d4foasta

The WOT-Link doesn't work, but i found all i needed about it on wikipedia . Thanks for the Help and the tips.

okay, Sorry XD forgot the Forum-Language what i expressed so eloquently, but in german is: I followed your advice to the letter and wasn't able to find anything. Well, i wasn't able to find anything wrong apart from the File the AVK objected against before, so what i can say now is that the offending file doesn't reappear again. I can't find any other symptoms. As far as i can evaluate it, the problem is solved, although I would have liked to send you the WMADMOE4.dll. I'll remember to quarantine any corrupted file i'll stumble from now on. Thanks a lot an a happy new year to you all, d4foasta

In Ordnung, hab alles erledigt und nochmal den AVK drüberlaufen lassen - ich kann nichts mehr feststellen (ein bestimmtes Symptom ausser dem regelmäßigen Virenfund durch den AVK gabs auch vorher nicht). Insofern denk ich mal, ist das Problem jetzt auch beseitigt, auch wenn ich euch gerne die Virusdatei zukommen lassen hätte. In Zukunft werde ich darauf achten, derartige Dateien nur noch in die Quarantäne zu stecken. Vielen Dank und ein gutes neues Jahr, d4foasta

ok, now i'm done (at last). I did the ESET twice, because the log looked like this and the first time i thought it might be because i did sth wrong: ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK Results of screen317's Security Check version 0.99.30 Windows 7 Service Pack 1 x86 (UAC is enabled) Internet Explorer 9 `````````````````````````````` Antivirus/Firewall Check: ESET Online Scanner v3 WMI entry may not exist for antivirus; attempting automatic update. ``````````````````````````````` Anti-malware/Other Utilities Check: SUPERAntiSpyware CCleaner Java 6 Update 29 Java version out of date! Adobe Flash Player 11.1.102.55 Adobe Reader 9 Adobe Reader out of date! Mozilla Firefox (9.0.1) ```````````````````````````````` Process Check: objlist.exe by Laurent ``````````End of Log````````````

aye, sorry, don't worry. I'm still with you. I just didn't have the time yet. I'll give the requested Infos soon

You don't understand. As far as i can see, AVK deleted the File in C:\Qoobox\Quarantine\C\Windows\System32\ Is there a copy of it anywhere?

NOOoooooo.... I'm so sorry. I thought, AVK had the File quarantined. I wasn't able to find it now, so i looked up the Log-File of AVK. There, it says: Beim Öffnen der Datei "C:\Qoobox\Quarantine\C\Windows\System32\WMADMOE4.dll.vir" wurde der Virus "Win32:MalOb-EI [Cryp] (Engine B)" entdeckt. Datei gelöscht. (Translated: While opening "C:\Qoobox\Quarantine\C\Windows\System32\WMADMOE4.dll.vir" AVK found the Virus "Win32:MalOb-EI [Cryp] (Engine B)". File deleted.) Can i restore it somehow? I'd really like to give the file to you so you can help some others....

hmm... if i want to zip it, my AVK speaks up. Is it save to zip the WMADMOE4.dll with WinRar (is it adviseable to switch the AVKguard off?)? regards

