Jump to content

Rootkit here, but don't know what it does


d4foasta

Recommended Posts

Hi there,

i suspect there's a Rootkit on my System. Everytime i run AVK after a Reboot it find this:

Objekt: WMADMOE4.dll

Pfad: C:\Windows\System32

Status: Moved File to Quarantine

Virus: Win32:MalOb-EI [Cryp] (Engine B)

The strange thing is, i don't know what it does...

So, here's the Logfile of MBAM, the others are, as requested, attached.

Sorry if i can't supply you with more Information, i don't know what you would like to know.

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Datenbank Version: 7816

Windows 6.1.7601 Service Pack 1

Internet Explorer 9.0.8112.16421

28.09.2011 15:56:41

mbam-log-2011-09-28 (15-56-32).txt

Art des Suchlaufs: Quick-Scan

Durchsuchte Objekte: 198905

Laufzeit: 6 Minute(n), 8 Sekunde(n)

Infizierte Speicherprozesse: 0

Infizierte Speichermodule: 0

Infizierte Registrierungsschlüssel: 0

Infizierte Registrierungswerte: 1

Infizierte Dateiobjekte der Registrierung: 0

Infizierte Verzeichnisse: 0

Infizierte Dateien: 0

Infizierte Speicherprozesse:

(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:

(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:

(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowCpl\1 (Malware.Trace) -> Value: 1 -> No action taken.

Infizierte Dateiobjekte der Registrierung:

(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:

(Keine bösartigen Objekte gefunden)

Infizierte Dateien:

(Keine bösartigen Objekte gefunden)

Attach.zip

Link to post
Share on other sites

Hi,

here is the new MBAM-Log and the DDS-File:


Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Datenbank Version: 7853

Windows 6.1.7601 Service Pack 1

Internet Explorer 9.0.8112.16421

03.10.2011 13:11:28

mbam-log-2011-10-03 (13-11-25).txt

Art des Suchlaufs: Quick-Scan

Durchsuchte Objekte: 199752

Laufzeit: 10 Minute(n), 14 Sekunde(n)

Infizierte Speicherprozesse: 0

Infizierte Speichermodule: 0

Infizierte Registrierungsschlüssel: 0

Infizierte Registrierungswerte: 1

Infizierte Dateiobjekte der Registrierung: 0

Infizierte Verzeichnisse: 0

Infizierte Dateien: 0

Infizierte Speicherprozesse:

(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:

(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:

(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowCpl\1 (Malware.Trace) -> Value: 1 -> No action taken.

Infizierte Dateiobjekte der Registrierung:

(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:

(Keine bösartigen Objekte gefunden)

Infizierte Dateien:

(Keine bösartigen Objekte gefunden)


.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_25

Run by j at 13:15:04 on 2011-10-03

Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.1944.614 [GMT 2:00]

.

AV: G Data TotalCare 2010 *Enabled/Updated* {54ACC2FC-837E-E665-7A92-5352D560D5EF}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\DTS.exe

C:\Windows\system32\ibmpmsvc.exe

C:\Windows\system32\AtService.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\WLANExt.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\conhost.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe

C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe

C:\Programme\AccessConnections\Prog\AcPrfMgrSvc.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Common Files\G Data\AVKProxy\AVKProxy.exe

C:\Program Files\G Data\TotalCare\AVK\AVKService.exe

C:\Program Files\G Data\TotalCare\AVK\AVKWCtl.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe

C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe

C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe

C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe

C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Mobile Broadband drivers\WMCore\mini_WMCore.exe

C:\Programme\AccessConnections\Prog\AcSvc.exe

C:\Program Files\Intel\WiFi\bin\EvtEng.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

C:\Program Files\ThinkPad\Utilities\PWMEWSVC.EXE

C:\Program Files\Common Files\G Data\GDScan\GDScan.exe

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskhost.exe

C:\Program Files\LENOVO\HOTKEY\tposdsvc.exe

C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe

C:\Program Files\Lenovo\Zoom\TpScrex.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Lenovo\TrackPoint\tp4serv.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe

C:\Windows\System32\TpShocks.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\G Data\TotalCare\AVKTray\AVKTray.exe

C:\Programme\AccessConnections\Prog\ACWLIcon.exe

C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\PROGRA~1\ThinkPad\UTILIT~1\SCHTASK.exe

C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe

C:\Windows\system32\igfxext.exe

C:\Windows\system32\igfxsrvc.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\ThinkPad\Bluetooth Software\BtStackServer.exe

C:\Programme\AccessConnections\Prog\SvcGuiHlpr.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Windows\system32\svchost.exe -k HsfXAudioService

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Lenovo\System Update\SUService.exe

C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE

C:\Windows\system32\wuauclt.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\vssvc.exe

C:\Windows\System32\svchost.exe -k swprv

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\conhost.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = about:blank

uInternet Settings,ProxyServer = 172.17.1.5:3128

uInternet Settings,ProxyOverride = *.local

BHO: G Data WebFilter: {0124123d-61b4-456f-af86-78c53a0790c5} - c:\program files\g data\totalcare\webfilter\AVKWebIE.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: {609D670F-B735-4da7-AC6D-F3BD358E325E} - No File

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

TB: G Data WebFilter: {0124123d-61b4-456f-af86-78c53a0790c5} - c:\program files\g data\totalcare\webfilter\AVKWebIE.dll

mRun: [AcWin7Hlpr] c:\programme\accessconnections\prog\AcTBenabler.exe

mRun: [TrackPointSrv] c:\program files\lenovo\trackpoint\tp4serv.exe

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [LENOVO.TPKNRRES] c:\program files\lenovo\communications utility\TPKNRRES.exe

mRun: [TpShocks] TpShocks.exe

mRun: [iAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe

mRun: [iaNvSrv] c:\program files\intel\intel matrix storage manager\orom\ianvsrv\IaNvSrv.exe

mRun: [PWMTRV] rundll32 c:\progra~1\thinkpad\utilit~1\PWMTR32V.DLL,PwrMgrBkGndMonitor

mRun: [G DATA AntiVirus Trayapplication] c:\program files\g data\totalcare\avktray\AVKTray.exe

mRun: [ACWLIcon] c:\programme\accessconnections\prog\ACWLIcon.exe

mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin

mRun: [smartAudio] c:\program files\conexant\saii\SAIICpl.exe /t

mRun: [<NO NAME>]

mRun: [FingerPrintSoftware] "c:\programme\fingerprint\prog\fpapp.exe" \s

mRun: [FingerPrintSoftwareSplashScreen] "c:\programme\fingerprint\prog\splashscreen.exe" \s

mRun: [intelWireless] "c:\program files\common files\intel\wirelesscommon\iFrmewrk.exe" /tf Intel Wireless Tray

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [intelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\thinkpad\bluetooth software\BTTray.exe

uPolicies-explorer: DisallowCpl = 1 (0x1)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: DisableCAD = 1 (0x1)

IE: &Citavi Picker... - file://c:\program files\internet explorer\plugins\citavi picker\ShowContextMenu.html

IE: BID Link Explorer: Öffne aktuelle Seite - file://c:\program files\bulk image downloader\iemenu\iebidlinkexplorer.htm

IE: BID: Link in Queue einreihen - file://c:\program files\bulk image downloader\iemenu\iebidlinkqueue.htm

IE: BID: Seite in &Queue einreihen - file://c:\program files\bulk image downloader\iemenu\iebidqueue.htm

IE: BID: Öffne aktuelle Seite - file://c:\program files\bulk image downloader\iemenu\iebid.htm

IE: BID: Öffne diesen &Link - file://c:\program files\bulk image downloader\iemenu\iebidlink.htm

IE: Bild an &Bluetooth-Gerät senden... - c:\program files\thinkpad\bluetooth software\btsendto_ie_ctx.htm

IE: Seite an &Bluetooth-Gerät senden... - c:\program files\thinkpad\bluetooth software\btsendto_ie.htm

Trusted Zone: mydrive.ch\www

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab

TCP: DhcpNameServer = 192.168.178.1

TCP: Interfaces\{5A85CDCD-5F9A-4653-A912-DD63342F5175} : NameServer = 192.168.1.1

TCP: Interfaces\{9214888B-F29E-474E-8712-42A1225C7F0F} : DhcpNameServer = 192.168.178.1

TCP: Interfaces\{9214888B-F29E-474E-8712-42A1225C7F0F}\14C4943454D275C414E4 : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{9214888B-F29E-474E-8712-42A1225C7F0F}\46C696E6B6 : DhcpNameServer = 192.168.0.1

TCP: Interfaces\{9214888B-F29E-474E-8712-42A1225C7F0F}\B4356484 : DhcpNameServer = 172.17.110.9 129.187.5.1

TCP: Interfaces\{9214888B-F29E-474E-8712-42A1225C7F0F}\D446E6E6562777F686E6865696D6 : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{9214888B-F29E-474E-8712-42A1225C7F0F}\E474F5B49425A554E4455474 : DhcpNameServer = 192.168.178.1

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: igfxcui - igfxdev.dll

LSA: Notification Packages = scecli ACGina

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\j\appdata\roaming\mozilla\firefox\profiles\61hfv95t.default\

FF - prefs.js: browser.search.selectedEngine - Ixquick

FF - prefs.js: browser.startup.homepage - hxxp://www.sueddeutsche.de/

FF - prefs.js: network.proxy.ftp - 172.17.1.5

FF - prefs.js: network.proxy.ftp_port - 3128

FF - prefs.js: network.proxy.gopher_port - 3128

FF - prefs.js: network.proxy.http - 172.17.1.5

FF - prefs.js: network.proxy.http_port - 3128

FF - prefs.js: network.proxy.socks - 172.17.1.5

FF - prefs.js: network.proxy.socks_port - 3128

FF - prefs.js: network.proxy.ssl - 172.17.1.5

FF - prefs.js: network.proxy.ssl_port - 3128

FF - prefs.js: network.proxy.type - 0

FF - component: c:\program files\mozilla firefox\extensions\{9aa46f4f-4dc7-4c06-97af-5035170633fe}\components\AvkWebFilterFF.dll

FF - component: c:\programdata\swiss academic software\citavi picker\firefox\components\CitaviPickerNative.dll

FF - component: c:\users\j\appdata\roaming\mozilla\firefox\profiles\61hfv95t.default\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}\platform\winnt_x86-msvc\components\WeaveCrypto.dll

FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll

.

---- FIREFOX POLICIES ----

FF - user.js: capability.policy.policynames - allowclipboard

FF - user.js: capability.policy.allowclipboard.sites - hxxp://www.alpenverein-muenchen-oberland.de/jugend/gruppen/uebersicht/bergtrolle

FF - user.js: capability.policy.allowclipboard.Clipboard.cutcopy - allAccess

FF - user.js: capability.policy.allowclipboard.Clipboard.paste - allAccess

============= SERVICES / DRIVERS ===============

.

R0 DozeHDD;DozeHDD;c:\windows\system32\drivers\DOZEHDD.SYS [2010-9-2 25968]

R0 GDBehave;GDBehave;c:\windows\system32\drivers\GDBehave.sys [2010-9-9 28616]

R0 iaNvStor;Intel® Turbo Memory Controller;c:\windows\system32\drivers\iaNvStor.sys [2010-9-2 232472]

R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2010-6-16 20592]

R1 gdwfpcd;G DATA WFP CD;c:\windows\system32\drivers\gdwfpcd32.sys [2010-9-9 40904]

R1 GRD;G Data Rootkit Detector Driver;c:\windows\system32\drivers\GRD.sys [2010-12-2 29992]

R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [2011-2-24 13680]

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]

R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]

R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]

R2 ATService;AuthenTec Fingerprint Service;c:\windows\system32\AtService.exe [2010-10-21 1824064]

R2 AVKProxy;G Data AntiVirus Proxy;c:\program files\common files\g data\avkproxy\AVKProxy.exe [2010-9-14 1128008]

R2 AVKService;G Data Scheduler;c:\program files\g data\totalcare\avk\AVKService.exe [2010-9-14 397896]

R2 AVKWCtl;G Data Dateisystem Wächter;c:\program files\g data\totalcare\avk\AVKWCtl.exe [2010-9-14 1251488]

R2 dtsvc;Data Transfer Service;c:\windows\system32\DTS.exe [2010-10-21 98304]

R2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe -k HsfXAudioService [2009-7-14 20992]

R2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\lenovo\communications utility\CamMute.exe [2011-6-1 41320]

R2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\lenovo\communications utility\TPKNRSVC.exe [2011-6-1 65896]

R2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\lenovo\virtscrl\lvvsst.exe [2011-2-24 93032]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-2-15 366152]

R2 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files\thinkpad\utilities\PWMEWSVC.exe [2011-6-1 143360]

R2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\lenovo\hotkey\tphkload.exe [2011-2-24 99328]

R2 TPHKSVC;Anzeige am Bildschirm;c:\program files\lenovo\hotkey\TPHKSVC.exe [2011-2-24 64440]

R2 WMCoreService;Mobile Broadband Service;c:\program files\mobile broadband drivers\wmcore\mini_wmcore.exe servicemode --> c:\program files\mobile broadband drivers\wmcore\mini_WMCore.exe servicemode [?]

