Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: "ATRAPS.gen" und "ATRAPS.gen2" Trojaner Fund

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 02.08.2012, 10:49   #1
TimTobi
 
"ATRAPS.gen" und "ATRAPS.gen2" Trojaner Fund - Standard

"ATRAPS.gen" und "ATRAPS.gen2" Trojaner Fund



Hallo zusammen ich hoffe ihr könnt mir helfen siet heut Morgen tauchte plötzlich ein Virus Fund von Avira auf und meldete die Zwei Trojaner ATRAPS.gen und "".gen2.

Ich hab gleich mal wie bei allen anderen Themen die Tests durchlaufen lassen sprich OTL und Malwarebytes.

OTL.txt

Code:
ATTFilter
OTL logfile created on: 02.08.2012 11:31:49 - Run 3
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\TimTobias\Desktop\Nette Progs\HiJackThis Hilfe
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,87 Gb Total Physical Memory | 1,65 Gb Available Physical Memory | 57,52% Memory free
5,96 Gb Paging File | 4,70 Gb Available in Paging File | 78,88% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 303,84 Gb Total Space | 14,21 Gb Free Space | 4,68% Space Free | Partition Type: NTFS
Drive D: | 152,92 Gb Total Space | 29,02 Gb Free Space | 18,98% Space Free | Partition Type: NTFS
 
Computer Name: DERCOMPUTER | User Name: Gabi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\TimTobias\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
PRC - C:\Programme\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
PRC - C:\Programme\GbPlugin\gbpsv.exe ( )
PRC - C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Users\TimTobias\Desktop\Nette Progs\HiJackThis Hilfe\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Programme\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - c:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
PRC - c:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe (Fujitsu Siemens Computers)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - c:\Programme\Windows Defender\MpCmdRun.exe (Microsoft Corporation)
PRC - C:\Programme\Norman\Npm\Bin\Zanda.exe (Norman ASA)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\System32\Macromed\Flash\NPSWF32_11_2_202_228.dll ()
MOD - C:\Programme\Mozilla Firefox\js3250.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
SRV - (Hamachi2Svc) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SRV - (GbpSv) -- C:\Programme\GbPlugin\gbpsv.exe ( )
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (TeamViewer7) -- C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (TestHandler) -- C:\Program Files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe (Fujitsu Siemens Computers)
SRV - (NVOY) -- C:\Program Files\Norman\npm\bin\nvoy.exe (Norman ASA)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (Norman ZANDA) -- C:\Program Files\Norman\Npm\Bin\Zanda.exe (Norman ASA)
SRV - (eLoggerSvc6) -- C:\Program Files\Norman\Npm\Bin\Elogsvc.exe (Norman ASA)
SRV - (FSCLBaseUpdaterService) -- C:\Program Files\Fujitsu Siemens Computers\FSCLounge\FSCWBaseUpdaterService\2\FSCWBaseUpdaterService.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV - (GbpKm) -- C:\Windows\system32\drivers\gbpkm.sys (GAS Tecnologia)
DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys ()
DRV - (SASDIFSV) -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (ACEDRV09) -- C:\Windows\System32\drivers\ACEDRV09.sys (Protect Software GmbH)
DRV - (dtsoftbus01) -- C:\Windows\System32\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV - (ACEDRV07) -- C:\Windows\System32\drivers\ACEDRV07.sys (Protect Software GmbH)
DRV - (FsUsbExDisk) -- C:\Windows\System32\FsUsbExDisk.Sys ()
DRV - (sscemdm) -- C:\Windows\System32\drivers\sscemdm.sys (MCCI Corporation)
DRV - (sscebus) SAMSUNG USB Composite Device V2 driver (WDM) -- C:\Windows\System32\drivers\sscebus.sys (MCCI Corporation)
DRV - (sscemdfl) -- C:\Windows\System32\drivers\sscemdfl.sys (MCCI Corporation)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (RTL8187B) -- C:\Windows\System32\drivers\RTL8187B.sys (Realtek Semiconductor Corporation                           )
DRV - (ahcix86s) -- C:\Windows\system32\drivers\ahcix86s.sys (AMD Technologies Inc.)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation                                            )
DRV - (JRAID) -- C:\Windows\system32\drivers\jraid.sys (JMicron Technology Corp.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=FUJD&bmod=FUJD
 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: "hxxp://www.t-online.de/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:6.1.0.10441
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}:6.0.32
FF - prefs.js..extensions.enabledItems: battlefieldheroespatcher@ea.com:5.0.145.0
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_228.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.12.11 19:45:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.06.06 16:56:36 | 000,000,000 | ---D | M]
 
[2011.01.23 20:08:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gabi\AppData\Roaming\mozilla\Extensions
[2012.07.18 23:46:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gabi\AppData\Roaming\mozilla\Firefox\Profiles\1glfvulm.default\extensions
[2011.01.23 20:09:39 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Gabi\AppData\Roaming\mozilla\Firefox\Profiles\1glfvulm.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012.07.18 22:02:49 | 000,000,000 | ---D | M] (Battlefield Heroes Updater) -- C:\Users\Gabi\AppData\Roaming\mozilla\Firefox\Profiles\1glfvulm.default\extensions\battlefieldheroespatcher@ea.com
[2012.07.18 23:46:51 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.07.18 21:59:48 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2010.12.28 19:41:59 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2012.06.06 16:57:04 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}
[2012.07.18 21:59:48 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2010.12.28 19:41:59 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2012.06.06 16:57:04 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}
[2010.11.12 12:45:19 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.11.12 12:45:19 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010.11.12 12:45:19 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.11.12 12:45:20 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
 
========== Chrome  ==========
 
 
O1 HOSTS File: ([2012.01.16 02:03:23 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Programme\GbPlugin\gbieh.dll (Banco do Brasil)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - Startup: C:\Users\Gabi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Programme\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1 [2012.01.13 00:00:37 | 000,000,000 | ---D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1 [2012.01.13 00:00:37 | 000,000,000 | ---D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1 [2012.01.13 00:00:37 | 000,000,000 | ---D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1 [2012.01.13 00:00:37 | 000,000,000 | ---D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1 [2012.01.13 00:00:37 | 000,000,000 | ---D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 [2012.01.13 00:00:37 | 000,000,000 | ---D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 [2012.01.13 00:00:37 | 000,000,000 | ---D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1 [2012.01.13 00:00:37 | 000,000,000 | ---D | M]
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0169DC82-20BB-43D7-9C30-B0DA25C3A568}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AFA7E0B6-A087-4954-92D6-2FA645EC1AF7}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D0E9E3E0-3468-44F4-8735-70FF3931833B}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\ GbPluginBb: DllName - (C:\Program Files\GbPlugin\gbieh.dll) - C:\Programme\GbPlugin\gbieh.dll (Banco do Brasil)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O28 - HKLM ShellExecuteHooks: {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\Programme\GbPlugin\gbieh.dll (Banco do Brasil)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 21:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.07.31 23:51:55 | 000,000,000 | ---D | C] -- C:\Program Files\PermissionResearch
[2012.07.28 21:41:31 | 000,000,000 | ---D | C] -- C:\Program Files\THQ
[2012.07.22 19:20:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
[2012.07.22 19:20:08 | 000,000,000 | ---D | C] -- C:\Program Files\Steam
[2012.07.18 23:47:30 | 000,000,000 | ---D | C] -- C:\Users\Gabi\AppData\Local\PunkBuster
[2012.07.18 23:28:19 | 000,000,000 | ---D | C] -- C:\Users\Gabi\Documents\Battlefield Heroes
[2012.07.18 22:03:13 | 000,000,000 | ---D | C] -- C:\Program Files\EA Games
[2012.07.12 09:38:41 | 002,047,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012.07.12 09:35:12 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012.07.12 09:35:11 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.07.12 09:35:10 | 001,800,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012.07.12 09:35:10 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.07.12 09:35:10 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012.07.12 09:35:09 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012.07.12 09:35:08 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012.07.11 19:08:31 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2012.07.10 20:16:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2012.07.10 20:16:48 | 000,000,000 | ---D | C] -- C:\Program Files\LogMeIn Hamachi
[2010.11.03 10:33:35 | 000,695,296 | ---- | C] (AnjoCaido) -- C:\Users\Gabi\AppData\Roaming\MinecraftSP.exe
 
========== Files - Modified Within 30 Days ==========
 
[2012.08.02 11:31:56 | 000,001,154 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-796801859-272985792-655912762-1001UA.job
[2012.08.02 10:55:16 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.08.02 10:49:47 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.08.02 10:49:09 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.08.02 10:49:09 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.08.02 10:48:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.08.02 10:48:57 | 3079,262,208 | -HS- | M] () -- C:\hiberfil.sys
[2012.08.02 10:37:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.08.01 23:31:00 | 000,001,132 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-796801859-272985792-655912762-1001Core.job
[2012.07.22 19:20:28 | 000,000,792 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk
[2012.07.18 23:48:36 | 000,139,080 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2012.07.18 23:48:27 | 000,270,240 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr
[2012.07.18 22:53:04 | 000,138,056 | ---- | M] () -- C:\Users\Gabi\AppData\Roaming\PnkBstrK.sys
[2012.07.18 22:52:54 | 000,189,248 | ---- | M] () -- C:\Windows\System32\PnkBstrB.ex0
[2012.07.13 14:35:31 | 000,655,950 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.07.13 14:35:30 | 000,699,828 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.07.13 14:35:30 | 000,157,120 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.07.13 14:35:30 | 000,128,964 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.07.12 09:57:28 | 000,324,912 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
 
========== Files Created - No Company Name ==========
 
[2012.07.22 19:20:28 | 000,000,792 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk
[2012.07.18 23:48:27 | 000,270,240 | ---- | C] () -- C:\Windows\System32\PnkBstrB.xtr
[2012.07.18 22:53:05 | 000,139,080 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2012.07.18 22:53:04 | 000,138,056 | ---- | C] () -- C:\Users\Gabi\AppData\Roaming\PnkBstrK.sys
[2012.07.18 22:52:49 | 000,270,240 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2012.07.18 22:52:49 | 000,189,248 | ---- | C] () -- C:\Windows\System32\PnkBstrB.ex0
[2012.07.18 22:52:45 | 000,075,136 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2011.12.07 22:49:28 | 000,093,671 | ---- | C] () -- C:\Users\Gabi\AppData\Roaming\Uninstal.exe
[2011.11.13 21:48:09 | 000,271,360 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2011.11.13 21:47:37 | 000,018,048 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2011.10.27 22:01:45 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll
[2011.09.26 21:53:01 | 000,000,639 | ---- | C] () -- C:\Windows\eReg.dat
[2011.06.18 15:53:25 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011.06.18 15:52:22 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011.04.09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2011.03.06 20:52:38 | 000,000,000 | ---- | C] () -- C:\Windows\System32\Access.dat
[2011.01.24 13:25:09 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2011.01.24 12:57:10 | 000,069,632 | R--- | C] () -- C:\Windows\System32\xmltok.dll
[2011.01.24 12:57:10 | 000,036,864 | R--- | C] () -- C:\Windows\System32\xmlparse.dll
[2010.10.31 07:20:08 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010.09.17 18:51:57 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.09.13 18:53:41 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2010.09.13 18:53:41 | 000,036,640 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2010.09.11 10:41:05 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010.09.11 08:51:24 | 000,000,342 | ---- | C] () -- C:\Windows\{9A3BC157-B94F-4EFD-ABA9-1E56DEB00655}_WiseFW.ini
[2008.10.20 13:37:54 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1527.dll
[2008.10.20 13:37:53 | 002,192,024 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2008.10.20 13:37:52 | 000,495,376 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2008.10.20 13:37:52 | 000,147,172 | ---- | C] () -- C:\Windows\System32\igfcg550.bin
[2008.10.20 12:58:30 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008.04.25 12:23:38 | 000,012,288 | ---- | C] () -- C:\Windows\System32\EvOnlDiag.dll
[2008.01.21 07:15:58 | 000,699,828 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008.01.21 07:15:58 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008.01.21 07:15:58 | 000,157,120 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008.01.21 07:15:58 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2007.07.23 08:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2007.07.23 08:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2007.07.23 08:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2007.07.23 08:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2007.07.23 08:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2007.07.23 08:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2007.07.23 08:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2007.07.23 08:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2007.07.23 08:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2006.11.02 12:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 12:47:37 | 000,324,912 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 12:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 10:33:01 | 000,655,950 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 10:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 10:33:01 | 000,128,964 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 10:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 10:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 08:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 08:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 07:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 07:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2002.08.01 15:35:04 | 000,002,831 | ---- | C] () -- C:\Windows\wavemix.ini
 
========== LOP Check ==========
 
[2011.12.15 18:55:55 | 000,000,000 | ---D | M] -- C:\Users\Gabi\AppData\Roaming\.minecraft
[2012.01.11 21:51:03 | 000,000,000 | ---D | M] -- C:\Users\Gabi\AppData\Roaming\DAEMON Tools Lite
[2011.11.12 20:22:32 | 000,000,000 | ---D | M] -- C:\Users\Gabi\AppData\Roaming\Easeware
[2011.11.12 20:12:53 | 000,000,000 | ---D | M] -- C:\Users\Gabi\AppData\Roaming\fltk.org
[2011.09.29 13:49:51 | 000,000,000 | ---D | M] -- C:\Users\Gabi\AppData\Roaming\Leadertech
[2012.07.03 10:21:30 | 000,000,000 | ---D | M] -- C:\Users\Gabi\AppData\Roaming\LolClient
[2012.05.04 06:51:51 | 000,000,000 | ---D | M] -- C:\Users\Gabi\AppData\Roaming\Propellerhead Software
[2012.06.17 15:13:03 | 000,000,000 | ---D | M] -- C:\Users\Gabi\AppData\Roaming\uTorrent
[2011.01.18 23:30:31 | 000,000,000 | ---D | M] -- C:\Users\Gabi\AppData\Roaming\wxMozBrowserLib
[2012.05.10 23:22:14 | 000,000,000 | ---D | M] -- C:\Users\Gabi\AppData\Roaming\YoudaGames
[2011.11.28 10:21:52 | 000,000,404 | ---- | M] () -- C:\Windows\Tasks\DriverEasy Scheduled Scan.job
[2012.08.01 23:31:00 | 000,001,132 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-796801859-272985792-655912762-1001Core.job
[2012.08.02 11:31:56 | 000,001,154 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-796801859-272985792-655912762-1001UA.job
[2012.08.02 10:47:58 | 000,032,606 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 208 bytes -> C:\Windows\System32\drivers:GbpKmAp.lst
@Alternate Data Stream - 2 bytes -> C:\Windows\System32:EF87F1B4_Bb.gbp

< End of report >
         

Extras.txt

Code:
ATTFilter
OTL Extras logfile created on: 02.08.2012 11:31:49 - Run 3
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\TimTobias\Desktop\Nette Progs\HiJackThis Hilfe
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,87 Gb Total Physical Memory | 1,65 Gb Available Physical Memory | 57,52% Memory free
5,96 Gb Paging File | 4,70 Gb Available in Paging File | 78,88% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 303,84 Gb Total Space | 14,21 Gb Free Space | 4,68% Space Free | Partition Type: NTFS
Drive D: | 152,92 Gb Total Space | 29,02 Gb Free Space | 18,98% Space Free | Partition Type: NTFS
 
