DRV - (wdmirror) -- C:\Windows\System32\drivers\WDMirror.sys (Windows (R) Codename Longhorn DDK provider) DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation) DRV - (WSDScan) -- C:\Windows\System32\drivers\WSDScan.sys (Microsoft Corporation) DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (k57nd60x) -- C:\Windows\System32\drivers\k57nd60x.sys (Broadcom Corporation) DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation) DRV - (CnxtHdAudService) -- C:\Windows\System32\drivers\CHDRT32.sys (Conexant Systems Inc.) DRV - (ACPIVPC) -- C:\Windows\System32\drivers\AcpiVpc.sys (Lenovo Corporation) DRV - (netw5v32) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation) DRV - (SNP2UVC) -- C:\Windows\System32\drivers\snp2uvc.sys () DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia) DRV - (WimFltr) -- C:\Windows\System32\drivers\WimFltr.sys (Microsoft Corporation) DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/ [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo.live.com/ IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/ [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo.live.com/ IE - HKCU\..\SearchScopes,DefaultScope = IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.suggest.enabled: false FF - prefs.js..browser.search.update: false FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.05.20 13:40:46 | 000,000,000 | ---D | M] [2011.12.06 20:19:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Martin\AppData\Roaming\mozilla\Extensions [2012.09.26 21:55:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\3twb667h.default\extensions [2013.05.26 17:21:11 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\browser\extensions [2013.05.26 17:21:11 | 000,000,000 | ---D | M] (Default) -- C:\Programme\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [Energy Management] C:\Programme\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited) O4 - HKLM..\Run: [EnergyUtility] C:\Programme\Lenovo\Energy Management\utility.exe (Lenovo(beijing) Limited) O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) O4 - HKLM..\Run: [NvCplDaemon] C:\windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [PWMTRV] C:\Programme\ThinkPad\Utilities\PWMTR32V.DLL (Lenovo Group Limited) O4 - HKCU..\Run: [EPLTarget\P0000000000000000] C:\windows\System32\spool\DRIVERS\W32X86\3\E_TATIHTU.EXE (SEIKO EPSON CORPORATION) O4 - Startup: C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Martin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 221 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1 O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Free YouTube Download - C:\Users\Martin\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm File not found O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Martin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm () O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O13 - gopher Prefix: missing O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 82.212.62.62 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2297C498-2845-4610-85A2-67E3F6B88568}: DhcpNameServer = 82.212.62.62 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AA9C3B8B-8089-45E7-ABE4-AD064ADBAC2C}: DhcpNameServer = 82.212.62.62 192.168.0.1 O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.06.08 12:46:54 | 000,000,000 | ---D | C] -- C:\windows\ERUNT [2013.06.08 12:46:36 | 000,000,000 | ---D | C] -- C:\JRT [2013.06.08 12:36:37 | 000,000,000 | ---D | C] -- C:\Users\Martin\Desktop\Malwareentfernung [2013.06.06 07:57:52 | 000,000,000 | ---D | C] -- C:\windows\System32\SPReview [2013.06.06 07:18:54 | 000,000,000 | ---D | C] -- C:\_OTL [2013.06.06 07:15:59 | 000,000,000 | ---D | C] -- C:\Users\Martin\Desktop\archiv [2013.06.05 06:35:39 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Martin\Desktop\OTL.exe [2013.06.04 22:36:45 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan [2013.06.04 22:36:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security Task Manager [2013.06.04 22:36:36 | 000,000,000 | ---D | C] -- C:\Program Files\Security Task Manager [2013.06.01 10:37:15 | 000,066,656 | ---- | C] (Avira GmbH) -- C:\windows\System32\drivers\avnetflt.sys [2013.05.31 19:13:37 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\WinRAR [2013.05.31 19:13:37 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR [2013.05.31 19:13:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR [2013.05.31 19:13:32 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR [2013.05.31 18:57:53 | 000,000,000 | ---D | C] -- C:\windows\pss [2013.05.31 18:27:40 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Local\Seven Zip [2013.05.31 18:26:02 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2013.05.31 18:23:10 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\Avira [2013.05.31 18:19:53 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013.05.31 18:17:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2013.05.31 18:17:31 | 000,135,136 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\windows\System32\drivers\avipbb.sys [2013.05.31 18:17:31 | 000,084,744 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\windows\System32\drivers\avgntflt.sys [2013.05.31 18:17:31 | 000,037,352 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\windows\System32\drivers\avkmgr.sys [2013.05.31 18:17:31 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\windows\System32\drivers\ssmdrv.sys [2013.05.31 18:17:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2013.05.31 18:17:30 | 000,000,000 | ---D | C] -- C:\Program Files\Avira [2013.05.31 18:10:07 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe [2013.05.31 18:10:07 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe [2013.05.31 18:10:07 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe [2013.05.31 18:10:02 | 000,000,000 | --SD | C] -- C:\ComboFix [2013.05.31 18:09:57 | 000,000,000 | ---D | C] -- C:\Qoobox [2013.05.31 