R3 ATSwpWDF;AuthenTec TruePrint USB Driver;c:\windows\system32\drivers\ATSwpWDF.sys [2010-10-21 659968]

R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-9-2 45736]

R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2010-9-2 29472]

R3 DozeSvc;Lenovo Doze Mode Service;c:\program files\thinkpad\utilities\DOZESVC.EXE [2011-6-1 292200]

R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y6232.sys [2010-4-7 223960]

R3 ecnssndis; Mobile Broadband Driver;c:\windows\system32\drivers\wwanuss.sys [2011-6-1 23592]

R3 ecnssndisfltr; Mobile Broadband Driver Filter;c:\windows\system32\drivers\wwanussf.sys [2011-6-1 26152]

R3 GDMnIcpt;GDMnIcpt;c:\windows\system32\drivers\MiniIcpt.sys [2010-9-9 55624]

R3 GDScan;G Data Scanner;c:\program files\common files\g data\gdscan\GDScan.exe [2010-9-14 302152]

R3 HookCentre;HookCentre;c:\windows\system32\drivers\HookCentre.sys [2010-9-11 35272]

R3 lnvocard;Ericsson F3507g Mobile Broadband Minicard Device Management;c:\windows\system32\drivers\lnvocard.sys [2010-9-2 356480]

R3 lnvogps;Ericsson F3507g Mobile Broadband Minicard GPS Port;c:\windows\system32\drivers\lnvogps.sys [2010-9-2 77864]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-2-15 22216]

R3 Mbm3CBus;F3507g Mobile Broadband Device (WDM);c:\windows\system32\drivers\Mbm3CBus.sys [2011-6-1 361032]

R3 Mbm3mdfl; Mobile Broadband Modem Port Filter;c:\windows\system32\drivers\Mbm3mdfl.sys [2011-6-1 14920]

R3 Mbm3Mdm; Mobile Broadband Modem Port Driver;c:\windows\system32\drivers\Mbm3Mdm.sys [2011-6-1 413768]

R3 NETwNs32;___ Intel® Wireless WiFi Link der Serie 5000 Adaptertreiber für Windows 7 32-Bit;c:\windows\system32\drivers\NETwNs32.sys [2010-10-18 7122944]

R3 RRNetCapMP;RRNetCapMP;c:\windows\system32\drivers\rrnetcap.sys [2010-11-23 31848]

R3 Sony_EricssonWWSC;Ericsson F3507g Mobile Broadband Minicard PC SC Port;c:\windows\system32\drivers\lnvoscard.sys [2010-9-2 24232]

R3 Tp4Track;PS/2 TrackPoint Driver;c:\windows\system32\drivers\tp4track.sys [2009-11-24 23152]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-14 14336]

R3 WwanUsbServ;Mobile Broadband Driver;c:\windows\system32\drivers\WwanUsbMp.sys [2011-6-1 238632]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\lenovo\hotkey\micmute.exe [2011-6-1 45496]

S3 5U875UVC;Integrated Camera;c:\windows\system32\drivers\RCUVCMNP.sys [2010-9-2 187776]

S3 ADMonitor;AD Monitor;c:\windows\system32\ADMonitor.exe [2010-10-21 106496]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]

S3 G Data Backup Service;G Data Backup Service;c:\program files\g data\totalcare\avkbackup\AVKBackupService.exe [2009-2-25 865352]

S3 G Data Tuner Service;G Data Tuner Service;c:\program files\g data\totalcare\avktuner\AVKTunerService.exe [2009-2-25 918600]

S3 lnvobus;Ericsson F3507g Mobile Broadband Minicard Composite Device driver (WDM);c:\windows\system32\drivers\lnvobus.sys [2010-9-2 282880]

S3 lnvomdfl;Ericsson F3507g Mobile Broadband Minicard Modem Filter;c:\windows\system32\drivers\lnvomdfl.sys [2010-9-2 15104]

S3 lnvomdfl2;Ericsson F3507g Mobile Broadband Minicard Data Modem Filter;c:\windows\system32\drivers\lnvomdfl2.sys [2010-9-2 15104]

S3 lnvomdm;Ericsson F3507g Mobile Broadband Minicard Modem Driver;c:\windows\system32\drivers\lnvomdm.sys [2010-9-2 365056]

S3 lnvomdm2;Ericsson F3507g Mobile Broadband Minicard Data Modem;c:\windows\system32\drivers\lnvomdm2.sys [2008-12-16 408960]

S3 lnvond5;Ericsson F3507g Mobile Broadband Minicard Network Adapter (NDIS);c:\windows\system32\drivers\lnvond5.sys [2010-9-2 25984]

S3 lnvounic;Ericsson F3507g Mobile Broadband Minicard Network Adapter (WDM);c:\windows\system32\drivers\lnvounic.sys [2010-9-2 375424]

S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\intel\wifi\bin\PanDhcpDns.exe [2010-10-19 227600]

S3 netw5v32;Intel® Wireless WiFi Link 5000-Serie - Adaptertreiber für Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]

S3 PCDSRVC{3037D694-FD904ACA-06020101}_0;PCDSRVC{3037D694-FD904ACA-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\pc-doctor\pcdsrvc.pkms [2011-4-1 21744]

S3 Power Manager DBC Service;Power Manager DBC Service;c:\program files\thinkpad\utilities\PWMDBSVC.exe [2010-9-2 83304]

S3 RRNetCap;RRNetCap Service;c:\windows\system32\drivers\rrnetcap.sys [2010-11-23 31848]

S3 SbieDrv;SbieDrv;c:\program files\sandboxie\SbieDrv.sys [2011-1-12 125672]

S3 SIVDRIVER;SIV Kernel Driver;c:\windows\system32\drivers\SIVX32.sys [2011-6-1 51064]

S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-14 207360]

S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-14 980992]

S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-14 661504]

S3 StorSvc;Speicherdienst;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]

S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]

S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-2-24 52224]

S3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\wat\WatAdminSvc.exe [2010-9-12 1343400]

.

=============== Created Last 30 ================

.

2020-01-13 16:15:05 -------- d-----w- c:\programdata\regid.1986-12.com.adobe

2011-09-17 17:45:10 -------- d-----w- c:\users\j\appdata\roaming\tor

2011-09-11 12:06:55 -------- d-----w- c:\program files\Microsoft IntelliPoint

2011-09-05 17:02:34 -------- d-----w- c:\users\j\appdata\roaming\CoSoSys

.

==================== Find3M ====================

.

2011-09-28 11:22:33 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-08-31 15:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-07-22 02:54:43 1797632 ----a-w- c:\windows\system32\jscript9.dll

2011-07-22 02:48:26 1126912 ----a-w- c:\windows\system32\wininet.dll

2011-07-22 02:44:36 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2011-07-19 22:29:06 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll

2011-07-16 04:27:30 290816 ----a-w- c:\windows\system32\KernelBase.dll

2011-07-16 02:17:19 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll

2011-07-16 02:17:19 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll

2011-07-16 02:17:19 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll

2011-07-16 02:17:19 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll

2011-07-12 09:20:54 83816 ----a-w- c:\windows\system32\dns-sd.exe

2011-07-12 09:20:54 73064 ----a-w- c:\windows\system32\dnssd.dll

2011-07-12 09:20:54 50536 ----a-w- c:\windows\system32\jdns_sd.dll

2011-07-12 09:20:54 178536 ----a-w- c:\windows\system32\dnssdX.dll

2011-07-09 04:29:46 2048 ----a-w- c:\windows\system32\tzres.dll

2011-07-09 02:30:00 223744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys

.

=================== ROOTKIT ====================

.

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net

Windows 6.1.7601

.

CreateFile("\\.\PHYSICALDRIVE1"): Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.

device: opened successfully

user: error reading MBR

.

Disk trace:

called modules: >>UNKNOWN [0x82E4D000]<< >>UNKNOWN [0x89000000]<< >>UNKNOWN [0x891CF000]<< >>UNKNOWN [0x88994000]<< >>UNKNOWN [0x82E16000]<<

_asm { DEC EBP; POP EDX; NOP ; ADD [EBX], AL; ADD [EAX], AL; ADD [EAX+EAX], AL; ADD [EAX], AL; }

1 ntkrnlpa!IofCallDriver[0x82E8452A] -> \Device\Harddisk0\DR0[0x87F02030]

\Driver\Disk[0x87F01B40] -> IRP_MJ_CREATE -> 0x8900439F

3 [0x8900459E] -> ntkrnlpa!IofCallDriver[0x82E8452A] -> \Device\RobsonImd-0[0x85700028]

\Driver\iaNvStor[0x85AE6F38] -> IRP_MJ_CREATE -> 0x88997C00

kernel: MBR read successfully

_asm { ADD [bX+SI], AL; ADD [bX+SI], AL; ADD [bX+SI], AL; ADD [bX+SI], AL; ADD [bX+SI], AL; ADD [bX+SI], AL; ADD [bX+SI], AL; ADD [bX+SI], AL; ADD [bX+SI], AL; ADD [bX+SI], AL; ADD [bX+SI], AL; ADD [bX+SI], AL; ADD [bX+SI], AL; ADD [bX+SI], AL; ADD [bX+SI], AL; ADD [bX+SI], AL; ADD [bX+SI], AL; ADD [bX+SI], AL; ADD [bX+SI], AL; ADD [bX+SI], AL; }

user != kernel MBR !!!

Warning: possible TDL4 rootkit infection !

TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.

.

============= FINISH: 13:15:25,99 ===============


Didn't know if i should attach them or not, so i chose not to. Hope you don't mind?

Thanks in advance for any help you can give.

d4foasta

Link to post
Share on other sites

Ok, did it. Here's the log.

As i wanted to run Firefox to post the log i got this error:

C:\...\firefox.exe

It was tried to run an unallowable operation on a Registry key that was marked for deletion.

(sry, i'm german so i had to translate it, maybe the wording of an english Win7 is different...)

After i klick on "ok" i am asked if i want to delete the element...

?

Link to post
Share on other sites

  • Staff

Hi,

Don't attach anything. Just copy and paste it into your reply.

Please update MBAM, run a Quick Scan, and post its log. Also post a fresh DDS log.

Next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste that log as a reply to this topic

Next, download my Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

-screen317

Link to post
Share on other sites

Ok, now... so, here are the logs:


ComboFix 11-10-11.01 - j 11.10.2011 12:56:55.5.2 - x86

Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.1944.645 [GMT 2:00]

ausgeführt von:: c:\users\j\Downloads\ComboFix.exe

AV: G Data TotalCare 2010 *Disabled/Updated* {54ACC2FC-837E-E665-7A92-5352D560D5EF}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\PCDr\5802\AddOnDownloaded\0b2769c8-99f3-4a8f-b749-eca9816d1c9d.dll