Computer Name: DERCOMPUTER | User Name: Gabi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1 -- [2012.01.13 00:00:37 | 000,000,000 | ---D | M]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1 -- [2012.01.13 00:00:37 | 000,000,000 | ---D | M]
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1 -- [2012.01.13 00:00:37 | 000,000,000 | ---D | M]
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1 -- [2012.01.13 00:00:37 | 000,000,000 | ---D | M]
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0F8B0B26-FFE6-4ECF-8298-FAA609342576}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{1512EB15-60C0-49B2-9E99-C5E1AA49E3C3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{1F7D19CF-8C14-40C7-A8B5-10C7C64A6177}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{31D7BAA4-BA38-4658-939E-7E44CA66549C}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{34D94C5E-6CF4-4FF0-8D74-34F4872A4F24}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{4D8FAA36-EAEF-407B-ABF5-9DBB172149A3}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{4ED82306-77B9-4275-95C5-F78AAE64573E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{55CE7E2A-6A0B-419C-9AE4-49ECE309E4C1}" = lport=8381 | protocol=6 | dir=in | name=league of legends launcher | 
"{5809861F-42A1-4D62-B03B-5C1CA7879407}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{5B359E3A-DC14-4C0F-AE4A-3ED21DC60012}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{66F66EC7-6B56-40A6-ABD2-1927E8AB473F}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{88DB133D-8FD7-49DD-9F0A-8CDE93EB9369}" = lport=8381 | protocol=17 | dir=in | name=league of legends launcher | 
"{B384ACE6-62BC-4111-BDA0-8662B42B4C79}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{C2DE4EAC-1C83-4399-A973-5D4E81CD1155}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{D10EC664-C2B0-4AEF-913E-772EADC2E965}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{D961EDCC-C6FB-41E4-AEAF-D1F7B3F36986}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe | 
"{E3FBDF1D-4938-4589-AA6F-3A9CB0A68757}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{E44B06BF-5D13-4C1F-8818-73ED4E7CE463}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{F89769C0-96AA-4DF0-81D1-DE4010D76881}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{F95014A7-6422-4E14-965E-9600C352B3C7}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{FAB0312A-4B8E-40C9-9192-5F354BF378C4}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{FB091B93-6B0A-4E9E-A130-DB813553F089}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0ECDE24D-FC5B-4127-A1BB-D5D97E0F6588}" = protocol=6 | dir=in | app=c:\program files\thq\company of heroes\relicdownloader\relicdownloader.exe | 
"{161AAFC7-5028-49B7-BFE8-42B29BD054FF}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe | 
"{274A62D6-5858-4AA3-8E66-6C5D14DFC351}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe | 
"{28C22EFD-DF7C-4CE4-884B-0ED50BD85229}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{29924917-17A2-4086-A372-BD4D22FA3FB0}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{2A81C4F9-D67A-4F0A-8B80-BC674EC92AEA}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{2C9A92BB-EAE3-44CA-AB31-CA9AF3087FDB}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{3DBEEFB1-6993-499A-A374-C5D031758E19}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe | 
"{4D856B98-6146-43A3-8702-F423D0F61367}" = protocol=6 | dir=in | app=c:\users\timtobias\desktop\nette progs\utorrent.exe | 
"{4F5AFC8E-44FF-48ED-93AF-CB9D505C60F0}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{5011F880-A715-4C74-9062-B6F04E22E2E8}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{55DFB885-A669-4B23-85D5-E39A2C1B72B9}" = protocol=6 | dir=in | app=c:\program files\fujitsu siemens computers\fsclounge\fscwbaseupdaterservice\2\fscwbaseupdaterservice.exe | 
"{5A0D3E12-75DA-4732-9E75-033F069D7AAC}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{5A443BAE-2A02-46C5-9B42-3416730F594B}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{5BF0AC86-618E-48E8-BA7D-4E3347A10C4F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{5C0EBF5F-5327-41EC-ABB1-CDC7B988FC97}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{5FA39179-E25C-419C-8D61-FC4A7DF37E09}" = protocol=17 | dir=in | app=c:\program files\fujitsu siemens computers\fsclounge\fscwbaseupdaterservice\2\fscwbaseupdaterservice.exe | 
"{635C9861-3C11-4497-94AB-7B3D61FC1CB7}" = protocol=17 | dir=in | app=c:\program files\thq\company of heroes\relicdownloader\relicdownloader.exe | 
"{72988D27-8115-4873-9367-57CD44038BB4}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{7A3EEFA8-8744-4656-9A2E-F145A2315124}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{7EDCF0C9-BE3E-4BDA-B01A-B47004D6A801}" = protocol=17 | dir=in | app=c:\program files\thq\company of heroes\reliccoh.exe | 
"{8146D948-5BAD-44A8-8F89-5D921176F3AD}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{8295C084-2610-43BF-AFFD-BE99FBE775A0}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{8D2F7495-D886-4022-AD74-09AA63CCEDB5}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{8E01978C-70C5-4EA5-AF9B-EF5A6A17A573}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe | 
"{94AA5E7B-33AF-44DA-8212-DBF26B972D90}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{9CDE3B11-F727-4C18-9302-9B59826E3936}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{A3917432-99FA-4B0E-92BC-7B8F71451FE9}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | 
"{B6D80CBE-4FFC-468D-AFFB-43858CB40273}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{B9365176-101D-40CE-99AA-C141EB26851E}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{BC0626C6-ADF7-4033-9716-38D818A32071}" = protocol=6 | dir=out | app=system | 
"{BD485E64-E3A2-4EB6-8257-938669840A80}" = protocol=17 | dir=in | app=c:\users\timtobias\desktop\nette progs\utorrent.exe | 
"{C156407D-1115-4D9A-A3F6-0EB939B27F61}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{C7B72D04-0138-4F32-BF9B-F20C7FBCAD00}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{CF964DCC-3BFA-444B-91E8-22F1EAE29226}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe | 
"{D58B76A8-EFE8-4C00-A59C-9D86A21C3B7F}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe | 
"{D69339DB-3F77-427C-9D96-43B00C439955}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{D94EADB9-06ED-4F93-9F35-908C142D2828}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{DB0584F7-C39E-4C86-AD42-E42EBD26D245}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{DBAA6259-CF4D-4E86-BFFC-A6119E16795D}" = protocol=6 | dir=in | app=c:\program files\thq\company of heroes\reliccoh.exe | 
"{E28C2411-862D-4615-88F7-CEA15B3F78CD}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{E39504C4-BE72-42C1-82D5-D3673723069A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"TCP Query User{0A94F50F-8626-47EF-B382-89BF7995ECDD}D:\games\praetorians +mod\praetorians\praetorians.exe" = protocol=6 | dir=in | app=d:\games\praetorians +mod\praetorians\praetorians.exe | 
"TCP Query User{0EF0ACD2-5DC4-4C48-96DD-3BB776C4C89F}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 
"TCP Query User{3774265D-BC09-417E-9BAA-972C741048D8}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"TCP Query User{467DE04B-BD31-44EA-B53C-A1A9B9BF4E76}C:\program files\lucasarts\star wars jedi knight jedi academy\gamedata\jamp.exe" = protocol=6 | dir=in | app=c:\program files\lucasarts\star wars jedi knight jedi academy\gamedata\jamp.exe | 
"TCP Query User{46BEB7B7-5F79-4691-98AF-03927CBEAA56}C:\users\timtobias\appdata\local\temp\905deee008c840e0aba80974ef3b06cf\relicdownloader.exe" = protocol=6 | dir=in | app=c:\users\timtobias\appdata\local\temp\905deee008c840e0aba80974ef3b06cf\relicdownloader.exe | 
"TCP Query User{47BCE3A5-72D2-4509-85F0-E6E5E1EA5B6F}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"TCP Query User{50DA31AC-065B-462A-B086-EFF8CC7BAB2A}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"TCP Query User{60DD221A-4AB9-47EA-A2FC-40D491336DB2}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe | 
"TCP Query User{6C734ABE-0C82-405A-965D-16E1EE156A92}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | 
"TCP Query User{76C0570D-ADF4-4729-BAE3-3DC7C1ECF522}C:\users\timtobias\appdata\roaming\icq\application\icq7.5\icq.exe" = protocol=6 | dir=in | app=c:\users\timtobias\appdata\roaming\icq\application\icq7.5\icq.exe | 
"TCP Query User{871A49B7-FAA2-45B9-8350-1937DFC80748}C:\users\timtobias\appdata\local\facebook\video\skype\facebookvideocalling.exe" = protocol=6 | dir=in | app=c:\users\timtobias\appdata\local\facebook\video\skype\facebookvideocalling.exe | 
"TCP Query User{8D3A0D2C-9D55-49B7-904E-160FC09801E0}C:\users\timtobias\appdata\roaming\icq\application\icq7.5\icq.exe" = protocol=6 | dir=in | app=c:\users\timtobias\appdata\roaming\icq\application\icq7.5\icq.exe | 
"TCP Query User{966415D1-E67D-49CE-9FF9-096AEDF1D4B9}C:\program files\audiosurf\engine\questviewer.exe" = protocol=6 | dir=in | app=c:\program files\audiosurf\engine\questviewer.exe | 
"TCP Query User{9BAC6973-1E4E-4F34-A838-0F0368AFA828}C:\users\timtobias\appdata\local\temp\efda6c7eda5d424ea73d2df644900481\relicdownloader.exe" = protocol=6 | dir=in | app=c:\users\timtobias\appdata\local\temp\efda6c7eda5d424ea73d2df644900481\relicdownloader.exe | 
"TCP Query User{9E53D579-4135-4F1E-A446-A515E6979189}C:\users\timtobias\appdata\local\temp\9f5671545fa140baae8736b640041bf2\relicdownloader.exe" = protocol=6 | dir=in | app=c:\users\timtobias\appdata\local\temp\9f5671545fa140baae8736b640041bf2\relicdownloader.exe | 
"TCP Query User{A6BEB1A9-F5D0-4912-8C91-0C0B2350838A}C:\users\timtobias\desktop\nette progs\utorrent.exe" = protocol=6 | dir=in | app=c:\users\timtobias\desktop\nette progs\utorrent.exe | 
"TCP Query User{C275CBF3-3FAA-40F5-A5B7-2482859908F3}C:\program files\audiosurf\engine\questviewer.exe" = protocol=6 | dir=in | app=c:\program files\audiosurf\engine\questviewer.exe | 
"TCP Query User{E187C766-12E1-4648-B790-419B7715204E}D:\games\praetorians +mod\praetorians\praetorians.exe" = protocol=6 | dir=in | app=d:\games\praetorians +mod\praetorians\praetorians.exe | 
"TCP Query User{EF1E3FEA-F7DA-4E4E-96BE-96064B184907}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe | 
"TCP Query User{F891D6AA-6C19-4C89-BB4C-A2E2F5CC4FA3}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"TCP Query User{FCCA50B1-05FD-4525-A783-55863C30DC0D}C:\users\timtobias\desktop\nette progs\utorrent.exe" = protocol=6 | dir=in | app=c:\users\timtobias\desktop\nette progs\utorrent.exe | 
"UDP Query User{094577A3-94F8-418F-9838-D24E00679FB5}C:\users\timtobias\appdata\local\temp\905deee008c840e0aba80974ef3b06cf\relicdownloader.exe" = protocol=17 | dir=in | app=c:\users\timtobias\appdata\local\temp\905deee008c840e0aba80974ef3b06cf\relicdownloader.exe | 
"UDP Query User{1D60A1EA-A8E2-42F7-8461-B5F6240A8E3D}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe | 
"UDP Query User{28BABCA5-EC32-499B-9704-B390745551E7}C:\users\timtobias\desktop\nette progs\utorrent.exe" = protocol=17 | dir=in | app=c:\users\timtobias\desktop\nette progs\utorrent.exe | 
"UDP Query User{3678918A-76CE-4FE8-9764-7DCC84D92EA0}C:\program files\audiosurf\engine\questviewer.exe" = protocol=17 | dir=in | app=c:\program files\audiosurf\engine\questviewer.exe | 
"UDP Query User{3682CD82-1806-4337-B253-4DE30352B0AA}C:\program files\audiosurf\engine\questviewer.exe" = protocol=17 | dir=in | app=c:\program files\audiosurf\engine\questviewer.exe | 
"UDP Query User{4953406A-6C61-426B-ACB5-3CAC74284E09}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{4A7D287B-F79F-4713-925C-7636F63E4F1B}C:\users\timtobias\appdata\roaming\icq\application\icq7.5\icq.exe" = protocol=17 | dir=in | app=c:\users\timtobias\appdata\roaming\icq\application\icq7.5\icq.exe | 
"UDP Query User{4A900F4F-56E8-4C7F-9649-20F290F932F4}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe | 
"UDP Query User{4BBC645A-5C68-4F87-BDA3-CFB95F4C8E9F}D:\games\praetorians +mod\praetorians\praetorians.exe" = protocol=17 | dir=in | app=d:\games\praetorians +mod\praetorians\praetorians.exe | 
"UDP Query User{6896719B-28B5-4818-910C-31224730447A}D:\games\praetorians +mod\praetorians\praetorians.exe" = protocol=17 | dir=in | app=d:\games\praetorians +mod\praetorians\praetorians.exe | 
"UDP Query User{78D224F1-8702-4044-AF40-8CDA759CAAD6}C:\users\timtobias\appdata\local\temp\efda6c7eda5d424ea73d2df644900481\relicdownloader.exe" = protocol=17 | dir=in | app=c:\users\timtobias\appdata\local\temp\efda6c7eda5d424ea73d2df644900481\relicdownloader.exe | 
"UDP Query User{9E21719A-0E5B-4722-9D31-0DBFE2420725}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{A5CE583C-CCD0-4E9A-ACA9-4824083BE17C}C:\users\timtobias\appdata\roaming\icq\application\icq7.5\icq.exe" = protocol=17 | dir=in | app=c:\users\timtobias\appdata\roaming\icq\application\icq7.5\icq.exe | 
"UDP Query User{BBE1723B-F277-4FE1-9737-9245C3EE3596}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | 
"UDP Query User{C72BAC74-9DB7-4AB1-A279-44876756F44A}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 
"UDP Query User{DABD39E1-B7CD-406A-A7AC-EE408F466B10}C:\program files\lucasarts\star wars jedi knight jedi academy\gamedata\jamp.exe" = protocol=17 | dir=in | app=c:\program files\lucasarts\star wars jedi knight jedi academy\gamedata\jamp.exe | 
"UDP Query User{DBBE56E1-A8EC-459F-ADA1-5C6792770E0D}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"UDP Query User{DC2BEA43-F32C-4323-AF81-FE503FCA2A36}C:\users\timtobias\desktop\nette progs\utorrent.exe" = protocol=17 | dir=in | app=c:\users\timtobias\desktop\nette progs\utorrent.exe | 
"UDP Query User{E8470E48-447E-4694-9F52-FEFF05E58A11}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"UDP Query User{E88A7570-C7EB-4F14-9DE9-1E382CABFF3C}C:\users\timtobias\appdata\local\temp\9f5671545fa140baae8736b640041bf2\relicdownloader.exe" = protocol=17 | dir=in | app=c:\users\timtobias\appdata\local\temp\9f5671545fa140baae8736b640041bf2\relicdownloader.exe | 
"UDP Query User{F4B34126-5377-48D1-8B08-81A08684C37B}C:\users\timtobias\appdata\local\facebook\video\skype\facebookvideocalling.exe" = protocol=17 | dir=in | app=c:\users\timtobias\appdata\local\facebook\video\skype\facebookvideocalling.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0125D081-30D0-4A97-82A8-C28D444B6256}" = Microsoft SQL Server Compact 3.5 SP2 DEU
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{06ACD0D6-537A-4831-9608-AA74A5795698}" = Fantasy Sound Pack
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{09298F26-A95C-31E2-9D95-2C60F586F075}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{111DB3F0-0C58-4475-9954-1BD5B7B28618}" = League of Legends
"{14574B7F-75D1-4718-B7F2-EBF6E2862A35}" = Company of Heroes - FAKEMSI
"{199E6632-EB28-4F73-AECB-3E192EB92D18}" = Company of Heroes - FAKEMSI
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20052CA0-FF43-4901-8261-E6DBF0A09ED1}" = Farm Animal Sounds
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{25724802-CC14-4B90-9F3B-3D6955EE27B1}" = Company of Heroes - FAKEMSI
"{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java(TM) 6 Update 32
"{28999392-5871-4A39-863A-D2A6EA3260AF}" = League of Legends
"{2F8B731A-5F2D-3EA8-8B25-C3E5E43F4BDB}" = Microsoft Visual C++  Compilers 2010 Standard - enu - x86
"{2F926AE7-9FB7-4B34-906F-9C29A6D146A7}" = SystemDiagnostics
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{32C4A4EB-C97D-414E-99C5-38F8DFD31D5D}" = Company of Heroes - FAKEMSI
"{373C3C97-2FA9-4E18-85A2-255060C21031}" = Nero 8 Essentials
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{41A01180-D9FD-3428-9FD6-749F4C637CBF}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{45235788-142C-44BE-8A4D-DDE9A84492E5}" = AGEIA PhysX v7.09.13
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{50193078-F553-4EBA-AA77-64C9FAA12F98}" = Company of Heroes - FAKEMSI
"{51D718D1-DA81-4FAD-919F-5C1CE3C33379}" = Company of Heroes - FAKEMSI
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57BB52B7-6B7B-31F3-89F4-4EE8FE5CEF6D}" = Microsoft Help Viewer 1.1
"{5AB7D739-1735-3A9E-BE73-C43507CB4E6F}" = Microsoft Visual Studio 2010 Service Pack 1
"{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}" = Microsoft Visual C++ 2010  x86 Runtime - 10.0.40219
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{66F78C51-D108-4F0C-A93C-1CBE74CE338F}" = Company of Heroes - FAKEMSI
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6EB4FCC1-B3B7-4599-8921-905D095A49FA}" = Launch Manager
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{79A743FA-FF99-42DF-8C35-BA40EAEA6668}" = Comic Sound Pack
"{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159
"{7F4B1592-222F-4E5F-A100-E5AFD61A0BB3}" = Company of Heroes - FAKEMSI
"{7FB413C8-3CAD-49F7-A67C-6EFEB4B04050}" = LogMeIn Hamachi
"{80D03817-7943-4839-8E96-B9F924C5E67D}" = Company of Heroes - FAKEMSI
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{943A8D28-80D6-41DC-AE94-81FEB42041BF}" = System Requirements Lab CYRI
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97E5205F-EA4F-438F-B211-F1846419F1C1}" = Company of Heroes - FAKEMSI
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{99A7722D-9ACB-43F3-A222-ABC7133F159E}" = Company of Heroes - FAKEMSI
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A3BC157-B94F-4EFD-ABA9-1E56DEB00655}" = FSCLounge
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9E2BD6FF-CE8D-47B5-AD9C-0A5C2D54EB3C}" = League of Legends
"{A36B158D-8E9D-4BD3-8BDA-4B5EDC9C2E8C}" = Norman Security Suite
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.0 - Deutsch
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{AFC454ED-A26F-4816-826B-C35129D82E1F}" = Fujitsu Siemens Computers Recovery
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0
"{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
"{BA801B94-C28D-46EE-B806-E1E021A3D519}" = Company of Heroes - FAKEMSI
"{C05BC4CD-C001-37E7-939C-3392604DFBEF}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86) Language Pack - DEU
"{C83CD843-260E-3BD0-86BC-4E613BFDDE0A}" = Microsoft Help Viewer 1.1 Language Pack - DEU
"{C85B6A70-2ABB-4A31-8FD1-E183553A94F9}" = MoD ImperiaL v4.1
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D4D244D1-05E0-4D24-86A2-B2433C435671}" = Company of Heroes - FAKEMSI
"{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}" = Microsoft XNA Framework Redistributable 4.0 Refresh
"{D801B39E-CE01-409F-8E7C-B7976EA3C9DC}_is1" = Audiosurf
"{D813EF9B-69CF-4996-893C-B400AE7292FA}" = Spooky Sounds
"{D91802D9-6A42-4563-BC37-B3E2D04DC95B}" = Ancient Weapon Sounds
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DEEB5FE3-40F5-3C5B-8F85-5306EF3C08F4}" = Microsoft Visual C++ 2010 Express - DEU
"{E6B28CE4-9D73-4B7D-9329-A0ED4855D686}" = FSC OSD Utility
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{EAF636A9-F664-4703-A659-85A894DA264F}" = Company of Heroes - FAKEMSI
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"7-Zip" = 7-Zip 9.20
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner
"Company of Heroes" = Company of Heroes
"DAEMON Tools Lite" = DAEMON Tools Lite
"DriverEasy_is1" = DriverEasy 3.11.0
"Eastern Front" = Eastern Front
"ESET Online Scanner" = ESET Online Scanner v3
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{6EB4FCC1-B3B7-4599-8921-905D095A49FA}" = Launch Manager
"InstallShield_{E6B28CE4-9D73-4B7D-9329-A0ED4855D686}" = FSC OSD Utility
"JDownloader" = JDownloader
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.0.1800
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft Help Viewer 1.1" = Microsoft Help Viewer 1.1
"Microsoft Help Viewer 1.1 Language Pack - DEU" = Microsoft Help Viewer 1.1 Language Pack - DEU
"Microsoft Visual C++ 2010 Express - DEU" = Microsoft Visual C++ 2010 Express - DEU
"Microsoft Visual Studio 2010 Service Pack 1" = Microsoft Visual Studio 2010 Service Pack 1
"Microsoft Visual Studio 2010 Tools for Office Runtime (x86)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
"Microsoft Visual Studio 2010 Tools for Office Runtime (x86) Language Pack - DEU" = Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x86) Language Pack - DEU
"Minecraft 1.2.0_02" = Minecraft 1.2.0_02
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"Picasa 3" = Picasa 3
"PONS Softwarekurs für Anfänger Portugiesisch" = PONS Softwarekurs für Anfänger Portugiesisch
"PunkBusterSvc" = PunkBuster Services
"Reason5_is1" = Reason 5.0
"TeamViewer 7" = TeamViewer 7
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.1.4
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{8DC910CD-8EE3-4ffc-A4EB-9B02701059C4}" = Battlefield Heroes (Gabi)
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 03.10.2011 01:19:50 | Computer Name = DERComputer | Source = System Restore | ID = 8193
Description = 
 
Error - 03.10.2011 01:23:42 | Computer Name = DERComputer | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung mb_warband.exe, Version 1.0.0.0, Zeitstempel
 0x4bb1ab6e, fehlerhaftes Modul mb_warband.exe, Version 1.0.0.0, Zeitstempel 0x4bb1ab6e,
 Ausnahmecode 0xc0000005, Fehleroffset 0x00200c05,  Prozess-ID 0x1484, Anwendungsstartzeit
 01cc818c9c11149d.
 
Error - 03.10.2011 01:24:06 | Computer Name = DERComputer | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung mb_warband.exe, Version 1.0.0.0, Zeitstempel
 0x4bb1ab6e, fehlerhaftes Modul mb_warband.exe, Version 1.0.0.0, Zeitstempel 0x4bb1ab6e,
 Ausnahmecode 0xc0000005, Fehleroffset 0x00200c05,  Prozess-ID 0x16cc, Anwendungsstartzeit
 01cc818caacfa5ad.
 
Error - 03.10.2011 01:24:12 | Computer Name = DERComputer | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung mb_warband.exe, Version 1.0.0.0, Zeitstempel
 0x4bb1ab6e, fehlerhaftes Modul mb_warband.exe, Version 1.0.0.0, Zeitstempel 0x4bb1ab6e,
 Ausnahmecode 0xc0000005, Fehleroffset 0x00200c05,  Prozess-ID 0x750, Anwendungsstartzeit
 01cc818cae3a6efd.
 
Error - 03.10.2011 02:04:43 | Computer Name = DERComputer | Source = WinMgmt | ID = 10
Description = 
 
Error - 03.10.2011 09:48:50 | Computer Name = DERComputer | Source = WinMgmt | ID = 10
Description = 
 
Error - 04.10.2011 12:47:14 | Computer Name = DERComputer | Source = WinMgmt | ID = 10
Description = 
 
Error - 04.10.2011 13:20:39 | Computer Name = DERComputer | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung stdrt.exe, Version 3.0.239.0, Zeitstempel 0x4462f982,
 fehlerhaftes Modul oggflt.sft, Version 1.0.1.0, Zeitstempel 0x4460ff48, Ausnahmecode
 0xc0000005, Fehleroffset 0x0000fa77,  Prozess-ID 0x484, Anwendungsstartzeit 01cc82b54fabe0a2.
 
Error - 04.10.2011 13:32:18 | Computer Name = DERComputer | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung stdrt.exe, Version 3.0.239.0, Zeitstempel 0x4462f982,
 fehlerhaftes Modul oggflt.sft, Version 1.0.1.0, Zeitstempel 0x4460ff48, Ausnahmecode
 0xc0000005, Fehleroffset 0x00016300,  Prozess-ID 0x1580, Anwendungsstartzeit 01cc82b9f6b96492.
 
Error - 05.10.2011 09:17:56 | Computer Name = DERComputer | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 02.08.2012 05:44:35 | Computer Name = DERComputer | Source = Dhcp | ID = 1001
Description = Diesem Computer konnte keine Netzwerkadresse durch den DHCP-Server
 für die Netzwerkkarte mit der Netzwerkadresse 00238B55C2FD zugeteilt werden. Der
 folgende Fehler ist aufgetreten:   %%1223. Es wird weiterhin im Hintergrund versucht,
 eine Adresse vom Netzwerkadressserver (DHCP) zugeteilt zu bekommen.
 
Error - 02.08.2012 05:46:14 | Computer Name = DERComputer | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.1.5 für die Netzwerkkarte mit der Netzwerkadresse
 00238B55C2FD wurde durch den DHCP-Server 0.0.0.0 abgelehnt (der DHCP-Server hat
 eine DHCPNACK-Meldung gesendet).
 
