Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Datei C:\Windows\System32\services.exe infiziert: W32/Patched.UB, Patched.UA, Patched.ZA

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 17.07.2012, 13:47   #1
lilaitz
 
Datei C:\Windows\System32\services.exe infiziert: W32/Patched.UB, Patched.UA, Patched.ZA - Standard

Datei C:\Windows\System32\services.exe infiziert: W32/Patched.UB, Patched.UA, Patched.ZA



Hallo allerseits,

ich verwende Avira Free AntiVirus. Dieses zeigt mir o.g. Schädlinge an. Avira selbst kann diese nicht entfernen bzw. in die Quarantäne verschieben.

Ausgehend von Anleitungen zu ähnlichen Problemen habe ich ein paar Scans gemacht:
Ein Scan mit Malwarebytes Antimalware hat "0 infizierte Dateien" ergeben.
Im Anhang befindet sich der Logfile von Hijackthis.

Außer den ewigen Meldungen von Avira hat sich mehrmals eine Webseite mit Spielen geöffnet.

Vielen Dank für Eure Hilfe!

Gruß
lilaitz
Angehängte Dateien
Dateityp: txt hijackthis.txt (6,8 KB, 189x aufgerufen)

Geändert von lilaitz (17.07.2012 um 14:15 Uhr)

Alt 17.07.2012, 14:05   #2
lilaitz
 
Datei C:\Windows\System32\services.exe infiziert: W32/Patched.UB, Patched.UA, Patched.ZA - Standard

Datei C:\Windows\System32\services.exe infiziert: W32/Patched.UB, Patched.UA, Patched.ZA



Hier noch ein Logfile des OTL-Scans:
Leider ist er zu groß und lässt sich nicht hochladen.OTL Logfile:OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 17.07.2012 13:41:27 - Run 2
OTL by OldTimer - Version 3.2.53.1     Folder = C:\Users\username\Desktop
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,42 Gb Total Physical Memory | 1,60 Gb Available Physical Memory | 46,96% Memory free
6,83 Gb Paging File | 4,22 Gb Available in Paging File | 61,73% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149,89 Gb Total Space | 24,10 Gb Free Space | 16,08% Space Free | Partition Type: NTFS
Drive E: | 148,10 Gb Total Space | 147,82 Gb Free Space | 99,81% Space Free | Partition Type: NTFS
 