c:\users\j\AppData\Local\Temp\WLZ2DE2.tmp\auth.lng

c:\users\j\AppData\Local\temp\WLZ2DE2.tmp\burnlib.lng

c:\users\j\AppData\Local\Temp\WLZ2DE2.tmp\CddbLangDE.dll

c:\users\j\AppData\Local\temp\WLZ2DE2.tmp\dsp_sps.lng

c:\users\j\AppData\Local\Temp\WLZ2DE2.tmp\enc_aacplus.lng

c:\users\j\AppData\Local\Temp\WLZ2DE2.tmp\enc_flac.lng

c:\users\j\AppData\Local\temp\WLZ2DE2.tmp\enc_lame.lng

c:\users\j\AppData\Local\temp\WLZ2DE2.tmp\enc_vorbis.lng

c:\users\j\AppData\Local\temp\WLZ2DE2.tmp\enc_wav.lng

c:\users\j\AppData\Local\Temp\WLZ2DE2.tmp\enc_wma.lng

c:\users\j\AppData\Local\Temp\WLZ2DE2.tmp\gen_classicart.lng

c:\users\j\AppData\Local\temp\WLZ2DE2.tmp\gen_crasher.lng

c:\users\j\AppData\Local\Temp\WLZ2DE2.tmp\gen_ff.lng

c:\users\j\AppData\Local\temp\WLZ2DE2.tmp\gen_find_on_disk.lng

c:\users\j\AppData\Local\temp\WLZ2DE2.tmp\gen_hotkeys.lng

c:\users\j\AppData\Local\temp\WLZ2DE2.tmp\gen_jumpex.lng

c:\users\j\AppData\Local\temp\WLZ2DE2.tmp\gen_ml.lng

c:\users\j\AppData\Local\Temp\WLZ2DE2.tmp\gen_nopro.lng

c:\users\j\AppData\Local\temp\WLZ2DE2.tmp\gen_orgler.lng

c:\users\j\AppData\Local\temp\WLZ2DE2.tmp\gen_skinmanager.lng

c:\users\j\AppData\Local\Temp\WLZ2DE2.tmp\gen_timerestore.lng

c:\users\j\AppData\Local\Temp\WLZ2DE2.tmp\gen_tray.lng

c:\users\j\AppData\Local\temp\WLZ2DE2.tmp\gen_undo.lng

c:\users\j\AppData\Local\temp\WLZ2DE2.tmp\in_avi.lng

c:\users\j\AppData\Local\Temp\WLZ2DE2.tmp\in_cdda.lng

c:\users\j\AppData\Local\Temp\WLZ2DE2.tmp\in_dshow.lng

c:\users\j\AppData\Local\temp\WLZ2DE2.tmp\in_flac.lng

c:\users\j\AppData\Local\Temp\WLZ2DE2.tmp\in_flv.lng

c:\users\j\AppData\Local\temp\WLZ2DE2.tmp\in_linein.lng

c:\users\j\AppData\Local\temp\WLZ2DE2.tmp\in_midi.lng

c:\users\j\AppData\Local\temp\WLZ2DE2.tmp\in_mkv.lng

c:\users\j\AppData\Local\Temp\WLZ2DE2.tmp\in_mod.lng

c:\users\j\AppData\Local\Temp\WLZ2DE2.tmp\in_mp3.lng

c:\users\j\AppData\Local\temp\WLZ2DE2.tmp\in_mp4.lng

c:\users\j\AppData\Local\Temp\WLZ2DE2.tmp\in_nsv.lng

c:\users\j\AppData\Local\temp\WLZ2DE2.tmp\in_swf.lng

c:\users\j\AppData\Local\Temp\WLZ2DE2.tmp\in_vorbis.lng

c:\users\j\AppData\Local\temp\WLZ2DE2.tmp\in_wav.lng

c:\users\j\AppData\Local\Temp\WLZ2DE2.tmp\in_wave.lng

c:\users\j\AppData\Local\Temp\WLZ2DE2.tmp\in_wm.lng

c:\users\j\AppData\Local\temp\WLZ2DE2.tmp\in_wv.lng

c:\users\j\AppData\Local\Temp\WLZ2DE2.tmp\ml_addons.lng

c:\users\j\AppData\Local\Temp\WLZ2DE2.tmp\ml_autotag.lng

c:\users\j\AppData\Local\Temp\WLZ2DE2.tmp\ml_bookmarks.lng

c:\users\j\AppData\Local\temp\WLZ2DE2.tmp\ml_disc.lng

c:\users\j\AppData\Local\temp\WLZ2DE2.tmp\ml_downloads.lng

c:\users\j\AppData\Local\Temp\WLZ2DE2.tmp\ml_enqplay.lng

c:\users\j\AppData\Local\Temp\WLZ2DE2.tmp\ml_history.lng

c:\users\j\AppData\Local\temp\WLZ2DE2.tmp\ml_impex.lng

c:\users\j\AppData\Local\temp\WLZ2DE2.tmp\ml_local.lng

c:\users\j\AppData\Local\temp\WLZ2DE2.tmp\ml_nowplaying.lng

c:\users\j\AppData\Local\Temp\WLZ2DE2.tmp\ml_online.lng

c:\users\j\AppData\Local\Temp\WLZ2DE2.tmp\ml_orb.lng

c:\users\j\AppData\Local\Temp\WLZ2DE2.tmp\ml_playlists.lng

c:\users\j\AppData\Local\Temp\WLZ2DE2.tmp\ml_plg.lng

c:\users\j\AppData\Local\Temp\WLZ2DE2.tmp\ml_pmp.lng

c:\users\j\AppData\Local\Temp\WLZ2DE2.tmp\ml_rg.lng

c:\users\j\AppData\Local\temp\WLZ2DE2.tmp\ml_transcode.lng

c:\users\j\AppData\Local\temp\WLZ2DE2.tmp\ml_wire.lng

c:\users\j\AppData\Local\temp\WLZ2DE2.tmp\ombrowser.lng

c:\users\j\AppData\Local\temp\WLZ2DE2.tmp\out_disk.lng

c:\users\j\AppData\Local\temp\WLZ2DE2.tmp\out_ds.lng

c:\users\j\AppData\Local\temp\WLZ2DE2.tmp\out_wave.lng

c:\users\j\AppData\Local\Temp\WLZ2DE2.tmp\playlist.lng

c:\users\j\AppData\Local\temp\WLZ2DE2.tmp\pmp_activesync.lng

c:\users\j\AppData\Local\temp\WLZ2DE2.tmp\pmp_android.lng

c:\users\j\AppData\Local\Temp\WLZ2DE2.tmp\pmp_ipod.lng

c:\users\j\AppData\Local\temp\WLZ2DE2.tmp\pmp_njb.lng

c:\users\j\AppData\Local\Temp\WLZ2DE2.tmp\pmp_p4s.lng

c:\users\j\AppData\Local\Temp\WLZ2DE2.tmp\pmp_usb.lng

c:\users\j\AppData\Local\Temp\WLZ2DE2.tmp\tagz.lng

c:\users\j\AppData\Local\Temp\WLZ2DE2.tmp\vis_avs.lng

c:\users\j\AppData\Local\Temp\WLZ2DE2.tmp\vis_milk2.lng

c:\users\j\AppData\Local\Temp\WLZ2DE2.tmp\vis_nsfs.lng

c:\users\j\AppData\Local\temp\WLZ2DE2.tmp\winamp.lng

c:\users\j\AppData\Local\temp\WLZ2DE2.tmp\winampa.lng

.

.

((((((((((((((((((((((( Dateien erstellt von 2011-09-11 bis 2011-10-11 ))))))))))))))))))))))))))))))

.

.

2020-01-13 16:15 . 2020-01-13 16:15 -------- d-----w- c:\programdata\regid.1986-12.com.adobe

2011-10-11 11:10 . 2011-10-11 11:10 -------- d-----w- c:\users\Public\AppData\Local\temp

2011-10-11 11:10 . 2011-10-11 11:10 -------- d-----w- c:\users\j\AppData\Local\temp

2011-10-11 11:10 . 2011-10-11 11:10 -------- d-----w- c:\users\Gast\AppData\Local\temp

2011-10-11 11:10 . 2011-10-11 11:10 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-10-07 17:24 . 2009-06-22 17:58 89600 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\HPZPPLHN.DLL

2011-10-05 12:34 . 2011-10-05 12:34 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll

2011-10-05 12:34 . 2011-10-05 12:34 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll

2011-09-17 17:45 . 2011-09-17 17:55 -------- d-----w- c:\users\j\AppData\Roaming\tor

2011-09-17 17:44 . 2011-09-17 17:55 -------- d-----w- c:\users\j\AppData\Roaming\Vidalia

2011-09-11 12:06 . 2011-09-11 12:07 -------- d-----w- c:\program files\Microsoft IntelliPoint

.

.

.

(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-09-28 11:22 . 2011-06-14 08:09 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-08-31 15:00 . 2011-02-15 16:04 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-07-22 02:54 . 2011-08-17 09:19 1797632 ----a-w- c:\windows\system32\jscript9.dll

2011-07-22 02:48 . 2011-08-17 09:19 1126912 ----a-w- c:\windows\system32\wininet.dll

2011-07-22 02:44 . 2011-08-17 09:19 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2011-07-19 22:29 . 2011-07-19 22:29 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll

2011-07-16 04:27 . 2011-08-17 09:11 290816 ----a-w- c:\windows\system32\KernelBase.dll

2011-07-16 04:15 . 2011-08-17 09:11 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll

2011-07-16 04:15 . 2011-08-17 09:11 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll

2011-07-16 04:15 . 2011-08-17 09:11 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll

2011-07-16 04:15 . 2011-08-17 09:11 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll

2011-07-16 04:15 . 2011-08-17 09:11 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll

2011-07-16 04:15 . 2011-08-17 09:11 4096 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll

2011-07-16 04:15 . 2011-08-17 09:11 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll

2011-07-16 04:15 . 2011-08-17 09:11 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll

2011-07-16 04:15 . 2011-08-17 09:11 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll

2011-07-16 04:15 . 2011-08-17 09:11 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll

2011-07-16 04:15 . 2011-08-17 09:11 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll

2011-07-16 04:15 . 2011-08-17 09:11 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll

2011-07-16 04:15 . 2011-08-17 09:11 3584 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll

2011-07-16 04:15 . 2011-08-17 09:11 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll

2011-07-16 04:15 . 2011-08-17 09:11 3072 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll

2011-07-16 04:15 . 2011-08-17 09:11 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll

2011-07-16 04:15 . 2011-08-17 09:11 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll

2011-07-16 04:15 . 2011-08-17 09:11 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll

2011-07-16 04:15 . 2011-08-17 09:11 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll

2011-07-16 04:15 . 2011-08-17 09:11 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll

2011-07-16 04:15 . 2011-08-17 09:11 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll

2011-07-16 04:15 . 2011-08-17 09:11 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll

2011-07-16 04:15 . 2011-08-17 09:11 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll

2011-07-16 04:15 . 2011-08-17 09:11 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll

2011-07-16 02:17 . 2011-08-17 09:11 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll

2011-07-16 02:17 . 2011-08-17 09:11 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll

2011-07-16 02:17 . 2011-08-17 09:11 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll

2011-07-16 02:17 . 2011-08-17 09:11 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll

2011-10-05 12:34 . 2011-03-24 11:52 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"FingerPrintSoftware"="c:\programme\Fingerprint\prog\fpapp.exe \s" [X]

"FingerPrintSoftwareSplashScreen"="c:\programme\Fingerprint\prog\SplashScreen.exe \s" [X]

"AcWin7Hlpr"="c:\programme\AccessConnections\Prog\AcTBenabler.exe" [2011-04-14 31592]

"TrackPointSrv"="c:\program files\Lenovo\TrackPoint\tp4serv.exe" [2009-11-24 93032]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-13 136216]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-13 171032]

"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-13 170520]

"LENOVO.TPKNRRES"="c:\program files\Lenovo\Communications Utility\TPKNRRES.exe" [2011-01-14 54632]

"TpShocks"="TpShocks.exe" [2010-07-01 337256]

"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-08-07 186904]

"IaNvSrv"="c:\program files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe" [2009-10-06 33304]

"PWMTRV"="c:\progra~1\ThinkPad\UTILIT~1\PWMTR32V.DLL" [2011-04-19 1258856]

"G DATA AntiVirus Trayapplication"="c:\program files\G DATA\TotalCare\AVKTray\AVKTray.exe" [2009-09-18 924232]

"ACWLIcon"="c:\programme\AccessConnections\Prog\ACWLIcon.exe" [2011-04-14 193896]

"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-22 402432]

"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-11-19 307768]

"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-10-19 1206544]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-01-07 253672]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-07-19 421736]

"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 1821576]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2010-8-5 804128]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

"DisableCAD"= 1 (0x1)

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"DisallowCpl"= 1 (0x1)

.

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Digital Line Detect.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Digital Line Detect.lnk

backup=c:\windows\pss\Digital Line Detect.lnk.CommonStartup

backupExtension=.CommonStartup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2010-09-20 21:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2011-01-31 08:44 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]

2010-09-01 06:39 1164584 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2011-07-19 16:29 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-11-29 16:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

2010-10-11 15:49 14940040 ----a-r- c:\program files\Skype\Phone\Skype.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPHOTKEY]

2010-11-29 15:32 69560 ----a-w- c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2010-11-24 45496]

R2 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files\ThinkPad\Utilities\PWMEWSVC.EXE [2011-04-19 143360]

R3 5U875UVC;Integrated Camera;c:\windows\system32\DRIVERS\RCUVCMNP.sys [2009-10-23 187776]

R3 ADMonitor;AD Monitor;c:\windows\system32\ADMonitor.exe [2010-10-21 106496]

R3 G Data Backup Service;G Data Backup Service;c:\program files\G Data\TotalCare\AVKBackup\AVKBackupService.exe [2009-10-21 865352]

R3 G Data Tuner Service;G Data Tuner Service;c:\program files\G Data\TotalCare\AVKTuner\AVKTunerService.exe [2009-04-20 918600]

R3 lnvobus;Ericsson F3507g Mobile Broadband Minicard Composite Device driver (WDM);c:\windows\system32\DRIVERS\lnvobus.sys [2008-12-16 282880]

R3 lnvomdfl;Ericsson F3507g Mobile Broadband Minicard Modem Filter;c:\windows\system32\DRIVERS\lnvomdfl.sys [2008-12-16 15104]

R3 lnvomdfl2;Ericsson F3507g Mobile Broadband Minicard Data Modem Filter;c:\windows\system32\DRIVERS\lnvomdfl2.sys [2008-12-16 15104]

R3 lnvomdm;Ericsson F3507g Mobile Broadband Minicard Modem Driver;c:\windows\system32\DRIVERS\lnvomdm.sys [2008-12-16 365056]

R3 lnvomdm2;Ericsson F3507g Mobile Broadband Minicard Data Modem;c:\windows\system32\DRIVERS\lnvomdm2.sys [2008-12-16 408960]

R3 lnvond5;Ericsson F3507g Mobile Broadband Minicard Network Adapter (NDIS);c:\windows\system32\DRIVERS\lnvond5.sys [2008-12-16 25984]

R3 lnvounic;Ericsson F3507g Mobile Broadband Minicard Network Adapter (WDM);c:\windows\system32\DRIVERS\lnvounic.sys [2008-12-16 375424]

R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-10-19 227600]

R3 NETw5s32;Intel® Wireless WiFi Link Adaptertreiber für Windows 7 32-Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [x]

R3 netw5v32;Intel® Wireless WiFi Link 5000-Serie - Adaptertreiber für Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]

R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.EXE [2011-04-19 83304]

R3 RRNetCap;RRNetCap Service;c:\windows\system32\DRIVERS\rrnetcap.sys [2010-11-17 31848]

R3 SIVDRIVER;SIV Kernel Driver;c:\windows\system32\Drivers\SIVX32.sys [2009-10-14 51064]

R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]

R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]

R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]

R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]

R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2010-09-12 1343400]

S0 DozeHDD;DozeHDD;c:\windows\System32\DRIVERS\DozeHDD.sys [2011-04-19 25968]

S0 GDBehave;GDBehave;c:\windows\system32\drivers\GDBehave.sys [2010-09-14 28616]

S0 iaNvStor;Intel® Turbo Memory Controller;c:\windows\system32\DRIVERS\iaNvStor.sys [2009-08-21 232472]

S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-09-09 691696]

S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM86.sys [2010-06-16 20592]

S1 gdwfpcd;G DATA WFP CD;c:\windows\system32\DRIVERS\gdwfpcd32.sys [2010-09-14 40904]

S1 GRD;G Data Rootkit Detector Driver;c:\windows\system32\drivers\GRD.sys [2010-12-02 29992]

S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiif32.sys [2010-09-07 13680]

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]

S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]

S2 ATService;AuthenTec Fingerprint Service;c:\windows\system32\AtService.exe [2010-10-21 1824064]

S2 AVKProxy;G Data AntiVirus Proxy;c:\program files\Common Files\G Data\AVKProxy\AVKProxy.exe [2009-12-07 1128008]