18:09:41 | 000,000,000 | ---D | C] -- C:\windows\erdnt [2013.05.26 17:21:00 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2013.05.26 16:31:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader [2013.05.26 16:31:18 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\Foxit Software [2013.05.26 16:31:18 | 000,000,000 | ---D | C] -- C:\Program Files\Foxit Software [2013.05.20 13:40:46 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird [2013.05.16 21:34:27 | 000,000,000 | ---D | C] -- C:\windows\Sun [2013.05.12 14:17:31 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip [2013.05.10 11:57:06 | 000,000,000 | R--D | C] -- C:\Users\Martin\Dropbox [2013.05.10 11:55:22 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox [2013.05.10 11:55:00 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\Dropbox ========== Files - Modified Within 30 Days ========== [2013.06.08 15:28:03 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job [2013.06.08 12:55:32 | 000,643,866 | ---- | M] () -- C:\windows\System32\perfh007.dat [2013.06.08 12:55:32 | 000,607,190 | ---- | M] () -- C:\windows\System32\perfh009.dat [2013.06.08 12:55:32 | 000,126,394 | ---- | M] () -- C:\windows\System32\perfc007.dat [2013.06.08 12:55:32 | 000,103,568 | ---- | M] () -- C:\windows\System32\perfc009.dat [2013.06.08 12:43:04 | 000,009,696 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.06.08 12:43:04 | 000,009,696 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.06.08 12:35:36 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2013.06.08 12:35:27 | 2388,078,592 | -HS- | M] () -- C:\hiberfil.sys [2013.06.07 06:06:58 | 000,001,051 | ---- | M] () -- C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2013.06.07 06:06:46 | 000,001,021 | ---- | M] () -- C:\Users\Martin\Desktop\Dropbox.lnk [2013.06.05 15:59:51 | 000,000,306 | RHS- | M] () -- C:\ProgramData\ntuser.pol [2013.06.05 06:35:55 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Martin\Desktop\OTL.exe [2013.06.01 10:37:04 | 000,066,656 | ---- | M] (Avira GmbH) -- C:\windows\System32\drivers\avnetflt.sys [2013.05.31 18:49:32 | 000,447,208 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT [2013.05.31 18:29:00 | 000,000,535 | ---- | M] () -- C:\windows\System32\mapisvc.inf [2013.05.31 18:17:42 | 000,002,012 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2013.05.31 18:14:16 | 000,135,136 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\windows\System32\drivers\avipbb.sys [2013.05.31 18:14:16 | 000,084,744 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\windows\System32\drivers\avgntflt.sys [2013.05.31 18:14:16 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\windows\System32\drivers\avkmgr.sys [2013.05.31 18:14:16 | 000,028,520 | ---- | M] (Avira GmbH) -- C:\windows\System32\drivers\ssmdrv.sys [2013.05.26 16:31:32 | 000,002,008 | ---- | M] () -- C:\Users\Public\Desktop\Foxit Reader.lnk [2013.05.18 14:28:19 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerApp.exe [2013.05.18 14:28:19 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerCPLApp.cpl [2013.05.12 14:12:05 | 003,122,804 | ---- | M] () -- C:\Users\Martin\Desktop\Info.izp ========== Files Created - No Company Name ========== [2013.05.31 18:17:42 | 000,002,012 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2013.05.31 18:10:07 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe [2013.05.31 18:10:07 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe [2013.05.31 18:10:07 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe [2013.05.31 18:10:07 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe [2013.05.31 18:10:07 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe [2013.05.26 16:31:32 | 000,002,008 | ---- | C] () -- C:\Users\Public\Desktop\Foxit Reader.lnk [2013.05.12 14:12:05 | 003,122,804 | ---- | C] () -- C:\Users\Martin\Desktop\Info.izp [2013.05.10 11:57:06 | 000,001,021 | ---- | C] () -- C:\Users\Martin\Desktop\Dropbox.lnk [2013.05.10 11:55:31 | 000,001,051 | ---- | C] () -- C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2013.04.05 21:21:49 | 000,000,000 | ---- | C] () -- C:\windows\EEventManager.INI [2013.04.05 18:31:57 | 000,000,174 | ---- | C] () -- C:\windows\wiso.ini [2013.03.23 19:19:08 | 000,002,100 | ---- | C] () -- C:\Users\Martin\AppData\Local\recently-used.xbel [2013.01.02 16:26:42 | 000,010,495 | ---- | C] () -- C:\Users\Martin\hinkm_elster_2048.pfx [2012.09.27 13:35:47 | 000,003,559 | ---- | C] () -- C:\Users\Martin\.ganttproject [2012.08.13 11:11:02 | 141,421,187 | ---- | C] () -- C:\Program Files\openofficeorg1.cab [2012.08.13 11:09:30 | 003,166,208 | ---- | C] () -- C:\Program Files\openofficeorg341.msi [2012.08.13 11:09:30 | 000,473,600 | ---- | C] () -- C:\Program Files\setup.exe [2012.08.13 11:09:30 | 000,000,294 | ---- | C] () -- C:\Program Files\setup.ini [2012.02.12 15:19:12 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2011.12.23 21:58:28 | 000,030,568 | ---- | C] () -- C:\windows\MusiccityDownload.exe [2011.12.23 21:58:24 | 000,974,848 | ---- | C] () -- C:\windows\System32\cis-2.4.dll [2011.12.23 21:58:24 | 000,081,920 | ---- | C] () -- C:\windows\System32\issacapi_bs-2.3.dll [2011.12.23 21:58:24 | 000,065,536 | ---- | C] () -- C:\windows\System32\issacapi_pe-2.3.dll [2011.12.23 21:58:24 | 000,057,344 | ---- | C] () -- C:\windows\System32\issacapi_se-2.3.dll [2011.12.08 00:25:46 | 000,000,353 | ---- | C] () -- C:\Users\Martin\AppData\Roaming\Network Meter_Settings.ini ========== ZeroAccess Check ========== [2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 03:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both < End of report > Verhält sich jetzt wieder wie ein normaler Rechner. CPU Auslastung springt zwischen 0 und 2% im Leerlauf. also scheint nichts hintenrum zu arbeiten. Vielen Dank! |
|
08.06.2013, 16:33
| #12 |
| /// the machine /// TB-Ausbilder | vermuteter Malware Befall dann sind wir fertig Die Reihenfolge ist hier entscheidend.