Computer Name: H-BRS | User Name: username | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 90 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.07.12 13:57:11 | 001,536,712 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe
PRC - [2012.07.11 12:19:10 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\username\Desktop\OTL.scr
PRC - [2012.07.07 05:44:08 | 000,428,768 | ---- | M] (hxxp://code.google.com/p/TortoiseGit) -- C:\Programme\TortoiseGit\bin\TGitCache.exe
PRC - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.06.29 18:39:34 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2012.06.26 19:33:03 | 003,906,432 | ---- | M] (SUPERAntiSpyware.com) -- C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2012.06.20 11:38:38 | 000,400,352 | ---- | M] (Mozilla Messaging) -- C:\Programme\Mozilla Thunderbird\thunderbird.exe
PRC - [2012.05.08 21:48:32 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.08 21:48:31 | 000,466,896 | ---- | M] (Avira Operations GmbH & Co. KG) -- c:\Programme\Avira\AntiVir Desktop\avscan.exe
PRC - [2012.05.08 21:48:31 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.08 21:48:31 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.08 21:48:31 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012.04.25 19:53:38 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) -- C:\Programme\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
PRC - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.08.25 19:35:02 | 000,055,296 | ---- | M] () -- C:\Programme\OpenVPN Technologies\OpenVPN Client\core\ovpntray.exe
PRC - [2011.08.25 19:35:02 | 000,024,064 | ---- | M] () -- C:\Programme\OpenVPN Technologies\OpenVPN Client\core\capiws.exe
PRC - [2011.08.12 01:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Programme\SUPERAntiSpyware\SASCore.exe
PRC - [2011.07.01 11:46:40 | 000,099,328 | ---- | M] () -- C:\Programme\OpenVPN\bin\openvpn-gui-1.0.3.exe
PRC - [2011.06.29 10:51:24 | 000,112,800 | ---- | M] (Intel Corporation) -- C:\Windows\System32\IPROSetMonitor.exe
PRC - [2011.06.24 06:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011.03.02 17:20:58 | 000,224,256 | ---- | M] () -- C:\Programme\GNU\GnuPG\dirmngr.exe
PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.11.20 23:29:49 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2010.11.20 23:29:19 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010.10.20 11:21:42 | 000,167,936 | ---- | M] () -- C:\Programme\gateProtect\VPN Client\bin\Service.exe
PRC - [2010.05.08 13:48:36 | 000,229,376 | ---- | M] () -- C:\ProgramData\DataCardService\DCService.exe
PRC - [2010.05.08 13:48:26 | 000,241,664 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\ProgramData\DataCardService\DCSHelper.exe
PRC - [2009.07.14 03:14:36 | 000,259,072 | R--- | M] () -- C:\Windows\System32\services.exe
PRC - [2009.03.30 03:25:26 | 043,010,392 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
PRC - [2008.08.29 13:58:16 | 001,528,608 | ---- | M] (Cisco Systems, Inc.) -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2008.07.10 02:49:44 | 000,098,840 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.07.16 09:27:25 | 000,052,736 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll
MOD - [2012.07.16 09:27:24 | 000,065,024 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
MOD - [2012.07.12 13:57:11 | 009,465,032 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_3_300_265.dll
MOD - [2012.07.07 05:44:40 | 000,072,416 | ---- | M] () -- C:\Programme\TortoiseGit\bin\zlib132.dll
MOD - [2012.07.07 05:44:30 | 000,333,024 | ---- | M] () -- C:\Programme\TortoiseGit\bin\libgit232.dll
MOD - [2012.06.29 18:39:34 | 002,042,848 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll
MOD - [2012.06.29 13:38:04 | 000,117,760 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
MOD - [2012.06.29 13:38:03 | 000,052,224 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
MOD - [2012.06.20 11:38:40 | 001,977,312 | ---- | M] () -- C:\Programme\Mozilla Thunderbird\mozjs.dll
MOD - [2012.06.20 11:38:40 | 000,162,784 | ---- | M] () -- C:\Programme\Mozilla Thunderbird\nsldap32v60.dll
MOD - [2012.06.20 11:38:40 | 000,021,984 | ---- | M] () -- C:\Programme\Mozilla Thunderbird\nsldappr32v60.dll
MOD - [2012.04.25 19:52:28 | 001,270,160 | ---- | M] () -- C:\Programme\Kaspersky Lab\Kaspersky Security Scan 2.0\qtscript4.dll
MOD - [2012.04.25 19:52:26 | 007,422,352 | ---- | M] () -- C:\Programme\Kaspersky Lab\Kaspersky Security Scan 2.0\qtgui4.dll
MOD - [2012.04.25 19:52:24 | 000,795,024 | ---- | M] () -- C:\Programme\Kaspersky Lab\Kaspersky Security Scan 2.0\qtnetwork4.dll
MOD - [2012.04.25 19:52:24 | 000,192,912 | ---- | M] () -- C:\Programme\Kaspersky Lab\Kaspersky Security Scan 2.0\qtsql4.dll
MOD - [2012.04.25 19:52:22 | 002,453,904 | ---- | M] () -- C:\Programme\Kaspersky Lab\Kaspersky Security Scan 2.0\qtdeclarative4.dll
MOD - [2012.04.25 19:52:22 | 002,126,224 | ---- | M] () -- C:\Programme\Kaspersky Lab\Kaspersky Security Scan 2.0\qtcore4.dll
MOD - [2011.08.25 19:35:02 | 000,055,296 | ---- | M] () -- C:\Programme\OpenVPN Technologies\OpenVPN Client\core\ovpntray.exe
MOD - [2011.08.25 19:34:06 | 000,039,424 | ---- | M] () -- C:\Programme\OpenVPN Technologies\OpenVPN Client\core\OpenSSL.SSL.pyd
MOD - [2011.08.25 19:34:06 | 000,006,656 | ---- | M] () -- C:\Programme\OpenVPN Technologies\OpenVPN Client\core\pyovpnc.pyd
MOD - [2011.08.25 19:34:00 | 000,010,240 | ---- | M] () -- C:\Programme\OpenVPN Technologies\OpenVPN Client\core\OpenSSL.rand.pyd
MOD - [2011.08.25 19:33:58 | 000,061,440 | ---- | M] () -- C:\Programme\OpenVPN Technologies\OpenVPN Client\core\OpenSSL.crypto.pyd
MOD - [2011.08.25 19:33:38 | 000,007,680 | ---- | M] () -- C:\Programme\OpenVPN Technologies\OpenVPN Client\core\twisted.protocols._c_urlarg.pyd
MOD - [2011.08.25 19:32:48 | 000,019,968 | ---- | M] () -- C:\Programme\OpenVPN Technologies\OpenVPN Client\core\zope.interface._zope_interface_coptimizations.pyd
MOD - [2011.08.19 01:44:10 | 000,005,632 | ---- | M] () -- C:\Programme\OpenVPN Technologies\OpenVPN Client\core\ovpntray.dll
MOD - [2011.07.01 11:46:40 | 000,099,328 | ---- | M] () -- C:\Programme\OpenVPN\bin\openvpn-gui-1.0.3.exe
MOD - [2011.05.28 23:04:56 | 000,140,288 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
MOD - [2011.03.07 04:07:58 | 000,094,208 | ---- | M] () -- C:\Windows\System32\IccLibDll.dll
MOD - [2011.03.02 17:18:28 | 000,656,384 | ---- | M] () -- C:\Programme\GNU\GnuPG\gpgex.dll
MOD - [2011.02.27 10:12:56 | 000,110,080 | ---- | M] () -- C:\Programme\OpenVPN Technologies\OpenVPN Client\core\pywintypes26.dll
MOD - [2011.02.26 11:33:20 | 000,167,424 | ---- | M] () -- C:\Programme\OpenVPN Technologies\OpenVPN Client\core\win32gui.pyd
MOD - [2011.02.26 11:33:14 | 000,096,768 | ---- | M] () -- C:\Programme\OpenVPN Technologies\OpenVPN Client\core\win32api.pyd
MOD - [2011.02.26 11:32:28 | 000,035,840 | ---- | M] () -- C:\Programme\OpenVPN Technologies\OpenVPN Client\core\win32process.pyd
MOD - [2011.02.26 11:31:48 | 000,017,408 | ---- | M] () -- C:\Programme\OpenVPN Technologies\OpenVPN Client\core\win32event.pyd
MOD - [2010.08.24 18:48:54 | 000,011,776 | ---- | M] () -- C:\Programme\OpenVPN Technologies\OpenVPN Client\core\select.pyd
MOD - [2010.08.24 18:48:52 | 000,286,208 | ---- | M] () -- C:\Programme\OpenVPN Technologies\OpenVPN Client\core\_hashlib.pyd
MOD - [2010.08.24 18:48:48 | 000,153,088 | ---- | M] () -- C:\Programme\OpenVPN Technologies\OpenVPN Client\core\pyexpat.pyd
MOD - [2010.08.24 18:48:16 | 000,073,728 | ---- | M] () -- C:\Programme\OpenVPN Technologies\OpenVPN Client\core\_ctypes.pyd
MOD - [2010.08.24 18:48:02 | 000,720,896 | ---- | M] () -- C:\Programme\OpenVPN Technologies\OpenVPN Client\core\_ssl.pyd
MOD - [2010.08.24 18:47:50 | 000,040,448 | ---- | M] () -- C:\Programme\OpenVPN Technologies\OpenVPN Client\core\_socket.pyd
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012.07.12 13:57:11 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Disabled | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.06.29 18:39:34 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.05.08 21:48:32 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.08 21:48:31 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.04.25 19:53:38 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Programme\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe -- (KSS)
SRV - [2012.02.15 14:30:18 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.11.29 23:13:04 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011.08.25 19:35:02 | 000,024,064 | ---- | M] () [Auto | Running] -- C:\Programme\OpenVPN Technologies\OpenVPN Client\core\capiws.exe -- (OpenVPNAccessClient)
SRV - [2011.08.12 01:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Programme\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2011.07.01 11:46:40 | 000,014,848 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\OpenVPN\bin\openvpnserv.exe -- (OpenVPNService)
SRV - [2011.06.29 10:51:24 | 000,112,800 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\System32\IPROSetMonitor.exe -- (Intel(R) PROSet Monitoring Service) Intel(R)
SRV - [2011.03.02 17:20:58 | 000,224,256 | ---- | M] () [Auto | Running] -- C:\Programme\GNU\GnuPG\dirmngr.exe -- (DirMngr)
SRV - [2010.11.20 23:29:49 | 001,121,792 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2010.10.20 11:21:42 | 000,167,936 | ---- | M] () [Auto | Running] -- C:\Programme\gateProtect\VPN Client\bin\Service.exe -- (GPVPNService)
SRV - [2010.05.08 13:48:36 | 000,229,376 | ---- | M] () [Auto | Running] -- C:\ProgramData\DataCardService\DCService.exe -- (DCService.exe)
SRV - [2009.10.20 20:19:48 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Programme\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2009.07.21 04:04:00 | 000,047,128 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Microsoft SQL Server\100\Shared\sqladhlp.exe -- (MSSQLServerADHelper100)
SRV - [2009.07.14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.03.30 03:25:26 | 043,010,392 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe -- (MSSQL$SQLEXPRESS) SQL Server (SQLEXPRESS)
SRV - [2009.03.30 03:23:32 | 000,254,808 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2009.03.30 03:23:24 | 000,366,936 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE -- (SQLAgent$SQLEXPRESS) SQL Server-Agent (SQLEXPRESS)
SRV - [2008.08.29 13:58:16 | 001,528,608 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2008.07.10 02:49:44 | 000,098,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2012.07.03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012.05.08 21:48:32 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.05.08 21:48:32 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.09.15 23:55:04 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011.08.19 01:46:06 | 000,026,112 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tapoas.sys -- (tapoas)
DRV - [2011.08.17 09:56:22 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2011.08.04 02:27:18 | 007,517,696 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETwNs32.sys -- (NETwNs32) ___ Intel(R)
DRV - [2011.07.22 18:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011.07.20 09:36:42 | 000,268,968 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1c6232.sys -- (e1cexpress) Intel(R)
DRV - [2011.07.12 23:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011.07.01 11:46:40 | 000,026,624 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tap0901.sys -- (tap0901)
DRV - [2011.06.21 08:50:42 | 000,195,968 | ---- | M] (Jungo) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\windrvr6.sys -- (WinDriver6)
DRV - [2011.06.21 08:50:42 | 000,017,920 | ---- | M] (Xilinx, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\xusb_xp2.sys -- (XilinxFirmwarePusb2Loader)
DRV - [2011.06.21 08:50:42 | 000,016,000 | ---- | M] (Xilinx, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\xpc4drvr.sys -- (XilinxPC4Driver)
DRV - [2011.03.18 23:46:26 | 000,061,704 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ftdibus.sys -- (FTDIBUS)
DRV - [2011.01.18 18:38:38 | 000,054,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Programme\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\VSPerfDrv100.sys -- (VSPerfDrv100)
DRV - [2010.11.20 23:29:24 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 23:29:03 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 23:29:03 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dmvsc.sys -- (dmvsc)
DRV - [2010.11.20 23:29:03 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 23:29:03 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.11.20 23:29:03 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 23:29:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2010.11.20 23:29:03 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 23:29:03 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010.10.19 23:33:40 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (MEI) Intel(R)
DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.10.20 20:19:44 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\npf.sys -- (NPF)
DRV - [2009.07.14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009.07.14 01:12:52 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2009.06.29 18:59:02 | 000,112,128 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbnet.sys -- (ewusbnet)
DRV - [2009.06.29 18:59:02 | 000,102,912 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbfake.sys -- (hwusbfake)
DRV - [2009.04.09 14:38:26 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2009.03.30 03:09:28 | 000,239,336 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\RsFx0103.sys -- (RsFx0103)
DRV - [2008.08.29 13:57:18 | 000,306,299 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2008.03.29 17:36:28 | 000,125,328 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE)
DRV - [2007.01.18 18:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=0&systemid=102&q={searchTerms}
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-574850090-3422465443-89485644-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.google.de/ [binary data]
IE - HKU\S-1-5-21-574850090-3422465443-89485644-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.jzip.com/
IE - HKU\S-1-5-21-574850090-3422465443-89485644-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-574850090-3422465443-89485644-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-574850090-3422465443-89485644-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 42 7B 07 9D B2 76 CC 01  [binary data]
IE - HKU\S-1-5-21-574850090-3422465443-89485644-1000\..\SearchScopes,DefaultScope = {848C3FF2-C933-42F4-B977-2AEEFCDFBED4}
IE - HKU\S-1-5-21-574850090-3422465443-89485644-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-574850090-3422465443-89485644-1000\..\SearchScopes\{848C3FF2-C933-42F4-B977-2AEEFCDFBED4}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811_yserp&p={searchTerms}
IE - HKU\S-1-5-21-574850090-3422465443-89485644-1000\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=0&systemid=102&q={searchTerms}
IE - HKU\S-1-5-21-574850090-3422465443-89485644-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=937811_yserp"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.com/webhp?hl=de"
FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p="
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.06.29 18:39:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.05.21 23:21:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.06.20 11:38:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.06.29 18:39:35 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.05.21 23:21:37 | 000,000,000 | ---D | M]
 