S2 AVKService;G Data Scheduler;c:\program files\G Data\TotalCare\AVK\AVKService.exe [2009-08-08 397896]

S2 AVKWCtl;G Data Dateisystem Wächter;c:\program files\G Data\TotalCare\AVK\AVKWCtl.exe [2009-11-25 1251488]

S2 dtsvc;Data Transfer Service;c:\windows\system32\DTS.exe [2010-10-21 98304]

S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 20992]

S2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe [2011-01-14 41320]

S2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe [2011-01-14 65896]

S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [2010-04-07 93032]

S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]

S2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [2010-12-03 99328]

S2 TPHKSVC;Anzeige am Bildschirm;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2010-12-02 64440]

S2 WMCoreService;Mobile Broadband Service;c:\program files\Mobile Broadband drivers\WMCore\mini_WMCore.exe servicemode [x]

S3 ATSwpWDF;AuthenTec TruePrint USB Driver;c:\windows\system32\Drivers\ATSwpWDF.sys [2010-10-21 659968]

S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-08-18 45736]

S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-08-18 29472]

S3 DozeSvc;Lenovo Doze Mode Service;c:\program files\ThinkPad\Utilities\DOZESVC.EXE [2011-04-19 292200]

S3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y6232.sys [2010-04-07 223960]

S3 ecnssndis; Mobile Broadband Driver;c:\windows\system32\Drivers\wwanuss.sys [2010-02-23 23592]

S3 ecnssndisfltr; Mobile Broadband Driver Filter;c:\windows\system32\Drivers\wwanussf.sys [2010-02-23 26152]

S3 GDMnIcpt;GDMnIcpt;c:\windows\system32\drivers\MiniIcpt.sys [2010-09-15 55624]

S3 GDScan;G Data Scanner;c:\program files\Common Files\G Data\GDScan\GDScan.exe [2009-11-26 302152]

S3 HookCentre;HookCentre;c:\windows\system32\drivers\HookCentre.sys [2010-09-15 35272]

S3 lnvocard;Ericsson F3507g Mobile Broadband Minicard Device Management;c:\windows\system32\DRIVERS\lnvocard.sys [2008-12-16 356480]

S3 lnvogps;Ericsson F3507g Mobile Broadband Minicard GPS Port;c:\windows\system32\DRIVERS\lnvogps.sys [2008-10-23 77864]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-08-31 22216]

S3 Mbm3CBus;F3507g Mobile Broadband Device (WDM);c:\windows\system32\DRIVERS\Mbm3CBus.sys [2010-10-31 361032]

S3 Mbm3mdfl; Mobile Broadband Modem Port Filter;c:\windows\system32\DRIVERS\Mbm3mdfl.sys [2010-10-31 14920]

S3 Mbm3Mdm; Mobile Broadband Modem Port Driver;c:\windows\system32\DRIVERS\Mbm3Mdm.sys [2010-10-31 413768]

S3 NETwNs32;___ Intel® Wireless WiFi Link der Serie 5000 Adaptertreiber für Windows 7 32-Bit;c:\windows\system32\DRIVERS\NETwNs32.sys [2010-10-18 7122944]

S3 RRNetCapMP;RRNetCapMP;c:\windows\system32\DRIVERS\rrnetcap.sys [2010-11-17 31848]

S3 Sony_EricssonWWSC;Ericsson F3507g Mobile Broadband Minicard PC SC Port;c:\windows\system32\DRIVERS\lnvoscard.sys [2008-07-08 24232]

S3 Tp4Track;PS/2 TrackPoint Driver;c:\windows\system32\DRIVERS\tp4track.sys [2009-11-24 23152]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]

S3 WwanUsbServ;Mobile Broadband Driver;c:\windows\system32\DRIVERS\WwanUsbMp.sys [2011-02-08 238632]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HsfXAudioService REG_MULTI_SZ HsfXAudioService

.

Inhalt des "geplante Tasks" Ordners

.

2011-10-11 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job

- c:\program files\PC-Doctor\uaclauncher.exe [2011-03-31 22:04]

.

2011-10-11 c:\windows\Tasks\SystemToolsDailyTest.job

- c:\program files\PC-Doctor\uaclauncher.exe [2011-03-31 22:04]

.

.

------- Zusätzlicher Suchlauf -------

.

uStart Page = about:blank

uInternet Settings,ProxyServer = 172.17.1.5:3128

uInternet Settings,ProxyOverride = *.local

IE: &Citavi Picker... - file://c:\program files\Internet Explorer\PLUGINS\Citavi Picker\ShowContextMenu.html

IE: BID Link Explorer: Öffne aktuelle Seite - file://c:\program files\Bulk Image Downloader\iemenu\iebidlinkexplorer.htm

IE: BID: Link in Queue einreihen - file://c:\program files\Bulk Image Downloader\iemenu\iebidlinkqueue.htm

IE: BID: Seite in &Queue einreihen - file://c:\program files\Bulk Image Downloader\iemenu\iebidqueue.htm

IE: BID: Öffne aktuelle Seite - file://c:\program files\Bulk Image Downloader\iemenu\iebid.htm

IE: BID: Öffne diesen &Link - file://c:\program files\Bulk Image Downloader\iemenu\iebidlink.htm

IE: Bild an &Bluetooth-Gerät senden... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm

IE: Seite an &Bluetooth-Gerät senden... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm

Trusted Zone: mydrive.ch\www

TCP: DhcpNameServer = 192.168.178.1

TCP: Interfaces\{5A85CDCD-5F9A-4653-A912-DD63342F5175}: NameServer = 192.168.1.1

FF - ProfilePath - c:\users\j\AppData\Roaming\Mozilla\Firefox\Profiles\61hfv95t.default\

FF - prefs.js: browser.search.selectedEngine - Ixquick

FF - prefs.js: browser.startup.homepage - hxxp://www.sueddeutsche.de/

FF - prefs.js: network.proxy.ftp - 172.17.1.5

FF - prefs.js: network.proxy.ftp_port - 3128

FF - prefs.js: network.proxy.gopher_port - 3128

FF - prefs.js: network.proxy.http - 172.17.1.5

FF - prefs.js: network.proxy.http_port - 3128

FF - prefs.js: network.proxy.socks - 172.17.1.5

FF - prefs.js: network.proxy.socks_port - 3128

FF - prefs.js: network.proxy.ssl - 172.17.1.5

FF - prefs.js: network.proxy.ssl_port - 3128

FF - prefs.js: network.proxy.type - 0

FF - user.js: capability.policy.policynames - allowclipboard

FF - user.js: capability.policy.allowclipboard.sites - hxxp://www.alpenverein-muenchen-oberland.de/jugend/gruppen/uebersicht/bergtrolle

FF - user.js: capability.policy.allowclipboard.Clipboard.cutcopy - allAccess

FF - user.js: capability.policy.allowclipboard.Clipboard.paste - allAccess

.

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Zeit der Fertigstellung: 2011-10-11 13:23:34

ComboFix-quarantined-files.txt 2011-10-11 11:23

ComboFix2.txt 2011-10-07 13:59

ComboFix3.txt 2011-02-17 04:07

.

Vor Suchlauf: 17 Verzeichnis(se), 13.942.063.104 Bytes frei

Nach Suchlauf: 17 Verzeichnis(se), 13.986.041.856 Bytes frei

.

- - End Of File - - A20B1FB9F615950C4C3892744EC6A1C8


Results of screen317's Security Check version 0.99.24

Windows 7 Service Pack 1 x86 (UAC is enabled)

Internet Explorer 9

``````````````````````````````

Antivirus/Firewall Check:

WMI entry may not exist for antivirus; attempting automatic update.

```````````````````````````````

Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware

CCleaner

Java 6 Update 25

Java SE Development Kit 6 Update 25

Java DB 10.6.2.1

Out of date Java installed!

Adobe Flash Player ( 10.3.183.10) Flash Player Out of Date!

Mozilla Firefox (x86 de..)

````````````````````````````````

Process Check:

objlist.exe by Laurent

Malwarebytes' Anti-Malware mbamservice.exe

``````````End of Log````````````


Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Datenbank Version: 7947

Windows 6.1.7601 Service Pack 1

Internet Explorer 9.0.8112.16421

15.10.2011 00:04:00

mbam-log-2011-10-15 (00-03-56).txt

Art des Suchlaufs: Quick-Scan

Durchsuchte Objekte: 196501

Laufzeit: 3 Minute(n), 53 Sekunde(n)

Infizierte Speicherprozesse: 0

Infizierte Speichermodule: 0

Infizierte Registrierungsschlüssel: 0

Infizierte Registrierungswerte: 1

Infizierte Dateiobjekte der Registrierung: 0

Infizierte Verzeichnisse: 0

Infizierte Dateien: 0

Infizierte Speicherprozesse:

(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:

(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:

(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowCpl\1 (Malware.Trace) -> Value: 1 -> No action taken.

Infizierte Dateiobjekte der Registrierung:

(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:

(Keine bösartigen Objekte gefunden)

Infizierte Dateien:

(Keine bösartigen Objekte gefunden)


DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_25

Run by j at 0:04:34 on 2011-10-15

Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.1944.834 [GMT 2:00]

.

AV: G Data TotalCare 2010 *Disabled/Updated* {54ACC2FC-837E-E665-7A92-5352D560D5EF}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\DTS.exe

C:\Windows\system32\ibmpmsvc.exe

C:\Windows\system32\AtService.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\WLANExt.exe

C:\Windows\system32\conhost.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe

C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe

C:\Programme\AccessConnections\Prog\AcPrfMgrSvc.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Common Files\G Data\AVKProxy\AVKProxy.exe

C:\Program Files\G Data\TotalCare\AVK\AVKService.exe

C:\Program Files\G Data\TotalCare\AVK\AVKWCtl.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe

C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe

C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe

C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe

C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Mobile Broadband drivers\WMCore\mini_WMCore.exe

C:\Programme\AccessConnections\Prog\AcSvc.exe

C:\Program Files\Intel\WiFi\bin\EvtEng.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

C:\Program Files\ThinkPad\Utilities\PWMEWSVC.EXE

C:\Program Files\Common Files\G Data\GDScan\GDScan.exe

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\taskhost.exe

C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe

C:\Program Files\LENOVO\HOTKEY\tposdsvc.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe

C:\Program Files\Lenovo\Zoom\TpScrex.exe

C:\Program Files\Lenovo\TrackPoint\tp4serv.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe

C:\Windows\System32\TpShocks.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Windows\System32\rundll32.exe

C:\Programme\AccessConnections\Prog\SvcGuiHlpr.exe

C:\Program Files\G Data\TotalCare\AVKTray\AVKTray.exe

C:\Programme\AccessConnections\Prog\ACWLIcon.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\PROGRA~1\ThinkPad\UTILIT~1\SCHTASK.exe

C:\Windows\system32\igfxext.exe

C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\ThinkPad\Bluetooth Software\BtStackServer.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Windows\system32\svchost.exe -k HsfXAudioService

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE

C:\Program Files\Lenovo\System Update\SUService.exe

C:\Program Files\DAEMON Tools Lite\DTLite.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Programme\WWAN\prog\DetwanHw.exe

C:\Windows\system32\WUDFHost.exe

C:\Windows\System32\svchost.exe -k swprv

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\conhost.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = about:blank

uInternet Settings,ProxyServer = 172.17.1.5:3128

uInternet Settings,ProxyOverride = *.local

BHO: G Data WebFilter: {0124123d-61b4-456f-af86-78c53a0790c5} - c:\program files\g data\totalcare\webfilter\AVKWebIE.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: {609D670F-B735-4da7-AC6D-F3BD358E325E} - No File

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

TB: G Data WebFilter: {0124123d-61b4-456f-af86-78c53a0790c5} - c:\program files\g data\totalcare\webfilter\AVKWebIE.dll

mRun: [AcWin7Hlpr] c:\programme\accessconnections\prog\AcTBenabler.exe

mRun: [TrackPointSrv] c:\program files\lenovo\trackpoint\tp4serv.exe

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [LENOVO.TPKNRRES] c:\program files\lenovo\communications utility\TPKNRRES.exe

mRun: [TpShocks] TpShocks.exe

mRun: [iAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe

mRun: [iaNvSrv] c:\program files\intel\intel matrix storage manager\orom\ianvsrv\IaNvSrv.exe

mRun: [PWMTRV] rundll32 c:\progra~1\thinkpad\utilit~1\PWMTR32V.DLL,PwrMgrBkGndMonitor

mRun: [G DATA AntiVirus Trayapplication] c:\program files\g data\totalcare\avktray\AVKTray.exe

mRun: [ACWLIcon] c:\programme\accessconnections\prog\ACWLIcon.exe

mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin

mRun: [smartAudio] c:\program files\conexant\saii\SAIICpl.exe /t

mRun: [FingerPrintSoftware] "c:\programme\fingerprint\prog\fpapp.exe" \s

mRun: [FingerPrintSoftwareSplashScreen] "c:\programme\fingerprint\prog\splashscreen.exe" \s

mRun: [intelWireless] "c:\program files\common files\intel\wirelesscommon\iFrmewrk.exe" /tf Intel Wireless Tray

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [intelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\thinkpad\bluetooth software\BTTray.exe

uPolicies-explorer: DisallowCpl = 1 (0x1)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: DisableCAD = 1 (0x1)

IE: &Citavi Picker... - file://c:\program files\internet explorer\plugins\citavi picker\ShowContextMenu.html

IE: BID Link Explorer: Öffne aktuelle Seite - file://c:\program files\bulk image downloader\iemenu\iebidlinkexplorer.htm

IE: BID: Link in Queue einreihen - file://c:\program files\bulk image downloader\iemenu\iebidlinkqueue.htm