hi... i have a Problem... (or not anymore?). I can't attach the WMADMOE4.dll, because i can't find it anymore, neither can the AVK. I don't know where ComboFix saved the zip-File. I restarted the System and it's still not there. So... is this fixed now or did it just vanish from sight? regards d4foasta ComboFix 11-11-26.04 - j 27.11.2011 13:39:55.8.2 - x86 Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.1944.1038 [GMT 1:00] ausgeführt von:: c:\users\j\Desktop\ComboFix.exe Benutzte Befehlsschalter :: c:\users\j\Desktop\CFScript.txt AV: G Data TotalCare 2010 *Enabled/Updated* {54ACC2FC-837E-E665-7A92-5352D560D5EF} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Neuer Wiederherstellungspunkt wurde erstellt . file zipped: c:\windows\System32\WMADMOE4.dll . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\PCDr\5849\AddOnDownloaded\0b2769c8-99f3-4a8f-b749-eca9816d1c9d.dll c:\programdata\PCDr\5849\AddOnDownloaded\7e36c7b4-f4c8-4324-9887-9cab89169ef6.dll c:\programdata\PCDr\5849\AddOnDownloaded\96963609-8feb-4f10-b100-425cef18a0db.dll c:\programdata\PCDr\5849\AddOnDownloaded\97d3cc32-549b-4646-bc59-82ebb82b5d11.dll c:\programdata\PCDr\5849\AddOnDownloaded\a2010314-d0e4-41be-bfeb-ca5bf837f119.dll c:\programdata\PCDr\5849\AddOnDownloaded\b96355f5-a46b-48d0-a3f2-b41eed57de73.dll c:\windows\System32\WMADMOE4.dll . . ((((((((((((((((((((((( Dateien erstellt von 2011-10-27 bis 2011-11-27 )))))))))))))))))))))))))))))) . . 2020-01-13 16:15 . 2020-01-13 16:15 -------- d-----w- c:\programdata\regid.1986-12.com.adobe 2011-11-27 12:50 . 2011-11-27 13:05 -------- d-----w- c:\users\j\AppData\Local\temp 2011-11-27 12:50 . 2011-11-27 12:50 -------- d-----w- c:\users\Public\AppData\Local\temp 2011-11-27 12:50 . 2011-11-27 12:50 -------- d-----w- c:\users\Gast\AppData\Local\temp 2011-11-27 12:50 . 2011-11-27 12:50 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-11-24 15:03 . 2011-11-24 15:03 -------- d-----w- c:\users\j\AppData\Roaming\RealWorld 2011-11-24 15:03 . 2011-11-24 15:03 -------- d-----w- c:\program files\RealWorld Icon Editor 2011-11-24 12:06 . 2011-11-24 12:06 -------- d-----w- c:\program files\LinkShellExtension 2011-11-14 12:13 . 2011-11-14 12:13 -------- d-----w- c:\users\j\AppData\Roaming\Broken Sword 2.5 2011-11-13 19:35 . 2011-09-29 16:03 1290608 ----a-w- c:\windows\system32\drivers\tcpip.sys 2011-11-13 19:35 . 2011-09-29 03:37 2341888 ----a-w- c:\windows\system32\win32k.sys 2011-11-13 19:35 . 2011-10-01 04:37 708608 ----a-w- c:\program files\Common Files\System\wab32.dll 2011-11-13 15:56 . 2011-11-13 15:57 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment 2011-11-13 15:41 . 2011-11-13 19:45 -------- d-----w- c:\programdata\Blizzard Entertainment 2011-11-02 21:39 . 2011-11-03 20:40 -------- d-----w- c:\users\j\AppData\Roaming\.minecraft 2011-11-02 21:33 . 2011-11-03 17:15 -------- d-----w- c:\programdata\Tunngle 2011-11-02 21:33 . 2011-11-02 21:53 -------- d-----w- c:\users\j\AppData\Roaming\Tunngle 2011-11-02 21:33 . 2009-09-16 07:02 27136 ----a-w- c:\windows\system32\drivers\tap0901t.sys 2011-11-02 21:33 . 2011-11-02 21:35 -------- d-----w- c:\program files\Tunngle 2011-11-01 09:54 . 2011-11-01 09:54 -------- d-----w- c:\users\j\.config 2011-11-01 09:52 . 2011-11-01 09:56 -------- d-----w- c:\users\j\AppData\Local\Mudlet . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-11-17 11:29 . 2011-06-14 08:09 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-10-27 15:20 . 2010-09-02 20:45 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-09-01 02:35 . 2011-10-12 09:39 1798144 ----a-w- c:\windows\system32\jscript9.dll 2011-09-01 02:28 . 2011-10-12 09:39 1126912 ----a-w- c:\windows\system32\wininet.dll 2011-09-01 02:22 . 2011-10-12 09:39 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2011-08-31 15:00 . 2011-02-15 16:04 22216 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-10-05 12:34 . 2011-03-24 11:52 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\HardLinkMenu] @="{0A479751-02BC-11d3-A855-0004AC2568AA}" [HKEY_CLASSES_ROOT\CLSID\{0A479751-02BC-11d3-A855-0004AC2568AA}] 2011-08-13 10:13 374984 ----a-w- c:\program files\LinkShellExtension\HardlinkShellExt.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IconOverlayHardLink] @="{0A479751-02BC-11d3-A855-0004AC2568DD}" [HKEY_CLASSES_ROOT\CLSID\{0A479751-02BC-11d3-A855-0004AC2568DD}] 2011-08-13 10:13 374984 ----a-w- c:\program files\LinkShellExtension\HardlinkShellExt.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IconOverlaySymbolicLink] @="{0A479751-02BC-11d3-A855-0004AC2568EE}" [HKEY_CLASSES_ROOT\CLSID\{0A479751-02BC-11d3-A855-0004AC2568EE}] 2011-08-13 10:13 374984 ----a-w- c:\program files\LinkShellExtension\HardlinkShellExt.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "FingerPrintSoftware"="c:\programme\Fingerprint\prog\fpapp.exe \s" [X] "FingerPrintSoftwareSplashScreen"="c:\programme\Fingerprint\prog\SplashScreen.exe \s" [X] "AcWin7Hlpr"="c:\programme\AccessConnections\Prog\AcTBenabler.exe" [2011-04-14 31592] "TrackPointSrv"="c:\program files\Lenovo\TrackPoint\tp4serv.exe" [2009-11-24 93032] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-13 136216] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-13 171032] "Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-13 170520] "LENOVO.TPKNRRES"="c:\program files\Lenovo\Communications Utility\TPKNRRES.exe" [2011-01-14 54632] "TpShocks"="TpShocks.exe" [2010-07-01 337256] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-08-07 186904] "IaNvSrv"="c:\program files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe" [2009-10-06 33304] "PWMTRV"="c:\progra~1\ThinkPad\UTILIT~1\PWMTR32V.DLL" [2011-04-19 1258856] "G DATA AntiVirus Trayapplication"="c:\program files\G DATA\TotalCare\AVKTray\AVKTray.exe" [2009-09-18 924232] "ACWLIcon"="c:\programme\AccessConnections\Prog\ACWLIcon.exe" [2011-04-14 193896] "AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-22 402432] "SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-11-19 307768] "IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-10-19 1206544] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-07-19 421736] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 1821576] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2010-8-5 804128] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) "DisableCAD"= 1 (0x1) . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "DisallowCpl"= 1 (0x1) . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Digital Line Detect.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Digital Line Detect.lnk backup=c:\windows\pss\Digital Line Detect.lnk.CommonStartup backupExtension=.CommonStartup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2011-03-30 04:59 937920 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2011-09-07 22:58 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate] 2010-09-01 06:39 1164584 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2011-07-19 16:29 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2010-11-29 16:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] 2011-10-13 08:27 17351304 ----a-r- c:\program files\Skype\Phone\Skype.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPHOTKEY] 2010-11-29 15:32 69560 ----a-w- c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2010-11-24 45496] R3 5U875UVC;Integrated Camera;c:\windows\system32\DRIVERS\RCUVCMNP.sys [2009-10-23 187776] R3 ADMonitor;AD Monitor;c:\windows\system32\ADMonitor.exe [2010-10-21 106496] R3 CFcatchme;CFcatchme;c:\users\j\AppData\Local\Temp\CFcatchme.sys [x] R3 DozeSvc;Lenovo Doze Mode Service;c:\program files\ThinkPad\Utilities\DOZESVC.EXE [2011-04-19 292200] R3 G Data Backup Service;G Data Backup Service;c:\program files\G Data\TotalCare\AVKBackup\AVKBackupService.exe [2009-10-21 865352] R3 G Data Tuner Service;G Data Tuner Service;c:\program files\G Data\TotalCare\AVKTuner\AVKTunerService.exe [2009-04-20 918600] R3 lnvobus;Ericsson F3507g Mobile Broadband Minicard Composite Device driver (WDM);c:\windows\system32\DRIVERS\lnvobus.sys [2008-12-16 282880] R3 lnvomdfl;Ericsson F3507g Mobile Broadband Minicard Modem Filter;c:\windows\system32\DRIVERS\lnvomdfl.sys [2008-12-16 15104] R3 lnvomdfl2;Ericsson F3507g Mobile Broadband Minicard Data Modem Filter;c:\windows\system32\DRIVERS\lnvomdfl2.sys [2008-12-16 15104] R3 lnvomdm;Ericsson F3507g Mobile Broadband Minicard Modem Driver;c:\windows\system32\DRIVERS\lnvomdm.sys [2008-12-16 365056] R3 lnvomdm2;Ericsson F3507g Mobile Broadband Minicard Data Modem;c:\windows\system32\DRIVERS\lnvomdm2.sys [2008-12-16 408960] R3 lnvond5;Ericsson F3507g Mobile Broadband Minicard Network Adapter (NDIS);c:\windows\system32\DRIVERS\lnvond5.sys [2008-12-16 25984] R3 lnvounic;Ericsson F3507g Mobile Broadband Minicard Network Adapter (WDM);c:\windows\system32\DRIVERS\lnvounic.sys [2008-12-16 375424] R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x] R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-10-19 227600] R3 NETw5s32;Intel® Wireless WiFi Link Adaptertreiber für Windows 7 32-Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [x] R3 netw5v32;Intel® Wireless WiFi Link 5000-Serie - Adaptertreiber für Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168] R3 PCDSRVC{3037D694-FD904ACA-06020200}_0;PCDSRVC{3037D694-FD904ACA-06020200}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\pc-doctor\pcdsrvc.pkms [2011-06-27 22640] R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.EXE [2011-04-19 83304] R3 RRNetCap;RRNetCap Service;c:\windows\system32\DRIVERS\rrnetcap.sys [2010-11-17 31848] R3 SIVDRIVER;SIV Kernel Driver;c:\windows\system32\Drivers\SIVX32.sys [2009-10-14 51064] R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360] R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992] R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504] R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224] R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2010-09-12 1343400] R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-09-09 691696] S0 DozeHDD;DozeHDD;c:\windows\System32\DRIVERS\DozeHDD.sys [2011-04-19 25968] S0 GDBehave;GDBehave;c:\windows\system32\drivers\GDBehave.sys [2010-09-14 28616] S0 iaNvStor;Intel® Turbo Memory Controller;c:\windows\system32\DRIVERS\iaNvStor.sys [2009-08-21 232472] S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM86.sys [2010-06-16 20592] S1 gdwfpcd;G DATA WFP CD;c:\windows\system32\DRIVERS\gdwfpcd32.sys [2010-09-14 40904] S1 GRD;G Data Rootkit Detector Driver;c:\windows\system32\drivers\GRD.sys [2010-12-02 29992] S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiif32.sys [2010-09-07 13680] S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872] S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128] S2 ATService;AuthenTec Fingerprint Service;c:\windows\system32\AtService.exe [2010-10-21 1824064] S2 AVKProxy;G Data AntiVirus Proxy;c:\program files\Common Files\G Data\AVKProxy\AVKProxy.exe [2009-12-07 1128008] S2 AVKService;G Data Scheduler;c:\program files\G Data\TotalCare\AVK\AVKService.exe [2009-08-08 397896] S2 AVKWCtl;G Data Dateisystem Wächter;c:\program files\G Data\TotalCare\AVK\AVKWCtl.exe [2009-11-25 1251488] S2 dtsvc;Data Transfer Service;c:\windows\system32\DTS.exe [2010-10-21 98304] S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 20992] S2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe [2011-01-14 41320] S2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe [2011-01-14 65896] S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [2010-04-07 93032] S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152] S2 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files\ThinkPad\Utilities\PWMEWSVC.EXE [2011-04-19 143360] S2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [2010-12-03 99328] S2 TPHKSVC;Anzeige am Bildschirm;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2010-12-02 64440] S2 TunngleService;TunngleService;c:\program files\Tunngle\TnglCtrl.exe [2011-10-14 745832] S2 WMCoreService;Mobile Broadband Service;c:\program files\Mobile Broadband drivers\WMCore\mini_WMCore.exe servicemode [x] S3 ATSwpWDF;AuthenTec TruePrint USB Driver;c:\windows\system32\Drivers\ATSwpWDF.sys [2010-10-21 659968] S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-08-18 45736] S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-08-18 29472] S3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y6232.sys [2010-04-07 223960] S3 