[2011.09.23 10:30:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\username\AppData\Roaming\mozilla\Extensions
[2012.07.16 12:35:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\username\AppData\Roaming\mozilla\Firefox\Profiles\ebkc64cb.default\extensions
[2012.06.29 13:22:01 | 000,000,000 | ---D | M] (Bitdefender QuickScan) -- C:\Users\username\AppData\Roaming\mozilla\Firefox\Profiles\ebkc64cb.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2011.09.19 13:07:15 | 000,002,497 | ---- | M] () -- C:\Users\username\AppData\Roaming\Mozilla\Firefox\Profiles\ebkc64cb.default\searchplugins\SearchResults.xml
[2012.01.24 13:10:00 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.06.13 12:20:24 | 000,007,990 | ---- | M] () (No name found) -- C:\USERS\username\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EBKC64CB.DEFAULT\EXTENSIONS\POWER-DEBUGGER_SELENIUM-IDE@SAMIT.BADLE.XPI
[2012.04.26 17:32:23 | 000,021,258 | ---- | M] () (No name found) -- C:\USERS\username\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EBKC64CB.DEFAULT\EXTENSIONS\SELENIUM_IDE_BUTTONS@EGARRACINGTEAM.COM.AR.XPI
[2012.06.13 12:20:25 | 000,016,283 | ---- | M] () (No name found) -- C:\USERS\username\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EBKC64CB.DEFAULT\EXTENSIONS\SELENIUM-EXPERT_SELENIUM-IDE@SAMIT.BADLE.XPI
[2012.06.29 18:39:34 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.01.24 13:09:52 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.01.24 13:09:52 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.01.24 13:09:52 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.01.24 13:09:52 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.09.19 13:07:15 | 000,002,497 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\SearchResults.xml
[2012.01.24 13:09:52 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.01.24 13:09:52 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011.10.17 11:28:00 | 000,000,994 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.94.0.1	client.openvpn.net
O1 - Hosts: 127.94.0.2	openvpn-client.us.shieldexchange.com
O2 - BHO: (Microsoft-Webtestaufzeichnung 10.0-Hilfsprogramm) - {DDA57003-0068-4ed2-9D32-4D1EC707D94D} - C:\Programme\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Smart File Advisor] C:\Program Files\Smart File Advisor\sfa.exe (Filefacts.net)
O4 - HKU\S-1-5-21-574850090-3422465443-89485644-1000..\Run: [Adobe Reader Synchronizer] C:\Program Files\Adobe\Reader 10.0\Reader\AdobeCollabSync.exe (Adobe Systems Incorporated)
O4 - HKU\S-1-5-21-574850090-3422465443-89485644-1000..\Run: [KSS] C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe (Kaspersky Lab ZAO)
O4 - HKU\S-1-5-21-574850090-3422465443-89485644-1000..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.95.66.9
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5173053F-2E01-4ECB-B4F5-A0B847FCE7D6}: DhcpNameServer = 139.7.30.125 139.7.30.126
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{700CE3F2-5C2A-4175-95C7-8FC9CFB9AD76}: DhcpNameServer = 194.95.66.9
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ACA5E565-955F-4BA6-8C51-D952C3560E68}: DhcpNameServer = 139.7.30.125 139.7.30.126
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BE78BFF2-B5CD-46A5-B5F6-378062360E00}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{215176ed-2efd-11e1-9a8c-ec55f9efbdd0}\Shell - "" = AutoRun
O33 - MountPoints2\{215176ed-2efd-11e1-9a8c-ec55f9efbdd0}\Shell\AutoRun\command - "" = D:\Startme.exe
O33 - MountPoints2\{908de51e-0a2a-11e1-b462-ec55f9efbdd0}\Shell - "" = AutoRun
O33 - MountPoints2\{908de51e-0a2a-11e1-b462-ec55f9efbdd0}\Shell\AutoRun\command - "" = D:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{d52e9dc1-0a46-11e1-818d-ec55f9efbdd0}\Shell - "" = AutoRun
O33 - MountPoints2\{d52e9dc1-0a46-11e1-818d-ec55f9efbdd0}\Shell\AutoRun\command - "" = D:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{ec37febc-08bc-11e1-bec4-ec55f9efbdd0}\Shell - "" = AutoRun
O33 - MountPoints2\{ec37febc-08bc-11e1-bec4-ec55f9efbdd0}\Shell\AutoRun\command - "" = D:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{ec37ff4d-08bc-11e1-bec4-ec55f9efbdd0}\Shell - "" = AutoRun
O33 - MountPoints2\{ec37ff4d-08bc-11e1-bec4-ec55f9efbdd0}\Shell\AutoRun\command - "" = D:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{faadcc94-e24d-11e0-b1d7-ec55f9efbdd0}\Shell - "" = AutoRun
O33 - MountPoints2\{faadcc94-e24d-11e0-b1d7-ec55f9efbdd0}\Shell\AutoRun\command - "" = D:\start.exe /auto
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\setup_vmc_lite.exe /checkApplicationPresence
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 90 Days ==========
 