Error - 02.08.2012 05:46:29 | Computer Name = DERComputer | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.1.6 für die Netzwerkkarte mit der Netzwerkadresse
 00238B55C2FD wurde durch den DHCP-Server 0.0.0.0 abgelehnt (der DHCP-Server hat
 eine DHCPNACK-Meldung gesendet).
 
Error - 02.08.2012 05:46:51 | Computer Name = DERComputer | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.1.7 für die Netzwerkkarte mit der Netzwerkadresse
 00238B55C2FD wurde durch den DHCP-Server 0.0.0.0 abgelehnt (der DHCP-Server hat
 eine DHCPNACK-Meldung gesendet).
 
Error - 02.08.2012 05:49:42 | Computer Name = DERComputer | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.1.8 für die Netzwerkkarte mit der Netzwerkadresse
 00238B55C2FD wurde durch den DHCP-Server 0.0.0.0 abgelehnt (der DHCP-Server hat
 eine DHCPNACK-Meldung gesendet).
 
Error - 02.08.2012 05:49:51 | Computer Name = DERComputer | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.1.2 für die Netzwerkkarte mit der Netzwerkadresse
 00238B55C2FD wurde durch den DHCP-Server 0.0.0.0 abgelehnt (der DHCP-Server hat
 eine DHCPNACK-Meldung gesendet).
 
Error - 02.08.2012 05:50:00 | Computer Name = DERComputer | Source = Dhcp | ID = 1001
Description = Diesem Computer konnte keine Netzwerkadresse durch den DHCP-Server
 für die Netzwerkkarte mit der Netzwerkadresse 00238B55C2FD zugeteilt werden. Der
 folgende Fehler ist aufgetreten:   %%1223. Es wird weiterhin im Hintergrund versucht,
 eine Adresse vom Netzwerkadressserver (DHCP) zugeteilt zu bekommen.
 
Error - 02.08.2012 06:50:38 | Computer Name = DERComputer | Source = Service Control Manager | ID = 7023
Description = 
 
Error - 02.08.2012 06:51:43 | Computer Name = DERComputer | Source = Service Control Manager | ID = 7024
Description = 
 
Error - 02.08.2012 07:10:04 | Computer Name = DERComputer | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.1.4 für die Netzwerkkarte mit der Netzwerkadresse
 00238B55C2FD wurde durch den DHCP-Server 0.0.0.0 abgelehnt (der DHCP-Server hat
 eine DHCPNACK-Meldung gesendet).
 
 
< End of report >
         

Malewarebytes

Code:
ATTFilter
Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.10.05

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
TimTobias :: DERCOMPUTER [limited]

02.08.2012 11:22:34
mbam-log-2012-08-02 (11-22-34).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 167506
Time elapsed: 5 minute(s), 12 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 1
C:\Program Files\PermissionResearch (Spyware.PermissionResearch) -> Delete on reboot.

Files Detected: 4
C:\Program Files\PermissionResearch\prls.dll (Spyware.PermissionResearch) -> Delete on reboot.
C:\Program Files\PermissionResearch\prls64.dll (Spyware.PermissionResearch) -> Delete on reboot.
C:\Program Files\PermissionResearch\prmrsr64.exe (Spyware.PermissionResearch) -> Delete on reboot.
C:\Program Files\PermissionResearch\prservice.exe (Spyware.PermissionResearch) -> Delete on reboot.

(end)
         
Für mich sind diese Texte ein Riesen wirrwar ihr blickt da warscheinlich sehr viel besser durch.
Ich hoffe es ist nichts schlimmes, wisst ihr was der ATRAPS Trojaner genau macht ?? Ich hab gesehen ihr hattet das Probelm ja schon öfter hier im Forum.

Danke im vorraus schonmal und nen Lieben Gruß, Tim.

Alt 02.08.2012, 13:54   #2
Chris4You
 
"ATRAPS.gen" und "ATRAPS.gen2" Trojaner Fund - Standard

"ATRAPS.gen" und "ATRAPS.gen2" Trojaner Fund



Hi,

es sind keine der üblichen Files zu finden, taucht die Malware noch auf?

Bitte folgende Files prüfen (Hast Du Banking-SW der Bank of Brasil auf dem Rechner)?:

Dateien Online überprüfen lassen:
  • Suche die Seite Virtustotal auf, klicke auf den Button „Durchsuchen“ und suche folgende Datei/Dateien:
Code:
ATTFilter
C:\Programme\GbPlugin\gbieh.dll
         
  • Lade nun nacheinander jede/alle Datei/Dateien hoch, und warte bis der Scan vorbei ist. (kann bis zu 2 Minuten dauern.)
  • Poste im Anschluss das Ergebnis der Auswertung, alles abkopieren und in einen Beitrag einfügen.
  • Wichtig: Auch die Größenangabe sowie den HASH mit kopieren!

Fix für OTL:
  • Doppelklick auf die OTL.exe, um das Programm auszuführen.
  • Vista/Win7-User bitte per Rechtsklick und "Ausführen als Administrator" starten.
  • Kopiere den Inhalt der folgenden Codebox komplett in die OTL-Box unter "Custom Scan/Fixes"

Code:
ATTFilter
:OTL
@Alternate Data Stream - 208 bytes -> C:\Windows\System32\drivers:GbpKmAp.lst
@Alternate Data Stream - 2 bytes -> C:\Windows\System32:EF87F1B4_Bb.gbp

:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = dword:0x01

:Commands
[emptytemp]
[resethosts]
[Reboot]
         
  • Den roten Run Fixes! Button anklicken.
  • Bitte alles aus dem Ergebnisfenster (Results) herauskopieren.
  • Eine Kopie eines OTL-Fix-Logs wird in einer Textdatei in folgendem Ordner gespeichert:
  • %systemroot%\_OTL

Gmer:
http://www.trojaner-board.de/74908-a...t-scanner.html
Den Downloadlink findest Du links oben (GMER - Rootkit Detector and Remover), dort dann
auf den Button "Download EXE", dabei wird ein zufälliger Name generiert (den und den Pfad wo Du sie gespeichert hast bitte merken).
Starte GMER und schaue, ob es schon was meldet. Macht es das, bitte alle Fragen mit "nein" beantworten, auf den Reiter "rootkit" gehen, wiederum die Frage mit "nein" beantworten und mit Hilfe von copy den Bericht in den Thread einfügen. Meldet es so nichts, gehe auf den Reiter Rootkit und mache einen Scan. Ist dieser beendet, wähle Copy und füge den Bericht ein. Stürzt GMER ab, bitte im abgesicherten Modus (F8 beim Booten) probieren!

TDSS-Killer
Download und Anweisung unter: Wie werden Schadprogramme der Familie Rootkit.Win32.TDSS bekämpft?
Entpacke alle Dateien in einem eigenen Verzeichnis (z. B: C:\TDSS)!
Aufruf über den Explorer duch Doppelklick auf die TDSSKiller.exe.
Stelle den Killer wir folgt ein:

Dann den Scan starten durch (Start Scan).
Wenn der Scan fertig ist bitte "Report" anwählen (eventuelle Funde erstmal mit Skip übergehen). Es öffnet sich ein Fenster (Report anklicken), den Text abkopieren und hier posten...

MAM updaten und Fullscan machen, Log posten!

chris
__________________

__________________

Alt 03.08.2012, 17:35   #3
TimTobi
 
"ATRAPS.gen" und "ATRAPS.gen2" Trojaner Fund - Standard

"ATRAPS.gen" und "ATRAPS.gen2" Trojaner Fund



Ok nu haben wirs. Danke erstmal das ihr mir helft ist ja jetzt endlich nicht selbst verständlich. ^^

Ok bei Virustotal war ich mir nicht sicher was genau du alles Kopiert haben wolltest, somit ist hier ALLES.

Virustotal

HTML-Code:
SHA256: 	9b6eb848604850bddf331fbbe70240d5caa326c92eba8b5ac1ed8ffb76c56e0a
SHA1: 	a2266d6ea4791a784cd8f647c9d08dc5abab8237
MD5: 	f136508dd68d1973ba934164bc13e94a
File size: 	1.3 MB ( 1313864 bytes )
File name: 	gbieh.dll
File type: 	Win32 DLL
Detection ratio: 	0 / 41
Analysis date: 	2012-08-03 15:04:21 UTC ( 1 Minute ago )
1
2
More details
Antivirus 	Result 	Update
AhnLab-V3 	- 	20120803
AntiVir 	- 	20120803
Antiy-AVL 	- 	20120803
Avast 	- 	20120803
AVG 	- 	20120803
BitDefender 	- 	20120803
ByteHero 	- 	20120723
CAT-QuickHeal 	- 	20120803
ClamAV 	- 	20120803
Commtouch 	- 	20120803
Comodo 	- 	20120803
DrWeb 	- 	20120803
Emsisoft 	- 	20120803
eSafe 	- 	20120802
ESET-NOD32 	- 	20120803
F-Prot 	- 	20120803
F-Secure 	- 	20120803
Fortinet 	- 	20120803
GData 	- 	20120803
Ikarus 	- 	20120803
Jiangmin 	- 	20120803
K7AntiVirus 	- 	20120802
Kaspersky 	- 	20120803
McAfee 	- 	20120803
McAfee-GW-Edition 	- 	20120802
Microsoft 	- 	20120803
Norman 	- 	20120803
nProtect 	- 	20120803
Panda 	- 	20120803
Rising 	- 	20120803
Sophos 	- 	20120803
SUPERAntiSpyware 	- 	20120803
Symantec 	- 	20120803
TheHacker 	- 	20120801
TotalDefense 	- 	20120802
TrendMicro 	- 	20120803
TrendMicro-HouseCall 	- 	20120803
VBA32 	- 	20120803
VIPRE 	- 	20120803
ViRobot 	- 	20120803
VirusBuster 	- 	20120803

    * Comments
    * Votes
    * Additional information

No comments
NUEVA VARIANTE DE SPY BANKER GB

controlado a partir de ELISTARA 25.74

www.satinfo.es
Posted 1 Monat, 1 Woche ago by SATINFO
More comments
Leave your comment...
?
Rich Text Area
Toolbar
	Bold (Ctrl+B)	Italic (Ctrl+I)	Underline (Ctrl+U)	Undo (Ctrl+Z)	Redo (Ctrl+Y)		
StylesStyles	▼
		Remove Formatting	
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!
Sign in Join the community
No votes

    *
      anonymous
      +1
      2012-06-08 12:50:52 UTC ( 1 Monat, 3 Wochen ago )
    *
      anonymous
      -1
      2012-06-21 16:42:11 UTC ( 1 Monat, 1 Woche ago )
    *
      SATINFO
      -34
      2012-06-21 14:53:33 UTC ( 1 Monat, 1 Woche ago )

More votes
An error occurred
ssdeep
24576:3KIJzr7Irr+oyhoHCAZWInmXYbyYquDchkOTr5tr2qqsglzAsKUMa7+19Z11mNw8:3KMH7Irr+CCAAImXgLquoH5d3qsgdKU9
TrID
Windows OCX File (90.7%)
Win32 Executable Generic (6.2%)
Generic Win/DOS Executable (1.4%)
DOS Executable Generic (1.4%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
ExifTool

CodeSize.................: 1314304
SubsystemVersion.........: 5.0
Comments.................: 
InitializedDataSize......: 481280
ImageVersion.............: 0.0
ProductName..............: Banco do Brasil Gbieh
FileVersionNumber........: 3.14.11.8
UninitializedDataSize....: 0
LanguageCode.............: Portuguese (Brazilian)
FileFlagsMask............: 0x003f
CharacterSet.............: Unicode
LinkerVersion............: 9.0
OriginalFilename.........: Gbieh.dll
PrivateBuild.............: Banco do Brasil
MIMEType.................: application/octet-stream
Subsystem................: Windows GUI
FileVersion..............: 3,14,11,8
TimeStamp................: 2012:04:28 00:36:26+02:00
FileType.................: Win32 DLL
PEType...................: PE32
InternalName.............: Gbieh
OLESelfRegister..........: yes
ProductVersion...........: 3,14,11,8
FileDescription..........: Gbieh Module
OSVersion................: 5.0
FileOS...................: Win32
LegalCopyright...........: Copyright    2003-2012, Banco do Brasil
MachineType..............: Intel 386 or later, and compatibles
CompanyName..............: Banco do Brasil
LegalTrademarks..........: Banco do Brasil, Gbieh
FileSubtype..............: 0
ProductVersionNumber.....: 3.14.11.8
EntryPoint...............: 0x300bd7
ObjectFileType...........: Dynamic link library

Sigcheck

publisher................: Banco do Brasil
product..................: Banco do Brasil Gbieh
internal name............: Gbieh
copyright................: Copyright (c) 2003-2012, Banco do Brasil
original name............: Gbieh.dll
signing date.............: 2:00 PM 5/9/2012
comments.................: 
file version.............: 3,14,11,8
signers..................: Banco do Brasil S.A.; VeriSign Class 3 Code Signing 2010 CA; VeriSign Class 3 Public Primary Certification Authority - G5
description..............: Gbieh Module

Portable Executable structural information

Compilation timedatestamp.....: 2012-04-27 22:36:26
Target machine................: 0x14C (Intel 386 or later processors and compatible processors)
Entry point address...........: 0x00300BD7

PE Sections...................:

Name        Virtual Address  Virtual Size  Raw Size  Entropy  MD5
.text                  4096       1187984         0     0.00  d41d8cd98f00b204e9800998ecf8427e
CODE                1196032        125924         0     0.00  d41d8cd98f00b204e9800998ecf8427e
.rdata              1323008        301660         0     0.00  d41d8cd98f00b204e9800998ecf8427e
.data               1626112         81224         0     0.00  d41d8cd98f00b204e9800998ecf8427e
DATA                1708032          5232         0     0.00  d41d8cd98f00b204e9800998ecf8427e
BSS                 1716224          2421         0     0.00  d41d8cd98f00b204e9800998ecf8427e
.tls                1720320             2       512     0.00  bf619eac0cdf3f68d496ea9344137e8b
.vmp0               1724416        519480         0     0.00  d41d8cd98f00b204e9800998ecf8427e
.vmp1               2244608       1295147   1295360     7.95  18c2fb3971b81fb417cf1b87997b52fa
.reloc              3543040           244       512     2.78  5b5904154dd9af512bd40aa6a02af142
.rsrc               3547136         39850      8704     4.84  a777e70b9974f74d2797edd655077ca3

PE Imports....................:

[[ADVAPI32.dll]]
CryptGetHashParam

[[KERNEL32.dll]]
GetModuleHandleA, LoadLibraryA, LocalAlloc, LocalFree, GetModuleFileNameA, ExitProcess

[[ole32.dll]]
CoCreateInstance

[[USER32.dll]]
GetCursorPos

[[OLEAUT32.dll]]


PE Exports....................:

DllCanUnloadNow, DllGetClassObject, DllRegisterServer, DllUnregisterServer, SpecialFunction

First seen by VirusTotal
2012-05-16 08:03:41 UTC ( 2 Monate, 2 Wochen ago )
Last seen by VirusTotal
2012-08-03 15:04:21 UTC ( 3 Minuten ago )
File names (max. 25)

   1. gbieh.dll
   2. Gbieh.dll
   3. Gbieh(1).dll
   4. FBC2ACA048500C0C0CDB149807234A00A7FBCBAA.dll
   5. Gbieh
   6. file-3978820_dll
HTML-Code:
All processes killed
========== OTL ==========
ADS C:\Windows\System32\drivers:GbpKmAp.lst deleted successfully.
ADS C:\Windows\System32:EF87F1B4_Bb.gbp deleted successfully.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\"cval" | dword:0x01 /E : value set successfully!
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
 
User: Gabi
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 119014 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 32227176 bytes
->Flash cache emptied: 120779 bytes
 
User: Juergen
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
User: TimTobias
->Temp folder emptied: 171775359 bytes
->Temporary Internet Files folder emptied: 63187195 bytes
->Java cache emptied: 535796 bytes
->FireFox cache emptied: 116403246 bytes
->Flash cache emptied: 144695 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1840228 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 368,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.31.0 log created on 08022012_175545

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Dann habe wir hier den GMER-Bericht.

GMER Logfile:
Code:
ATTFilter
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-08-03 18:16:58
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-1 WDC_WD5000BEVT-22ZAT0 rev.01.01A01
Running: vyww7tu9.exe; Driver: C:\Users\Gabi\AppData\Local\Temp\uxtciaog.sys


---- System - GMER 1.0.15 ----

SSDT     8CF63DBE                                                                                      ZwCreateSection
SSDT     8CF63DC3                                                                                      ZwSetContextThread
SSDT     8CF63D5F                                                                                      ZwTerminateProcess

---- Kernel code sections - GMER 1.0.15 ----

.text    ntkrnlpa.exe!KeSetEvent + 215                                                                 828AF8D8 4 Bytes  [BE, 3D, F6, 8C]
.text    ntkrnlpa.exe!KeSetEvent + 56D                                                                 828AFC30 4 Bytes  [C3, 3D, F6, 8C]
.text    ntkrnlpa.exe!KeSetEvent + 621                                                                 828AFCE4 4 Bytes  [5F, 3D, F6, 8C]
.text    C:\Windows\system32\drivers\ACEDRV07.sys                                                      section is writeable [0x91D6A000, 0x328BA, 0xE8000020]
.pklstb  C:\Windows\system32\drivers\ACEDRV07.sys                                                      entry point in ".pklstb" section [0x91DAE000]
.relo2   C:\Windows\system32\drivers\ACEDRV07.sys                                                      unknown last section [0x91DCA000, 0x8E, 0x42000040]
.text    C:\Windows\system32\drivers\ACEDRV09.sys                                                      section is writeable [0x81001000, 0x3326E, 0xE8000020]
.pklstb  C:\Windows\system32\drivers\ACEDRV09.sys                                                      entry point in ".pklstb" section [0x81046000]
.relo2   C:\Windows\system32\drivers\ACEDRV09.sys                                                      unknown last section [0x81062000, 0x8E, 0x42000040]
.text    C:\Windows\system32\DRIVERS\atksgt.sys                                                        section is writeable [0xB0709300, 0x3ACC8, 0xE8000020]
.text    C:\Windows\system32\DRIVERS\lirsgt.sys                                                        section is writeable [0xB074C300, 0x1B7E, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text    C:\Windows\system32\services.exe[592] kernel32.dll!FreeLibrary                                773B3FA4 5 Bytes  JMP 3B09A607 C:\Program Files\GbPlugin\gbieh.dll (Gbieh Module/Banco do Brasil)
.text    C:\Windows\system32\services.exe[592] kernel32.dll!FreeLibraryAndExitThread                   773B485E 5 Bytes  JMP 3B09A57F C:\Program Files\GbPlugin\gbieh.dll (Gbieh Module/Banco do Brasil)
.text    C:\Program Files\Mozilla Firefox\firefox.exe[1200] ntdll.dll!LdrLoadDll                       77479378 5 Bytes  JMP 013813F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
---- Processes - GMER 1.0.15 ----

Library  c:\windows\system32\n (*** hidden *** ) @ C:\Windows\Explorer.EXE [4088]                      0x038D0000                                                                                                 

---- Files - GMER 1.0.15 ----

File     C:\Users\TimTobias\AppData\Local\Mozilla\Firefox\Profiles\yopvhr2r.default\Cache\F9D211E4d01  0 bytes
File     C:\Users\TimTobias\AppData\Local\Mozilla\Firefox\Profiles\yopvhr2r.default\Cache\4856EEC6d01  0 bytes
File     C:\Users\TimTobias\AppData\Local\Mozilla\Firefox\Profiles\yopvhr2r.default\Cache\B3318661d01  0 bytes

---- EOF - GMER 1.0.15 ----[/HTML]
         