ecnssndis; Mobile Broadband Driver;c:\windows\system32\Drivers\wwanuss.sys [2010-02-23 23592] S3 ecnssndisfltr; Mobile Broadband Driver Filter;c:\windows\system32\Drivers\wwanussf.sys [2010-02-23 26152] S3 GDMnIcpt;GDMnIcpt;c:\windows\system32\drivers\MiniIcpt.sys [2010-09-15 55624] S3 GDScan;G Data Scanner;c:\program files\Common Files\G Data\GDScan\GDScan.exe [2009-11-26 302152] S3 HookCentre;HookCentre;c:\windows\system32\drivers\HookCentre.sys [2010-09-15 35272] S3 lnvocard;Ericsson F3507g Mobile Broadband Minicard Device Management;c:\windows\system32\DRIVERS\lnvocard.sys [2008-12-16 356480] S3 lnvogps;Ericsson F3507g Mobile Broadband Minicard GPS Port;c:\windows\system32\DRIVERS\lnvogps.sys [2008-10-23 77864] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-08-31 22216] S3 Mbm3CBus;F3507g Mobile Broadband Device (WDM);c:\windows\system32\DRIVERS\Mbm3CBus.sys [2010-10-31 361032] S3 Mbm3mdfl; Mobile Broadband Modem Port Filter;c:\windows\system32\DRIVERS\Mbm3mdfl.sys [2010-10-31 14920] S3 Mbm3Mdm; Mobile Broadband Modem Port Driver;c:\windows\system32\DRIVERS\Mbm3Mdm.sys [2010-10-31 413768] S3 NETwNs32;___ Intel® Wireless WiFi Link der Serie 5000 Adaptertreiber für Windows 7 32-Bit;c:\windows\system32\DRIVERS\NETwNs32.sys [2010-10-18 7122944] S3 RRNetCapMP;RRNetCapMP;c:\windows\system32\DRIVERS\rrnetcap.sys [2010-11-17 31848] S3 Sony_EricssonWWSC;Ericsson F3507g Mobile Broadband Minicard PC SC Port;c:\windows\system32\DRIVERS\lnvoscard.sys [2008-07-08 24232] S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys [2009-09-16 27136] S3 Tp4Track;PS/2 TrackPoint Driver;c:\windows\system32\DRIVERS\tp4track.sys [2009-11-24 23152] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336] S3 WwanUsbServ;Mobile Broadband Driver;c:\windows\system32\DRIVERS\WwanUsbMp.sys [2011-02-08 238632] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HsfXAudioService REG_MULTI_SZ HsfXAudioService . Inhalt des "geplante Tasks" Ordners . 2011-11-27 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job - c:\program files\PC-Doctor\uaclauncher.exe [2011-03-31 15:54] . 2011-11-27 c:\windows\Tasks\SystemToolsDailyTest.job - c:\program files\PC-Doctor\uaclauncher.exe [2011-03-31 15:54] . . ------- Zusätzlicher Suchlauf ------- . uStart Page = about:blank uInternet Settings,ProxyServer = 172.17.1.5:3128 uInternet Settings,ProxyOverride = *.local IE: &Citavi Picker... - file://c:\program files\Internet Explorer\PLUGINS\Citavi Picker\ShowContextMenu.html IE: BID Link Explorer: Öffne aktuelle Seite - file://c:\program files\Bulk Image Downloader\iemenu\iebidlinkexplorer.htm IE: BID: Link in Queue einreihen - file://c:\program files\Bulk Image Downloader\iemenu\iebidlinkqueue.htm IE: BID: Seite in &Queue einreihen - file://c:\program files\Bulk Image Downloader\iemenu\iebidqueue.htm IE: BID: Öffne aktuelle Seite - file://c:\program files\Bulk Image Downloader\iemenu\iebid.htm IE: BID: Öffne diesen &Link - file://c:\program files\Bulk Image Downloader\iemenu\iebidlink.htm IE: Bild an &Bluetooth-Gerät senden... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm IE: Seite an &Bluetooth-Gerät senden... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm Trusted Zone: mydrive.ch\www TCP: DhcpNameServer = 192.168.178.1 TCP: Interfaces\{5A85CDCD-5F9A-4653-A912-DD63342F5175}: NameServer = 192.168.1.1 FF - ProfilePath - c:\users\j\AppData\Roaming\Mozilla\Firefox\Profiles\61hfv95t.default\ FF - prefs.js: browser.search.selectedEngine - Ixquick FF - prefs.js: browser.startup.homepage - hxxp://www.sueddeutsche.de/ FF - prefs.js: network.proxy.ftp - 172.17.1.5 FF - prefs.js: network.proxy.ftp_port - 3128 FF - prefs.js: network.proxy.gopher_port - 3128 FF - prefs.js: network.proxy.http - 172.17.1.5 FF - prefs.js: network.proxy.http_port - 3128 FF - prefs.js: network.proxy.socks - 172.17.1.5 FF - prefs.js: network.proxy.socks_port - 3128 FF - prefs.js: network.proxy.ssl - 172.17.1.5 FF - prefs.js: network.proxy.ssl_port - 3128 FF - prefs.js: network.proxy.type - 0 FF - user.js: capability.policy.policynames - allowclipboard FF - user.js: capability.policy.allowclipboard.sites - hxxp://www.alpenverein-muenchen-oberland.de/jugend/gruppen/uebersicht/bergtrolle FF - user.js: capability.policy.allowclipboard.Clipboard.cutcopy - allAccess FF - user.js: capability.policy.allowclipboard.Clipboard.paste - allAccess . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{3037D694-FD904ACA-06020200}_0] "ImagePath"="\??\c:\program files\pc-doctor\pcdsrvc.pkms" . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . --------------------- Durch laufende Prozesse gestartete DLLs --------------------- . - - - - - - - > 'Explorer.exe'(5368) c:\program files\LinkShellExtension\RockallDLL.dll c:\program files\G DATA\TotalCare\Shredder\Reisswlf.dll c:\program files\ThinkPad\Bluetooth Software\btncopy.dll . ------------------------ Weitere laufende Prozesse ------------------------ . c:\windows\system32\ibmpmsvc.exe c:\windows\system32\WLANExt.exe c:\windows\system32\conhost.exe c:\programme\AccessConnections\Prog\AcPrfMgrSvc.exe c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\ThinkPad\Bluetooth Software\btwdins.exe c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe c:\program files\Mobile Broadband drivers\WMCore\mini_WMCore.exe c:\programme\AccessConnections\Prog\AcSvc.exe c:\program files\Intel\WiFi\bin\EvtEng.exe c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe c:\windows\system32\wbem\unsecapp.exe c:\progra~1\LENOVO\VIRTSCRL\virtscrl.exe c:\windows\system32\taskhost.exe c:\program files\Lenovo\HOTKEY\TPONSCR.exe c:\program files\Lenovo\Zoom\TpScrex.exe c:\windows\system32\conhost.exe c:\windows\system32\sppsvc.exe c:\program files\Lenovo\System Update\SUService.exe c:\program files\Windows Media Player\wmpnetwk.exe . ************************************************************************** . Zeit der Fertigstellung: 2011-11-27 14:11:13 - PC wurde neu gestartet ComboFix-quarantined-files.txt 2011-11-27 13:11 ComboFix2.txt 2011-11-18 15:25 ComboFix3.txt 2011-10-30 19:43 ComboFix4.txt 2011-10-11 11:23 . Vor Suchlauf: 1.171.939.328 Bytes frei Nach Suchlauf: 868.954.112 Bytes frei . - - End Of File - - 3998E6DE1A30E0EF9CAD54BF40733C00