[2012.07.17 09:35:38 | 000,000,000 | ---D | C] -- C:\Users\username\AppData\Roaming\elsterformular
[2012.07.17 09:35:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElsterFormular
[2012.07.17 09:35:05 | 000,000,000 | ---D | C] -- C:\ProgramData\elsterformular
[2012.07.17 09:34:33 | 000,000,000 | ---D | C] -- C:\Program Files\ElsterFormular
[2012.07.16 12:43:45 | 000,000,000 | ---D | C] -- C:\Users\username\Desktop\Cybersecurity
[2012.07.14 21:17:30 | 000,000,000 | ---D | C] -- C:\Users\username\Desktop\GirlsDay1 2012
[2012.07.14 21:17:25 | 000,000,000 | ---D | C] -- C:\Users\username\Desktop\GirlsDay2 2012
[2012.07.14 21:17:18 | 000,000,000 | ---D | C] -- C:\Users\username\Desktop\GirlsDay 2012korea
[2012.07.14 21:17:16 | 000,000,000 | ---D | C] -- C:\Users\username\Desktop\rika@huenerbach.de
[2012.07.12 23:14:37 | 000,000,000 | ---D | C] -- C:\Users\username\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kaspersky Security Scan
[2012.07.12 23:13:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2012.07.12 23:13:51 | 000,000,000 | ---D | C] -- C:\Program Files\Kaspersky Lab
[2012.07.11 15:48:29 | 002,345,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012.07.11 13:26:53 | 001,153,912 | ---- | C] (Emsi Software GmbH) -- C:\Users\username\Desktop\BlitzBlank.exe
[2012.07.11 12:19:08 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\username\Desktop\OTL.scr
[2012.07.11 10:25:57 | 000,219,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2012.07.11 10:25:55 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml3r.dll
[2012.07.11 10:25:52 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdosys.dll
[2012.07.10 14:15:31 | 000,000,000 | ---D | C] -- C:\Users\username\Desktop\gitRep
[2012.07.10 14:04:54 | 000,000,000 | ---D | C] -- C:\Users\username\.ssh
[2012.07.09 12:49:50 | 000,000,000 | ---D | C] -- C:\Users\username\AppData\Local\TGitCache
[2012.07.09 12:38:50 | 000,000,000 | ---D | C] -- C:\Users\username\GitRep
[2012.07.09 11:21:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PuTTY
[2012.07.09 11:21:23 | 000,000,000 | ---D | C] -- C:\Program Files\PuTTY
[2012.07.09 11:16:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TortoiseGit
[2012.07.09 11:16:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\TortoiseOverlays
[2012.07.09 11:16:02 | 000,000,000 | ---D | C] -- C:\Program Files\TortoiseGit
[2012.07.09 11:12:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Git
[2012.07.09 11:11:37 | 000,000,000 | ---D | C] -- C:\Program Files\Git
[2012.07.05 23:51:53 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browserchoice.exe
[2012.07.04 20:14:43 | 000,000,000 | ---D | C] -- C:\Users\username\Desktop\Implementierung Tests
[2012.06.29 18:37:57 | 000,000,000 | ---D | C] -- C:\Users\username\AppData\Roaming\Malwarebytes
[2012.06.29 18:37:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.06.29 18:37:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.06.29 18:37:49 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.06.29 18:37:49 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.06.29 13:37:51 | 000,000,000 | ---D | C] -- C:\Users\username\AppData\Roaming\SUPERAntiSpyware.com
[2012.06.29 13:37:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012.06.29 13:37:38 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012.06.29 13:37:38 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012.06.29 13:22:10 | 000,000,000 | ---D | C] -- C:\Users\username\AppData\Roaming\QuickScan
[2012.06.27 12:57:06 | 000,000,000 | ---D | C] -- C:\Users\username\Desktop\Projekt
[2012.06.21 19:35:21 | 002,422,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2012.06.21 19:35:21 | 000,045,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2012.06.21 19:34:54 | 000,035,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2012.06.21 19:34:53 | 000,577,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2012.06.21 19:34:53 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2012.06.21 19:34:34 | 000,171,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2012.06.21 19:34:34 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2012.06.15 11:28:44 | 000,000,000 | ---D | C] -- C:\Users\username\AppData\Local\Macromedia
[2012.06.14 14:48:09 | 000,627,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012.06.14 14:48:09 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.06.14 14:48:09 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.06.14 14:48:09 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012.06.14 14:48:08 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012.06.14 14:48:00 | 000,129,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcorekmts.dll
[2012.06.14 14:48:00 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpwsx.dll
[2012.06.14 14:48:00 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdrmemptylst.exe
[2012.06.13 14:44:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Modelsim PE 10.0c
[2012.06.13 14:39:17 | 000,000,000 | ---D | C] -- C:\modeltech_pe_10.0c
[2012.06.13 14:38:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mentor Graphics
[2012.06.13 14:37:55 | 000,000,000 | ---D | C] -- C:\MentorGraphics
[2012.06.07 14:50:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2012.06.07 14:49:25 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2012.06.07 14:49:19 | 000,000,000 | ---D | C] -- C:\Users\username\AppData\Local\Google
[2012.05.31 15:03:25 | 000,978,432 | ---- | C] (GNU <www.gnu.org>) -- C:\Windows\System32\libiconv2.dll
[2012.05.21 23:21:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012.05.21 23:21:14 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2012.05.21 23:21:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2012.05.12 09:54:02 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012.05.12 09:54:01 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2012.05.12 09:53:57 | 001,077,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2012.05.05 16:04:48 | 000,000,000 | ---D | C] -- C:\Users\username\AppData\Roaming\MiKTeX
[2012.05.05 16:04:10 | 000,000,000 | ---D | C] -- C:\Users\username\AppData\Local\MiKTeX
[2012.05.05 15:53:11 | 000,000,000 | ---D | C] -- C:\Users\username\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Texmaker
[2012.05.05 15:53:01 | 000,000,000 | ---D | C] -- C:\Program Files\Texmaker
[2012.05.05 15:49:26 | 000,000,000 | ---D | C] -- C:\Users\username\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ghostscript
[2012.05.05 15:49:15 | 000,000,000 | ---D | C] -- C:\Program Files\gs
[2012.05.05 00:11:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiKTeX 2.9
[2012.05.05 00:00:22 | 000,000,000 | ---D | C] -- C:\ProgramData\MiKTeX
[2012.05.04 23:19:15 | 000,000,000 | ---D | C] -- C:\Program Files\MiKTeX 2.9
[2012.05.03 09:01:17 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012.05.03 09:01:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012.04.18 20:56:30 | 000,094,208 | ---- | C] (Apple Inc.) -- C:\Windows\System32\QuickTimeVR.qtx
[2012.04.18 20:56:30 | 000,069,632 | ---- | C] (Apple Inc.) -- C:\Windows\System32\QuickTime.qts
 