IE: BID: Seite in &Queue einreihen - file://c:\program files\bulk image downloader\iemenu\iebidqueue.htm

IE: BID: Öffne aktuelle Seite - file://c:\program files\bulk image downloader\iemenu\iebid.htm

IE: BID: Öffne diesen &Link - file://c:\program files\bulk image downloader\iemenu\iebidlink.htm

IE: Bild an &Bluetooth-Gerät senden... - c:\program files\thinkpad\bluetooth software\btsendto_ie_ctx.htm

IE: Seite an &Bluetooth-Gerät senden... - c:\program files\thinkpad\bluetooth software\btsendto_ie.htm

Trusted Zone: mydrive.ch\www

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab

TCP: DhcpNameServer = 192.168.178.1

TCP: Interfaces\{5A85CDCD-5F9A-4653-A912-DD63342F5175} : NameServer = 192.168.1.1

TCP: Interfaces\{9214888B-F29E-474E-8712-42A1225C7F0F} : DhcpNameServer = 192.168.178.1

TCP: Interfaces\{9214888B-F29E-474E-8712-42A1225C7F0F}\14C4943454D275C414E4 : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{9214888B-F29E-474E-8712-42A1225C7F0F}\46C696E6B6 : DhcpNameServer = 192.168.0.1

TCP: Interfaces\{9214888B-F29E-474E-8712-42A1225C7F0F}\B4356484 : DhcpNameServer = 172.17.110.9 129.187.5.1

TCP: Interfaces\{9214888B-F29E-474E-8712-42A1225C7F0F}\D446E6E6562777F686E6865696D6 : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{9214888B-F29E-474E-8712-42A1225C7F0F}\E474F5B49425A554E4455474 : DhcpNameServer = 192.168.178.1

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: igfxcui - igfxdev.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\j\appdata\roaming\mozilla\firefox\profiles\61hfv95t.default\

FF - prefs.js: browser.search.selectedEngine - Ixquick

FF - prefs.js: browser.startup.homepage - hxxp://www.sueddeutsche.de/

FF - prefs.js: network.proxy.ftp - 172.17.1.5

FF - prefs.js: network.proxy.ftp_port - 3128

FF - prefs.js: network.proxy.gopher_port - 3128

FF - prefs.js: network.proxy.http - 172.17.1.5

FF - prefs.js: network.proxy.http_port - 3128

FF - prefs.js: network.proxy.socks - 172.17.1.5

FF - prefs.js: network.proxy.socks_port - 3128

FF - prefs.js: network.proxy.ssl - 172.17.1.5

FF - prefs.js: network.proxy.ssl_port - 3128

FF - prefs.js: network.proxy.type - 0

FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll

.

---- FIREFOX POLICIES ----

FF - user.js: capability.policy.policynames - allowclipboard

FF - user.js: capability.policy.allowclipboard.sites - hxxp://www.alpenverein-muenchen-oberland.de/jugend/gruppen/uebersicht/bergtrolle

FF - user.js: capability.policy.allowclipboard.Clipboard.cutcopy - allAccess

FF - user.js: capability.policy.allowclipboard.Clipboard.paste - allAccess

.

============= SERVICES / DRIVERS ===============

.

R0 DozeHDD;DozeHDD;c:\windows\system32\drivers\DOZEHDD.SYS [2010-9-2 25968]

R0 GDBehave;GDBehave;c:\windows\system32\drivers\GDBehave.sys [2010-9-9 28616]

R0 iaNvStor;Intel® Turbo Memory Controller;c:\windows\system32\drivers\iaNvStor.sys [2010-9-2 232472]

R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2010-6-16 20592]

R1 gdwfpcd;G DATA WFP CD;c:\windows\system32\drivers\gdwfpcd32.sys [2010-9-9 40904]

R1 GRD;G Data Rootkit Detector Driver;c:\windows\system32\drivers\GRD.sys [2010-12-2 29992]

R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [2011-2-24 13680]

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]

R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]

R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]

R2 ATService;AuthenTec Fingerprint Service;c:\windows\system32\AtService.exe [2010-10-21 1824064]

R2 AVKProxy;G Data AntiVirus Proxy;c:\program files\common files\g data\avkproxy\AVKProxy.exe [2010-9-14 1128008]

R2 AVKService;G Data Scheduler;c:\program files\g data\totalcare\avk\AVKService.exe [2010-9-14 397896]

R2 AVKWCtl;G Data Dateisystem Wächter;c:\program files\g data\totalcare\avk\AVKWCtl.exe [2010-9-14 1251488]

R2 dtsvc;Data Transfer Service;c:\windows\system32\DTS.exe [2010-10-21 98304]

R2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe -k HsfXAudioService [2009-7-14 20992]

R2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\lenovo\communications utility\CamMute.exe [2011-6-1 41320]

R2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\lenovo\communications utility\TPKNRSVC.exe [2011-6-1 65896]

R2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\lenovo\virtscrl\lvvsst.exe [2011-2-24 93032]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-2-15 366152]

R2 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files\thinkpad\utilities\PWMEWSVC.exe [2011-6-1 143360]

R2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\lenovo\hotkey\tphkload.exe [2011-2-24 99328]

R2 TPHKSVC;Anzeige am Bildschirm;c:\program files\lenovo\hotkey\TPHKSVC.exe [2011-2-24 64440]

R2 WMCoreService;Mobile Broadband Service;c:\program files\mobile broadband drivers\wmcore\mini_wmcore.exe servicemode --> c:\program files\mobile broadband drivers\wmcore\mini_WMCore.exe servicemode [?]

R3 ATSwpWDF;AuthenTec TruePrint USB Driver;c:\windows\system32\drivers\ATSwpWDF.sys [2010-10-21 659968]

R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-9-2 45736]

R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2010-9-2 29472]

R3 DozeSvc;Lenovo Doze Mode Service;c:\program files\thinkpad\utilities\DOZESVC.EXE [2011-6-1 292200]

R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y6232.sys [2010-4-7 223960]

R3 ecnssndis; Mobile Broadband Driver;c:\windows\system32\drivers\wwanuss.sys [2011-6-1 23592]

R3 ecnssndisfltr; Mobile Broadband Driver Filter;c:\windows\system32\drivers\wwanussf.sys [2011-6-1 26152]

R3 GDMnIcpt;GDMnIcpt;c:\windows\system32\drivers\MiniIcpt.sys [2010-9-9 55624]

R3 GDScan;G Data Scanner;c:\program files\common files\g data\gdscan\GDScan.exe [2010-9-14 302152]

R3 HookCentre;HookCentre;c:\windows\system32\drivers\HookCentre.sys [2010-9-11 35272]

R3 lnvocard;Ericsson F3507g Mobile Broadband Minicard Device Management;c:\windows\system32\drivers\lnvocard.sys [2010-9-2 356480]

R3 lnvogps;Ericsson F3507g Mobile Broadband Minicard GPS Port;c:\windows\system32\drivers\lnvogps.sys [2010-9-2 77864]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-2-15 22216]

R3 Mbm3CBus;F3507g Mobile Broadband Device (WDM);c:\windows\system32\drivers\Mbm3CBus.sys [2011-6-1 361032]

R3 Mbm3mdfl; Mobile Broadband Modem Port Filter;c:\windows\system32\drivers\Mbm3mdfl.sys [2011-6-1 14920]

R3 Mbm3Mdm; Mobile Broadband Modem Port Driver;c:\windows\system32\drivers\Mbm3Mdm.sys [2011-6-1 413768]

R3 NETwNs32;___ Intel® Wireless WiFi Link der Serie 5000 Adaptertreiber für Windows 7 32-Bit;c:\windows\system32\drivers\NETwNs32.sys [2010-10-18 7122944]

R3 RRNetCapMP;RRNetCapMP;c:\windows\system32\drivers\rrnetcap.sys [2010-11-23 31848]

R3 Sony_EricssonWWSC;Ericsson F3507g Mobile Broadband Minicard PC SC Port;c:\windows\system32\drivers\lnvoscard.sys [2010-9-2 24232]

R3 Tp4Track;PS/2 TrackPoint Driver;c:\windows\system32\drivers\tp4track.sys [2009-11-24 23152]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-14 14336]

R3 WwanUsbServ;Mobile Broadband Driver;c:\windows\system32\drivers\WwanUsbMp.sys [2011-6-1 238632]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\lenovo\hotkey\micmute.exe [2011-6-1 45496]

S3 5U875UVC;Integrated Camera;c:\windows\system32\drivers\RCUVCMNP.sys [2010-9-2 187776]

S3 ADMonitor;AD Monitor;c:\windows\system32\ADMonitor.exe [2010-10-21 106496]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]

S3 G Data Backup Service;G Data Backup Service;c:\program files\g data\totalcare\avkbackup\AVKBackupService.exe [2009-2-25 865352]

S3 G Data Tuner Service;G Data Tuner Service;c:\program files\g data\totalcare\avktuner\AVKTunerService.exe [2009-2-25 918600]

S3 lnvobus;Ericsson F3507g Mobile Broadband Minicard Composite Device driver (WDM);c:\windows\system32\drivers\lnvobus.sys [2010-9-2 282880]

S3 lnvomdfl;Ericsson F3507g Mobile Broadband Minicard Modem Filter;c:\windows\system32\drivers\lnvomdfl.sys [2010-9-2 15104]

S3 lnvomdfl2;Ericsson F3507g Mobile Broadband Minicard Data Modem Filter;c:\windows\system32\drivers\lnvomdfl2.sys [2010-9-2 15104]

S3 lnvomdm;Ericsson F3507g Mobile Broadband Minicard Modem Driver;c:\windows\system32\drivers\lnvomdm.sys [2010-9-2 365056]

S3 lnvomdm2;Ericsson F3507g Mobile Broadband Minicard Data Modem;c:\windows\system32\drivers\lnvomdm2.sys [2008-12-16 408960]

S3 lnvond5;Ericsson F3507g Mobile Broadband Minicard Network Adapter (NDIS);c:\windows\system32\drivers\lnvond5.sys [2010-9-2 25984]

S3 lnvounic;Ericsson F3507g Mobile Broadband Minicard Network Adapter (WDM);c:\windows\system32\drivers\lnvounic.sys [2010-9-2 375424]

S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\intel\wifi\bin\PanDhcpDns.exe [2010-10-19 227600]

S3 netw5v32;Intel® Wireless WiFi Link 5000-Serie - Adaptertreiber für Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]

S3 Power Manager DBC Service;Power Manager DBC Service;c:\program files\thinkpad\utilities\PWMDBSVC.exe [2010-9-2 83304]

S3 RRNetCap;RRNetCap Service;c:\windows\system32\drivers\rrnetcap.sys [2010-11-23 31848]

S3 SbieDrv;SbieDrv;c:\program files\sandboxie\SbieDrv.sys [2011-1-12 125672]

S3 SIVDRIVER;SIV Kernel Driver;c:\windows\system32\drivers\SIVX32.sys [2011-6-1 51064]

S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-14 207360]

S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-14 980992]

S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-14 661504]

S3 StorSvc;Speicherdienst;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]

S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]

S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-2-24 52224]

S3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\wat\WatAdminSvc.exe [2010-9-12 1343400]

.

=============== Created Last 30 ================

.

2020-01-13 16:15:05 -------- d-----w- c:\programdata\regid.1986-12.com.adobe

2011-10-14 10:00:45 -------- d-----w- c:\program files\ESET

2011-10-12 09:32:04 75776 ----a-w- c:\windows\system32\psisrndr.ax

2011-10-12 09:32:04 571904 ----a-w- c:\windows\system32\oleaut32.dll

2011-10-12 09:32:04 465408 ----a-w- c:\windows\system32\psisdecd.dll

2011-10-12 09:32:04 233472 ----a-w- c:\windows\system32\oleacc.dll

2011-10-12 09:32:02 2334720 ----a-w- c:\windows\system32\win32k.sys

2011-10-11 11:23:55 -------- d-sh--w- C:\$RECYCLE.BIN

2011-10-11 11:23:46 -------- d-----w- c:\users\j\appdata\local\temp

2011-10-07 17:24:50 89600 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\HPZPPLHN.DLL

2011-10-05 12:34:53 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll

2011-10-05 12:34:52 1998168 ----a-w- c:\program files\mozilla firefox\d3dx9_43.dll

2011-09-17 17:45:10 -------- d-----w- c:\users\j\appdata\roaming\tor

.

==================== Find3M ====================

.

2011-09-28 11:22:33 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-09-01 02:35:59 1798144 ----a-w- c:\windows\system32\jscript9.dll

2011-09-01 02:28:15 1126912 ----a-w- c:\windows\system32\wininet.dll

2011-09-01 02:22:54 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2011-08-31 15:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-07-19 22:29:06 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll

.

=================== ROOTKIT ====================

.

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net

Windows 6.1.7601

.

CreateFile("\\.\PHYSICALDRIVE1"): Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.

device: opened successfully

user: error reading MBR

.

Disk trace:

kernel: MBR read successfully

_asm { ADD [bX+SI], AL; ADD [bX+SI], AL; ADD [bX+SI], AL; ADD [bX+SI], AL; ADD [bX+SI], AL; ADD [bX+SI], AL; ADD [bX+SI], AL; ADD [bX+SI], AL; ADD [bX+SI], AL; ADD [bX+SI], AL; ADD [bX+SI], AL; ADD [bX+SI], AL; ADD [bX+SI], AL; ADD [bX+SI], AL; ADD [bX+SI], AL; ADD [bX+SI], AL; ADD [bX+SI], AL; ADD [bX+SI], AL; ADD [bX+SI], AL; ADD [bX+SI], AL; }

user != kernel MBR !!!

.