--- --- ---


Und zu guter letzt der Kaspersky TDSSKiller- Bericht

HTML-Code:
18:19:05.0199 0280	TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
18:19:05.0384 0280	============================================================
18:19:05.0384 0280	Current date / time: 2012/08/03 18:19:05.0384
18:19:05.0384 0280	SystemInfo:
18:19:05.0384 0280	
18:19:05.0384 0280	OS Version: 6.0.6002 ServicePack: 2.0
18:19:05.0384 0280	Product type: Workstation
18:19:05.0384 0280	ComputerName: DERCOMPUTER
18:19:05.0384 0280	UserName: Gabi
18:19:05.0384 0280	Windows directory: C:\Windows
18:19:05.0384 0280	System windows directory: C:\Windows
18:19:05.0384 0280	Processor architecture: Intel x86
18:19:05.0384 0280	Number of processors: 2
18:19:05.0384 0280	Page size: 0x1000
18:19:05.0384 0280	Boot type: Normal boot
18:19:05.0384 0280	============================================================
18:19:07.0011 0280	Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
18:19:07.0013 0280	============================================================
18:19:07.0013 0280	\Device\Harddisk0\DR0:
18:19:07.0013 0280	MBR partitions:
18:19:07.0013 0280	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1200800, BlocksNum 0x25FAD800
18:19:07.0013 0280	\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x271AE000, BlocksNum 0x131D7800
18:19:07.0013 0280	============================================================
18:19:07.0086 0280	C: <-> \Device\Harddisk0\DR0\Partition0
18:19:07.0181 0280	D: <-> \Device\Harddisk0\DR0\Partition1
18:19:07.0181 0280	============================================================
18:19:07.0181 0280	Initialize success
18:19:07.0181 0280	============================================================
18:19:18.0623 3260	============================================================
18:19:18.0623 3260	Scan started
18:19:18.0623 3260	Mode: Manual; SigCheck; TDLFS; 
18:19:18.0623 3260	============================================================
18:19:19.0634 3260	!SASCORE        (c0393eb99a6c72c6bef9bfc4a72b33a6) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
18:19:19.0750 3260	!SASCORE - ok
18:19:19.0940 3260	ACEDRV07        (4e5451dd0aec8504d7f8030dd2d4c416) C:\Windows\system32\drivers\ACEDRV07.sys
18:19:19.0967 3260	ACEDRV07 ( UnsignedFile.Multi.Generic ) - warning
18:19:19.0967 3260	ACEDRV07 - detected UnsignedFile.Multi.Generic (1)
18:19:20.0008 3260	ACEDRV09        (ec818aed40e3359fe49ddb1700151e56) C:\Windows\system32\drivers\ACEDRV09.sys
18:19:20.0027 3260	ACEDRV09 - ok
18:19:20.0091 3260	ACPI            (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
18:19:20.0111 3260	ACPI - ok
18:19:20.0227 3260	Adobe LM Service (8b46d5a1d3ef08232c04d0eafb871fb2) C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
18:19:20.0255 3260	Adobe LM Service ( UnsignedFile.Multi.Generic ) - warning
18:19:20.0255 3260	Adobe LM Service - detected UnsignedFile.Multi.Generic (1)
18:19:20.0361 3260	AdobeFlashPlayerUpdateSvc (0d4c486a24a711a45fd83acdf4d18506) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
18:19:20.0376 3260	AdobeFlashPlayerUpdateSvc - ok
18:19:20.0440 3260	adp94xx         (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
18:19:20.0463 3260	adp94xx - ok
18:19:20.0513 3260	adpahci         (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
18:19:20.0530 3260	adpahci - ok
18:19:20.0553 3260	adpu160m        (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
18:19:20.0567 3260	adpu160m - ok
18:19:20.0595 3260	adpu320         (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
18:19:20.0609 3260	adpu320 - ok
18:19:20.0643 3260	AeLookupSvc     (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
18:19:20.0740 3260	AeLookupSvc - ok
18:19:20.0808 3260	AFD             (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
18:19:20.0866 3260	AFD - ok
18:19:20.0897 3260	agp440          (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
18:19:20.0910 3260	agp440 - ok
18:19:20.0942 3260	ahcix86s        (fbe4016f9ef3ab3db547e40a936b6cd9) C:\Windows\system32\drivers\ahcix86s.sys
18:19:20.0955 3260	ahcix86s - ok
18:19:20.0974 3260	aic78xx         (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
18:19:20.0986 3260	aic78xx - ok
18:19:21.0018 3260	ALG             (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
18:19:21.0138 3260	ALG - ok
18:19:21.0159 3260	aliide          (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
18:19:21.0172 3260	aliide - ok
18:19:21.0188 3260	amdagp          (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
18:19:21.0201 3260	amdagp - ok
18:19:21.0211 3260	amdide          (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
18:19:21.0223 3260	amdide - ok
18:19:21.0246 3260	AmdK7           (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
18:19:21.0302 3260	AmdK7 - ok
18:19:21.0325 3260	AmdK8           (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
18:19:21.0370 3260	AmdK8 - ok
18:19:21.0488 3260	AntiVirSchedulerService (c27d46b06d340293670450fce9dfb166) C:\Program Files\Avira\AntiVir Desktop\sched.exe
18:19:21.0499 3260	AntiVirSchedulerService - ok
18:19:21.0565 3260	AntiVirService  (72d90e56563165984224493069c69ed4) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
18:19:21.0577 3260	AntiVirService - ok
18:19:21.0606 3260	Appinfo         (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
18:19:21.0638 3260	Appinfo - ok
18:19:21.0679 3260	arc             (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
18:19:21.0692 3260	arc - ok
18:19:21.0710 3260	arcsas          (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
18:19:21.0723 3260	arcsas - ok
18:19:21.0880 3260	aspnet_state    (776acefa0ca9df0faa51a5fb2f435705) C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
18:19:21.0892 3260	aspnet_state - ok
18:19:21.0915 3260	AsyncMac        (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
18:19:21.0973 3260	AsyncMac - ok
18:19:22.0009 3260	atapi           (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
18:19:22.0022 3260	atapi - ok
18:19:22.0089 3260	atksgt          (6e996cf8459a2594e0e9609d0e34d41f) C:\Windows\system32\DRIVERS\atksgt.sys
18:19:22.0118 3260	atksgt ( UnsignedFile.Multi.Generic ) - warning
18:19:22.0118 3260	atksgt - detected UnsignedFile.Multi.Generic (1)
18:19:22.0213 3260	AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
18:19:22.0256 3260	AudioEndpointBuilder - ok
18:19:22.0261 3260	Audiosrv        (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
18:19:22.0285 3260	Audiosrv - ok
18:19:22.0315 3260	avgntflt        (1e4114685de1ffa9675e09c6a1fb3f4b) C:\Windows\system32\DRIVERS\avgntflt.sys
18:19:22.0325 3260	avgntflt - ok
18:19:22.0380 3260	avipbb          (0f78d3dae6dedd99ae54c9491c62adf2) C:\Windows\system32\DRIVERS\avipbb.sys
18:19:22.0392 3260	avipbb - ok
18:19:22.0421 3260	Beep            (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
18:19:22.0468 3260	Beep - ok
18:19:22.0534 3260	BFE             (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll
18:19:22.0595 3260	BFE - ok
18:19:22.0739 3260	BITS            (93952506c6d67330367f7e7934b6a02f) C:\Windows\System32\qmgr.dll
18:19:22.0808 3260	BITS - ok
18:19:23.0073 3260	blbdrive        (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
18:19:23.0133 3260	blbdrive - ok
18:19:23.0181 3260	bowser          (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
18:19:23.0231 3260	bowser - ok
18:19:23.0259 3260	BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
18:19:23.0298 3260	BrFiltLo - ok
18:19:23.0326 3260	BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
18:19:23.0367 3260	BrFiltUp - ok
18:19:23.0418 3260	Browser         (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
18:19:23.0468 3260	Browser - ok
18:19:23.0497 3260	Brserid         (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
18:19:23.0676 3260	Brserid - ok
18:19:23.0700 3260	BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
18:19:23.0760 3260	BrSerWdm - ok
18:19:23.0789 3260	BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
18:19:23.0868 3260	BrUsbMdm - ok
18:19:23.0873 3260	BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
18:19:23.0920 3260	BrUsbSer - ok
18:19:23.0951 3260	BTHMODEM        (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
18:19:24.0027 3260	BTHMODEM - ok
18:19:24.0060 3260	cdfs            (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
18:19:24.0143 3260	cdfs - ok
18:19:24.0185 3260	cdrom           (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
18:19:24.0226 3260	cdrom - ok
18:19:24.0243 3260	CertPropSvc     (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
18:19:24.0283 3260	CertPropSvc - ok
18:19:24.0315 3260	circlass        (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
18:19:24.0361 3260	circlass - ok
18:19:24.0402 3260	CLFS            (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
18:19:24.0418 3260	CLFS - ok
18:19:24.0500 3260	clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:19:24.0512 3260	clr_optimization_v2.0.50727_32 - ok
18:19:24.0604 3260	clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:19:24.0617 3260	clr_optimization_v4.0.30319_32 - ok
18:19:24.0633 3260	CmBatt          (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
18:19:24.0680 3260	CmBatt - ok
18:19:24.0706 3260	cmdide          (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
18:19:24.0718 3260	cmdide - ok
18:19:24.0732 3260	Compbatt        (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
18:19:24.0744 3260	Compbatt - ok
18:19:24.0749 3260	COMSysApp - ok
18:19:24.0765 3260	crcdisk         (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
18:19:24.0778 3260	crcdisk - ok
18:19:24.0796 3260	Crusoe          (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
18:19:24.0844 3260	Crusoe - ok
18:19:24.0906 3260	CryptSvc        (75c6a297e364014840b48eccd7525e30) C:\Windows\system32\cryptsvc.dll
18:19:24.0966 3260	CryptSvc - ok
18:19:25.0058 3260	DcomLaunch      (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
18:19:25.0127 3260	DcomLaunch - ok
18:19:25.0212 3260	DfsC            (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
18:19:25.0272 3260	DfsC - ok
18:19:25.0506 3260	DFSR            (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
18:19:25.0692 3260	DFSR - ok
18:19:25.0814 3260	dgderdrv - ok
18:19:25.0893 3260	Dhcp            (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
18:19:25.0942 3260	Dhcp - ok
18:19:26.0012 3260	disk            (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
18:19:26.0025 3260	disk - ok
18:19:26.0074 3260	Dnscache        (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
18:19:26.0127 3260	Dnscache - ok
18:19:26.0181 3260	dot3svc         (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
18:19:26.0280 3260	dot3svc - ok
18:19:26.0330 3260	DPS             (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
18:19:26.0375 3260	DPS - ok
18:19:26.0399 3260	drmkaud         (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
18:19:26.0453 3260	drmkaud - ok
18:19:26.0505 3260	dtsoftbus01     (b672b993207dd5e2f73fcda8c0427b0f) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
18:19:26.0517 3260	dtsoftbus01 - ok
18:19:26.0616 3260	DXGKrnl         (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
18:19:26.0643 3260	DXGKrnl - ok
18:19:26.0670 3260	E1G60           (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
18:19:26.0713 3260	E1G60 - ok
18:19:26.0752 3260	EapHost         (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
18:19:26.0797 3260	EapHost - ok
18:19:26.0855 3260	Ecache          (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
18:19:26.0869 3260	Ecache - ok
18:19:26.0940 3260	ehRecvr         (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
18:19:26.0957 3260	ehRecvr - ok
18:19:26.0979 3260	ehSched         (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
18:19:27.0008 3260	ehSched - ok
18:19:27.0028 3260	ehstart         (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
18:19:27.0065 3260	ehstart - ok
18:19:27.0148 3260	eLoggerSvc6     (2a2f1fa78751c9932098529ee1edeb1a) C:\Program Files\Norman\Npm\Bin\Elogsvc.exe
18:19:27.0158 3260	eLoggerSvc6 ( UnsignedFile.Multi.Generic ) - warning
18:19:27.0158 3260	eLoggerSvc6 - detected UnsignedFile.Multi.Generic (1)
18:19:27.0216 3260	elxstor         (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
18:19:27.0236 3260	elxstor - ok
18:19:27.0369 3260	EMDMgmt         (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
18:19:27.0446 3260	EMDMgmt - ok
18:19:27.0461 3260	ErrDev          (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
18:19:27.0506 3260	ErrDev - ok
18:19:27.0597 3260	EventSystem     (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
18:19:27.0641 3260	EventSystem - ok
18:19:27.0672 3260	exfat           (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
18:19:27.0711 3260	exfat - ok
18:19:27.0764 3260	fastfat         (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
18:19:27.0803 3260	fastfat - ok
18:19:27.0843 3260	fdc             (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
18:19:27.0895 3260	fdc - ok
18:19:27.0918 3260	fdPHost         (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
18:19:27.0944 3260	fdPHost - ok
18:19:27.0952 3260	FDResPub        (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
18:19:27.0995 3260	FDResPub - ok
18:19:28.0016 3260	FileInfo        (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
18:19:28.0029 3260	FileInfo - ok
18:19:28.0052 3260	Filetrace       (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
18:19:28.0093 3260	Filetrace - ok
18:19:28.0162 3260	flpydisk        (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
18:19:28.0224 3260	flpydisk - ok
18:19:28.0336 3260	FltMgr          (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
18:19:28.0351 3260	FltMgr - ok
18:19:28.0469 3260	FontCache       (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll
18:19:28.0519 3260	FontCache - ok
18:19:28.0617 3260	FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
18:19:28.0629 3260	FontCache3.0.0.0 - ok
18:19:28.0717 3260	FSCLBaseUpdaterService (6a4125edbe6d5907d4b1e4514f1f5675) C:\Program Files\Fujitsu Siemens Computers\FSCLounge\FSCWBaseUpdaterService\2\FSCWBaseUpdaterService.exe
18:19:28.0740 3260	FSCLBaseUpdaterService ( UnsignedFile.Multi.Generic ) - warning
18:19:28.0740 3260	FSCLBaseUpdaterService - detected UnsignedFile.Multi.Generic (1)
18:19:28.0783 3260	FsUsbExDisk     (b07663a810e861eebfd0eac7e82ca62d) C:\Windows\system32\FsUsbExDisk.SYS
18:19:28.0804 3260	FsUsbExDisk ( UnsignedFile.Multi.Generic ) - warning
18:19:28.0804 3260	FsUsbExDisk - detected UnsignedFile.Multi.Generic (1)
18:19:28.0847 3260	Fs_Rec          (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32\drivers\Fs_Rec.sys
18:19:28.0892 3260	Fs_Rec - ok
18:19:28.0935 3260	gagp30kx        (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
18:19:28.0947 3260	gagp30kx - ok
18:19:29.0007 3260	GbpKm           (738a994af1a7cbd40327986fa3254450) C:\Windows\system32\drivers\gbpkm.sys
18:19:29.0018 3260	GbpKm - ok
18:19:29.0078 3260	GbpSv           (831dcb0d2e1e1e7a7e1d9a22f2cde330) C:\PROGRA~1\GbPlugin\GbpSv.exe
18:19:29.0090 3260	GbpSv - ok
18:19:29.0187 3260	gpsvc           (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
18:19:29.0248 3260	gpsvc - ok
18:19:29.0329 3260	gupdate         (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
18:19:29.0341 3260	gupdate - ok
18:19:29.0345 3260	gupdatem        (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
18:19:29.0358 3260	gupdatem - ok
18:19:29.0403 3260	gusvc           (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
18:19:29.0417 3260	gusvc - ok
18:19:29.0455 3260	hamachi         (833051c6c6c42117191935f734cfbd97) C:\Windows\system32\DRIVERS\hamachi.sys
18:19:29.0465 3260	hamachi - ok
18:19:29.0670 3260	Hamachi2Svc     (f31d7f8a7699575dbb3b3a3ab4aa6216) C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
18:19:29.0757 3260	Hamachi2Svc - ok
18:19:29.0941 3260	HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
18:19:30.0002 3260	HdAudAddService - ok
18:19:30.0081 3260	HDAudBus        (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
18:19:30.0173 3260	HDAudBus - ok
18:19:30.0202 3260	HidBth          (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
18:19:30.0265 3260	HidBth - ok
18:19:30.0293 3260	HidIr           (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
18:19:30.0356 3260	HidIr - ok
18:19:30.0441 3260	hidserv         (84067081f3318162797385e11a8f0582) C:\Windows\system32\hidserv.dll
18:19:30.0471 3260	hidserv - ok
18:19:30.0505 3260	HidUsb          (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
18:19:30.0548 3260	HidUsb - ok
18:19:30.0590 3260	hkmsvc          (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
18:19:30.0634 3260	hkmsvc - ok
18:19:30.0679 3260	HpCISSs         (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
18:19:30.0693 3260	HpCISSs - ok
18:19:30.0763 3260	HTTP            (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
18:19:30.0834 3260	HTTP - ok
18:19:30.0849 3260	i2omp           (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
18:19:30.0862 3260	i2omp - ok
18:19:30.0875 3260	i8042prt        (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
18:19:30.0920 3260	i8042prt - ok
18:19:30.0977 3260	iaStor          (e5a0034847537eaee3c00349d5c34c5f) C:\Windows\system32\drivers\iastor.sys
18:19:30.0991 3260	iaStor - ok
18:19:31.0023 3260	iaStorV         (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
18:19:31.0039 3260	iaStorV - ok
18:19:31.0175 3260	IDriverT        (6f95324909b502e2651442c1548ab12f) C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
18:19:31.0180 3260	IDriverT ( UnsignedFile.Multi.Generic ) - warning
18:19:31.0180 3260	IDriverT - detected UnsignedFile.Multi.Generic (1)
18:19:31.0351 3260	idsvc           (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
18:19:31.0441 3260	idsvc - ok
18:19:31.0728 3260	igfx            (0627fc0c422cd6e0f23e1b0d1d9f0899) C:\Windows\system32\DRIVERS\igdkmd32.sys
18:19:31.0813 3260	igfx - ok
18:19:31.0950 3260	iirsp           (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
18:19:31.0962 3260	iirsp - ok
18:19:32.0044 3260	IKEEXT          (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
18:19:32.0107 3260	IKEEXT - ok
18:19:32.0352 3260	IntcAzAudAddService (d9b869a909cc93aec507d4f7dfa24434) C:\Windows\system32\drivers\RTKVHDA.sys
18:19:32.0437 3260	IntcAzAudAddService - ok
18:19:32.0602 3260	intelide        (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
18:19:32.0615 3260	intelide - ok
18:19:32.0628 3260	intelppm        (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
18:19:32.0669 3260	intelppm - ok
18:19:32.0711 3260	IPBusEnum       (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
18:19:32.0757 3260	IPBusEnum - ok
18:19:32.0781 3260	IpFilterDriver  (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:19:32.0828 3260	IpFilterDriver - ok
18:19:32.0889 3260	iphlpsvc        (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll
18:19:32.0940 3260	iphlpsvc - ok
18:19:32.0944 3260	IpInIp - ok
18:19:32.0968 3260	IPMIDRV         (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
18:19:33.0017 3260	IPMIDRV - ok
18:19:33.0047 3260	IPNAT           (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
18:19:33.0072 3260	IPNAT - ok
18:19:33.0089 3260	IRENUM          (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
18:19:33.0115 3260	IRENUM - ok
18:19:33.0137 3260	isapnp          (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
18:19:33.0149 3260	isapnp - ok
18:19:33.0219 3260	iScsiPrt        (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
18:19:33.0235 3260	iScsiPrt - ok
18:19:33.0250 3260	iteatapi        (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
18:19:33.0262 3260	iteatapi - ok
18:19:33.0272 3260	iteraid         (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
18:19:33.0284 3260	iteraid - ok
18:19:33.0322 3260	JRAID           (c36f3a1a4e8416ef43f30deab7701730) C:\Windows\system32\drivers\jraid.sys
18:19:33.0438 3260	JRAID - ok
18:19:33.0466 3260	kbdclass        (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
18:19:33.0480 3260	kbdclass - ok
18:19:33.0493 3260	kbdhid          (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys
18:19:33.0536 3260	kbdhid - ok
18:19:33.0590 3260	KeyIso          (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
18:19:33.0635 3260	KeyIso - ok
18:19:33.0717 3260	KSecDD          (4a1445efa932a3baf5bdb02d7131ee20) C:\Windows\system32\Drivers\ksecdd.sys
18:19:33.0738 3260	KSecDD - ok
18:19:33.0803 3260	KtmRm           (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
18:19:33.0871 3260	KtmRm - ok
18:19:33.0918 3260	LanmanServer    (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\system32\srvsvc.dll
18:19:33.0960 3260	LanmanServer - ok
18:19:34.0018 3260	LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
18:19:34.0057 3260	LanmanWorkstation - ok
18:19:34.0098 3260	lirsgt          (975b6cf65f44e95883f3855bae8cecaf) C:\Windows\system32\DRIVERS\lirsgt.sys
18:19:34.0124 3260	lirsgt ( UnsignedFile.Multi.Generic ) - warning
18:19:34.0124 3260	lirsgt - detected UnsignedFile.Multi.Generic (1)
18:19:34.0163 3260	lltdio          (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
18:19:34.0206 3260	lltdio - ok
18:19:34.0261 3260	lltdsvc         (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
18:19:34.0307 3260	lltdsvc - ok
18:19:34.0337 3260	lmhosts         (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
18:19:34.0380 3260	lmhosts - ok
18:19:34.0414 3260	LSI_FC          (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
18:19:34.0427 3260	LSI_FC - ok
18:19:34.0450 3260	LSI_SAS         (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
18:19:34.0465 3260	LSI_SAS - ok
18:19:34.0482 3260	LSI_SCSI        (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
18:19:34.0496 3260	LSI_SCSI - ok
18:19:34.0512 3260	luafv           (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
18:19:34.0555 3260	luafv - ok
18:19:34.0587 3260	Mcx2Svc         (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll
18:19:34.0625 3260	Mcx2Svc - ok
18:19:34.0646 3260	megasas         (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
18:19:34.0661 3260	megasas - ok
18:19:34.0712 3260	MegaSR          (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
18:19:34.0734 3260	MegaSR - ok
18:19:34.0770 3260	MMCSS           (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
18:19:34.0817 3260	MMCSS - ok
18:19:34.0849 3260	Modem           (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
18:19:34.0895 3260	Modem - ok
18:19:34.0925 3260	monitor         (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
18:19:34.0950 3260	monitor - ok
18:19:34.0969 3260	mouclass        (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
18:19:34.0982 3260	mouclass - ok
18:19:34.0996 3260	mouhid          (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
18:19:35.0046 3260	mouhid - ok
18:19:35.0071 3260	MountMgr        (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
18:19:35.0084 3260	MountMgr - ok
18:19:35.0112 3260	mpio            (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
18:19:35.0125 3260	mpio - ok
18:19:35.0150 3260	mpsdrv          (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
18:19:35.0195 3260	mpsdrv - ok
18:19:35.0271 3260	MpsSvc          (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll
18:19:35.0336 3260	MpsSvc - ok
18:19:35.0368 3260	Mraid35x        (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
18:19:35.0379 3260	Mraid35x - ok
18:19:35.0415 3260	MRxDAV          (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
18:19:35.0442 3260	MRxDAV - ok
18:19:35.0485 3260	mrxsmb          (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
18:19:35.0550 3260	mrxsmb - ok
18:19:35.0606 3260	mrxsmb10        (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:19:35.0646 3260	mrxsmb10 - ok
18:19:35.0678 3260	mrxsmb20        (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:19:35.0724 3260	mrxsmb20 - ok
18:19:35.0765 3260	msahci          (5457dcfa7c0da43522f4d9d4049c1472) C:\Windows\system32\drivers\msahci.sys
18:19:35.0779 3260	msahci - ok
18:19:35.0822 3260	msdsm           (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
18:19:35.0835 3260	msdsm - ok
18:19:35.0873 3260	MSDTC           (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
18:19:35.0923 3260	MSDTC - ok
18:19:35.0937 3260	Msfs            (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
18:19:35.0969 3260	Msfs - ok
18:19:36.0000 3260	msisadrv        (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
18:19:36.0011 3260	msisadrv - ok
18:19:36.0048 3260	MSiSCSI         (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
18:19:36.0102 3260	MSiSCSI - ok
18:19:36.0106 3260	msiserver - ok
18:19:36.0126 3260	MSKSSRV         (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
18:19:36.0173 3260	MSKSSRV - ok
18:19:36.0178 3260	MSPCLOCK        (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
18:19:36.0215 3260	MSPCLOCK - ok
18:19:36.0220 3260	MSPQM           (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
18:19:36.0246 3260	MSPQM - ok
18:19:36.0297 3260	MsRPC           (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
18:19:36.0333 3260	MsRPC - ok
18:19:36.0358 3260	mssmbios        (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
18:19:36.0370 3260	mssmbios - ok
18:19:36.0375 3260	MSTEE           (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
18:19:36.0403 3260	MSTEE - ok
18:19:36.0420 3260	Mup             (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
18:19:36.0435 3260	Mup - ok
18:19:36.0506 3260	napagent        (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
18:19:36.0554 3260	napagent - ok
18:19:36.0603 3260	NativeWifiP     (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
18:19:36.0618 3260	NativeWifiP - ok
18:19:36.0715 3260	NDIS            (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
18:19:36.0737 3260	NDIS - ok
18:19:36.0771 3260	NdisTapi        (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
18:19:36.0808 3260	NdisTapi - ok
18:19:36.0830 3260	Ndisuio         (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
18:19:36.0856 3260	Ndisuio - ok
18:19:36.0877 3260	NdisWan         (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
18:19:36.0915 3260	NdisWan - ok
18:19:36.0939 3260	NDProxy         (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
18:19:36.0959 3260	NDProxy - ok
18:19:37.0140 3260	Nero BackItUp Scheduler 3 (b044bb341e164da6750a9b8e6a5ff6a1) C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
18:19:37.0192 3260	Nero BackItUp Scheduler 3 - ok
18:19:37.0213 3260	NetBIOS         (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
18:19:37.0253 3260	NetBIOS - ok
18:19:37.0307 3260	netbt           (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
18:19:37.0347 3260	netbt - ok
18:19:37.0412 3260	Netlogon        (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
18:19:37.0427 3260	Netlogon - ok
18:19:37.0493 3260	Netman          (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
18:19:37.0539 3260	Netman - ok
18:19:37.0653 3260	NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
18:19:37.0666 3260	NetMsmqActivator - ok
18:19:37.0670 3260	NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