========== Files - Modified Within 90 Days ==========
 
[2012.07.17 13:57:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.07.17 13:54:04 | 000,001,126 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.07.17 13:10:29 | 000,000,600 | ---- | M] () -- C:\Users\username\AppData\Local\PUTTY.RND
[2012.07.17 10:15:49 | 000,050,461 | ---- | M] () -- C:\Users\username\Desktop\Ausschreibung_wissenschaftliche_Begegnungen.pdf
[2012.07.17 09:35:09 | 000,001,183 | ---- | M] () -- C:\Users\Public\Desktop\ElsterFormular.lnk
[2012.07.16 23:36:32 | 000,762,182 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.07.16 23:36:32 | 000,717,460 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.07.16 23:36:32 | 000,172,536 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.07.16 23:36:32 | 000,145,482 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.07.16 23:06:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.16 15:04:38 | 000,001,122 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.07.16 12:49:10 | 000,120,141 | ---- | M] () -- C:\Users\username\Desktop\CPC_2013_special_Flajolet_issue_CFP.pdf
[2012.07.16 12:32:14 | 000,000,516 | ---- | M] () -- C:\Windows\wiso.ini
[2012.07.16 09:33:48 | 000,022,224 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.16 09:33:48 | 000,022,224 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.16 09:25:09 | 000,000,021 | ---- | M] () -- C:\Windows\S.dirmngr
[2012.07.16 09:24:25 | 2750,337,024 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.13 23:24:29 | 000,065,263 | ---- | M] () -- C:\Users\username\Desktop\gesis.pdf
[2012.07.13 23:24:23 | 000,032,524 | ---- | M] () -- C:\Users\username\Desktop\gesis.odt
[2012.07.13 23:10:37 | 000,312,258 | ---- | M] () -- C:\Users\username\Desktop\Lebenslauf_Deutsch.pdf
[2012.07.13 06:03:48 | 000,001,063 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.12 23:14:21 | 000,001,047 | ---- | M] () -- C:\Users\username\Desktop\Kaspersky Security Scan.lnk
[2012.07.12 13:57:11 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.07.12 13:57:11 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.07.11 17:28:06 | 000,292,696 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.07.11 15:37:10 | 000,000,218 | ---- | M] () -- C:\Users\username\.recently-used.xbel
[2012.07.11 13:30:39 | 000,751,104 | ---- | M] () -- C:\Users\username\Desktop\zoek.exe
[2012.07.11 13:26:55 | 001,153,912 | ---- | M] (Emsi Software GmbH) -- C:\Users\username\Desktop\BlitzBlank.exe
[2012.07.11 13:26:12 | 000,000,080 | ---- | M] () -- C:\Fix.bat
[2012.07.11 12:19:10 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\username\Desktop\OTL.scr
[2012.07.10 14:16:58 | 000,000,006 | ---- | M] () -- C:\Users\username\.gitconfig
[2012.07.09 11:12:06 | 000,001,822 | ---- | M] () -- C:\Users\Public\Desktop\Git Bash.lnk
[2012.07.06 19:43:19 | 003,478,087 | ---- | M] () -- C:\Users\username\Desktop\GlitchFreeFPGA-HOST12.pdf
[2012.07.06 19:41:54 | 000,024,858 | ---- | M] () -- C:\Users\username\Desktop\sboxmaskcorr15stageInvENBuff.v
[2012.07.04 15:13:22 | 002,002,342 | ---- | M] () -- C:\Users\username\Desktop\27I8-IJAET0805831-FPGA-IMPLEMENTATIONS.pdf
[2012.07.03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.07.01 23:12:32 | 000,456,895 | ---- | M] () -- C:\Users\username\Desktop\findform.pdf
[2012.06.29 13:37:45 | 000,001,957 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012.06.17 14:45:25 | 000,138,236 | ---- | M] () -- C:\Users\username\Desktop\gedicht.pdf
[2012.06.12 04:40:48 | 002,345,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012.06.06 07:03:06 | 000,805,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cdosys.dll
[2012.06.05 13:54:13 | 000,282,956 | ---- | M] () -- C:\Users\username\Desktop\MMTT.pdf
[2012.06.03 00:19:33 | 000,045,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2012.06.03 00:19:32 | 000,035,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2012.06.03 00:19:23 | 000,577,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2012.06.03 00:12:32 | 002,422,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2012.06.03 00:12:13 | 000,088,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2012.06.02 15:19:42 | 000,171,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2012.06.02 15:12:20 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2012.06.02 06:39:10 | 000,219,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2012.05.18 14:17:46 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_ccdcmb_01009.Wdf
[2012.05.15 05:00:45 | 000,048,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012.05.08 21:48:32 | 000,137,928 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2012.05.08 21:48:32 | 000,083,392 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2012.04.26 06:45:55 | 000,058,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rdpwsx.dll
[2012.04.26 06:45:54 | 000,129,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rdpcorekmts.dll
[2012.04.26 06:41:16 | 000,008,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rdrmemptylst.exe
[2012.04.20 07:00:27 | 000,132,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.04.20 06:57:39 | 000,627,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012.04.20 06:56:51 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.04.20 05:16:44 | 001,638,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012.04.18 20:56:30 | 000,094,208 | ---- | M] (Apple Inc.) -- C:\Windows\System32\QuickTimeVR.qtx
[2012.04.18 20:56:30 | 000,069,632 | ---- | M] (Apple Inc.) -- C:\Windows\System32\QuickTime.qts
 