Okay, here it is: SystemLook 30.07.11 by jpshortstuff Log created at 12:37 on 22/11/2011 by j Administrator - Elevation successful ========== regfind ========== Searching for "WMADMOE4.dll" No data found. ========== filefind ========== Searching for "WMADMOE4.dll" C:\Windows\System32\WMADMOE4.dll -rahs-- 120832 bytes [11:11 11/01/2011] [11:11 11/01/2011] (Unable to calculate MD5) -= EOF =-

Kay, here it is: ComboFix 11-11-18.01 - j 18.11.2011 16:12:10.7.2 - x86 Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.1944.1034 [GMT 1:00] ausgeführt von:: c:\users\j\Downloads\ComboFix.exe AV: G Data TotalCare 2010 *Disabled/Updated* {54ACC2FC-837E-E665-7A92-5352D560D5EF} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\PCDr\5849\AddOnDownloaded\0b2769c8-99f3-4a8f-b749-eca9816d1c9d.dll c:\programdata\PCDr\5849\AddOnDownloaded\7e36c7b4-f4c8-4324-9887-9cab89169ef6.dll c:\programdata\PCDr\5849\AddOnDownloaded\96963609-8feb-4f10-b100-425cef18a0db.dll c:\programdata\PCDr\5849\AddOnDownloaded\97d3cc32-549b-4646-bc59-82ebb82b5d11.dll c:\programdata\PCDr\5849\AddOnDownloaded\b96355f5-a46b-48d0-a3f2-b41eed57de73.dll . . ((((((((((((((((((((((( Dateien erstellt von 2011-10-18 bis 2011-11-18 )))))))))))))))))))))))))))))) . . 2020-01-13 16:15 . 2020-01-13 16:15 -------- d-----w- c:\programdata\regid.1986-12.com.adobe 2011-11-18 15:21 . 2011-11-18 15:21 -------- d-----w- c:\users\Public\AppData\Local\temp 2011-11-18 15:21 . 2011-11-18 15:21 -------- d-----w- c:\users\Gast\AppData\Local\temp 2011-11-18 15:21 . 2011-11-18 15:21 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-11-14 12:13 . 2011-11-14 12:13 -------- d-----w- c:\users\j\AppData\Roaming\Broken Sword 2.5 2011-11-13 19:35 . 2011-09-29 16:03 1290608 ----a-w- c:\windows\system32\drivers\tcpip.sys 2011-11-13 19:35 . 2011-09-29 03:37 2341888 ----a-w- c:\windows\system32\win32k.sys 2011-11-13 19:35 . 2011-10-01 04:37 708608 ----a-w- c:\program files\Common Files\System\wab32.dll 2011-11-13 15:56 . 2011-11-13 15:57 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment 2011-11-13 15:41 . 2011-11-13 19:45 -------- d-----w- c:\programdata\Blizzard Entertainment 2011-11-02 21:39 . 2011-11-03 20:40 -------- d-----w- c:\users\j\AppData\Roaming\.minecraft 2011-11-02 21:33 . 2011-11-03 17:15 -------- d-----w- c:\programdata\Tunngle 2011-11-02 21:33 . 2011-11-02 21:53 -------- d-----w- c:\users\j\AppData\Roaming\Tunngle 2011-11-02 21:33 . 2009-09-16 07:02 27136 ----a-w- c:\windows\system32\drivers\tap0901t.sys 2011-11-02 21:33 . 2011-11-02 21:35 -------- d-----w- c:\program files\Tunngle 2011-11-01 09:54 . 2011-11-01 09:54 -------- d-----w- c:\users\j\.config 2011-11-01 09:52 . 2011-11-01 09:56 -------- d-----w- c:\users\j\AppData\Local\Mudlet 2011-10-27 15:21 . 2011-10-27 15:21 -------- d-----w- c:\program files\Common Files\Java 2011-10-27 15:20 . 2011-10-27 15:20 476904 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-11-17 11:29 . 2011-06-14 08:09 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-10-27 15:20 . 2010-09-02 20:45 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-09-01 02:35 . 2011-10-12 09:39 1798144 ----a-w- c:\windows\system32\jscript9.dll 2011-09-01 02:28 . 2011-10-12 09:39 1126912 ----a-w- c:\windows\system32\wininet.dll 2011-09-01 02:22 . 2011-10-12 09:39 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2011-08-31 15:00 . 2011-02-15 16:04 22216 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-08-27 04:26 . 2011-10-12 09:32 571904 ----a-w- c:\windows\system32\oleaut32.dll 2011-08-27 04:26 . 2011-10-12 09:32 233472 ----a-w- c:\windows\system32\oleacc.dll 2011-10-05 12:34 . 2011-03-24 11:52 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "FingerPrintSoftware"="c:\programme\Fingerprint\prog\fpapp.exe \s" [X] "FingerPrintSoftwareSplashScreen"="c:\programme\Fingerprint\prog\SplashScreen.exe \s" [X] "AcWin7Hlpr"="c:\programme\AccessConnections\Prog\AcTBenabler.exe" [2011-04-14 31592] "TrackPointSrv"="c:\program files\Lenovo\TrackPoint\tp4serv.exe" [2009-11-24 93032] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-13 136216] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-13 171032] "Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-13 170520] "LENOVO.TPKNRRES"="c:\program files\Lenovo\Communications Utility\TPKNRRES.exe" [2011-01-14 54632] "TpShocks"="TpShocks.exe" [2010-07-01 337256] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-08-07 186904] "IaNvSrv"="c:\program files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe" [2009-10-06 33304] "PWMTRV"="c:\progra~1\ThinkPad\UTILIT~1\PWMTR32V.DLL" [2011-04-19 1258856] "G DATA AntiVirus Trayapplication"="c:\program files\G DATA\TotalCare\AVKTray\AVKTray.exe" [2009-09-18 924232] "ACWLIcon"="c:\programme\AccessConnections\Prog\ACWLIcon.exe" [2011-04-14 193896] "AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-22 402432] "SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-11-19 307768] "IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-10-19 1206544] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-07-19 421736] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 1821576] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2010-8-5 804128] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) "DisableCAD"= 1 (0x1) . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "DisallowCpl"= 1 (0x1) . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Digital Line Detect.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Digital Line Detect.lnk backup=c:\windows\pss\Digital Line Detect.lnk.CommonStartup backupExtension=.CommonStartup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2011-03-30 04:59 937920 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2011-09-07 22:58 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate] 2010-09-01 06:39 1164584 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2011-07-19 16:29 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2010-11-29 16:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] 2011-10-13 08:27 17351304 ----a-r- c:\program files\Skype\Phone\Skype.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPHOTKEY] 2010-11-29 15:32 69560 ----a-w- c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2010-11-24 45496] R2 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files\ThinkPad\Utilities\PWMEWSVC.EXE [2011-04-19 143360] R3 5U875UVC;Integrated Camera;c:\windows\system32\DRIVERS\RCUVCMNP.sys [2009-10-23 187776] R3 ADMonitor;AD Monitor;c:\windows\system32\ADMonitor.exe [2010-10-21 106496] R3 G Data Backup Service;G Data Backup Service;c:\program files\G Data\TotalCare\AVKBackup\AVKBackupService.exe [2009-10-21 865352] R3 G Data Tuner Service;G Data Tuner Service;c:\program files\G Data\TotalCare\AVKTuner\AVKTunerService.exe [2009-04-20 918600] R3 lnvobus;Ericsson F3507g Mobile Broadband Minicard Composite Device driver (WDM);c:\windows\system32\DRIVERS\lnvobus.sys [2008-12-16 282880] R3 lnvomdfl;Ericsson F3507g Mobile Broadband Minicard Modem Filter;c:\windows\system32\DRIVERS\lnvomdfl.sys [2008-12-16 15104] R3 lnvomdfl2;Ericsson F3507g Mobile Broadband Minicard Data Modem Filter;c:\windows\system32\DRIVERS\lnvomdfl2.sys [2008-12-16 15104] R3 lnvomdm;Ericsson F3507g Mobile Broadband Minicard Modem Driver;c:\windows\system32\DRIVERS\lnvomdm.sys [2008-12-16 365056] R3 lnvomdm2;Ericsson F3507g Mobile Broadband Minicard Data Modem;c:\windows\system32\DRIVERS\lnvomdm2.sys [2008-12-16 408960] R3 lnvond5;Ericsson F3507g Mobile Broadband Minicard Network Adapter (NDIS);c:\windows\system32\DRIVERS\lnvond5.sys [2008-12-16 25984] R3 lnvounic;Ericsson F3507g Mobile Broadband Minicard Network Adapter (WDM);c:\windows\system32\DRIVERS\lnvounic.sys [2008-12-16 375424] R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x] R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-10-19 227600] R3 NETw5s32;Intel® Wireless WiFi Link Adaptertreiber für Windows 7 32-Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [x] R3 netw5v32;Intel® Wireless WiFi Link 5000-Serie - Adaptertreiber für Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168] R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.EXE [2011-04-19 83304] R3 RRNetCap;RRNetCap Service;c:\windows\system32\DRIVERS\rrnetcap.sys [2010-11-17 31848] R3 SIVDRIVER;SIV Kernel Driver;c:\windows\system32\Drivers\SIVX32.sys [2009-10-14 51064] R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360] R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992] R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504] R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224] R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2010-09-12 1343400] R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-09-09 691696] S0 DozeHDD;DozeHDD;c:\windows\System32\DRIVERS\DozeHDD.sys [2011-04-19 25968] S0 GDBehave;GDBehave;c:\windows\system32\drivers\GDBehave.sys [2010-09-14 28616] S0 iaNvStor;Intel® Turbo Memory Controller;c:\windows\system32\DRIVERS\iaNvStor.sys [2009-08-21 232472] S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM86.sys [2010-06-16 20592] S1 gdwfpcd;G DATA WFP CD;c:\windows\system32\DRIVERS\gdwfpcd32.sys [2010-09-14 40904] S1 GRD;G Data Rootkit Detector Driver;c:\windows\system32\drivers\GRD.sys [2010-12-02 29992] S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiif32.sys [2010-09-07 13680] S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872] S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128] S2 ATService;AuthenTec Fingerprint Service;c:\windows\system32\AtService.exe [2010-10-21 1824064] S2 AVKProxy;G Data AntiVirus Proxy;c:\program files\Common Files\G Data\AVKProxy\AVKProxy.exe [2009-12-07 1128008] S2 AVKService;G Data Scheduler;c:\program files\G Data\TotalCare\AVK\AVKService.exe [2009-08-08 397896] S2 AVKWCtl;G Data Dateisystem Wächter;c:\program files\G Data\TotalCare\AVK\AVKWCtl.exe [2009-11-25 1251488] S2 dtsvc;Data Transfer Service;c:\windows\system32\DTS.exe [2010-10-21 98304] S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 20992] S2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe [2011-01-14 41320] S2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe [2011-01-14 65896] S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [2010-04-07 93032] S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152] S2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [2010-12-03 99328] S2 TPHKSVC;Anzeige am Bildschirm;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2010-12-02 64440] S2 TunngleService;TunngleService;c:\program files\Tunngle\TnglCtrl.exe [2011-10-14 745832] S2 WMCoreService;Mobile Broadband Service;c:\program files\Mobile Broadband drivers\WMCore\mini_WMCore.exe servicemode [x] S3 ATSwpWDF;AuthenTec TruePrint USB Driver;c:\windows\system32\Drivers\ATSwpWDF.sys [2010-10-21 659968] S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-08-18 45736] S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-08-18 29472] S3 DozeSvc;Lenovo Doze Mode Service;c:\program files\ThinkPad\Utilities\DOZESVC.EXE [2011-04-19 292200] S3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y6232.sys [2010-04-07 223960] S3 ecnssndis; Mobile Broadband Driver;c:\windows\system32\Drivers\wwanuss.sys [2010-02-23 23592] S3 ecnssndisfltr; Mobile Broadband Driver Filter;c:\windows\system32\Drivers\wwanussf.sys [2010-02-23 26152] S3 GDMnIcpt;GDMnIcpt;c:\windows\system32\drivers\MiniIcpt.sys [2010-09-15 55624] S3 GDScan;G Data Scanner;c:\program files\Common Files\G Data\GDScan\GDScan.exe [2009-11-26 302152] S3 HookCentre;HookCentre;c:\windows\system32\drivers\HookCentre.sys [2010-09-15 35272] S3 lnvocard;Ericsson F3507g Mobile Broadband Minicard Device Management;c:\windows\system32\DRIVERS\lnvocard.sys [2008-12-16 356480] S3 lnvogps;Ericsson F3507g Mobile Broadband Minicard GPS Port;c:\windows\system32\DRIVERS\lnvogps.sys [2008-10-23 77864] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-08-31 22216] S3 Mbm3CBus;F3507g Mobile Broadband Device (WDM);c:\windows\system32\DRIVERS\Mbm3CBus.sys [2010-10-31 361032] S3 Mbm3mdfl; Mobile Broadband Modem Port Filter;c:\windows\system32\DRIVERS\Mbm3mdfl.sys [2010-10-31 14920] S3 Mbm3Mdm; Mobile Broadband Modem Port Driver;c:\windows\system32\DRIVERS\Mbm3Mdm.sys [2010-10-31 413768] S3 NETwNs32;___ Intel® Wireless WiFi Link der Serie 5000 Adaptertreiber für Windows 7 32-Bit;c:\windows\system32\DRIVERS\NETwNs32.sys [2010-10-18 7122944] S3 RRNetCapMP;RRNetCapMP;c:\windows\system32\DRIVERS\rrnetcap.sys [2010-11-17 31848] S3 Sony_EricssonWWSC;Ericsson F3507g Mobile Broadband Minicard PC SC Port;c:\windows\system32\DRIVERS\lnvoscard.sys [2008-07-08 24232] S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys [2009-09-16 27136] S3 Tp4Track;PS/2 TrackPoint Driver;c:\windows\system32\DRIVERS\tp4track.sys [2009-11-24 23152] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336] S3 WwanUsbServ;Mobile Broadband Driver;c:\windows\system32\DRIVERS\WwanUsbMp.sys [2011-02-08 238632] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HsfXAudioService REG_MULTI_SZ HsfXAudioService . Inhalt des "geplante Tasks" Ordners . 2011-11-18 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job - c:\program files\PC-Doctor\uaclauncher.exe [2011-03-31 15:54] . 2011-11-18 c:\windows\Tasks\SystemToolsDailyTest.job - c:\program files\PC-Doctor\uaclauncher.exe [2011-03-31 15:54] . . ------- Zusätzlicher Suchlauf ------- . uStart Page = about:blank uInternet Settings,ProxyServer = 172.17.1.5:3128 uInternet Settings,ProxyOverride = *.local IE: &Citavi Picker... - file://c:\program files\Internet Explorer\PLUGINS\Citavi Picker\ShowContextMenu.html IE: BID Link Explorer: Öffne aktuelle Seite - file://c:\program files\Bulk Image Downloader\iemenu\iebidlinkexplorer.htm IE: BID: Link in Queue einreihen - file://c:\program files\Bulk Image Downloader\iemenu\iebidlinkqueue.htm IE: BID: Seite in &Queue einreihen - file://c:\program files\Bulk Image Downloader\iemenu\iebidqueue.htm IE: BID: Öffne aktuelle Seite - file://c:\program files\Bulk Image Downloader\iemenu\iebid.htm IE: BID: Öffne diesen &Link - file://c:\program files\Bulk Image Downloader\iemenu\iebidlink.htm IE: Bild an &Bluetooth-Gerät senden... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm IE: Seite an &Bluetooth-Gerät senden... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm Trusted Zone: mydrive.ch\www TCP: DhcpNameServer = 192.168.178.1 TCP: Interfaces\{5A85CDCD-5F9A-4653-A912-DD63342F5175}: NameServer = 192.168.1.1 FF - ProfilePath - c:\users\j\AppData\Roaming\Mozilla\Firefox\Profiles\61hfv95t.default\ FF - prefs.js: browser.search.selectedEngine - Ixquick FF - prefs.js: browser.startup.homepage - hxxp://www.sueddeutsche.de/ FF - prefs.js: network.proxy.ftp - 172.17.1.5 FF - prefs.js: network.proxy.ftp_port - 3128 FF - prefs.js: network.proxy.gopher_port - 3128 FF - prefs.js: network.proxy.http - 172.17.1.5 FF - prefs.js: network.proxy.http_port - 3128 FF - prefs.js: network.proxy.socks - 172.17.1.5 FF - prefs.js: network.proxy.socks_port - 3128 FF - prefs.js: network.proxy.ssl - 172.17.1.5 FF - prefs.js: network.proxy.ssl_port - 3128 FF - prefs.js: network.proxy.type - 0 FF - user.js: capability.policy.policynames - allowclipboard FF - user.js: capability.policy.allowclipboard.sites - hxxp://www.alpenverein-muenchen-oberland.de/jugend/gruppen/uebersicht/bergtrolle FF - user.js: capability.policy.allowclipboard.Clipboard.cutcopy - allAccess FF - user.js: capability.policy.allowclipboard.Clipboard.paste - allAccess . . ************************************************************************** . Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net Windows 6.1.7601 . CreateFile("\\.\PHYSICALDRIVE1"): Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird. device: opened successfully user: error reading MBR kernel: MBR read successfully user != kernel MBR !!! . ************************************************************************** . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Zeit der Fertigstellung: 2011-11-18 16:25:36 ComboFix-quarantined-files.txt 2011-11-18 15:25 ComboFix2.txt 2011-10-30 19:43 ComboFix3.txt 2011-10-11 11:23 . Vor Suchlauf: 6.789.427.200 Bytes frei Nach Suchlauf: 6.735.130.624 Bytes frei . - - End Of File - - 94030A6B0BC2DA7F47714B91CDC5D3D5