18:19:37.0687 3260	NetPipeActivator - ok
18:19:37.0740 3260	netprofm        (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
18:19:37.0783 3260	netprofm - ok
18:19:37.0787 3260	NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
18:19:37.0800 3260	NetTcpActivator - ok
18:19:37.0807 3260	NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
18:19:37.0820 3260	NetTcpPortSharing - ok
18:19:37.0857 3260	nfrd960         (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
18:19:37.0869 3260	nfrd960 - ok
18:19:37.0894 3260	NlaSvc          (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
18:19:37.0928 3260	NlaSvc - ok
18:19:38.0065 3260	NMIndexingService (eba1b4bf2e2375abdadedb649f283541) C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
18:19:38.0087 3260	NMIndexingService - ok
18:19:38.0167 3260	Norman ZANDA    (d59585f50e86160408db33ba3096d405) C:\Program Files\Norman\Npm\Bin\Zanda.exe
18:19:38.0207 3260	Norman ZANDA ( UnsignedFile.Multi.Generic ) - warning
18:19:38.0208 3260	Norman ZANDA - detected UnsignedFile.Multi.Generic (1)
18:19:38.0242 3260	Npfs            (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
18:19:38.0281 3260	Npfs - ok
18:19:38.0429 3260	nsi             (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
18:19:38.0479 3260	nsi - ok
18:19:38.0547 3260	nsiproxy        (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
18:19:38.0591 3260	nsiproxy - ok
18:19:38.0738 3260	Ntfs            (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
18:19:38.0802 3260	Ntfs - ok
18:19:38.0822 3260	ntrigdigi       (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
18:19:38.0865 3260	ntrigdigi - ok
18:19:38.0875 3260	Null            (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
18:19:38.0925 3260	Null - ok
18:19:39.0011 3260	NVOY            (1e60fbb015999c1929e46847a3448e24) C:\Program Files\Norman\npm\bin\nvoy.exe
18:19:39.0019 3260	NVOY ( UnsignedFile.Multi.Generic ) - warning
18:19:39.0019 3260	NVOY - detected UnsignedFile.Multi.Generic (1)
18:19:39.0056 3260	nvraid          (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
18:19:39.0070 3260	nvraid - ok
18:19:39.0090 3260	nvstor          (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
18:19:39.0102 3260	nvstor - ok
18:19:39.0125 3260	nv_agp          (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
18:19:39.0139 3260	nv_agp - ok
18:19:39.0143 3260	NwlnkFlt - ok
18:19:39.0153 3260	NwlnkFwd - ok
18:19:39.0256 3260	odserv          (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
18:19:39.0277 3260	odserv - ok
18:19:39.0317 3260	ohci1394        (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
18:19:39.0358 3260	ohci1394 - ok
18:19:39.0418 3260	ose             (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:19:39.0442 3260	ose - ok
18:19:39.0547 3260	p2pimsvc        (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
18:19:39.0608 3260	p2pimsvc - ok
18:19:39.0618 3260	p2psvc          (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
18:19:39.0665 3260	p2psvc - ok
18:19:39.0710 3260	Parport         (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
18:19:39.0752 3260	Parport - ok
18:19:39.0814 3260	partmgr         (b9c2b89f08670e159f7181891e449cd9) C:\Windows\system32\drivers\partmgr.sys
18:19:39.0827 3260	partmgr - ok
18:19:39.0851 3260	Parvdm          (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
18:19:39.0912 3260	Parvdm - ok
18:19:39.0955 3260	PcaSvc          (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
18:19:39.0995 3260	PcaSvc - ok
18:19:40.0000 3260	pccsmcfd - ok
18:19:40.0061 3260	pci             (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
18:19:40.0076 3260	pci - ok
18:19:40.0085 3260	pciide          (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
18:19:40.0098 3260	pciide - ok
18:19:40.0122 3260	pcmcia          (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
18:19:40.0136 3260	pcmcia - ok
18:19:40.0251 3260	PEAUTH          (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
18:19:40.0339 3260	PEAUTH - ok
18:19:40.0520 3260	pla             (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
18:19:40.0627 3260	pla - ok
18:19:40.0771 3260	PLFlash DeviceIoControl Service (875e4e0661f3a5994df9e5e3a0a4f96b) C:\Windows\system32\IoctlSvc.exe
18:19:40.0792 3260	PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - warning
18:19:40.0792 3260	PLFlash DeviceIoControl Service - detected UnsignedFile.Multi.Generic (1)
18:19:40.0846 3260	PlugPlay        (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
18:19:40.0894 3260	PlugPlay - ok
18:19:40.0973 3260	PnkBstrA        (3a2bdd76e7d2a5f40a7174793d1ba794) C:\Windows\system32\PnkBstrA.exe
18:19:40.0985 3260	PnkBstrA - ok
18:19:41.0102 3260	PNRPAutoReg     (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
18:19:41.0127 3260	PNRPAutoReg - ok
18:19:41.0136 3260	PNRPsvc         (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
18:19:41.0162 3260	PNRPsvc - ok
18:19:41.0237 3260	PolicyAgent     (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
18:19:41.0294 3260	PolicyAgent - ok
18:19:41.0373 3260	PptpMiniport    (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
18:19:41.0418 3260	PptpMiniport - ok
18:19:41.0447 3260	Processor       (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
18:19:41.0494 3260	Processor - ok
18:19:41.0544 3260	ProfSvc         (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
18:19:41.0567 3260	ProfSvc - ok
18:19:41.0612 3260	ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
18:19:41.0626 3260	ProtectedStorage - ok
18:19:41.0673 3260	PSched          (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
18:19:41.0694 3260	PSched - ok
18:19:41.0725 3260	PxHelp20        (49452bfcec22f36a7a9b9c2181bc3042) C:\Windows\system32\Drivers\PxHelp20.sys
18:19:41.0735 3260	PxHelp20 - ok
18:19:41.0858 3260	ql2300          (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
18:19:41.0943 3260	ql2300 - ok
18:19:41.0976 3260	ql40xx          (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
18:19:41.0990 3260	ql40xx - ok
18:19:42.0039 3260	QWAVE           (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
18:19:42.0077 3260	QWAVE - ok
18:19:42.0116 3260	QWAVEdrv        (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
18:19:42.0130 3260	QWAVEdrv - ok
18:19:42.0148 3260	RasAcd          (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
18:19:42.0198 3260	RasAcd - ok
18:19:42.0237 3260	RasAuto         (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
18:19:42.0284 3260	RasAuto - ok
18:19:42.0316 3260	Rasl2tp         (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
18:19:42.0356 3260	Rasl2tp - ok
18:19:42.0415 3260	RasMan          (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
18:19:42.0459 3260	RasMan - ok
18:19:42.0492 3260	RasPppoe        (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
18:19:42.0528 3260	RasPppoe - ok
18:19:42.0559 3260	RasSstp         (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
18:19:42.0575 3260	RasSstp - ok
18:19:42.0641 3260	rdbss           (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
18:19:42.0684 3260	rdbss - ok
18:19:42.0720 3260	RDPCDD          (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
18:19:42.0761 3260	RDPCDD - ok
18:19:42.0807 3260	rdpdr           (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
18:19:42.0834 3260	rdpdr - ok
18:19:42.0840 3260	RDPENCDD        (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
18:19:42.0866 3260	RDPENCDD - ok
18:19:42.0915 3260	RDPWD           (c127ebd5afab31524662c48dfceb773a) C:\Windows\system32\drivers\RDPWD.sys
18:19:42.0950 3260	RDPWD - ok
18:19:42.0993 3260	RemoteAccess    (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
18:19:43.0019 3260	RemoteAccess - ok
18:19:43.0068 3260	RemoteRegistry  (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
18:19:43.0090 3260	RemoteRegistry - ok
18:19:43.0114 3260	RpcLocator      (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
18:19:43.0149 3260	RpcLocator - ok
18:19:43.0235 3260	RpcSs           (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
18:19:43.0264 3260	RpcSs - ok
18:19:43.0307 3260	rspndr          (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
18:19:43.0355 3260	rspndr - ok
18:19:43.0406 3260	RTL8169         (2fc33077f85d7dc0d03678c06d43898c) C:\Windows\system32\DRIVERS\Rtlh86.sys
18:19:43.0483 3260	RTL8169 - ok
18:19:43.0530 3260	RTL8187B        (c279a9a9f946359548e5665c0e8bab15) C:\Windows\system32\DRIVERS\RTL8187B.sys
18:19:43.0573 3260	RTL8187B - ok
18:19:43.0709 3260	RTSTOR          (5717e47c952382e7166448517f030787) C:\Windows\system32\drivers\RTSTOR.SYS
18:19:43.0785 3260	RTSTOR - ok
18:19:43.0823 3260	SamSs           (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
18:19:43.0837 3260	SamSs - ok
18:19:43.0914 3260	SASDIFSV        (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
18:19:43.0924 3260	SASDIFSV - ok
18:19:43.0947 3260	SASKUTIL        (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
18:19:43.0958 3260	SASKUTIL - ok
18:19:43.0982 3260	sbp2port        (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
18:19:43.0994 3260	sbp2port - ok
18:19:44.0055 3260	SCardSvr        (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
18:19:44.0077 3260	SCardSvr - ok
18:19:44.0170 3260	Schedule        (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
18:19:44.0238 3260	Schedule - ok
18:19:44.0285 3260	SCPolicySvc     (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
18:19:44.0305 3260	SCPolicySvc - ok
18:19:44.0336 3260	SDRSVC          (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
18:19:44.0376 3260	SDRSVC - ok
18:19:44.0414 3260	secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
18:19:44.0482 3260	secdrv - ok
18:19:44.0537 3260	seclogon        (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
18:19:44.0565 3260	seclogon - ok
18:19:44.0584 3260	SENS            (a9bbab5759771e523f55563d6cbe140f) C:\Windows\System32\sens.dll
18:19:44.0629 3260	SENS - ok
18:19:44.0659 3260	Serenum         (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
18:19:44.0701 3260	Serenum - ok
18:19:44.0724 3260	Serial          (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
18:19:44.0782 3260	Serial - ok
18:19:44.0811 3260	sermouse        (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
18:19:44.0836 3260	sermouse - ok
18:19:44.0865 3260	SessionEnv      (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
18:19:44.0893 3260	SessionEnv - ok
18:19:44.0911 3260	sffdisk         (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
18:19:44.0931 3260	sffdisk - ok
18:19:44.0943 3260	sffp_mmc        (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
18:19:44.0991 3260	sffp_mmc - ok
18:19:44.0997 3260	sffp_sd         (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
18:19:45.0029 3260	sffp_sd - ok
18:19:45.0036 3260	sfloppy         (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
18:19:45.0090 3260	sfloppy - ok
18:19:45.0174 3260	SharedAccess    (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
18:19:45.0225 3260	SharedAccess - ok
18:19:45.0311 3260	ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
18:19:45.0329 3260	ShellHWDetection - ok
18:19:45.0343 3260	sisagp          (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
18:19:45.0357 3260	sisagp - ok
18:19:45.0379 3260	SiSRaid2        (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
18:19:45.0392 3260	SiSRaid2 - ok
18:19:45.0417 3260	SiSRaid4        (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
18:19:45.0431 3260	SiSRaid4 - ok
18:19:45.0797 3260	Skype C2C Service (0f97e7a47a52f4a36969f0fc319654c2) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
18:19:45.0958 3260	Skype C2C Service - ok
18:19:46.0066 3260	SkypeUpdate     (6128e98eaaed364ed1a32708d2fd22cb) C:\Program Files\Skype\Updater\Updater.exe
18:19:46.0077 3260	SkypeUpdate - ok
18:19:46.0567 3260	slsvc           (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
18:19:46.0777 3260	slsvc - ok
18:19:46.0934 3260	SLUINotify      (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
18:19:46.0973 3260	SLUINotify - ok
18:19:47.0024 3260	Smb             (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
18:19:47.0063 3260	Smb - ok
18:19:47.0106 3260	SNMPTRAP        (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
18:19:47.0121 3260	SNMPTRAP - ok
18:19:47.0144 3260	spldr           (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
18:19:47.0158 3260	spldr - ok
18:19:47.0208 3260	Spooler         (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
18:19:47.0240 3260	Spooler - ok
18:19:47.0309 3260	srv             (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
18:19:47.0335 3260	srv - ok
18:19:47.0393 3260	srv2            (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
18:19:47.0446 3260	srv2 - ok
18:19:47.0501 3260	srvnet          (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
18:19:47.0537 3260	srvnet - ok
18:19:47.0583 3260	sscebus         (b2063ce662af3ab20045121a5b716df6) C:\Windows\system32\DRIVERS\sscebus.sys
18:19:47.0609 3260	sscebus - ok
18:19:47.0619 3260	sscemdfl        (66799dc0afe3dcaf8368cae17394a762) C:\Windows\system32\DRIVERS\sscemdfl.sys
18:19:47.0629 3260	sscemdfl - ok
18:19:47.0659 3260	sscemdm         (cbf03ffc08f8db547bab2f79aa663d16) C:\Windows\system32\DRIVERS\sscemdm.sys
18:19:47.0680 3260	sscemdm - ok
18:19:47.0742 3260	SSDPSRV         (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
18:19:47.0799 3260	SSDPSRV - ok
18:19:47.0838 3260	ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
18:19:47.0847 3260	ssmdrv - ok
18:19:47.0876 3260	SstpSvc         (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
18:19:47.0892 3260	SstpSvc - ok
18:19:47.0948 3260	Steam Client Service - ok
18:19:48.0025 3260	stisvc          (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
18:19:48.0088 3260	stisvc - ok
18:19:48.0121 3260	swenum          (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
18:19:48.0134 3260	swenum - ok
18:19:48.0206 3260	swprv           (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
18:19:48.0257 3260	swprv - ok
18:19:48.0296 3260	Symc8xx         (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
18:19:48.0308 3260	Symc8xx - ok
18:19:48.0330 3260	Sym_hi          (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
18:19:48.0342 3260	Sym_hi - ok
18:19:48.0358 3260	Sym_u3          (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
18:19:48.0370 3260	Sym_u3 - ok
18:19:48.0438 3260	SysMain         (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
18:19:48.0501 3260	SysMain - ok
18:19:48.0539 3260	TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
18:19:48.0557 3260	TabletInputService - ok
18:19:48.0622 3260	TapiSrv         (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
18:19:48.0668 3260	TapiSrv - ok
18:19:48.0697 3260	TBS             (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
18:19:48.0748 3260	TBS - ok
18:19:48.0925 3260	Tcpip           (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\drivers\tcpip.sys
18:19:48.0976 3260	Tcpip - ok
18:19:48.0991 3260	Tcpip6          (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\DRIVERS\tcpip.sys
18:19:49.0116 3260	Tcpip6 - ok
18:19:49.0174 3260	tcpipreg        (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
18:19:49.0188 3260	tcpipreg - ok
18:19:49.0226 3260	TDPIPE          (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
18:19:49.0266 3260	TDPIPE - ok
18:19:49.0302 3260	TDTCP           (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
18:19:49.0327 3260	TDTCP - ok
18:19:49.0358 3260	tdx             (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
18:19:49.0391 3260	tdx - ok
18:19:49.0782 3260	TeamViewer7     (a4d2ce94b028ef1e437cf4ac3d8ff26c) C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
18:19:49.0927 3260	TeamViewer7 - ok
18:19:50.0130 3260	TermDD          (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
18:19:50.0144 3260	TermDD - ok
18:19:50.0231 3260	TermService     (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
18:19:50.0301 3260	TermService - ok
18:19:50.0436 3260	TestHandler     (250b9120c7c103afdc0c6643f9691055) C:\Program Files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe
18:19:50.0461 3260	TestHandler ( UnsignedFile.Multi.Generic ) - warning
18:19:50.0461 3260	TestHandler - detected UnsignedFile.Multi.Generic (1)
18:19:50.0521 3260	Themes          (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
18:19:50.0539 3260	Themes - ok
18:19:50.0569 3260	THREADORDER     (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
18:19:50.0595 3260	THREADORDER - ok
18:19:50.0624 3260	TrkWks          (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
18:19:50.0653 3260	TrkWks - ok
18:19:50.0721 3260	TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
18:19:50.0742 3260	TrustedInstaller - ok
18:19:50.0779 3260	tssecsrv        (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
18:19:50.0821 3260	tssecsrv - ok
18:19:50.0846 3260	tunmp           (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
18:19:50.0877 3260	tunmp - ok
18:19:50.0914 3260	tunnel          (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
18:19:50.0928 3260	tunnel - ok
18:19:50.0953 3260	uagp35          (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
18:19:50.0967 3260	uagp35 - ok
18:19:51.0029 3260	udfs            (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
18:19:51.0065 3260	udfs - ok
18:19:51.0110 3260	UI0Detect       (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
18:19:51.0164 3260	UI0Detect - ok
18:19:51.0196 3260	uliagpkx        (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
18:19:51.0209 3260	uliagpkx - ok
18:19:51.0244 3260	uliahci         (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
18:19:51.0269 3260	uliahci - ok
18:19:51.0297 3260	UlSata          (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
18:19:51.0309 3260	UlSata - ok
18:19:51.0336 3260	ulsata2         (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
18:19:51.0361 3260	ulsata2 - ok
18:19:51.0383 3260	umbus           (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
18:19:51.0430 3260	umbus - ok
18:19:51.0483 3260	upnphost        (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
18:19:51.0532 3260	upnphost - ok
18:19:51.0554 3260	usbccgp         (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
18:19:51.0589 3260	usbccgp - ok
18:19:51.0615 3260	usbcir          (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
18:19:51.0659 3260	usbcir - ok
18:19:51.0701 3260	usbehci         (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
18:19:51.0721 3260	usbehci - ok
18:19:51.0785 3260	usbhub          (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
18:19:51.0831 3260	usbhub - ok
18:19:51.0853 3260	usbohci         (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
18:19:51.0896 3260	usbohci - ok
18:19:51.0934 3260	usbprint        (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
18:19:51.0977 3260	usbprint - ok
18:19:52.0006 3260	USBSTOR         (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:19:52.0044 3260	USBSTOR - ok
18:19:52.0071 3260	usbuhci         (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
18:19:52.0092 3260	usbuhci - ok
18:19:52.0129 3260	usbvideo        (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
18:19:52.0173 3260	usbvideo - ok
18:19:52.0208 3260	UxSms           (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
18:19:52.0254 3260	UxSms - ok
18:19:52.0326 3260	vds             (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
18:19:52.0392 3260	vds - ok
18:19:52.0418 3260	vga             (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
18:19:52.0459 3260	vga - ok
18:19:52.0484 3260	VgaSave         (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
18:19:52.0527 3260	VgaSave - ok
18:19:52.0566 3260	viaagp          (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
18:19:52.0580 3260	viaagp - ok
18:19:52.0596 3260	ViaC7           (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
18:19:52.0621 3260	ViaC7 - ok
18:19:52.0635 3260	viaide          (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
18:19:52.0649 3260	viaide - ok
18:19:52.0675 3260	volmgr          (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
18:19:52.0688 3260	volmgr - ok
18:19:52.0757 3260	volmgrx         (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
18:19:52.0774 3260	volmgrx - ok
18:19:52.0834 3260	volsnap         (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
18:19:52.0850 3260	volsnap - ok
18:19:52.0878 3260	vsmraid         (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
18:19:52.0903 3260	vsmraid - ok
18:19:53.0057 3260	VSS             (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
18:19:53.0164 3260	VSS - ok
18:19:53.0249 3260	W32Time         (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
18:19:53.0276 3260	W32Time - ok
18:19:53.0323 3260	WacomPen        (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
18:19:53.0365 3260	WacomPen - ok
18:19:53.0380 3260	Wanarp          (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
18:19:53.0426 3260	Wanarp - ok
18:19:53.0430 3260	Wanarpv6        (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
18:19:53.0453 3260	Wanarpv6 - ok
18:19:53.0529 3260	wcncsvc         (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
18:19:53.0553 3260	wcncsvc - ok
18:19:53.0586 3260	WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
18:19:53.0610 3260	WcsPlugInService - ok
18:19:53.0617 3260	Wd              (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
18:19:53.0630 3260	Wd - ok
18:19:53.0694 3260	Wdf01000        (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
18:19:53.0730 3260	Wdf01000 - ok
18:19:53.0789 3260	WdiServiceHost  (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
18:19:53.0855 3260	WdiServiceHost - ok
18:19:53.0859 3260	WdiSystemHost   (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
18:19:53.0888 3260	WdiSystemHost - ok
18:19:53.0997 3260	WebClient       (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
18:19:54.0044 3260	WebClient - ok
18:19:54.0097 3260	Wecsvc          (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
18:19:54.0137 3260	Wecsvc - ok
18:19:54.0170 3260	wercplsupport   (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
18:19:54.0215 3260	wercplsupport - ok
18:19:54.0306 3260	WerSvc          (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
18:19:54.0329 3260	WerSvc - ok
18:19:54.0403 3260	WinDefend       (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
18:19:54.0420 3260	WinDefend - ok
18:19:54.0437 3260	WinHttpAutoProxySvc - ok
18:19:54.0524 3260	Winmgmt         (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
18:19:54.0545 3260	Winmgmt - ok
18:19:54.0701 3260	WinRM           (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
18:19:54.0798 3260	WinRM - ok
18:19:54.0901 3260	Wlansvc         (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
18:19:54.0926 3260	Wlansvc - ok
18:19:55.0186 3260	wlidsvc         (5144ae67d60ec653f97ddf3feed29e77) c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
18:19:55.0261 3260	wlidsvc - ok
18:19:55.0408 3260	WmiAcpi         (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
18:19:55.0450 3260	WmiAcpi - ok
18:19:55.0547 3260	wmiApSrv        (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
18:19:55.0581 3260	wmiApSrv - ok
18:19:55.0747 3260	WMPNetworkSvc   (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
18:19:55.0788 3260	WMPNetworkSvc - ok
18:19:55.0850 3260	WPCSvc          (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
18:19:55.0879 3260	WPCSvc - ok
18:19:55.0925 3260	WPDBusEnum      (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
18:19:55.0964 3260	WPDBusEnum - ok
18:19:56.0036 3260	WpdUsb          (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
18:19:56.0075 3260	WpdUsb - ok
18:19:56.0280 3260	WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
18:19:56.0311 3260	WPFFontCache_v0400 - ok
18:19:56.0338 3260	ws2ifsl         (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
18:19:56.0386 3260	ws2ifsl - ok
18:19:56.0439 3260	wscsvc          (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\System32\wscsvc.dll
18:19:56.0481 3260	wscsvc - ok
18:19:56.0489 3260	WSearch - ok
18:19:56.0710 3260	wuauserv        (fc3ec24fce372c89423e015a2ac1a31e) C:\Windows\system32\wuaueng.dll
18:19:56.0803 3260	wuauserv - ok
18:19:56.0934 3260	WUDFRd          (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
18:19:56.0959 3260	WUDFRd - ok
18:19:56.0989 3260	wudfsvc         (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
18:19:57.0029 3260	wudfsvc - ok
18:19:57.0063 3260	MBR (0x1B8)     (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
18:19:57.0566 3260	\Device\Harddisk0\DR0 - ok
18:19:57.0570 3260	Boot (0x1200)   (99facc3fea4ad7366d9755f936ef2d3b) \Device\Harddisk0\DR0\Partition0
18:19:57.0574 3260	\Device\Harddisk0\DR0\Partition0 - ok
18:19:57.0596 3260	Boot (0x1200)   (67abae8f8fb273417c4436ab0248a925) \Device\Harddisk0\DR0\Partition1
18:19:57.0598 3260	\Device\Harddisk0\DR0\Partition1 - ok
18:19:57.0598 3260	============================================================
18:19:57.0598 3260	Scan finished
18:19:57.0598 3260	============================================================
18:19:57.0612 4072	Detected object count: 12
18:19:57.0612 4072	Actual detected object count: 12
18:20:09.0454 4072	ACEDRV07 ( UnsignedFile.Multi.Generic ) - skipped by user
18:20:09.0454 4072	ACEDRV07 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:20:09.0459 4072	Adobe LM Service ( UnsignedFile.Multi.Generic ) - skipped by user
18:20:09.0459 4072	Adobe LM Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:20:09.0461 4072	atksgt ( UnsignedFile.Multi.Generic ) - skipped by user
18:20:09.0461 4072	atksgt ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:20:09.0464 4072	eLoggerSvc6 ( UnsignedFile.Multi.Generic ) - skipped by user
18:20:09.0464 4072	eLoggerSvc6 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:20:09.0466 4072	FSCLBaseUpdaterService ( UnsignedFile.Multi.Generic ) - skipped by user
18:20:09.0466 4072	FSCLBaseUpdaterService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:20:09.0469 4072	FsUsbExDisk ( UnsignedFile.Multi.Generic ) - skipped by user
18:20:09.0469 4072	FsUsbExDisk ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:20:09.0472 4072	IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
18:20:09.0472 4072	IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:20:09.0475 4072	lirsgt ( UnsignedFile.Multi.Generic ) - skipped by user
18:20:09.0475 4072	lirsgt ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:20:09.0478 4072	Norman ZANDA ( UnsignedFile.Multi.Generic ) - skipped by user
18:20:09.0478 4072	Norman ZANDA ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:20:09.0481 4072	NVOY ( UnsignedFile.Multi.Generic ) - skipped by user
18:20:09.0481 4072	NVOY ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:20:09.0484 4072	PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - skipped by user
18:20:09.0484 4072	PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:20:09.0486 4072	TestHandler ( UnsignedFile.Multi.Generic ) - skipped by user
18:20:09.0486 4072	TestHandler ( UnsignedFile.Multi.Generic ) - User select action: Skip 