========== Files Created - No Company Name ==========
 
[2012.07.17 10:15:33 | 000,050,461 | ---- | C] () -- C:\Users\username\Desktop\Ausschreibung_wissenschaftliche_Begegnungen.pdf
[2012.07.17 09:35:09 | 000,001,183 | ---- | C] () -- C:\Users\Public\Desktop\ElsterFormular.lnk
[2012.07.16 20:45:42 | 000,556,333 | ---- | C] () -- C:\Users\username\Desktop\enlnff.pdf
[2012.07.16 12:48:41 | 000,120,141 | ---- | C] () -- C:\Users\username\Desktop\CPC_2013_special_Flajolet_issue_CFP.pdf
[2012.07.15 10:29:35 | 000,000,021 | ---- | C] () -- C:\Windows\S.dirmngr
[2012.07.13 23:11:56 | 000,312,258 | ---- | C] () -- C:\Users\username\Desktop\Lebenslauf_Deutsch.pdf
[2012.07.13 22:24:20 | 000,065,263 | ---- | C] () -- C:\Users\username\Desktop\gesis.pdf
[2012.07.13 22:24:15 | 000,032,524 | ---- | C] () -- C:\Users\username\Desktop\gesis.odt
[2012.07.12 23:14:37 | 000,001,047 | ---- | C] () -- C:\Users\username\Desktop\Kaspersky Security Scan.lnk
[2012.07.11 15:37:10 | 000,000,218 | ---- | C] () -- C:\Users\username\.recently-used.xbel
[2012.07.11 13:30:37 | 000,751,104 | ---- | C] () -- C:\Users\username\Desktop\zoek.exe
[2012.07.11 13:26:38 | 000,000,080 | ---- | C] () -- C:\Fix.bat
[2012.07.10 14:16:58 | 000,000,006 | ---- | C] () -- C:\Users\username\.gitconfig
[2012.07.09 12:36:40 | 000,000,600 | ---- | C] () -- C:\Users\username\AppData\Local\PUTTY.RND
[2012.07.09 11:12:06 | 000,001,822 | ---- | C] () -- C:\Users\Public\Desktop\Git Bash.lnk
[2012.07.06 19:43:19 | 003,478,087 | ---- | C] () -- C:\Users\username\Desktop\GlitchFreeFPGA-HOST12.pdf
[2012.07.06 19:41:54 | 000,024,858 | ---- | C] () -- C:\Users\username\Desktop\sboxmaskcorr15stageInvENBuff.v
[2012.07.04 15:13:22 | 002,002,342 | ---- | C] () -- C:\Users\username\Desktop\27I8-IJAET0805831-FPGA-IMPLEMENTATIONS.pdf
[2012.07.04 14:46:25 | 017,573,442 | ---- | C] () -- C:\Users\username\Desktop\FPGA_Prototyping_by_VHDL_Examples__Xilinx_Spartan_3_Version.pdf
[2012.07.04 14:46:05 | 035,763,729 | ---- | C] () -- C:\Users\username\Desktop\RTL_Hardware_Design_Using_VHDL___Coding_for_Efficiency__Portability__and_Scalability.pdf
[2012.07.01 23:12:32 | 000,456,895 | ---- | C] () -- C:\Users\username\Desktop\findform.pdf
[2012.06.29 18:37:51 | 000,001,063 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.06.29 13:37:45 | 000,001,957 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012.06.17 14:45:22 | 000,138,236 | ---- | C] () -- C:\Users\username\Desktop\gedicht.pdf
[2012.06.07 14:49:29 | 000,001,126 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.06.07 14:49:28 | 000,001,122 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.06.05 13:54:13 | 000,282,956 | ---- | C] () -- C:\Users\username\Desktop\MMTT.pdf
[2012.05.31 15:03:26 | 005,875,200 | ---- | C] () -- C:\Windows\System32\pdftk.exe
[2012.05.18 14:17:46 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_ccdcmb_01009.Wdf
[2012.01.28 22:50:23 | 000,000,516 | ---- | C] () -- C:\Windows\wiso.ini
[2012.01.11 22:38:08 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{e126cd52-b531-6220-4476-e3b42e487d04}\@
[2012.01.11 22:38:08 | 000,002,048 | -HS- | C] () -- C:\Users\username\AppData\Local\{e126cd52-b531-6220-4476-e3b42e487d04}\@
[2012.01.10 17:54:03 | 000,000,245 | ---- | C] () -- C:\Users\username\openvpn-connect.json
[2012.01.09 22:00:48 | 004,346,880 | ---- | C] () -- C:\Windows\System32\ffmpeg.dll
[2012.01.08 00:22:00 | 000,172,032 | ---- | C] () -- C:\Windows\System32\libbluray.dll
[2012.01.08 00:21:50 | 006,366,094 | ---- | C] () -- C:\Windows\System32\avcodec-lav-53.dll
[2012.01.08 00:21:50 | 001,007,151 | ---- | C] () -- C:\Windows\System32\avformat-lav-53.dll
[2012.01.08 00:21:50 | 000,354,979 | ---- | C] () -- C:\Windows\System32\swscale-lav-2.dll
[2012.01.08 00:21:50 | 000,203,306 | ---- | C] () -- C:\Windows\System32\avutil-lav-51.dll
[2012.01.08 00:21:50 | 000,138,727 | ---- | C] () -- C:\Windows\System32\avfilter-lav-2.dll
[2011.12.20 20:50:04 | 000,079,360 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2011.12.20 20:49:56 | 000,099,328 | ---- | C] () -- C:\Windows\System32\ff_wmv9.dll
[2011.12.20 20:49:54 | 000,158,720 | ---- | C] () -- C:\Windows\System32\ff_unrar.dll
[2011.12.20 20:49:54 | 000,146,944 | ---- | C] () -- C:\Windows\System32\ff_libmad.dll
[2011.12.20 20:49:52 | 001,525,248 | ---- | C] () -- C:\Windows\System32\ff_samplerate.dll
[2011.12.20 20:49:52 | 000,212,480 | ---- | C] () -- C:\Windows\System32\ff_libdts.dll
[2011.12.20 20:49:52 | 000,115,200 | ---- | C] () -- C:\Windows\System32\ff_liba52.dll
[2011.12.20 20:49:50 | 000,328,704 | ---- | C] () -- C:\Windows\System32\ff_libfaad2.dll
[2011.12.20 20:49:50 | 000,260,608 | ---- | C] () -- C:\Windows\System32\TomsMoComp_ff.dll
[2011.12.20 20:49:50 | 000,137,728 | ---- | C] () -- C:\Windows\System32\libmpeg2_ff.dll
[2011.12.07 21:32:24 | 000,216,064 | ---- | C] ( ) -- C:\Windows\System32\Lagarith.dll
[2011.12.06 16:46:30 | 000,001,252 | ---- | C] () -- C:\Users\username\Downloads - Verknüpfung.lnk
[2011.11.30 23:49:10 | 000,001,235 | ---- | C] () -- C:\Users\username\.octave_hist
[2011.10.17 11:47:59 | 000,000,186 | ---- | C] () -- C:\Users\username\wlanfb02.opvn
[2011.09.08 16:00:52 | 000,150,528 | ---- | C] () -- C:\Windows\System32\mkx.dll
[2011.09.08 16:00:48 | 000,142,336 | ---- | C] () -- C:\Windows\System32\mp4.dll
[2011.09.08 16:00:42 | 000,123,392 | ---- | C] () -- C:\Windows\System32\ogm.dll
[2011.09.08 16:00:38 | 000,249,856 | ---- | C] () -- C:\Windows\System32\dxr.dll
[2011.09.08 16:00:34 | 000,113,152 | ---- | C] () -- C:\Windows\System32\dsmux.exe
[2011.09.08 16:00:24 | 000,154,624 | ---- | C] () -- C:\Windows\System32\ts.dll
[2011.09.08 16:00:10 | 000,137,728 | ---- | C] () -- C:\Windows\System32\mkv2vfr.exe
[2011.09.08 16:00:06 | 000,358,400 | ---- | C] () -- C:\Windows\System32\gdsmux.exe
[2011.09.08 15:59:54 | 000,080,384 | ---- | C] () -- C:\Windows\System32\mkzlib.dll
[2011.09.08 15:59:52 | 000,024,576 | ---- | C] () -- C:\Windows\System32\mkunicode.dll
[2011.05.30 15:42:50 | 000,240,640 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2011.05.23 09:46:30 | 000,645,632 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011.03.07 04:45:46 | 000,213,332 | ---- | C] () -- C:\Windows\System32\igfcg600m.bin
[2011.03.07 04:45:46 | 000,145,804 | ---- | C] () -- C:\Windows\System32\igcompkrng600.bin
[2011.03.07 04:45:44 | 000,963,116 | ---- | C] () -- C:\Windows\System32\igkrng600.bin
[2011.03.07 04:13:22 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2011.03.07 04:11:08 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2011.03.07 04:07:58 | 000,094,208 | ---- | C] () -- C:\Windows\System32\IccLibDll.dll
[2011.03.03 13:39:56 | 000,109,568 | ---- | C] () -- C:\Windows\System32\avi.dll
[2011.03.03 13:38:10 | 000,097,792 | ---- | C] () -- C:\Windows\System32\avs.dll
[2011.03.03 13:37:50 | 000,093,184 | ---- | C] () -- C:\Windows\System32\avss.dll
[2010.11.21 02:46:14 | 000,762,182 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2010.11.21 02:46:14 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2010.11.21 02:46:14 | 000,172,536 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2010.11.21 02:46:14 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2010.11.20 23:29:26 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2010.08.18 21:56:38 | 000,000,151 | ---- | C] () -- C:\Windows\System32\Registration.ini
 