ok... i just discovered another interesting fact: Everytime the AVK found the Virus i clicked "Move to Quarantine". As it seems, AVK didn't move the file to quarantine as i clicked (delete and desinfect didn't work). Obviously the AVK wasn't able to quarantine it. So the reboot didn't always recreate the File. Sorry that i didn't discover this earlier, maybe it would have spared you some work. regards d4foasta

oh, sorry - i forgot to reload the page... embarrassing XD just don't mind the last post or delete it, i'm not able to. Ok, how are things running? My AVK still finds the WMADMOE4.dll-File with the Win32:MalOb-Ei-Virus. So i think it's still there? I'll remove it and recheck after a restart. Either there is a all-clear within a few minutes or it showed up again.

Hi, i hope you don't mind, but i reinstalled java and flash as you suggested with your last post. Here are the VT findings on the two Windows-Files (i had them reanalysed). Oh, yeah, and i didn't update MBAM the first time and only thought of it after the ComboFix-Scan, the MBAM-Logfile here is from the Scan with the updated MBAM i did after the ComboFix. Sry... File name: api-ms-win-core-synch-l1-1-0.dll Submission date: 2011-10-30 19:52:01 (UTC) Current status: finished Result: 0 /43 (0.0%) File name: api-ms-win-core-rtlsupport-l1-1-0.dll Submission date: 2011-10-30 19:58:26 (UTC) Current status: finished Result: 0/ 43 (0.0%) Malwarebytes' Anti-Malware 1.51.2.1300 www.malwarebytes.org Datenbank Version: 8047 Windows 6.1.7601 Service Pack 1 Internet Explorer 9.0.8112.16421 30.10.2011 20:51:53 mbam-log-2011-10-30 (20-51-43).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 192567 Laufzeit: 3 Minute(n), 52 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 1 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowCpl\1 (Malware.Trace) -> Value: 1 -> No action taken. Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) ComboFix 11-10-30.03 - j 30.10.2011 20:19:35.6.2 - x86 Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.1944.707 [GMT 1:00] ausgeführt von:: c:\users\j\Downloads\ComboFix.exe AV: G Data TotalCare 2010 *Disabled/Updated* {54ACC2FC-837E-E665-7A92-5352D560D5EF} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Neuer Wiederherstellungspunkt wurde erstellt . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\PCDr\5802\AddOnDownloaded\0b2769c8-99f3-4a8f-b749-eca9816d1c9d.dll . . ((((((((((((((((((((((( Dateien erstellt von 2011-09-28 bis 2011-10-30 )))))))))))))))))))))))))))))) . . 2020-01-13 16:15 . 2020-01-13 16:15 -------- d-----w- c:\programdata\regid.1986-12.com.adobe 2011-10-30 19:34 . 2011-10-30 19:34 -------- d-----w- c:\users\Public\AppData\Local\temp 2011-10-30 19:34 . 2011-10-30 19:34 -------- d-----w- c:\users\Gast\AppData\Local\temp 2011-10-30 19:34 . 2011-10-30 19:34 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-10-27 15:21 . 2011-10-27 15:21 -------- d-----w- c:\program files\Common Files\Java 2011-10-27 15:20 . 2011-10-27 15:20 476904 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll 2011-10-15 10:53 . 2011-10-15 10:53 -------- d-----w- c:\users\j\AppData\Local\G DATA 2011-10-12 09:32 . 2011-08-27 04:26 571904 ----a-w- c:\windows\system32\oleaut32.dll 2011-10-12 09:32 . 2011-08-27 04:26 233472 ----a-w- c:\windows\system32\oleacc.dll 2011-10-12 09:32 . 2011-08-17 04:24 465408 ----a-w- c:\windows\system32\psisdecd.dll 2011-10-12 09:32 . 2011-08-17 04:19 75776 ----a-w- c:\windows\system32\psisrndr.ax 2011-10-12 09:32 . 2011-09-06 02:28 2334720 ----a-w- c:\windows\system32\win32k.sys 2011-10-11 11:23 . 2011-10-30 19:34 -------- d-----w- c:\users\j\AppData\Local\temp 2011-10-07 17:24 . 2009-06-22 17:58 89600 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\HPZPPLHN.DLL 2011-10-05 12:34 . 2011-10-05 12:34 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll 2011-10-05 12:34 . 2011-10-05 12:34 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-10-27 15:20 . 2010-09-02 20:45 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-10-24 15:14 . 2011-06-14 08:09 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-08-31 15:00 . 2011-02-15 16:04 22216 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-10-05 12:34 . 2011-03-24 11:52 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "FingerPrintSoftware"="c:\programme\Fingerprint\prog\fpapp.exe \s" [X] "FingerPrintSoftwareSplashScreen"="c:\programme\Fingerprint\prog\SplashScreen.exe \s" [X] "AcWin7Hlpr"="c:\programme\AccessConnections\Prog\AcTBenabler.exe" [2011-04-14 31592] "TrackPointSrv"="c:\program files\Lenovo\TrackPoint\tp4serv.exe" [2009-11-24 93032] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-13 136216] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-13 171032] "Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-13 170520] "LENOVO.TPKNRRES"="c:\program files\Lenovo\Communications Utility\TPKNRRES.exe" [2011-01-14 54632] "TpShocks"="TpShocks.exe" [2010-07-01 337256] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-08-07 186904] "IaNvSrv"="c:\program files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe" [2009-10-06 33304] "PWMTRV"="c:\progra~1\ThinkPad\UTILIT~1\PWMTR32V.DLL" [2011-04-19 1258856] "G DATA AntiVirus Trayapplication"="c:\program files\G DATA\TotalCare\AVKTray\AVKTray.exe" [2009-09-18 924232] "ACWLIcon"="c:\programme\AccessConnections\Prog\ACWLIcon.exe" [2011-04-14 193896] "AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-22 402432] "SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-11-19 307768] "IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-10-19 1206544] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-07-19 421736] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 1821576] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2010-8-5 804128] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) "DisableCAD"= 1 (0x1) . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "DisallowCpl"= 1 (0x1) . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Digital Line Detect.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Digital Line Detect.lnk backup=c:\windows\pss\Digital Line Detect.lnk.CommonStartup backupExtension=.CommonStartup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2010-09-20 21:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2011-01-31 08:44 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate] 2010-09-01 06:39 1164584 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2011-07-19 16:29 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2010-11-29 16:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] 2010-10-11 15:49 14940040 ----a-r- c:\program files\Skype\Phone\Skype.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPHOTKEY] 2010-11-29 15:32 69560 ----a-w- c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2010-11-24 45496] R2 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files\ThinkPad\Utilities\PWMEWSVC.EXE [2011-04-19 143360] R3 5U875UVC;Integrated Camera;c:\windows\system32\DRIVERS\RCUVCMNP.sys [2009-10-23 187776] R3 ADMonitor;AD Monitor;c:\windows\system32\ADMonitor.exe [2010-10-21 106496] R3 G Data Backup Service;G Data Backup Service;c:\program files\G Data\TotalCare\AVKBackup\AVKBackupService.exe [2009-10-21 865352] R3 G Data Tuner Service;G Data Tuner Service;c:\program files\G Data\TotalCare\AVKTuner\AVKTunerService.exe [2009-04-20 918600] R3 lnvobus;Ericsson F3507g Mobile Broadband Minicard Composite Device driver (WDM);c:\windows\system32\DRIVERS\lnvobus.sys [2008-12-16 282880] R3 lnvomdfl;Ericsson F3507g Mobile Broadband Minicard Modem Filter;c:\windows\system32\DRIVERS\lnvomdfl.sys [2008-12-16 15104] R3 lnvomdfl2;Ericsson F3507g Mobile Broadband Minicard Data Modem Filter;c:\windows\system32\DRIVERS\lnvomdfl2.sys [2008-12-16 15104] R3 lnvomdm;Ericsson F3507g Mobile Broadband Minicard Modem Driver;c:\windows\system32\DRIVERS\lnvomdm.sys [2008-12-16 365056] R3 lnvomdm2;Ericsson F3507g Mobile Broadband Minicard Data Modem;c:\windows\system32\DRIVERS\lnvomdm2.sys [2008-12-16 408960] R3 lnvond5;Ericsson F3507g Mobile Broadband Minicard Network Adapter (NDIS);c:\windows\system32\DRIVERS\lnvond5.sys [2008-12-16 25984] R3 lnvounic;Ericsson F3507g Mobile Broadband Minicard Network Adapter (WDM);c:\windows\system32\DRIVERS\lnvounic.sys [2008-12-16 375424] R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-10-19 227600] R3 NETw5s32;Intel® Wireless WiFi Link Adaptertreiber für Windows 7 32-Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [x] R3 netw5v32;Intel® Wireless WiFi Link 5000-Serie - Adaptertreiber für Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168] R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.EXE [2011-04-19 