Achja der QuickTest von MAM fehlt noch hier isser:

HTML-Code:
Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.10.05

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
TimTobias :: DERCOMPUTER [limited]

03.08.2012 18:24:31
mbam-log-2012-08-03 (18-29-41).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 166038
Time elapsed: 4 minute(s), 56 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 1
C:\Program Files\PermissionResearch (Spyware.PermissionResearch) -> Delete on reboot.

Files Detected: 4
C:\Program Files\PermissionResearch\prls.dll (Spyware.PermissionResearch) -> Delete on reboot.
C:\Program Files\PermissionResearch\prls64.dll (Spyware.PermissionResearch) -> Delete on reboot.
C:\Program Files\PermissionResearch\prmrsr64.exe (Spyware.PermissionResearch) -> Delete on reboot.
C:\Program Files\PermissionResearch\prservice.exe (Spyware.PermissionResearch) -> Delete on reboot.

(end)
__________________

Alt 03.08.2012, 20:48   #4
Chris4You
 
"ATRAPS.gen" und "ATRAPS.gen2" Trojaner Fund - Standard

"ATRAPS.gen" und "ATRAPS.gen2" Trojaner Fund



Hi,

eine neue Variante (oder Reste), keiner erkennt ihn bis auf GMER:
Library c:\windows\system32\n (*** hidden *** ) @ C:\Windows\Explorer.EXE [4088]

Das wird jetzt spannend...

OSAM
Prüft Programme/Treiber die gestartet werden online.
Folge den Anweisungen hier http://www.trojaner-board.de/84180-a...n-manager.html zur Erstellung eines Logs und poste das hier in Deinem Thread.

Combofix
Lade Combo Fix von http://download.bleepingcomputer.com/sUBs/ComboFix.exe und speichert es auf den Desktop.

Rechner in den abgesicherten Modus (F8 beim Booten) hochfahren.

Achtung: In einigen wenigen Fällen kann es vorkommen, das der Rechner nicht mehr booten kann und Neuaufgesetzt werden muß!

Alle Fenster schliessen und combofix.exe starten und bestätige die folgende Abfrage mit 1 und drücke Enter.

Der Scan mit Combofix kann einige Zeit in Anspruch nehmen, also habe etwas Geduld. Während des Scans bitte nichts am Rechner unternehmen
Es kann möglich sein, dass der Rechner zwischendurch neu gestartet wird.
Nach Scanende wird ein Report (ComboFix.txt) angezeigt, den bitte kopieren und in deinem Thread einfuegen. Das Log solltest Du unter C:\ComboFix.txt finden...

Erstelle und poste auch ein neues OTL-Log...

chris
__________________
Don't bring me down
Vor dem posten beachten!
Spenden
(Wer spenden will, kann sich gerne melden )

Alt 04.08.2012, 14:24   #5
TimTobi
 
"ATRAPS.gen" und "ATRAPS.gen2" Trojaner Fund - Standard

"ATRAPS.gen" und "ATRAPS.gen2" Trojaner Fund



So ertmal die Osam text datei:

OSAM Logfile:
Code:
ATTFilter
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 23:57:43 on 03.08.2012

OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit
Default Browser: Microsoft Corporation Internet Explorer 9.00.8112.16421

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"FacebookUpdateTaskUserS-1-5-21-796801859-272985792-655912762-1001Core.job" - "Facebook Inc." - C:\Users\TimTobias\AppData\Local\Facebook\Update\FacebookUpdate.exe
"FacebookUpdateTaskUserS-1-5-21-796801859-272985792-655912762-1001UA.job" - "Facebook Inc." - C:\Users\TimTobias\AppData\Local\Facebook\Update\FacebookUpdate.exe
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"Adobe Flash Player Updater.job" - "Adobe Systems Incorporated" - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
"DriverEasy Scheduled Scan.job" - "Easeware" - C:\Program Files\Easeware\DriverEasy\DriverEasy.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl
"PhysX.cpl" - ? - C:\Windows\system32\PhysX.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"Adobe Gamma" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma.cpl
"Nero BurnRights" - "Nero AG" - C:\Program Files\Nero\Nero8\Nero Toolkit\NeroBurnRights.cpl
"Pando" - "Pando Networks" - C:\Program Files\Pando Networks\Media Booster\PMB.cpl
"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"ACEDRV07" (ACEDRV07) - "Protect Software GmbH" - C:\Windows\system32\drivers\ACEDRV07.sys
"ACEDRV09" (ACEDRV09) - "Protect Software GmbH" - C:\Windows\system32\drivers\ACEDRV09.sys
"atksgt" (atksgt) - ? - C:\Windows\System32\DRIVERS\atksgt.sys  (File found, but it contains no detailed information)
"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys
"dgderdrv" (dgderdrv) - ? - C:\Windows\System32\drivers\dgderdrv.sys  (File not found)
"FsUsbExDisk" (FsUsbExDisk) - ? - C:\Windows\system32\FsUsbExDisk.SYS  (File found, but it contains no detailed information)
"Gbp KernelMode" (GbpKm) - "GAS Tecnologia" - C:\Windows\System32\drivers\gbpkm.sys
"Hamachi Network Interface" (hamachi) - "LogMeIn, Inc." - C:\Windows\System32\DRIVERS\hamachi.sys
"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys  (File not found)
"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys  (File not found)
"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys  (File not found)
"lirsgt" (lirsgt) - ? - C:\Windows\System32\DRIVERS\lirsgt.sys  (File found, but it contains no detailed information)
"PCCS Mode Change Filter Driver" (pccsmcfd) - ? - C:\Windows\System32\DRIVERS\pccsmcfd.sys  (File not found)
"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\Windows\System32\Drivers\PxHelp20.sys
"SASDIFSV" (SASDIFSV) - "SUPERAdBlocker.com and SUPERAntiSpyware.com" - C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
"SASKUTIL" (SASKUTIL) - "SUPERAdBlocker.com and SUPERAntiSpyware.com" - C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
{91774881-D725-4E58-B298-07617B9B86A8} "Skype IE add-on Pluggable Protocol" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{E37CB5F0-51F5-4395-A808-5FA49E399F83} "GbPluginObj Class" - "Banco do Brasil" - C:\Program Files\GbPlugin\gbieh.dll
{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "SABShellExecuteHook Class" - "SuperAdBlocker.com" - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -   (File not found | COM-object registry key not found)
{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files\7-Zip\7-zip.dll
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -   (File not found | COM-object registry key not found)
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -   (File not found | COM-object registry key not found)
{98C11555-BC81-40aa-A053-DAADC5630000} "GbExplorerPersistObj Class" - "Banco do Brasil" - C:\Program Files\GbPlugin\gbieh.dll
{E37CB5F0-51F5-4395-A808-5FA49E399F83} "GbPluginObj Class" - "Banco do Brasil" - C:\Program Files\GbPlugin\gbieh.dll
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -   (File not found | COM-object registry key not found)
{00020d75-0000-0000-c000-000000000046} "lnkfile" - ? -   (File not found | COM-object registry key not found)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2} "NeroCoverEdLiveIcons Class" - "Nero AG" - C:\Program Files\Nero\Nero8\Nero CoverDesigner\CoverEdExtension.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{AE424E85-F6DF-4910-A6A9-438797986431} "OpenOffice.org Property Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\propertyhdl.dll
{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -   (File not found | COM-object registry key not found)
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_32" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} "Java Plug-in 1.6.0_32" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_32" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_32.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\Windows\system32\Macromed\Flash\Flash10l.ocx / hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
{898EA8C8-E7FF-479B-8935-AEC46303B9E5} "Skype Click to Call" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{C41A1C0E-EA6C-11D4-B1B8-444553540000} "GbIehObj Class" - "Banco do Brasil" - C:\Program Files\GbPlugin\gbieh.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\ssv.dll
{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} "Skype Browser Helper" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live ID Sign-in Helper" - "Microsoft Corporation" - c:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"Adobe Gamma.lnk" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe  (Shortcut exists | File exists)
"desktop.ini" - ? - C:\Users\Gabi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"msnmsgr" - "Microsoft Corporation" - "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
"LogMeIn Hamachi Ui" - "LogMeIn Inc." - "C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
"Adobe Flash Player Update Service" (AdobeFlashPlayerUpdateSvc) - "Adobe Systems Incorporated" - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
"Adobe LM Service" (Adobe LM Service) - "Adobe Systems" - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
"ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe
"Fujitsu Siemens Computers Diagnostic Testhandler" (TestHandler) - "Fujitsu Siemens Computers" - C:\Program Files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe
"Gbp Service" (GbpSv) - " " - C:\PROGRA~1\GbPlugin\GbpSv.exe
"Google Software Updater" (gusvc) - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
"Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
"LogMeIn Hamachi Tunneling Engine" (Hamachi2Svc) - "LogMeIn Inc." - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
"Nero BackItUp Scheduler 3" (Nero BackItUp Scheduler 3) - "Nero AG" - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
"NMIndexingService" (NMIndexingService) - "Nero AG" - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
"Norman ZANDA" (Norman ZANDA) - "Norman ASA" - C:\Program Files\Norman\Npm\Bin\Zanda.exe
"Norman's Very Own supplY of resources" (NVOY) - "Norman ASA" - C:\Program Files\Norman\npm\bin\nvoy.exe
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"PLFlash DeviceIoControl Service" (PLFlash DeviceIoControl Service) - "Prolific Technology Inc." - C:\Windows\system32\IoctlSvc.exe
"PnkBstrA" (PnkBstrA) - ? - C:\Windows\system32\PnkBstrA.exe  (File found, but it contains no detailed information)
"SAS Core Service" (!SASCORE) - "SUPERAntiSpyware.com" - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
"Skype C2C Service" (Skype C2C Service) - "Skype Technologies S.A." - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
"Skype Updater" (SkypeUpdate) - "Skype Technologies" - C:\Program Files\Skype\Updater\Updater.exe
"Steam Client Service" (Steam Client Service) - "Valve Corporation" - C:\Program Files\Common Files\Steam\SteamService.exe
"TeamViewer 7" (TeamViewer7) - "TeamViewer GmbH" - C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
"Windows Live ID Sign-in Assistant" (wlidsvc) - "Microsoft Corporation" - c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