============= FINISH: 0:10:13,56 ===============


ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)

# OnlineScanner.ocx=1.0.0.6528

# api_version=3.0.2

# EOSSerial=1548e9ad96fd6b4ba2e2f1193104c212

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=false

# utc_time=2011-10-14 05:05:56

# local_time=2011-10-14 07:05:56 (+0100, Mitteleuropäische Sommerzeit)

# country="Germany"

# lang=9

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode=512 16777215 100 0 0 0 0 0

# compatibility_mode=4096 16777215 100 0 34384295 34384295 0 0

# compatibility_mode=5893 16776574 100 94 20053249 70231390 0 0

# compatibility_mode=8192 67108863 100 0 13754 13754 0 0

# scanned=313910

# found=0

# cleaned=0

# scan_time=11757


I hope, i didn't mess up anything...

Regards

d4foasta

Link to post
Share on other sites

oh, sry, i just confused the logfiles. Here's the ESET:

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)

# OnlineScanner.ocx=1.0.0.6528

# api_version=3.0.2

# EOSSerial=1548e9ad96fd6b4ba2e2f1193104c212

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=false

# utc_time=2011-10-14 05:05:56

# local_time=2011-10-14 07:05:56 (+0100, Mitteleuropäische Sommerzeit)

# country="Germany"

# lang=9

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode=512 16777215 100 0 0 0 0 0

# compatibility_mode=4096 16777215 100 0 34384295 34384295 0 0

# compatibility_mode=5893 16776574 100 94 20053249 70231390 0 0

# compatibility_mode=8192 67108863 100 0 13754 13754 0 0

# scanned=313910

# found=0

# cleaned=0

# scan_time=11757

Link to post
Share on other sites

  • Staff

Hi,

Navigate to Start --> Run, and type Combofix /uninstall in the box that appears. Click OK afterward. Notice the space between the X and the /uninstall

This uninstalls all of ComboFix's components.

Delete SecurityCheck.

After that, navigate to Start --> Control Panel --> Add or Remove Programs, and uninstall the following program (if present):

ESET Online Scanner

Java™ 6 Update 25

Java™ SE Development Kit 6 Update 25

Java DB 10.6.2.1

Adobe Flash Player ( 10.3.183.10)

Restart your computer.

Get the latest version of Java and Adobe Flash Player.

Let me know what issues remain.

Link to post
Share on other sites

Hi...

i didn't reinstall AdobeFlash and Java yet, but ran scan that found a avk-scan, that found the virus again (i removed it bevore the restart). I found something strange: As i re-checked if i did all the Instructions right i wasn't able to find the mbr.exe anymore - there only was this following logfile. As far as i know i didn't install Gmer or any Stealth MBR rootkit...


Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net

Windows 6.1.7601

CreateFile("\\.\PHYSICALDRIVE1"): Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.

device: opened successfully

user: error reading MBR

kernel: MBR read successfully

user != kernel MBR !!!

Link to post
Share on other sites

  • Staff

Hi,

Update MBAM, run a Quick Scan, and post its log.

Grab a fresh copy of ComboFix, run it, and post its log.

Configure Windows XP to show hidden files:

Navigate to Start --> My Computer.

Select the Tools menu and click Folder Options. Select the View tab.

Under the Hidden files and folders heading select "Show hidden files and folders".

Uncheck the "Hide protected operating system files (recommended)" option.

Uncheck the "Hide file extensions for known file types" option.

Click Yes to confirm. Click OK.

Then, please go to VirusTotal, and upload the following files for analysis:

c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll

c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll

Post the results in your reply.

Link to post
Share on other sites

Hi,

i hope you don't mind, but i reinstalled java and flash as you suggested with your last post.

Here are the VT findings on the two Windows-Files (i had them reanalysed).

Oh, yeah, and i didn't update MBAM the first time and only thought of it after the ComboFix-Scan, the MBAM-Logfile here is from the Scan with the updated MBAM i did after the ComboFix. Sry...


File name:

api-ms-win-core-synch-l1-1-0.dll

Submission date:

2011-10-30 19:52:01 (UTC)

Current status:

finished

Result:

0 /43 (0.0%)


File name:

api-ms-win-core-rtlsupport-l1-1-0.dll

Submission date:

2011-10-30 19:58:26 (UTC)

Current status:

finished

Result:

0/ 43 (0.0%)


Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Datenbank Version: 8047

Windows 6.1.7601 Service Pack 1

Internet Explorer 9.0.8112.16421

30.10.2011 20:51:53

mbam-log-2011-10-30 (20-51-43).txt

Art des Suchlaufs: Quick-Scan

Durchsuchte Objekte: 192567

Laufzeit: 3 Minute(n), 52 Sekunde(n)

Infizierte Speicherprozesse: 0

Infizierte Speichermodule: 0

Infizierte Registrierungsschlüssel: 0

Infizierte Registrierungswerte: 1

Infizierte Dateiobjekte der Registrierung: 0

Infizierte Verzeichnisse: 0

Infizierte Dateien: 0

Infizierte Speicherprozesse:

(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:

(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:

(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowCpl\1 (Malware.Trace) -> Value: 1 -> No action taken.

Infizierte Dateiobjekte der Registrierung:

(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:

(Keine bösartigen Objekte gefunden)

Infizierte Dateien:

(Keine bösartigen Objekte gefunden)


ComboFix 11-10-30.03 - j 30.10.2011 20:19:35.6.2 - x86

Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.1944.707 [GMT 1:00]

ausgeführt von:: c:\users\j\Downloads\ComboFix.exe

AV: G Data TotalCare 2010 *Disabled/Updated* {54ACC2FC-837E-E665-7A92-5352D560D5EF}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Neuer Wiederherstellungspunkt wurde erstellt

.

.

(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\PCDr\5802\AddOnDownloaded\0b2769c8-99f3-4a8f-b749-eca9816d1c9d.dll

.

.

((((((((((((((((((((((( Dateien erstellt von 2011-09-28 bis 2011-10-30 ))))))))))))))))))))))))))))))

.

.

2020-01-13 16:15 . 2020-01-13 16:15 -------- d-----w- c:\programdata\regid.1986-12.com.adobe

2011-10-30 19:34 . 2011-10-30 19:34 -------- d-----w- c:\users\Public\AppData\Local\temp

2011-10-30 19:34 . 2011-10-30 19:34 -------- d-----w- c:\users\Gast\AppData\Local\temp

2011-10-30 19:34 . 2011-10-30 19:34 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-10-27 15:21 . 2011-10-27 15:21 -------- d-----w- c:\program files\Common Files\Java

2011-10-27 15:20 . 2011-10-27 15:20 476904 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll

2011-10-15 10:53 . 2011-10-15 10:53 -------- d-----w- c:\users\j\AppData\Local\G DATA

2011-10-12 09:32 . 2011-08-27 04:26 571904 ----a-w- c:\windows\system32\oleaut32.dll

2011-10-12 09:32 . 2011-08-27 04:26 233472 ----a-w- c:\windows\system32\oleacc.dll

2011-10-12 09:32 . 2011-08-17 04:24 465408 ----a-w- c:\windows\system32\psisdecd.dll

2011-10-12 09:32 . 2011-08-17 04:19 75776 ----a-w- c:\windows\system32\psisrndr.ax

2011-10-12 09:32 . 2011-09-06 02:28 2334720 ----a-w- c:\windows\system32\win32k.sys

2011-10-11 11:23 . 2011-10-30 19:34 -------- d-----w- c:\users\j\AppData\Local\temp

2011-10-07 17:24 . 2009-06-22 17:58 89600 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\HPZPPLHN.DLL

2011-10-05 12:34 . 2011-10-05 12:34 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll

2011-10-05 12:34 . 2011-10-05 12:34 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll

.

.

.

(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-10-27 15:20 . 2010-09-02 20:45 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-10-24 15:14 . 2011-06-14 08:09 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-08-31 15:00 . 2011-02-15 16:04 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-10-05 12:34 . 2011-03-24 11:52 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"FingerPrintSoftware"="c:\programme\Fingerprint\prog\fpapp.exe \s" [X]

"FingerPrintSoftwareSplashScreen"="c:\programme\Fingerprint\prog\SplashScreen.exe \s" [X]

"AcWin7Hlpr"="c:\programme\AccessConnections\Prog\AcTBenabler.exe" [2011-04-14 31592]

"TrackPointSrv"="c:\program files\Lenovo\TrackPoint\tp4serv.exe" [2009-11-24 93032]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-13 136216]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-13 171032]

"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-13 170520]

"LENOVO.TPKNRRES"="c:\program files\Lenovo\Communications Utility\TPKNRRES.exe" [2011-01-14 54632]

"TpShocks"="TpShocks.exe" [2010-07-01 337256]

"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-08-07 186904]

"IaNvSrv"="c:\program files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe" [2009-10-06 33304]

"PWMTRV"="c:\progra~1\ThinkPad\UTILIT~1\PWMTR32V.DLL" [2011-04-19 1258856]

"G DATA AntiVirus Trayapplication"="c:\program files\G DATA\TotalCare\AVKTray\AVKTray.exe" [2009-09-18 924232]

"ACWLIcon"="c:\programme\AccessConnections\Prog\ACWLIcon.exe" [2011-04-14 193896]

"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-22 402432]

"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-11-19 307768]

"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-10-19 1206544]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-07-19 421736]

"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 1821576]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2010-8-5 804128]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

"DisableCAD"= 1 (0x1)

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"DisallowCpl"= 1 (0x1)

.

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Digital Line Detect.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Digital Line Detect.lnk

backup=c:\windows\pss\Digital Line Detect.lnk.CommonStartup

backupExtension=.CommonStartup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2010-09-20 21:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2011-01-31 08:44 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]

2010-09-01 06:39 1164584 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2011-07-19 16:29 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-11-29 16:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

2010-10-11 15:49 14940040 ----a-r- c:\program files\Skype\Phone\Skype.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPHOTKEY]

2010-11-29 15:32 69560 ----a-w- c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2010-11-24 45496]

R2 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files\ThinkPad\Utilities\PWMEWSVC.EXE [2011-04-19 143360]

R3 5U875UVC;Integrated Camera;c:\windows\system32\DRIVERS\RCUVCMNP.sys [2009-10-23 187776]

R3 ADMonitor;AD Monitor;c:\windows\system32\ADMonitor.exe [2010-10-21 106496]

R3 G Data Backup Service;G Data Backup Service;c:\program files\G Data\TotalCare\AVKBackup\AVKBackupService.exe [2009-10-21 865352]

R3 G Data Tuner Service;G Data Tuner Service;c:\program files\G Data\TotalCare\AVKTuner\AVKTunerService.exe [2009-04-20 918600]

R3 lnvobus;Ericsson F3507g Mobile Broadband Minicard Composite Device driver (WDM);c:\windows\system32\DRIVERS\lnvobus.sys [2008-12-16 282880]

R3 lnvomdfl;Ericsson F3507g Mobile Broadband Minicard Modem Filter;c:\windows\system32\DRIVERS\lnvomdfl.sys [2008-12-16 15104]

R3 lnvomdfl2;Ericsson F3507g Mobile Broadband Minicard Data Modem Filter;c:\windows\system32\DRIVERS\lnvomdfl2.sys [2008-12-16 15104]

R3 lnvomdm;Ericsson F3507g Mobile Broadband Minicard Modem Driver;c:\windows\system32\DRIVERS\lnvomdm.sys [2008-12-16 365056]

R3 lnvomdm2;Ericsson F3507g Mobile Broadband Minicard Data Modem;c:\windows\system32\DRIVERS\lnvomdm2.sys [2008-12-16 408960]

R3 lnvond5;Ericsson F3507g Mobile Broadband Minicard Network Adapter (NDIS);c:\windows\system32\DRIVERS\lnvond5.sys [2008-12-16 25984]

R3 lnvounic;Ericsson F3507g Mobile Broadband Minicard Network Adapter (WDM);c:\windows\system32\DRIVERS\lnvounic.sys [2008-12-16 375424]

R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-10-19 227600]

R3 NETw5s32;Intel® Wireless WiFi Link Adaptertreiber für Windows 7 32-Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [x]

R3 netw5v32;Intel® Wireless WiFi Link 5000-Serie - Adaptertreiber für Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]

R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.EXE [2011-04-19 83304]

R3 RRNetCap;RRNetCap Service;c:\windows\system32\DRIVERS\rrnetcap.sys [2010-11-17 31848]

R3 SIVDRIVER;SIV Kernel Driver;c:\windows\system32\Drivers\SIVX32.sys [2009-10-14 51064]

R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]

R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]

R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]

R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]

R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2010-09-12 1343400]

R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-09-09 691696]

S0 DozeHDD;DozeHDD;c:\windows\System32\DRIVERS\DozeHDD.sys [2011-04-19 25968]

S0 GDBehave;GDBehave;c:\windows\system32\drivers\GDBehave.sys [2010-09-14 28616]

S0 iaNvStor;Intel® Turbo Memory Controller;c:\windows\system32\DRIVERS\iaNvStor.sys [2009-08-21 232472]

S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM86.sys [2010-06-16 20592]

S1 gdwfpcd;G DATA WFP CD;c:\windows\system32\DRIVERS\gdwfpcd32.sys [2010-09-14 40904]

S1 GRD;G Data Rootkit Detector Driver;c:\windows\system32\drivers\GRD.sys [2010-12-02 29992]

S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiif32.sys [2010-09-07 13680]

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]

S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]

S2 ATService;AuthenTec Fingerprint Service;c:\windows\system32\AtService.exe [2010-10-21 1824064]

S2 AVKProxy;G Data AntiVirus Proxy;c:\program files\Common Files\G Data\AVKProxy\AVKProxy.exe [2009-12-07 1128008]

S2 AVKService;G Data Scheduler;c:\program files\G Data\TotalCare\AVK\AVKService.exe [2009-08-08 397896]