========== LOP Check ==========
 
[2011.09.19 15:49:14 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\.purple
[2012.01.28 22:50:28 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\Buhl Data Service
[2011.11.06 23:22:31 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\Bytemobile
[2012.07.17 09:35:55 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\elsterformular
[2011.10.17 10:50:41 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\gateProtect
[2012.07.11 15:36:57 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\gnupg
[2012.07.11 15:36:45 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\gtk-2.0
[2011.09.18 22:13:07 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\hte
[2011.10.11 11:05:03 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\OpenOffice.org
[2012.07.14 10:55:49 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\QuickScan
[2012.02.18 23:10:10 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\Subversion
[2011.09.26 11:01:39 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\Thunderbird
[2011.11.06 23:22:40 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\Vodafone
[2011.11.17 20:31:13 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\Vodafone Mobile Connect
[2012.01.11 15:48:36 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\Xilinx
[2011.10.28 12:07:58 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\xm1
[2012.06.18 09:44:44 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Files - Unicode (All) ==========
[2012.06.09 01:06:08 | 950,323,214 | ---- | M] ()(C:\Users\username\Documents\-----------------.mp4) -- C:\Users\username\Documents\---.mp4
[2012.06.09 00:54:08 | 950,323,214 | ---- | C] ()(C:\Users\username\Documents\-------------.mp4) -- C:\Users\username\Documents\---.mp4

< End of report >
         
--- --- ---
__________________


Geändert von lilaitz (17.07.2012 um 14:13 Uhr)

Alt 17.07.2012, 17:28   #3
markusg
/// Malware-holic
 
Datei C:\Windows\System32\services.exe infiziert: W32/Patched.UB, Patched.UA, Patched.ZA - Standard

Datei C:\Windows\System32\services.exe infiziert: W32/Patched.UB, Patched.UA, Patched.ZA



hi
wenn du onlinebanking machst, rufe die bank an, lasse es wegen zero access rootkits sperren.
du musst am ende auch alle passwörter endern.
da dieses rootkit gefärhlich ist:
der pc muss neu aufgesetzt und dann abgesichert werden
1. Datenrettung:2. Formatieren, Windows neu instalieren:3. PC absichern: http://www.trojaner-board.de/96344-a...-rechners.html
ich werde außerdem noch weitere punkte dazu posten.
4. alle Passwörter ändern!
5. nach PC Absicherung, die gesicherten Daten prüfen und falls sauber: zurückspielen.
6. werde ich dann noch was zum absichern von Onlinebanking mit Chip Card Reader + Star Money sagen.
__________________
__________________

Alt 17.07.2012, 17:55   #4
lilaitz
 
Datei C:\Windows\System32\services.exe infiziert: W32/Patched.UB, Patched.UA, Patched.ZA - Standard

Datei C:\Windows\System32\services.exe infiziert: W32/Patched.UB, Patched.UA, Patched.ZA



Hallo,

vielen Dank erstmal für die Infos.
Woran hast du erkannt, daß es um ZeroAccessRootkits geht?
Werde jetzt erstmal deine Tipps befolgen.