[Winlogon]
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----
" GbPluginBb" - "Banco do Brasil" - C:\Program Files\GbPlugin\gbieh.dll
"!SASWinLogon" - "SUPERAntiSpyware.com" - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

===[ Logfile end ]=========================================[ Logfile end ]===
         

Das ist der Combo Fix Suchlauf

Combofix Logfile:
Code:
ATTFilter
ComboFix 12-08-04.02 - Gabi 04.08.2012  14:59:01.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.2936.1789 [GMT 0:00]
ausgeführt von:: c:\users\TimTobias\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Outdated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Outdated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
 ADS - drivers: deleted 208 bytes in 1 streams. 
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\program files\PermissionResearch
c:\program files\PermissionResearch\prls.dll
c:\program files\PermissionResearch\prls64.dll
c:\program files\PermissionResearch\prmrsr64.exe
c:\program files\PermissionResearch\prservice.exe
c:\users\Gabi\AppData\Roaming\Uninstal.exe
c:\users\Juergen\AppData\Roaming\kikin
c:\users\Juergen\AppData\Roaming\kikin\ff_kkes.xml
c:\users\Juergen\AppData\Roaming\kikin\ie_configuration.xml
c:\users\Juergen\AppData\Roaming\kikin\ie_kkes.xml
c:\users\Juergen\AppData\Roaming\kikin\ie_settings.xml
c:\users\Juergen\AppData\Roaming\Uninstal.exe
c:\users\TimTobias\AppData\Roaming\kikin
c:\users\TimTobias\AppData\Roaming\kikin\ie_configuration.xml
c:\users\TimTobias\AppData\Roaming\kikin\ie_kkes.xml
c:\users\TimTobias\AppData\Roaming\kikin\ie_settings.xml
c:\windows\IsUn0407.exe
c:\windows\security\Database\tmp.edb
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\regtlib.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-07-04 bis 2012-08-04  ))))))))))))))))))))))))))))))
.
.
2012-08-04 14:55 . 2012-08-04 14:55	12568	----a-w-	c:\windows\system32\drivers\PROCEXP113.SYS
2012-08-04 01:57 . 2012-08-04 01:57	56200	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{6F22D769-1B1D-4EE2-BBED-75EF8CF93924}\offreg.dll
2012-08-03 09:34 . 2012-06-29 08:44	6891424	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{6F22D769-1B1D-4EE2-BBED-75EF8CF93924}\mpengine.dll
2012-08-02 12:59 . 2012-08-02 12:59	--------	d-----w-	c:\users\Gabi\AppData\Roaming\SUPERAntiSpyware.com
2012-07-28 21:41 . 2012-07-28 21:41	--------	d-----w-	c:\program files\THQ
2012-07-22 19:20 . 2012-08-03 18:38	--------	d-----w-	c:\program files\Steam
2012-07-18 23:48 . 2012-07-18 23:48	270240	----a-w-	c:\windows\system32\PnkBstrB.xtr
2012-07-18 23:47 . 2012-07-18 23:47	--------	d-----w-	c:\users\Gabi\AppData\Local\PunkBuster
2012-07-18 22:53 . 2012-07-18 23:48	139080	----a-w-	c:\windows\system32\drivers\PnkBstrK.sys
2012-07-18 22:53 . 2012-07-18 22:53	138056	----a-w-	c:\users\Gabi\AppData\Roaming\PnkBstrK.sys
2012-07-18 22:52 . 2012-07-18 23:48	270240	----a-w-	c:\windows\system32\PnkBstrB.exe
2012-07-18 22:52 . 2012-07-18 22:52	189248	----a-w-	c:\windows\system32\PnkBstrB.ex0
2012-07-18 22:52 . 2012-07-18 22:52	75136	----a-w-	c:\windows\system32\PnkBstrA.exe
2012-07-18 22:03 . 2012-07-18 22:03	--------	d-----w-	c:\program files\EA Games
2012-07-12 09:38 . 2012-06-13 13:40	2047488	----a-w-	c:\windows\system32\win32k.sys
2012-07-11 19:09 . 2012-06-05 16:47	708608	----a-w-	c:\program files\Common Files\System\ado\msado15.dll
2012-07-11 19:09 . 2012-06-05 16:47	1401856	----a-w-	c:\windows\system32\msxml6.dll
2012-07-11 19:09 . 2012-06-05 16:47	1248768	----a-w-	c:\windows\system32\msxml3.dll
2012-07-11 19:08 . 2012-06-04 15:26	440704	----a-w-	c:\windows\system32\drivers\ksecdd.sys
2012-07-11 19:08 . 2012-06-02 00:04	278528	----a-w-	c:\windows\system32\schannel.dll
2012-07-11 19:08 . 2012-06-02 00:03	204288	----a-w-	c:\windows\system32\ncrypt.dll
2012-07-10 20:16 . 2012-07-10 20:16	--------	d-----w-	c:\program files\LogMeIn Hamachi
2012-07-08 23:47 . 2012-07-12 23:59	--------	d-----w-	c:\users\TimTobias\riotsGamesLogs
2012-07-05 18:45 . 2012-07-05 18:45	5030088	----a-w-	c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-06 16:56 . 2012-06-06 16:56	476960	----a-w-	c:\windows\system32\npdeployJava1.dll
2012-06-06 16:56 . 2010-12-28 19:41	472864	----a-w-	c:\windows\system32\deployJava1.dll
2012-06-02 22:19 . 2012-06-24 13:00	53784	----a-w-	c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-24 13:00	45080	----a-w-	c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-24 12:59	35864	----a-w-	c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-24 12:59	577048	----a-w-	c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-24 13:00	1933848	----a-w-	c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-24 13:00	2422272	----a-w-	c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-24 12:59	88576	----a-w-	c:\windows\system32\wudriver.dll
2012-06-02 15:19 . 2012-06-24 12:59	171904	----a-w-	c:\windows\system32\wuwebv.dll
2012-06-02 15:12 . 2012-06-24 12:59	33792	----a-w-	c:\windows\system32\wuapp.exe
2012-05-31 12:25 . 2010-09-12 01:05	237072	------w-	c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="oobefldr.dll" [2009-04-10 2153472]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-08-12 150040]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-05 281768]
"Skytel"="Skytel.exe" [2008-07-16 1833504]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-03 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-06-27 1996200]
.
c:\users\Gabi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]
2012-05-09 09:01	1313864	----a-w-	c:\program files\GbPlugin\gbieh.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54	551296	----a-w-	c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-01-03 22:51	37296	----a-w-	c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FSC OSD Utility]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FSCRecovery]
2008-06-18 12:25	268096	----a-w-	c:\program files\Fujitsu Siemens Computers\Fujitsu Siemens Computers Recovery\FSCRecoveryReminder.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google EULA Launcher]
2008-05-28 11:40	20480	----a-w-	c:\program files\Google\Google EULA\GoogleEULALauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2008-08-12 08:59	170520	----a-w-	c:\windows\System32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Launch Manager]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
2012-06-27 12:29	1996200	----a-w-	c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norman ZANDA]
2007-12-17 12:37	273520	----a-w-	c:\program files\Norman\Npm\Bin\Zlh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando Media Booster]
2012-07-02 17:41	3093624	----a-w-	c:\program files\Pando Networks\Media Booster\PMB.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2008-08-12 09:00	145944	----a-w-	c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
2008-02-26 01:23	443968	----a-w-	c:\program files\Picasa2\PicasaMediaDetector.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-09-08 09:17	421888	----a-w-	c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2008-07-16 17:01	6253088	----a-w-	c:\windows\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2012-02-29 08:55	17148552	----a-r-	c:\program files\Skype\Phone\Skype.exe
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [x]
S2 ACEDRV09;ACEDRV09;c:\windows\system32\drivers\ACEDRV09.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2012-08-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 20:01]
.
2011-11-28 c:\windows\Tasks\DriverEasy Scheduled Scan.job
- c:\program files\Easeware\DriverEasy\DriverEasy.exe [2011-11-12 12:38]
.
2012-08-03 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-796801859-272985792-655912762-1001Core.job
- c:\users\TimTobias\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-03-23 23:26]
.
2012-08-04 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-796801859-272985792-655912762-1001UA.job
- c:\users\TimTobias\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-03-23 23:26]
.
2012-08-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-02 21:03]
.
2012-08-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-02 21:03]
.
.
------- Zusätzlicher Suchlauf -------
.
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=FUJD&bmod=FUJD
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
FF - ProfilePath - c:\users\Gabi\AppData\Roaming\Mozilla\Firefox\Profiles\1glfvulm.default\
FF - prefs.js: browser.search.selectedEngine - 
FF - prefs.js: browser.startup.homepage - hxxp://www.t-online.de/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Skype Click to Call: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Battlefield Heroes Updater: battlefieldheroespatcher@ea.com - %profile%\extensions\battlefieldheroespatcher@ea.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{c840e246-6b95-475e-9bd7-caa1c7eca9f2} - (no file)
Toolbar-{c840e246-6b95-475e-9bd7-caa1c7eca9f2} - (no file)
HKU-Default-Run-fsc-reg - c:\fsc-reg\fscreg.exe
MSConfigStartUp-facemoods - c:\program files\facemoods.com\facemoods\1.4.17.3\facemoodssrv.exe
MSConfigStartUp-Google Desktop Search - c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
MSConfigStartUp-KiesTrayAgent - c:\program files\Samsung\Kies\/\KiesTrayAgent.exe
MSConfigStartUp-NPCTray - c:\program files\Norman\npc\bin\npc_tray.exe
AddRemove-Minecraft 1.2.0_02 - c:\users\Gabi\AppData\Roaming\Uninstal.exe
AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-15_Symbian_Samsung_PC_DLC_Driver - c:\program files\Samsung\USB Drivers\15_Symbian_Samsung_PC_DLC_Driver\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-08-04 15:07
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-796801859-272985792-655912762-1005\Software\SecuROM\License information*]
"datasecu"=hex:79,dc,a6,16,b4,73,e6,d5,25,ee,79,5e,a1,1f,b2,15,60,ce,9f,fd,f8,
   5b,87,23,e1,69,7a,63,53,11,00,ab,f9,56,cb,03,09,03,ac,11,da,cd,9a,96,fc,8b,\
"rkeysecu"=hex:51,57,33,cb,ac,7d,61,a1,4b,7f,00,15,3d,00,b6,83
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(228)
c:\windows\system32\n
.
Zeit der Fertigstellung: 2012-08-04  15:09:54
ComboFix-quarantined-files.txt  2012-08-04 15:09
.
Vor Suchlauf: 6.341.738.496 Bytes frei
Nach Suchlauf: 22 Verzeichnis(se), 65.036.894.208 Bytes frei
.
- - End Of File - - 693E43DDE12049DBEE14C875B5C24821
         
--- --- ---


Nebenbei gesagt hatt sich das Antivir lange nicht mehr wegen dem ATRAPS.gen gemeldet.

Gruß Tim

Tschuldigung für den Doppelpost aber der "ATRAPS.gen" und "ATRAPS.gen2" Trojaner wird immer noch gefunden und zudem öffnet sich jetzt oft immer eine Anzeige die sacht "Hostprozesse für Windows-DInste funktionieren nicht mehr".


Alt 04.08.2012, 18:32   #6
Chris4You
 
"ATRAPS.gen" und "ATRAPS.gen2" Trojaner Fund - Standard

"ATRAPS.gen" und "ATRAPS.gen2" Trojaner Fund



Hi,

nachmal die Frage noch Homebanking-SW, hast Du da was auf dem Rechner?
Ich würde gerne den Treiber der "Banco de Brasil" entfernen...

Auch Combofix findet das Rootkit nicht, ein Versuch noch mit Hitmann...
Wie lautet genau die Anzeige von Avira?

Hitman
Lade Dir die passende Version von Hitman runter (32/64Bit), laufen lassen und Log posten.
ACHTUNG: Firewall muss für Hitman geöffnet sein (Zugriff unbedingt erlauben!)
Downloads - SurfRight
Für die Beseitigung kann eine temp. Lizenz (30 Tage) georderter werden (gibt dazu einen Reiter ;o)... . Nach den 30 Tagen deinstallieren, dann entfernt er nichts mehr (außer Ihr erwerbt eine Lizenz)...

chris
__________________
--> "ATRAPS.gen" und "ATRAPS.gen2" Trojaner Fund

Alt 04.08.2012, 19:31   #7
TimTobi
 
"ATRAPS.gen" und "ATRAPS.gen2" Trojaner Fund - Standard

"ATRAPS.gen" und "ATRAPS.gen2" Trojaner Fund



Kann gerne gelöscht werden, dass muss wohl ein Freund von mir damals durch die nutzung der Bank Installiert haben.

Und den HitmanPro hab ich durchlaufen lassen allerdings kein Log bekommen. :/

In Quarantäne hatt er die ComboFix.exe gesteckt und entfernt hatt er eine Datei unter AppData\Local\"...." names N.

ALlerdings bekomme ich immer noch die Meldungen von Avira. :/

Alt 05.08.2012, 19:39   #8
Chris4You
 
"ATRAPS.gen" und "ATRAPS.gen2" Trojaner Fund - Standard

"ATRAPS.gen" und "ATRAPS.gen2" Trojaner Fund



Hi,

poste mal die (genaue) Meldung von Avira.
Die Datei die Hitman gefunden hat sollte die hier sein:
c:\windows\system32\n

OTL:
  • Doppelklick auf die OTL.exe, um das Programm auszuführen.
  • Vista/Win7-User bitte per Rechtsklick und "Ausführen als Administrator" starten.
  • Kopiere den Inhalt der folgenden Codebox komplett in die OTL-Box unter "Custom Scan/Fixes"

Code:
ATTFilter
:OTL
O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Programme\GbPlugin\gbieh.dll (Banco do Brasil)
O20 - Winlogon\Notify\ GbPluginBb: DllName - (C:\Program Files\GbPlugin\gbieh.dll) - C:\Programme\GbPlugin\gbieh.dll (Banco do Brasil)
O28 - HKLM ShellExecuteHooks: {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\Programme\GbPlugin\gbieh.dll (Banco do Brasil)

:Commands
[purity]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
         
  • Den roten Run Fixes! Button anklicken.
  • Bitte alles aus dem Ergebnisfenster (Results) herauskopieren.
  • Eine Kopie eines OTL-Fix-Logs wird in einer Textdatei in folgendem Ordner gespeichert:
  • %systemroot%\_OTL

Combofix neu runterlanden [url]http://download.bleepingcomputer.com/sUBs/ComboFix.exe[/url und wie folgt vorgehen:

ComboFix-Script
Die nachfolgenden Zeilen (ohne Zitat!) abkopieren und in den Windows-Editor(start->Programme->zubehör->edior)
kopieren und auf dem Desktop unter dem Namen "CFScript.txt" speichern (ohne Anführungszeichen!).
Code:
ATTFilter
Folder::
c:\windows\system32\n
         
Danach die CFScript.txt mit der Mause anklicken und gedrückt halten und über dem ComboFix-Symbol fallen lassen
(Maustaste loslassen, nennt man "Drag-and-Drop";o).
Jetzt sollte combofix starten und das script ausführen, poste das combofix-Log!

chris
__________________
Don't bring me down
Vor dem posten beachten!
Spenden
(Wer spenden will, kann sich gerne melden )

Alt 20.08.2012, 07:39   #9
TimTobi
 
"ATRAPS.gen" und "ATRAPS.gen2" Trojaner Fund - Standard

"ATRAPS.gen" und "ATRAPS.gen2" Trojaner Fund



So da binich wieder. Entschuldige das es so lange gedauert hatt ich hätte villeicht sagen sollen das ich in den Urlaub gehe.

Ich habe jetzt seit sehr langem keine Meldung mehr bekommen.
Hier aber erstmal die Logs:


OTL
HTML-Code:
All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C41A1C0E-EA6C-11D4-B1B8-444553540000}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C41A1C0E-EA6C-11D4-B1B8-444553540000}\ deleted successfully.
File move failed. C:\Programme\GbPlugin\gbieh.dll scheduled to be moved on reboot.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ GbPluginBb\ deleted successfully.
File move failed. C:\Programme\GbPlugin\gbieh.dll scheduled to be moved on reboot.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{E37CB5F0-51F5-4395-A808-5FA49E399F83} deleted successfully.
Unable to delete registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E37CB5F0-51F5-4395-A808-5FA49E399F83}\ .
File move failed. C:\Programme\GbPlugin\gbieh.dll scheduled to be moved on reboot.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56478 bytes
 
User: Default User
 
User: Gabi
->Temp folder emptied: 26192765 bytes
->Temporary Internet Files folder emptied: 9831521 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 343 bytes
 
User: Juergen
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
User: TimTobias
->Temp folder emptied: 5063808 bytes
->Temporary Internet Files folder emptied: 38511378 bytes
->Java cache emptied: 2450390 bytes
->FireFox cache emptied: 120115216 bytes
->Flash cache emptied: 84165 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1310728193 bytes
RecycleBin emptied: 2064248 bytes
 
Total Files Cleaned = 1.445,00 mb
 

 
OTL by OldTimer - Version 3.2.31.0 log created on 08202012_005649

Files\Folders moved on Reboot...
File move failed. C:\Programme\GbPlugin\gbieh.dll scheduled to be moved on reboot.