S2 AVKWCtl;G Data Dateisystem Wächter;c:\program files\G Data\TotalCare\AVK\AVKWCtl.exe [2009-11-25 1251488]

S2 dtsvc;Data Transfer Service;c:\windows\system32\DTS.exe [2010-10-21 98304]

S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 20992]

S2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe [2011-01-14 41320]

S2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe [2011-01-14 65896]

S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [2010-04-07 93032]

S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]

S2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [2010-12-03 99328]

S2 TPHKSVC;Anzeige am Bildschirm;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2010-12-02 64440]

S2 WMCoreService;Mobile Broadband Service;c:\program files\Mobile Broadband drivers\WMCore\mini_WMCore.exe servicemode [x]

S3 ATSwpWDF;AuthenTec TruePrint USB Driver;c:\windows\system32\Drivers\ATSwpWDF.sys [2010-10-21 659968]

S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-08-18 45736]

S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-08-18 29472]

S3 DozeSvc;Lenovo Doze Mode Service;c:\program files\ThinkPad\Utilities\DOZESVC.EXE [2011-04-19 292200]

S3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y6232.sys [2010-04-07 223960]

S3 ecnssndis; Mobile Broadband Driver;c:\windows\system32\Drivers\wwanuss.sys [2010-02-23 23592]

S3 ecnssndisfltr; Mobile Broadband Driver Filter;c:\windows\system32\Drivers\wwanussf.sys [2010-02-23 26152]

S3 GDMnIcpt;GDMnIcpt;c:\windows\system32\drivers\MiniIcpt.sys [2010-09-15 55624]

S3 GDScan;G Data Scanner;c:\program files\Common Files\G Data\GDScan\GDScan.exe [2009-11-26 302152]

S3 HookCentre;HookCentre;c:\windows\system32\drivers\HookCentre.sys [2010-09-15 35272]

S3 lnvocard;Ericsson F3507g Mobile Broadband Minicard Device Management;c:\windows\system32\DRIVERS\lnvocard.sys [2008-12-16 356480]

S3 lnvogps;Ericsson F3507g Mobile Broadband Minicard GPS Port;c:\windows\system32\DRIVERS\lnvogps.sys [2008-10-23 77864]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-08-31 22216]

S3 Mbm3CBus;F3507g Mobile Broadband Device (WDM);c:\windows\system32\DRIVERS\Mbm3CBus.sys [2010-10-31 361032]

S3 Mbm3mdfl; Mobile Broadband Modem Port Filter;c:\windows\system32\DRIVERS\Mbm3mdfl.sys [2010-10-31 14920]

S3 Mbm3Mdm; Mobile Broadband Modem Port Driver;c:\windows\system32\DRIVERS\Mbm3Mdm.sys [2010-10-31 413768]

S3 NETwNs32;___ Intel® Wireless WiFi Link der Serie 5000 Adaptertreiber für Windows 7 32-Bit;c:\windows\system32\DRIVERS\NETwNs32.sys [2010-10-18 7122944]

S3 RRNetCapMP;RRNetCapMP;c:\windows\system32\DRIVERS\rrnetcap.sys [2010-11-17 31848]

S3 Sony_EricssonWWSC;Ericsson F3507g Mobile Broadband Minicard PC SC Port;c:\windows\system32\DRIVERS\lnvoscard.sys [2008-07-08 24232]

S3 Tp4Track;PS/2 TrackPoint Driver;c:\windows\system32\DRIVERS\tp4track.sys [2009-11-24 23152]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]

S3 WwanUsbServ;Mobile Broadband Driver;c:\windows\system32\DRIVERS\WwanUsbMp.sys [2011-02-08 238632]

.

.

--- Andere Dienste/Treiber im Speicher ---

.

*Deregistered* - PCDSRVC{3037D694-FD904ACA-06020101}_0

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HsfXAudioService REG_MULTI_SZ HsfXAudioService

.

Inhalt des "geplante Tasks" Ordners

.

2011-10-30 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job

- c:\program files\PC-Doctor\uaclauncher.exe [2011-03-31 22:04]

.

2011-10-30 c:\windows\Tasks\SystemToolsDailyTest.job

- c:\program files\PC-Doctor\uaclauncher.exe [2011-03-31 22:04]

.

.

------- Zusätzlicher Suchlauf -------

.

uStart Page = about:blank

uInternet Settings,ProxyServer = 172.17.1.5:3128

uInternet Settings,ProxyOverride = *.local

IE: &Citavi Picker... - file://c:\program files\Internet Explorer\PLUGINS\Citavi Picker\ShowContextMenu.html

IE: BID Link Explorer: Öffne aktuelle Seite - file://c:\program files\Bulk Image Downloader\iemenu\iebidlinkexplorer.htm

IE: BID: Link in Queue einreihen - file://c:\program files\Bulk Image Downloader\iemenu\iebidlinkqueue.htm

IE: BID: Seite in &Queue einreihen - file://c:\program files\Bulk Image Downloader\iemenu\iebidqueue.htm

IE: BID: Öffne aktuelle Seite - file://c:\program files\Bulk Image Downloader\iemenu\iebid.htm

IE: BID: Öffne diesen &Link - file://c:\program files\Bulk Image Downloader\iemenu\iebidlink.htm

IE: Bild an &Bluetooth-Gerät senden... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm

IE: Seite an &Bluetooth-Gerät senden... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm

Trusted Zone: mydrive.ch\www

TCP: DhcpNameServer = 192.168.1.1 217.0.43.177

TCP: Interfaces\{5A85CDCD-5F9A-4653-A912-DD63342F5175}: NameServer = 192.168.1.1

FF - ProfilePath - c:\users\j\AppData\Roaming\Mozilla\Firefox\Profiles\61hfv95t.default\

FF - prefs.js: browser.search.selectedEngine - Ixquick

FF - prefs.js: browser.startup.homepage - hxxp://www.sueddeutsche.de/

FF - prefs.js: network.proxy.ftp - 172.17.1.5

FF - prefs.js: network.proxy.ftp_port - 3128

FF - prefs.js: network.proxy.gopher_port - 3128

FF - prefs.js: network.proxy.http - 172.17.1.5

FF - prefs.js: network.proxy.http_port - 3128

FF - prefs.js: network.proxy.socks - 172.17.1.5

FF - prefs.js: network.proxy.socks_port - 3128

FF - prefs.js: network.proxy.ssl - 172.17.1.5

FF - prefs.js: network.proxy.ssl_port - 3128

FF - prefs.js: network.proxy.type - 0

FF - user.js: capability.policy.policynames - allowclipboard

FF - user.js: capability.policy.allowclipboard.sites - hxxp://www.alpenverein-muenchen-oberland.de/jugend/gruppen/uebersicht/bergtrolle

FF - user.js: capability.policy.allowclipboard.Clipboard.cutcopy - allAccess

FF - user.js: capability.policy.allowclipboard.Clipboard.paste - allAccess

.

.

**************************************************************************

.

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net

Windows 6.1.7601

.

CreateFile("\\.\PHYSICALDRIVE1"): Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.

device: opened successfully

user: error reading MBR

kernel: MBR read successfully

user != kernel MBR !!!

.

**************************************************************************

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Zeit der Fertigstellung: 2011-10-30 20:43:46

ComboFix-quarantined-files.txt 2011-10-30 19:43

ComboFix2.txt 2011-10-11 11:23

.

Vor Suchlauf: 16 Verzeichnis(se), 11.483.394.048 Bytes frei

Nach Suchlauf: 17 Verzeichnis(se), 11.380.543.488 Bytes frei

.

- - End Of File - - DAF4B94EF861072B2048F74BE1EE01D0

Link to post
Share on other sites

  • 2 weeks later...

oh, sorry - i forgot to reload the page... embarrassing XD

just don't mind the last post or delete it, i'm not able to.

Ok, how are things running? My AVK still finds the WMADMOE4.dll-File with the Win32:MalOb-Ei-Virus. So i think it's still there? I'll remove it and recheck after a restart. Either there is a all-clear within a few minutes or it showed up again.

Link to post
Share on other sites

ok... i just discovered another interesting fact:

Everytime the AVK found the Virus i clicked "Move to Quarantine". As it seems, AVK didn't move the file to quarantine as i clicked (delete and desinfect didn't work). Obviously the AVK wasn't able to quarantine it. So the reboot didn't always recreate the File.

Sorry that i didn't discover this earlier, maybe it would have spared you some work.

regards

d4foasta

Link to post
Share on other sites

Kay, here it is:


ComboFix 11-11-18.01 - j 18.11.2011 16:12:10.7.2 - x86

Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.1944.1034 [GMT 1:00]

ausgeführt von:: c:\users\j\Downloads\ComboFix.exe

AV: G Data TotalCare 2010 *Disabled/Updated* {54ACC2FC-837E-E665-7A92-5352D560D5EF}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\PCDr\5849\AddOnDownloaded\0b2769c8-99f3-4a8f-b749-eca9816d1c9d.dll

c:\programdata\PCDr\5849\AddOnDownloaded\7e36c7b4-f4c8-4324-9887-9cab89169ef6.dll

c:\programdata\PCDr\5849\AddOnDownloaded\96963609-8feb-4f10-b100-425cef18a0db.dll

c:\programdata\PCDr\5849\AddOnDownloaded\97d3cc32-549b-4646-bc59-82ebb82b5d11.dll

c:\programdata\PCDr\5849\AddOnDownloaded\b96355f5-a46b-48d0-a3f2-b41eed57de73.dll

.

.

((((((((((((((((((((((( Dateien erstellt von 2011-10-18 bis 2011-11-18 ))))))))))))))))))))))))))))))

.

.

2020-01-13 16:15 . 2020-01-13 16:15 -------- d-----w- c:\programdata\regid.1986-12.com.adobe

2011-11-18 15:21 . 2011-11-18 15:21 -------- d-----w- c:\users\Public\AppData\Local\temp

2011-11-18 15:21 . 2011-11-18 15:21 -------- d-----w- c:\users\Gast\AppData\Local\temp

2011-11-18 15:21 . 2011-11-18 15:21 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-11-14 12:13 . 2011-11-14 12:13 -------- d-----w- c:\users\j\AppData\Roaming\Broken Sword 2.5

2011-11-13 19:35 . 2011-09-29 16:03 1290608 ----a-w- c:\windows\system32\drivers\tcpip.sys

2011-11-13 19:35 . 2011-09-29 03:37 2341888 ----a-w- c:\windows\system32\win32k.sys

2011-11-13 19:35 . 2011-10-01 04:37 708608 ----a-w- c:\program files\Common Files\System\wab32.dll

2011-11-13 15:56 . 2011-11-13 15:57 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment

2011-11-13 15:41 . 2011-11-13 19:45 -------- d-----w- c:\programdata\Blizzard Entertainment

2011-11-02 21:39 . 2011-11-03 20:40 -------- d-----w- c:\users\j\AppData\Roaming\.minecraft

2011-11-02 21:33 . 2011-11-03 17:15 -------- d-----w- c:\programdata\Tunngle

2011-11-02 21:33 . 2011-11-02 21:53 -------- d-----w- c:\users\j\AppData\Roaming\Tunngle

2011-11-02 21:33 . 2009-09-16 07:02 27136 ----a-w- c:\windows\system32\drivers\tap0901t.sys

2011-11-02 21:33 . 2011-11-02 21:35 -------- d-----w- c:\program files\Tunngle

2011-11-01 09:54 . 2011-11-01 09:54 -------- d-----w- c:\users\j\.config

2011-11-01 09:52 . 2011-11-01 09:56 -------- d-----w- c:\users\j\AppData\Local\Mudlet

2011-10-27 15:21 . 2011-10-27 15:21 -------- d-----w- c:\program files\Common Files\Java

2011-10-27 15:20 . 2011-10-27 15:20 476904 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll

.

.

.

(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-11-17 11:29 . 2011-06-14 08:09 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-10-27 15:20 . 2010-09-02 20:45 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-09-01 02:35 . 2011-10-12 09:39 1798144 ----a-w- c:\windows\system32\jscript9.dll

2011-09-01 02:28 . 2011-10-12 09:39 1126912 ----a-w- c:\windows\system32\wininet.dll

2011-09-01 02:22 . 2011-10-12 09:39 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2011-08-31 15:00 . 2011-02-15 16:04 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-08-27 04:26 . 2011-10-12 09:32 571904 ----a-w- c:\windows\system32\oleaut32.dll

2011-08-27 04:26 . 2011-10-12 09:32 233472 ----a-w- c:\windows\system32\oleacc.dll

2011-10-05 12:34 . 2011-03-24 11:52 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"FingerPrintSoftware"="c:\programme\Fingerprint\prog\fpapp.exe \s" [X]

"FingerPrintSoftwareSplashScreen"="c:\programme\Fingerprint\prog\SplashScreen.exe \s" [X]

"AcWin7Hlpr"="c:\programme\AccessConnections\Prog\AcTBenabler.exe" [2011-04-14 31592]

"TrackPointSrv"="c:\program files\Lenovo\TrackPoint\tp4serv.exe" [2009-11-24 93032]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-13 136216]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-13 171032]

"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-13 170520]

"LENOVO.TPKNRRES"="c:\program files\Lenovo\Communications Utility\TPKNRRES.exe" [2011-01-14 54632]

"TpShocks"="TpShocks.exe" [2010-07-01 337256]

"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-08-07 186904]

"IaNvSrv"="c:\program files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe" [2009-10-06 33304]

"PWMTRV"="c:\progra~1\ThinkPad\UTILIT~1\PWMTR32V.DLL" [2011-04-19 1258856]

"G DATA AntiVirus Trayapplication"="c:\program files\G DATA\TotalCare\AVKTray\AVKTray.exe" [2009-09-18 924232]

"ACWLIcon"="c:\programme\AccessConnections\Prog\ACWLIcon.exe" [2011-04-14 193896]

"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-22 402432]

"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-11-19 307768]

"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-10-19 1206544]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-07-19 421736]

"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 1821576]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2010-8-5 804128]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

"DisableCAD"= 1 (0x1)

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"DisallowCpl"= 1 (0x1)

.