Falls Du Lob/Kritik loswerden möchtest: Lob, Kritik und Wünsche - Trojaner-Board Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
09.06.2013, 10:14
| #13 |
| | vermuteter Malware Befall Guten morgen, erstmal nochmals vielen Dank für deine schnelle und kompetente Hilfe. Aktuell scheint es als ob alles soweit wieder i.o. ist. Was deine Tipps angeht, das meiste hab ich so oder so eh schon berücksichtigt gehabt. Windows Updates waren aktiviert, Virenscanner hab ich laufen usw. Ich hab mir jetzt mal die empfohlenen Tools installiert und werde Sie anwenden. Delfix hat noch ein Script erstellt. # DelFix v10.3 - Datei am 09/06/2013 um 10:44:28 erstellt # Aktualisiert am 08/06/2013 von Xplode # Benutzer : Martin - MARTIN-PC # Betriebssystem : Windows 7 Home Premium (32 bits) ~ Aktiviere die Benutzerkontensteuerung ... OK ~ Entferne die Bereinigungsprogramme ... Gelöscht : C:\Qoobox Gelöscht : C:\JRT Gelöscht : C:\_OTL Gelöscht : C:\Combofix Gelöscht : C:\AdwCleaner[S1].txt Gelöscht : C:\Users\Martin\Desktop\JRT.txt Gelöscht : C:\Users\Martin\Desktop\hijackthis.log Gelöscht : C:\Users\Martin\Desktop\OTL.Txt Gelöscht : C:\Users\Martin\Desktop\OTL.exe Gelöscht : C:\Users\Martin\Downloads\adwcleaner.exe Gelöscht : C:\Users\Martin\Downloads\JRT.exe Gelöscht : C:\Users\Martin\Downloads\hijackthis.log Gelöscht : C:\Users\Martin\Downloads\HiJackThis204.exe Gelöscht : C:\Users\Martin\Downloads\LSPFix.exe Gelöscht : C:\Users\Martin\Downloads\SecurityCheck.exe Gelöscht : C:\windows\grep.exe Gelöscht : C:\windows\PEV.exe Gelöscht : C:\windows\NIRCMD.exe Gelöscht : C:\windows\MBR.exe Gelöscht : C:\windows\SED.exe Gelöscht : C:\windows\SWREG.exe Gelöscht : C:\windows\SWSC.exe Gelöscht : C:\windows\SWXCACLS.exe Gelöscht : C:\windows\Zip.exe Gelöscht : HKCU\console_combofixbackup Gelöscht : HKLM\SOFTWARE\OldTimer Tools Gelöscht : HKLM\SOFTWARE\AdwCleaner Gelöscht : HKLM\SOFTWARE\Swearware Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\combofix.exe Gelöscht : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart Gelöscht : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys Gelöscht : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart Gelöscht : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys ~ Erstelle ein Backup der Registrierungsdatenbank ... OK ~ Lösche die Wiederherstellungspunkte ... Gelöscht : RP #172 [Windows 7 Service Pack 1 | 06/08/2013 14:02:53] Ein neuer Wiederherstellungspunkt wurde erstellt ! ~ Stelle die Systemeinstellungen wieder her ... OK ########## - EOF - ########## Gruß und  , Martin |
|
09.06.2013, 10:17
| #14 |
| /// the machine /// TB-Ausbilder | vermuteter Malware Befall Alles klar
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu vermuteter Malware Befall |
| adobe, avg, avira, bho, converter, desktop, email, explorer, firefox, flash player, hijack, hijackthis, internet, internet explorer, logfile, malware, mozilla, mp3, object, plug-in, problem, rundll, schutz, software, system, windows |
Textbox. 
Linear-Darstellung