83304] R3 RRNetCap;RRNetCap Service;c:\windows\system32\DRIVERS\rrnetcap.sys [2010-11-17 31848] R3 SIVDRIVER;SIV Kernel Driver;c:\windows\system32\Drivers\SIVX32.sys [2009-10-14 51064] R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360] R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992] R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504] R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224] R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2010-09-12 1343400] R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-09-09 691696] S0 DozeHDD;DozeHDD;c:\windows\System32\DRIVERS\DozeHDD.sys [2011-04-19 25968] S0 GDBehave;GDBehave;c:\windows\system32\drivers\GDBehave.sys [2010-09-14 28616] S0 iaNvStor;Intel® Turbo Memory Controller;c:\windows\system32\DRIVERS\iaNvStor.sys [2009-08-21 232472] S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM86.sys [2010-06-16 20592] S1 gdwfpcd;G DATA WFP CD;c:\windows\system32\DRIVERS\gdwfpcd32.sys [2010-09-14 40904] S1 GRD;G Data Rootkit Detector Driver;c:\windows\system32\drivers\GRD.sys [2010-12-02 29992] S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiif32.sys [2010-09-07 13680] S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872] S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128] S2 ATService;AuthenTec Fingerprint Service;c:\windows\system32\AtService.exe [2010-10-21 1824064] S2 AVKProxy;G Data AntiVirus Proxy;c:\program files\Common Files\G Data\AVKProxy\AVKProxy.exe [2009-12-07 1128008] S2 AVKService;G Data Scheduler;c:\program files\G Data\TotalCare\AVK\AVKService.exe [2009-08-08 397896] S2 AVKWCtl;G Data Dateisystem Wächter;c:\program files\G Data\TotalCare\AVK\AVKWCtl.exe [2009-11-25 1251488] S2 dtsvc;Data Transfer Service;c:\windows\system32\DTS.exe [2010-10-21 98304] S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 20992] S2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe [2011-01-14 41320] S2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe [2011-01-14 65896] S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [2010-04-07 93032] S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152] S2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [2010-12-03 99328] S2 TPHKSVC;Anzeige am Bildschirm;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2010-12-02 64440] S2 WMCoreService;Mobile Broadband Service;c:\program files\Mobile Broadband drivers\WMCore\mini_WMCore.exe servicemode [x] S3 ATSwpWDF;AuthenTec TruePrint USB Driver;c:\windows\system32\Drivers\ATSwpWDF.sys [2010-10-21 659968] S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-08-18 45736] S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-08-18 29472] S3 DozeSvc;Lenovo Doze Mode Service;c:\program files\ThinkPad\Utilities\DOZESVC.EXE [2011-04-19 292200] S3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y6232.sys [2010-04-07 223960] S3 ecnssndis; Mobile Broadband Driver;c:\windows\system32\Drivers\wwanuss.sys [2010-02-23 23592] S3 ecnssndisfltr; Mobile Broadband Driver Filter;c:\windows\system32\Drivers\wwanussf.sys [2010-02-23 26152] S3 GDMnIcpt;GDMnIcpt;c:\windows\system32\drivers\MiniIcpt.sys [2010-09-15 55624] S3 GDScan;G Data Scanner;c:\program files\Common Files\G Data\GDScan\GDScan.exe [2009-11-26 302152] S3 HookCentre;HookCentre;c:\windows\system32\drivers\HookCentre.sys [2010-09-15 35272] S3 lnvocard;Ericsson F3507g Mobile Broadband Minicard Device Management;c:\windows\system32\DRIVERS\lnvocard.sys [2008-12-16 356480] S3 lnvogps;Ericsson F3507g Mobile Broadband Minicard GPS Port;c:\windows\system32\DRIVERS\lnvogps.sys [2008-10-23 77864] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-08-31 22216] S3 Mbm3CBus;F3507g Mobile Broadband Device (WDM);c:\windows\system32\DRIVERS\Mbm3CBus.sys [2010-10-31 361032] S3 Mbm3mdfl; Mobile Broadband Modem Port Filter;c:\windows\system32\DRIVERS\Mbm3mdfl.sys [2010-10-31 14920] S3 Mbm3Mdm; Mobile Broadband Modem Port Driver;c:\windows\system32\DRIVERS\Mbm3Mdm.sys [2010-10-31 413768] S3 NETwNs32;___ Intel® Wireless WiFi Link der Serie 5000 Adaptertreiber für Windows 7 32-Bit;c:\windows\system32\DRIVERS\NETwNs32.sys [2010-10-18 7122944] S3 RRNetCapMP;RRNetCapMP;c:\windows\system32\DRIVERS\rrnetcap.sys [2010-11-17 31848] S3 Sony_EricssonWWSC;Ericsson F3507g Mobile Broadband Minicard PC SC Port;c:\windows\system32\DRIVERS\lnvoscard.sys [2008-07-08 24232] S3 Tp4Track;PS/2 TrackPoint Driver;c:\windows\system32\DRIVERS\tp4track.sys [2009-11-24 23152] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336] S3 WwanUsbServ;Mobile Broadband Driver;c:\windows\system32\DRIVERS\WwanUsbMp.sys [2011-02-08 238632] . . --- Andere Dienste/Treiber im Speicher --- . *Deregistered* - PCDSRVC{3037D694-FD904ACA-06020101}_0 . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HsfXAudioService REG_MULTI_SZ HsfXAudioService . Inhalt des "geplante Tasks" Ordners . 2011-10-30 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job - c:\program files\PC-Doctor\uaclauncher.exe [2011-03-31 22:04] . 2011-10-30 c:\windows\Tasks\SystemToolsDailyTest.job - c:\program files\PC-Doctor\uaclauncher.exe [2011-03-31 22:04] . . ------- Zusätzlicher Suchlauf ------- . uStart Page = about:blank uInternet Settings,ProxyServer = 172.17.1.5:3128 uInternet Settings,ProxyOverride = *.local IE: &Citavi Picker... - file://c:\program files\Internet Explorer\PLUGINS\Citavi Picker\ShowContextMenu.html IE: BID Link Explorer: Öffne aktuelle Seite - file://c:\program files\Bulk Image Downloader\iemenu\iebidlinkexplorer.htm IE: BID: Link in Queue einreihen - file://c:\program files\Bulk Image Downloader\iemenu\iebidlinkqueue.htm IE: BID: Seite in &Queue einreihen - file://c:\program files\Bulk Image Downloader\iemenu\iebidqueue.htm IE: BID: Öffne aktuelle Seite - file://c:\program files\Bulk Image Downloader\iemenu\iebid.htm IE: BID: Öffne diesen &Link - file://c:\program files\Bulk Image Downloader\iemenu\iebidlink.htm IE: Bild an &Bluetooth-Gerät senden... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm IE: Seite an &Bluetooth-Gerät senden... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm Trusted Zone: mydrive.ch\www TCP: DhcpNameServer = 192.168.1.1 217.0.43.177 TCP: Interfaces\{5A85CDCD-5F9A-4653-A912-DD63342F5175}: NameServer = 192.168.1.1 FF - ProfilePath - c:\users\j\AppData\Roaming\Mozilla\Firefox\Profiles\61hfv95t.default\ FF - prefs.js: browser.search.selectedEngine - Ixquick FF - prefs.js: browser.startup.homepage - hxxp://www.sueddeutsche.de/ FF - prefs.js: network.proxy.ftp - 172.17.1.5 FF - prefs.js: network.proxy.ftp_port - 3128 FF - prefs.js: network.proxy.gopher_port - 3128 FF - prefs.js: network.proxy.http - 172.17.1.5 FF - prefs.js: network.proxy.http_port - 3128 FF - prefs.js: network.proxy.socks - 172.17.1.5 FF - prefs.js: network.proxy.socks_port - 3128 FF - prefs.js: network.proxy.ssl - 172.17.1.5 FF - prefs.js: network.proxy.ssl_port - 3128 FF - prefs.js: network.proxy.type - 0 FF - user.js: capability.policy.policynames - allowclipboard FF - user.js: capability.policy.allowclipboard.sites - hxxp://www.alpenverein-muenchen-oberland.de/jugend/gruppen/uebersicht/bergtrolle FF - user.js: capability.policy.allowclipboard.Clipboard.cutcopy - allAccess FF - user.js: capability.policy.allowclipboard.Clipboard.paste - allAccess . . ************************************************************************** . Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net Windows 6.1.7601 . CreateFile("\\.\PHYSICALDRIVE1"): Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird. device: opened successfully user: error reading MBR kernel: MBR read successfully user != kernel MBR !!! . ************************************************************************** . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Zeit der Fertigstellung: 2011-10-30 20:43:46 ComboFix-quarantined-files.txt 2011-10-30 19:43 ComboFix2.txt 2011-10-11 11:23 . Vor Suchlauf: 16 Verzeichnis(se), 11.483.394.048 Bytes frei Nach Suchlauf: 17 Verzeichnis(se), 11.380.543.488 Bytes frei . - - End Of File - - DAF4B94EF861072B2048F74BE1EE01D0

Hi... i didn't reinstall AdobeFlash and Java yet, but ran scan that found a avk-scan, that found the virus again (i removed it bevore the restart). I found something strange: As i re-checked if i did all the Instructions right i wasn't able to find the mbr.exe anymore - there only was this following logfile. As far as i know i didn't install Gmer or any Stealth MBR rootkit... Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net Windows 6.1.7601 CreateFile("\\.\PHYSICALDRIVE1"): Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird. device: opened successfully user: error reading MBR kernel: MBR read successfully user != kernel MBR !!!