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Digital Line Detect.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Digital Line Detect.lnk

backup=c:\windows\pss\Digital Line Detect.lnk.CommonStartup

backupExtension=.CommonStartup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2011-03-30 04:59 937920 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2011-09-07 22:58 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]

2010-09-01 06:39 1164584 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2011-07-19 16:29 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-11-29 16:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

2011-10-13 08:27 17351304 ----a-r- c:\program files\Skype\Phone\Skype.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPHOTKEY]

2010-11-29 15:32 69560 ----a-w- c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2010-11-24 45496]

R2 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files\ThinkPad\Utilities\PWMEWSVC.EXE [2011-04-19 143360]

R3 5U875UVC;Integrated Camera;c:\windows\system32\DRIVERS\RCUVCMNP.sys [2009-10-23 187776]

R3 ADMonitor;AD Monitor;c:\windows\system32\ADMonitor.exe [2010-10-21 106496]

R3 G Data Backup Service;G Data Backup Service;c:\program files\G Data\TotalCare\AVKBackup\AVKBackupService.exe [2009-10-21 865352]

R3 G Data Tuner Service;G Data Tuner Service;c:\program files\G Data\TotalCare\AVKTuner\AVKTunerService.exe [2009-04-20 918600]

R3 lnvobus;Ericsson F3507g Mobile Broadband Minicard Composite Device driver (WDM);c:\windows\system32\DRIVERS\lnvobus.sys [2008-12-16 282880]

R3 lnvomdfl;Ericsson F3507g Mobile Broadband Minicard Modem Filter;c:\windows\system32\DRIVERS\lnvomdfl.sys [2008-12-16 15104]

R3 lnvomdfl2;Ericsson F3507g Mobile Broadband Minicard Data Modem Filter;c:\windows\system32\DRIVERS\lnvomdfl2.sys [2008-12-16 15104]

R3 lnvomdm;Ericsson F3507g Mobile Broadband Minicard Modem Driver;c:\windows\system32\DRIVERS\lnvomdm.sys [2008-12-16 365056]

R3 lnvomdm2;Ericsson F3507g Mobile Broadband Minicard Data Modem;c:\windows\system32\DRIVERS\lnvomdm2.sys [2008-12-16 408960]

R3 lnvond5;Ericsson F3507g Mobile Broadband Minicard Network Adapter (NDIS);c:\windows\system32\DRIVERS\lnvond5.sys [2008-12-16 25984]

R3 lnvounic;Ericsson F3507g Mobile Broadband Minicard Network Adapter (WDM);c:\windows\system32\DRIVERS\lnvounic.sys [2008-12-16 375424]

R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]

R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-10-19 227600]

R3 NETw5s32;Intel® Wireless WiFi Link Adaptertreiber für Windows 7 32-Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [x]

R3 netw5v32;Intel® Wireless WiFi Link 5000-Serie - Adaptertreiber für Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]

R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.EXE [2011-04-19 83304]

R3 RRNetCap;RRNetCap Service;c:\windows\system32\DRIVERS\rrnetcap.sys [2010-11-17 31848]

R3 SIVDRIVER;SIV Kernel Driver;c:\windows\system32\Drivers\SIVX32.sys [2009-10-14 51064]

R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]

R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]

R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]

R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]

R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2010-09-12 1343400]

R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-09-09 691696]

S0 DozeHDD;DozeHDD;c:\windows\System32\DRIVERS\DozeHDD.sys [2011-04-19 25968]

S0 GDBehave;GDBehave;c:\windows\system32\drivers\GDBehave.sys [2010-09-14 28616]

S0 iaNvStor;Intel® Turbo Memory Controller;c:\windows\system32\DRIVERS\iaNvStor.sys [2009-08-21 232472]

S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM86.sys [2010-06-16 20592]

S1 gdwfpcd;G DATA WFP CD;c:\windows\system32\DRIVERS\gdwfpcd32.sys [2010-09-14 40904]

S1 GRD;G Data Rootkit Detector Driver;c:\windows\system32\drivers\GRD.sys [2010-12-02 29992]

S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiif32.sys [2010-09-07 13680]

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]

S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]

S2 ATService;AuthenTec Fingerprint Service;c:\windows\system32\AtService.exe [2010-10-21 1824064]

S2 AVKProxy;G Data AntiVirus Proxy;c:\program files\Common Files\G Data\AVKProxy\AVKProxy.exe [2009-12-07 1128008]

S2 AVKService;G Data Scheduler;c:\program files\G Data\TotalCare\AVK\AVKService.exe [2009-08-08 397896]

S2 AVKWCtl;G Data Dateisystem Wächter;c:\program files\G Data\TotalCare\AVK\AVKWCtl.exe [2009-11-25 1251488]

S2 dtsvc;Data Transfer Service;c:\windows\system32\DTS.exe [2010-10-21 98304]

S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 20992]

S2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe [2011-01-14 41320]

S2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe [2011-01-14 65896]

S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [2010-04-07 93032]

S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]

S2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [2010-12-03 99328]

S2 TPHKSVC;Anzeige am Bildschirm;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2010-12-02 64440]

S2 TunngleService;TunngleService;c:\program files\Tunngle\TnglCtrl.exe [2011-10-14 745832]

S2 WMCoreService;Mobile Broadband Service;c:\program files\Mobile Broadband drivers\WMCore\mini_WMCore.exe servicemode [x]

S3 ATSwpWDF;AuthenTec TruePrint USB Driver;c:\windows\system32\Drivers\ATSwpWDF.sys [2010-10-21 659968]

S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-08-18 45736]

S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-08-18 29472]

S3 DozeSvc;Lenovo Doze Mode Service;c:\program files\ThinkPad\Utilities\DOZESVC.EXE [2011-04-19 292200]

S3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y6232.sys [2010-04-07 223960]

S3 ecnssndis; Mobile Broadband Driver;c:\windows\system32\Drivers\wwanuss.sys [2010-02-23 23592]

S3 ecnssndisfltr; Mobile Broadband Driver Filter;c:\windows\system32\Drivers\wwanussf.sys [2010-02-23 26152]

S3 GDMnIcpt;GDMnIcpt;c:\windows\system32\drivers\MiniIcpt.sys [2010-09-15 55624]

S3 GDScan;G Data Scanner;c:\program files\Common Files\G Data\GDScan\GDScan.exe [2009-11-26 302152]

S3 HookCentre;HookCentre;c:\windows\system32\drivers\HookCentre.sys [2010-09-15 35272]

S3 lnvocard;Ericsson F3507g Mobile Broadband Minicard Device Management;c:\windows\system32\DRIVERS\lnvocard.sys [2008-12-16 356480]

S3 lnvogps;Ericsson F3507g Mobile Broadband Minicard GPS Port;c:\windows\system32\DRIVERS\lnvogps.sys [2008-10-23 77864]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-08-31 22216]

S3 Mbm3CBus;F3507g Mobile Broadband Device (WDM);c:\windows\system32\DRIVERS\Mbm3CBus.sys [2010-10-31 361032]

S3 Mbm3mdfl; Mobile Broadband Modem Port Filter;c:\windows\system32\DRIVERS\Mbm3mdfl.sys [2010-10-31 14920]

S3 Mbm3Mdm; Mobile Broadband Modem Port Driver;c:\windows\system32\DRIVERS\Mbm3Mdm.sys [2010-10-31 413768]

S3 NETwNs32;___ Intel® Wireless WiFi Link der Serie 5000 Adaptertreiber für Windows 7 32-Bit;c:\windows\system32\DRIVERS\NETwNs32.sys [2010-10-18 7122944]

S3 RRNetCapMP;RRNetCapMP;c:\windows\system32\DRIVERS\rrnetcap.sys [2010-11-17 31848]

S3 Sony_EricssonWWSC;Ericsson F3507g Mobile Broadband Minicard PC SC Port;c:\windows\system32\DRIVERS\lnvoscard.sys [2008-07-08 24232]

S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys [2009-09-16 27136]

S3 Tp4Track;PS/2 TrackPoint Driver;c:\windows\system32\DRIVERS\tp4track.sys [2009-11-24 23152]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]

S3 WwanUsbServ;Mobile Broadband Driver;c:\windows\system32\DRIVERS\WwanUsbMp.sys [2011-02-08 238632]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HsfXAudioService REG_MULTI_SZ HsfXAudioService

.

Inhalt des "geplante Tasks" Ordners

.

2011-11-18 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job

- c:\program files\PC-Doctor\uaclauncher.exe [2011-03-31 15:54]

.

2011-11-18 c:\windows\Tasks\SystemToolsDailyTest.job

- c:\program files\PC-Doctor\uaclauncher.exe [2011-03-31 15:54]

.

.

------- Zusätzlicher Suchlauf -------

.

uStart Page = about:blank

uInternet Settings,ProxyServer = 172.17.1.5:3128

uInternet Settings,ProxyOverride = *.local

IE: &Citavi Picker... - file://c:\program files\Internet Explorer\PLUGINS\Citavi Picker\ShowContextMenu.html

IE: BID Link Explorer: Öffne aktuelle Seite - file://c:\program files\Bulk Image Downloader\iemenu\iebidlinkexplorer.htm

IE: BID: Link in Queue einreihen - file://c:\program files\Bulk Image Downloader\iemenu\iebidlinkqueue.htm

IE: BID: Seite in &Queue einreihen - file://c:\program files\Bulk Image Downloader\iemenu\iebidqueue.htm

IE: BID: Öffne aktuelle Seite - file://c:\program files\Bulk Image Downloader\iemenu\iebid.htm

IE: BID: Öffne diesen &Link - file://c:\program files\Bulk Image Downloader\iemenu\iebidlink.htm

IE: Bild an &Bluetooth-Gerät senden... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm

IE: Seite an &Bluetooth-Gerät senden... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm

Trusted Zone: mydrive.ch\www

TCP: DhcpNameServer = 192.168.178.1

TCP: Interfaces\{5A85CDCD-5F9A-4653-A912-DD63342F5175}: NameServer = 192.168.1.1

FF - ProfilePath - c:\users\j\AppData\Roaming\Mozilla\Firefox\Profiles\61hfv95t.default\

FF - prefs.js: browser.search.selectedEngine - Ixquick

FF - prefs.js: browser.startup.homepage - hxxp://www.sueddeutsche.de/

FF - prefs.js: network.proxy.ftp - 172.17.1.5

FF - prefs.js: network.proxy.ftp_port - 3128

FF - prefs.js: network.proxy.gopher_port - 3128

FF - prefs.js: network.proxy.http - 172.17.1.5

FF - prefs.js: network.proxy.http_port - 3128

FF - prefs.js: network.proxy.socks - 172.17.1.5

FF - prefs.js: network.proxy.socks_port - 3128

FF - prefs.js: network.proxy.ssl - 172.17.1.5

FF - prefs.js: network.proxy.ssl_port - 3128

FF - prefs.js: network.proxy.type - 0

FF - user.js: capability.policy.policynames - allowclipboard

FF - user.js: capability.policy.allowclipboard.sites - hxxp://www.alpenverein-muenchen-oberland.de/jugend/gruppen/uebersicht/bergtrolle

FF - user.js: capability.policy.allowclipboard.Clipboard.cutcopy - allAccess

FF - user.js: capability.policy.allowclipboard.Clipboard.paste - allAccess

.

.

**************************************************************************

.

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net

Windows 6.1.7601

.

CreateFile("\\.\PHYSICALDRIVE1"): Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.

device: opened successfully

user: error reading MBR

kernel: MBR read successfully

user != kernel MBR !!!

.

**************************************************************************

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Zeit der Fertigstellung: 2011-11-18 16:25:36

ComboFix-quarantined-files.txt 2011-11-18 15:25

ComboFix2.txt 2011-10-30 19:43

ComboFix3.txt 2011-10-11 11:23

.

Vor Suchlauf: 6.789.427.200 Bytes frei

Nach Suchlauf: 6.735.130.624 Bytes frei

.

- - End Of File - - 94030A6B0BC2DA7F47714B91CDC5D3D5

Link to post
Share on other sites

  • Staff

Hi,

Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1

Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    :regfind
    WMADMOE4.dll
    :filefind
    WMADMOE4.dll


  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

Link to post
Share on other sites

Okay, here it is:

SystemLook 30.07.11 by jpshortstuff

Log created at 12:37 on 22/11/2011 by j

Administrator - Elevation successful

========== regfind ==========

Searching for "WMADMOE4.dll"

No data found.

========== filefind ==========

Searching for "WMADMOE4.dll"

C:\Windows\System32\WMADMOE4.dll -rahs-- 120832 bytes [11:11 11/01/2011] [11:11 11/01/2011] (Unable to calculate MD5)

-= EOF =-

Link to post
Share on other sites

  • Staff

Hi,

Please zip up this file to your next reply:

C:\Windows\System32\WMADMOE4.dll

Please delete your copy of ComboFix, download the latest version from here, and save it to your Desktop. Do not run it yet.

Next, please open Notepad. Copy and paste the text in the Code box below into Notepad:

http://forums.malwarebytes.org/index.php?showtopic=96469
Collect::
C:\Windows\System32\WMADMOE4.dll

Save this as CFScript.txt

CFScriptB-4.gif

Refering to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you. Post that log in your next reply.

**Note**

When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.

  • Ensure you are connected to the internet and click OK on the message box.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.