Gruß
lilaitz

Alt 19.07.2012, 06:44   #5
lilaitz
 
Datei C:\Windows\System32\services.exe infiziert: W32/Patched.UB, Patched.UA, Patched.ZA - Standard

Datei C:\Windows\System32\services.exe infiziert: W32/Patched.UB, Patched.UA, Patched.ZA



Hallo,

gibt es irgendeine Möglichkeit, die Schädling ezu entfernen ohne das System neu aufsetzen zu müssen?

Da ich den Rechner täglich nutzen muss benötige ich eine schnelle Lösung des Problems.

Bitte helft mir!

Ich wäre euch sehr dankbar für eure Zeit.

Gruß
lilaitz


Alt 19.07.2012, 15:47   #6
markusg
/// Malware-holic
 
Datei C:\Windows\System32\services.exe infiziert: W32/Patched.UB, Patched.UA, Patched.ZA - Standard

Datei C:\Windows\System32\services.exe infiziert: W32/Patched.UB, Patched.UA, Patched.ZA



bitte setze das system neu auf, sind die daten gesichert?
erkennt man an den fundmeldung
wegen der schnellen hilfe, die will hier jeder, die regeln lesen bitte, ne antwort kann 3 tage dauern.
wem das nicht gefällt, sollte einen geschäft in seiner nähe aufsuchen und die dann für die arbeit bezahlen.
__________________
--> Datei C:\Windows\System32\services.exe infiziert: W32/Patched.UB, Patched.UA, Patched.ZA

Antwort

Themen zu Datei C:\Windows\System32\services.exe infiziert: W32/Patched.UB, Patched.UA, Patched.ZA
antimalware, avira, c:\windows, datei, dateien, entfernen, free, gen, hijack, infiziert, infizierte, infizierte dateien, logfile, malwarebytes, malwarebytes antimalware, meldungen, patched.ua, patched.ub, patched.za, probleme, quarantäne, schädlinge, services.exe, spiele, spielen, system, system32, webseite, windows



Ähnliche Themen: Datei C:\Windows\System32\services.exe infiziert: W32/Patched.UB, Patched.UA, Patched.ZA


  1. Problem: Win8..TR/Patched.Ren.Gen..und..TR/Patched.Ren.Gen2
    Plagegeister aller Art und deren Bekämpfung - 07.11.2014 (5)
  2. Virus: Win64/Patched.A in c:\windows\system32\services.exe
    Log-Analyse und Auswertung - 23.07.2014 (19)
  3. W32/Patched.UC - services.exe anscheinend infiziert.
    Log-Analyse und Auswertung - 02.07.2013 (17)
  4. Virus Win64/Patched.A in c:\Windows\System32\services.exe
    Log-Analyse und Auswertung - 30.05.2013 (11)
  5. W32/Patched.UC' [virus] in 'C:\Windows\System32\services.exe
    Log-Analyse und Auswertung - 23.05.2013 (54)
  6. 'W32/Patched.UC' [virus] in 'C:\Windows\System32\services.exe'
    Log-Analyse und Auswertung - 15.05.2013 (24)
  7. W32/Patched.UC in C:\windows\system32\services.exe gefunden! (Avira)
    Plagegeister aller Art und deren Bekämpfung - 13.02.2013 (23)
  8. Avira findet W32/Patched.UC in C:\windows\system32\services.exe
    Log-Analyse und Auswertung - 08.01.2013 (19)
  9. services.exe mit "W32/Patched.UC" infiziert || TR/ATRAPS.GEN2 und TR/Sirefref.W.16896 gefunden
    Log-Analyse und Auswertung - 18.10.2012 (1)
  10. TR/ATRAPS.Gen2, TR/Sirefef.16896 (in C:\Windows\Installer\...) und W32/Patched.UA (C:\Windows\System32\services.exe)
    Plagegeister aller Art und deren Bekämpfung - 04.09.2012 (5)
  11. W32/Patched.UA in "C:\Windows\System32\services.exe" + TR/Small.FI, TR/ATRAPS.Gen und TR/ATRAPS.GEN2
    Plagegeister aller Art und deren Bekämpfung - 26.08.2012 (2)
  12. Trojan.Patched.Sirefef.B in C:\Windows\System32\services.exe
    Plagegeister aller Art und deren Bekämpfung - 07.08.2012 (3)
  13. W32/Patched.UB in c:\windows\system32\services.exe
    Log-Analyse und Auswertung - 02.08.2012 (7)
  14. Virusfund WR32/Patched.UA in "C:\Windows\System32\Services.exe"
    Log-Analyse und Auswertung - 11.07.2012 (4)
  15. avira antivirus premium meldet in c:\windows\system32\services.exe Virus w32/patched.ub
    Plagegeister aller Art und deren Bekämpfung - 05.07.2012 (22)
  16. TR/Small.FI, TR/ATRAPS.Gen, TR/ATRAPS.GEN2 und W32/Patched.UA in "C:\Windows\System32\services.exe"
    Plagegeister aller Art und deren Bekämpfung - 04.07.2012 (15)
  17. TR/Patched.GR.10 in explorer.exe & TR/Patched.KL.238 in winlogon.exe
    Plagegeister aller Art und deren Bekämpfung - 01.12.2010 (5)

Zum Thema Datei C:\Windows\System32\services.exe infiziert: W32/Patched.UB, Patched.UA, Patched.ZA - Hallo allerseits, ich verwende Avira Free AntiVirus. Dieses zeigt mir o.g. Schädlinge an. Avira selbst kann diese nicht entfernen bzw. in die Quarantäne verschieben. Ausgehend von Anleitungen zu ähnlichen Problemen - Datei C:\Windows\System32\services.exe infiziert: W32/Patched.UB, Patched.UA, Patched.ZA...
Archiv
Du betrachtest: Datei C:\Windows\System32\services.exe infiziert: W32/Patched.UB, Patched.UA, Patched.ZA auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.