Registry entries deleted on Reboot...
ComboFix
Combofix Logfile:
Code:
ATTFilter
ComboFix 12-08-18.03 - Gabi 20.08.2012   1:27.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.2936.1887 [GMT 0:00]
ausgeführt von:: c:\users\TimTobias\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\TimTobias\Desktop\CFScript.txt
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
 ADS - drivers: deleted 208 bytes in 1 streams. 
.
(((((((((((((((((((((((   Dateien erstellt von 2012-07-20 bis 2012-08-20  ))))))))))))))))))))))))))))))
.
.
2012-08-20 01:36 . 2012-08-20 01:37	--------	d-----w-	c:\users\Gabi\AppData\Local\temp
2012-08-20 01:36 . 2012-08-20 01:36	--------	d-----w-	c:\users\TimTobias\AppData\Local\temp
2012-08-20 01:36 . 2012-08-20 01:36	--------	d-----w-	c:\users\Juergen\AppData\Local\temp
2012-08-20 01:36 . 2012-08-20 01:36	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-08-18 15:02 . 2012-08-18 15:02	--------	d-----w-	c:\users\TimTobias\AppData\Roaming\MAGIX
2012-08-18 15:01 . 2012-08-18 15:01	--------	d-----w-	c:\users\Gabi\AppData\Roaming\MAGIX
2012-08-18 14:55 . 2012-08-18 16:44	--------	d-----w-	c:\programdata\MAGIX
2012-08-18 14:54 . 2012-08-18 14:54	--------	d-----w-	c:\program files\MSXML 4.0
2012-08-18 14:30 . 2012-08-18 14:30	--------	d-----w-	c:\program files\Common Files\Adobe AIR
2012-08-18 14:23 . 2012-08-18 14:23	--------	d-----w-	c:\users\TimTobias\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
2012-08-17 12:04 . 2012-08-18 13:27	--------	d-----w-	c:\programdata\ScreenVCR
2012-08-17 12:04 . 2012-08-17 12:04	--------	d-----w-	c:\program files\TotalScreenRecorder_Gold
2012-08-17 12:04 . 2003-08-27 15:43	499712	----a-w-	c:\windows\system32\msvcp71.dll
2012-08-17 12:04 . 2003-03-19 13:19	1060864	----a-w-	c:\windows\system32\MFC71.dll
2012-08-17 12:04 . 2003-02-21 20:42	348160	----a-w-	c:\windows\system32\msvcr71.dll
2012-08-17 11:50 . 2012-06-29 08:44	6891424	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{7BFCD025-3CDF-441C-95DB-ED17A7E4D126}\mpengine.dll
2012-08-15 12:30 . 2012-05-11 15:57	623616	----a-w-	c:\windows\system32\localspl.dll
2012-08-04 20:52 . 2012-08-04 20:52	--------	d-----w-	c:\programdata\RoboForm
2012-08-04 20:21 . 2012-08-04 20:21	--------	d-----w-	c:\program files\HitmanPro
2012-08-04 20:14 . 2012-08-04 20:14	27424	----a-w-	c:\windows\system32\drivers\hitmanpro36.sys
2012-08-04 20:06 . 2012-08-04 20:12	--------	d-----w-	c:\programdata\HitmanPro
2012-08-04 14:55 . 2012-08-20 01:21	12568	----a-w-	c:\windows\system32\drivers\PROCEXP113.SYS
2012-08-02 12:59 . 2012-08-02 12:59	--------	d-----w-	c:\users\Gabi\AppData\Roaming\SUPERAntiSpyware.com
2012-07-28 21:41 . 2012-07-28 21:41	--------	d-----w-	c:\program files\THQ
2012-07-22 19:20 . 2012-08-20 01:00	--------	d-----w-	c:\program files\Steam
2012-07-21 07:11 . 2012-07-21 07:11	65536	----a-w-	c:\windows\system32\frapsvid.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-18 23:48 . 2012-07-18 22:53	139080	----a-w-	c:\windows\system32\drivers\PnkBstrK.sys
2012-07-18 23:48 . 2012-07-18 23:48	270240	----a-w-	c:\windows\system32\PnkBstrB.xtr
2012-07-18 23:48 . 2012-07-18 22:52	270240	----a-w-	c:\windows\system32\PnkBstrB.exe
2012-07-18 22:53 . 2012-07-18 22:53	138056	----a-w-	c:\users\Gabi\AppData\Roaming\PnkBstrK.sys
2012-07-18 22:52 . 2012-07-18 22:52	189248	----a-w-	c:\windows\system32\PnkBstrB.ex0
2012-07-18 22:52 . 2012-07-18 22:52	75136	----a-w-	c:\windows\system32\PnkBstrA.exe
2012-06-06 20:59 . 2012-06-06 20:59	1070152	----a-w-	c:\windows\system32\MSCOMCTL.OCX
2012-06-06 16:56 . 2012-06-06 16:56	476960	----a-w-	c:\windows\system32\npdeployJava1.dll
2012-06-06 16:56 . 2010-12-28 19:41	472864	----a-w-	c:\windows\system32\deployJava1.dll
2012-06-05 16:47 . 2012-07-11 19:09	1401856	----a-w-	c:\windows\system32\msxml6.dll
2012-06-05 16:47 . 2012-07-11 19:09	1248768	----a-w-	c:\windows\system32\msxml3.dll
2012-06-04 15:26 . 2012-07-11 19:08	440704	----a-w-	c:\windows\system32\drivers\ksecdd.sys
2012-06-02 22:19 . 2012-06-24 13:00	53784	----a-w-	c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-24 13:00	45080	----a-w-	c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-24 12:59	35864	----a-w-	c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-24 12:59	577048	----a-w-	c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-24 13:00	1933848	----a-w-	c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-24 13:00	2422272	----a-w-	c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-24 12:59	88576	----a-w-	c:\windows\system32\wudriver.dll
2012-06-02 15:19 . 2012-06-24 12:59	171904	----a-w-	c:\windows\system32\wuwebv.dll
2012-06-02 15:12 . 2012-06-24 12:59	33792	----a-w-	c:\windows\system32\wuapp.exe
2012-06-02 00:04 . 2012-07-11 19:08	278528	----a-w-	c:\windows\system32\schannel.dll
2012-06-02 00:03 . 2012-07-11 19:08	204288	----a-w-	c:\windows\system32\ncrypt.dll
2012-05-31 12:25 . 2010-09-12 01:05	237072	------w-	c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="oobefldr.dll" [2009-04-10 2153472]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-08-12 150040]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-05 281768]
"Skytel"="Skytel.exe" [2008-07-16 1833504]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-03 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\users\Gabi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]
2012-05-09 09:01	1313864	----a-w-	c:\program files\GbPlugin\gbieh.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54	551296	----a-w-	c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-01-03 22:51	37296	----a-w-	c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FSC OSD Utility]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FSCRecovery]
2008-06-18 12:25	268096	----a-w-	c:\program files\Fujitsu Siemens Computers\Fujitsu Siemens Computers Recovery\FSCRecoveryReminder.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google EULA Launcher]
2008-05-28 11:40	20480	----a-w-	c:\program files\Google\Google EULA\GoogleEULALauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2008-08-12 08:59	170520	----a-w-	c:\windows\System32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Launch Manager]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
2012-06-27 12:29	1996200	----a-w-	c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norman ZANDA]
2007-12-17 12:37	273520	----a-w-	c:\program files\Norman\Npm\Bin\Zlh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando Media Booster]
2012-07-02 17:41	3093624	----a-w-	c:\program files\Pando Networks\Media Booster\PMB.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2008-08-12 09:00	145944	----a-w-	c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
2008-02-26 01:23	443968	----a-w-	c:\program files\Picasa2\PicasaMediaDetector.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-09-08 09:17	421888	----a-w-	c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2008-07-16 17:01	6253088	----a-w-	c:\windows\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2012-02-29 08:55	17148552	----a-r-	c:\program files\Skype\Phone\Skype.exe
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [x]
S2 ACEDRV09;ACEDRV09;c:\windows\system32\drivers\ACEDRV09.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2012-08-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 20:01]
.
2011-11-28 c:\windows\Tasks\DriverEasy Scheduled Scan.job
- c:\program files\Easeware\DriverEasy\DriverEasy.exe [2011-11-12 12:38]
.
2012-08-19 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-796801859-272985792-655912762-1001Core.job
- c:\users\TimTobias\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-03-23 23:26]
.
2012-08-19 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-796801859-272985792-655912762-1001UA.job
- c:\users\TimTobias\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-03-23 23:26]
.
2012-08-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-02 21:03]
.
2012-08-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-02 21:03]
.
.
------- Zusätzlicher Suchlauf -------
.
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=FUJD&bmod=FUJD
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
FF - ProfilePath - c:\users\Gabi\AppData\Roaming\Mozilla\Firefox\Profiles\1glfvulm.default\
FF - prefs.js: browser.search.selectedEngine - 
FF - prefs.js: browser.startup.homepage - hxxp://www.t-online.de/
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{c840e246-6b95-475e-9bd7-caa1c7eca9f2} - (no file)
Toolbar-{c840e246-6b95-475e-9bd7-caa1c7eca9f2} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-08-20 01:36
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-796801859-272985792-655912762-1005\Software\SecuROM\License information*]
"datasecu"=hex:79,dc,a6,16,b4,73,e6,d5,25,ee,79,5e,a1,1f,b2,15,60,ce,9f,fd,f8,
   5b,87,23,e1,69,7a,63,53,11,00,ab,f9,56,cb,03,09,03,ac,11,da,cd,9a,96,fc,8b,\
"rkeysecu"=hex:51,57,33,cb,ac,7d,61,a1,4b,7f,00,15,3d,00,b6,83
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2012-08-20  01:42:35
ComboFix-quarantined-files.txt  2012-08-20 01:42
ComboFix2.txt  2012-08-04 15:09
.
Vor Suchlauf: 21 Verzeichnis(se), 32.421.163.008 Bytes frei
Nach Suchlauf: 23 Verzeichnis(se), 48.373.886.976 Bytes frei
.
- - End Of File - - 9599920AF29709FBC0891EBB2DAF53B6
         
--- --- ---



Zudem hab ich allerdings nu das Problem das ich meinen Desktop nicht mehr bearbeiten kann. Immer wenn ich ein Desktop-Item verschiebe und darauf hin den Desktop aktuallisiere, springt das Item zurück zum Linken Rand.
Bei google konnte ich keine Passende Lösung finden und\oder sie hatt nichts genützt. Mit dem ausrichten und Desktop-Einstellungen hab ich auch schon rumprobiert.

Nunja, nochmals entschuldigung das ich mich so lange nicht meldete. Ich hoffe du hast nicht vergebens auf mich gewartet. Hahaha

Gruß Tim

Alt 20.08.2012, 08:05   #10
Chris4You
 
"ATRAPS.gen" und "ATRAPS.gen2" Trojaner Fund - Standard

"ATRAPS.gen" und "ATRAPS.gen2" Trojaner Fund



Hi,

heute bin ich allerdings den letzten Tag hier, dann bin ich in Urlaub...

Erstelle und poste ein neues OTL-log...

chris
__________________
Don't bring me down
Vor dem posten beachten!
Spenden
(Wer spenden will, kann sich gerne melden )

Alt 20.08.2012, 12:21   #11
TimTobi
 
"ATRAPS.gen" und "ATRAPS.gen2" Trojaner Fund - Standard

"ATRAPS.gen" und "ATRAPS.gen2" Trojaner Fund



Hehe, tja dann muss ich wohl auch einmal warten. Wohin gehts denn ?

Naja hier ist der OTL-Log ersteinmal.

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 20.08.2012 13:04:18 - Run 4
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\TimTobias\Desktop\Nette Progs
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,87 Gb Total Physical Memory | 1,98 Gb Available Physical Memory | 69,23% Memory free
5,96 Gb Paging File | 4,92 Gb Available in Paging File | 82,59% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 303,84 Gb Total Space | 26,89 Gb Free Space | 8,85% Space Free | Partition Type: NTFS
Drive D: | 152,92 Gb Total Space | 148,62 Gb Free Space | 97,19% Space Free | Partition Type: NTFS
 
Computer Name: DERCOMPUTER | User Name: Gabi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Programme\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
PRC - C:\Programme\GbPlugin\gbpsv.exe ( )
PRC - C:\Users\TimTobias\Desktop\Nette Progs\OTL.exe (OldTimer Tools)
PRC - C:\Programme\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - c:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
PRC - c:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe (Fujitsu Siemens Computers)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Norman\Npm\Bin\Zanda.exe (Norman ASA)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Programme\WinRAR\RarExt.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
SRV - (Hamachi2Svc) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SRV - (GbpSv) -- C:\Programme\GbPlugin\gbpsv.exe ( )
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (TeamViewer7) -- C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (TestHandler) -- C:\Program Files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe (Fujitsu Siemens Computers)
SRV - (NVOY) -- C:\Program Files\Norman\npm\bin\nvoy.exe (Norman ASA)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (Norman ZANDA) -- C:\Program Files\Norman\Npm\Bin\Zanda.exe (Norman ASA)
SRV - (eLoggerSvc6) -- C:\Program Files\Norman\Npm\Bin\Elogsvc.exe (Norman ASA)
SRV - (FSCLBaseUpdaterService) -- C:\Program Files\Fujitsu Siemens Computers\FSCLounge\FSCWBaseUpdaterService\2\FSCWBaseUpdaterService.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV - (catchme) --  File not found
DRV - (hitmanpro36) -- C:\Windows\System32\drivers\hitmanpro36.sys ()
DRV - (GbpKm) -- C:\Windows\system32\drivers\gbpkm.sys (GAS Tecnologia)
DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys ()
DRV - (SASDIFSV) -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (ACEDRV09) -- C:\Windows\System32\drivers\ACEDRV09.sys (Protect Software GmbH)
DRV - (dtsoftbus01) -- C:\Windows\System32\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV - (ACEDRV07) -- C:\Windows\System32\drivers\ACEDRV07.sys (Protect Software GmbH)
DRV - (FsUsbExDisk) -- C:\Windows\System32\FsUsbExDisk.Sys ()
DRV - (sscemdm) -- C:\Windows\System32\drivers\sscemdm.sys (MCCI Corporation)
DRV - (sscebus) SAMSUNG USB Composite Device V2 driver (WDM) -- C:\Windows\System32\drivers\sscebus.sys (MCCI Corporation)
DRV - (sscemdfl) -- C:\Windows\System32\drivers\sscemdfl.sys (MCCI Corporation)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (RTL8187B) -- C:\Windows\System32\drivers\RTL8187B.sys (Realtek Semiconductor Corporation                           )
DRV - (ahcix86s) -- C:\Windows\system32\drivers\ahcix86s.sys (AMD Technologies Inc.)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation                                            )
DRV - (JRAID) -- C:\Windows\system32\drivers\jraid.sys (JMicron Technology Corp.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=FUJD&bmod=FUJD
 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: "hxxp://www.t-online.de/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:6.1.0.10441
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}:6.0.32
FF - prefs.js..extensions.enabledItems: battlefieldheroespatcher@ea.com:5.0.145.0
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_228.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.12.11 19:45:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.06.06 16:56:36 | 000,000,000 | ---D | M]
 
[2011.01.23 20:08:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gabi\AppData\Roaming\mozilla\Extensions
[2012.07.18 23:46:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gabi\AppData\Roaming\mozilla\Firefox\Profiles\1glfvulm.default\extensions
[2011.01.23 20:09:39 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Gabi\AppData\Roaming\mozilla\Firefox\Profiles\1glfvulm.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012.07.18 22:02:49 | 000,000,000 | ---D | M] (Battlefield Heroes Updater) -- C:\Users\Gabi\AppData\Roaming\mozilla\Firefox\Profiles\1glfvulm.default\extensions\battlefieldheroespatcher@ea.com
[2012.07.18 23:46:51 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.07.18 21:59:48 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2010.12.28 19:41:59 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2012.06.06 16:57:04 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}
[2010.11.12 12:45:19 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.11.12 12:45:19 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010.11.12 12:45:19 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.11.12 12:45:20 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
 
========== Chrome  ==========
 
 
O1 HOSTS File: ([2012.08.04 15:07:08 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Programme\GbPlugin\gbieh.dll (Banco do Brasil)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - Startup: C:\Users\Gabi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Programme\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0169DC82-20BB-43D7-9C30-B0DA25C3A568}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AFA7E0B6-A087-4954-92D6-2FA645EC1AF7}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D0E9E3E0-3468-44F4-8735-70FF3931833B}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\ GbPluginBb: DllName - (C:\Program Files\GbPlugin\gbieh.dll) - C:\Programme\GbPlugin\gbieh.dll (Banco do Brasil)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Programme\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programme\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\Programme\GbPlugin\gbieh.dll (Banco do Brasil)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 21:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.08.20 01:42:50 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012.08.20 01:42:44 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012.08.20 01:42:44 | 000,000,000 | ---D | C] -- C:\Users\Gabi\AppData\Local\temp
[2012.08.18 15:01:48 | 000,000,000 | ---D | C] -- C:\Users\Gabi\AppData\Roaming\MAGIX
[2012.08.18 14:55:10 | 000,000,000 | ---D | C] -- C:\ProgramData\MAGIX
[2012.08.18 14:54:44 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2012.08.18 14:30:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2012.08.17 12:04:29 | 000,000,000 | ---D | C] -- C:\ProgramData\ScreenVCR
[2012.08.17 12:04:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Total Screen Recorder Gold
[2012.08.17 12:04:22 | 000,000,000 | ---D | C] -- C:\Program Files\TotalScreenRecorder_Gold
[2012.08.04 20:52:37 | 000,000,000 | ---D | C] -- C:\ProgramData\RoboForm
[2012.08.04 20:52:10 | 000,000,000 | ---D | C] -- C:\Users\Gabi\Documents\My RoboForm Data
[2012.08.04 20:21:55 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
[2012.08.04 20:06:04 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2012.08.04 14:56:52 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012.08.04 14:56:52 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012.08.04 14:56:52 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012.08.04 14:55:55 | 000,012,568 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Windows\System32\drivers\PROCEXP113.SYS
[2012.08.04 14:55:54 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.08.04 14:55:26 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012.08.02 12:59:07 | 000,000,000 | ---D | C] -- C:\Users\Gabi\AppData\Roaming\SUPERAntiSpyware.com
[2012.07.28 21:41:31 | 000,000,000 | ---D | C] -- C:\Program Files\THQ
[2012.07.22 19:20:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
[2012.07.22 19:20:08 | 000,000,000 | ---D | C] -- C:\Program Files\Steam
[2010.11.03 10:33:35 | 000,695,296 | ---- | C] (AnjoCaido) -- C:\Users\Gabi\AppData\Roaming\MinecraftSP.exe
 
========== Files - Modified Within 30 Days ==========
 
[2012.08.20 12:59:51 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.08.20 12:59:51 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.08.20 12:58:39 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.08.20 12:58:38 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.08.20 11:31:01 | 000,001,154 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-796801859-272985792-655912762-1001UA.job
[2012.08.20 08:22:47 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.08.20 01:21:35 | 000,012,568 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Windows\System32\drivers\PROCEXP113.SYS
[2012.08.20 00:59:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.08.20 00:59:45 | 3079,262,208 | -HS- | M] () -- C:\hiberfil.sys
[2012.08.19 23:31:00 | 000,001,132 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-796801859-272985792-655912762-1001Core.job
[2012.08.19 21:38:45 | 000,436,800 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.08.17 12:04:25 | 000,001,743 | ---- | M] () -- C:\Users\Gabi\Desktop\Total Screen Recorder Gold.lnk
[2012.08.15 00:13:34 | 000,001,822 | ---- | M] () -- C:\Users\Gabi\Desktop\Continue SweetIM Installation.lnk
[2012.08.04 20:14:47 | 000,027,424 | ---- | M] () -- C:\Windows\System32\drivers\hitmanpro36.sys
[2012.08.04 20:12:37 | 000,000,788 | ---- | M] () -- C:\Windows\System32\.crusader
[2012.08.04 15:07:08 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012.07.22 19:20:28 | 000,000,792 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk
 
========== Files Created - No Company Name ==========
 
[2012.08.17 12:04:25 | 000,001,743 | ---- | C] () -- C:\Users\Gabi\Desktop\Total Screen Recorder Gold.lnk
[2012.08.15 00:13:18 | 000,001,822 | ---- | C] () -- C:\Users\Gabi\Desktop\Continue SweetIM Installation.lnk
[2012.08.04 20:14:47 | 000,027,424 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro36.sys
[2012.08.04 20:12:37 | 000,000,788 | ---- | C] () -- C:\Windows\System32\.crusader
[2012.08.04 14:56:52 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.08.04 14:56:52 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.08.04 14:56:52 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.08.04 14:56:52 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.08.04 14:56:52 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.07.22 19:20:28 | 000,000,792 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk
[2012.07.18 22:53:05 | 000,139,080 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2012.07.18 22:53:04 | 000,138,056 | ---- | C] () -- C:\Users\Gabi\AppData\Roaming\PnkBstrK.sys
[2012.07.18 22:52:49 | 000,270,240 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2012.07.18 22:52:45 | 000,075,136 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2011.11.13 21:48:09 | 000,271,360 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2011.11.13 21:47:37 | 000,018,048 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2011.10.27 22:01:45 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll
[2011.09.26 21:53:01 | 000,000,639 | ---- | C] () -- C:\Windows\eReg.dat
[2011.06.18 15:53:25 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011.06.18 15:52:22 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011.04.09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2011.03.06 20:52:38 | 000,000,000 | ---- | C] () -- C:\Windows\System32\Access.dat
[2011.01.24 13:25:09 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2011.01.24 12:57:10 | 000,069,632 | R--- | C] () -- C:\Windows\System32\xmltok.dll
[2011.01.24 12:57:10 | 000,036,864 | R--- | C] () -- C:\Windows\System32\xmlparse.dll
[2010.10.31 07:20:08 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010.09.17 18:51:57 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.09.13 18:53:41 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2010.09.13 18:53:41 | 000,036,640 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2010.09.11 10:41:05 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010.09.11 08:51:24 | 000,000,342 | ---- | C] () -- C:\Windows\{9A3BC157-B94F-4EFD-ABA9-1E56DEB00655}_WiseFW.ini
[2008.10.20 13:37:54 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1527.dll
[2008.10.20 13:37:53 | 002,192,024 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2008.10.20 13:37:52 | 000,495,376 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2008.10.20 13:37:52 | 000,147,172 | ---- | C] () -- C:\Windows\System32\igfcg550.bin
[2008.10.20 12:58:30 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008.04.25 12:23:38 | 000,012,288 | ---- | C] () -- C:\Windows\System32\EvOnlDiag.dll
[2008.01.21 07:15:58 | 000,699,828 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008.01.21 07:15:58 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008.01.21 07:15:58 | 000,157,120 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008.01.21 07:15:58 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2007.07.23 08:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2007.07.23 08:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2007.07.23 08:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2007.07.23 08:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2007.07.23 08:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2007.07.23 08:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2007.07.23 08:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2007.07.23 08:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2007.07.23 08:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2007.04.27 10:43:58 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2006.11.02 12:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 12:47:37 | 000,436,800 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 12:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 10:33:01 | 000,655,950 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 10:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 10:33:01 | 000,128,964 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 10:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 10:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 08:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 08:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 07:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 07:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2002.08.01 15:35:04 | 000,002,831 | ---- | C] () -- C:\Windows\wavemix.ini
 
========== LOP Check ==========
 
[2011.12.15 18:55:55 | 000,000,000 | ---D | M] -- C:\Users\Gabi\AppData\Roaming\.minecraft
[2012.01.11 21:51:03 | 000,000,000 | ---D | M] -- C:\Users\Gabi\AppData\Roaming\DAEMON Tools Lite
[2011.11.12 20:22:32 | 000,000,000 | ---D | M] -- C:\Users\Gabi\AppData\Roaming\Easeware
[2011.11.12 20:12:53 | 000,000,000 | ---D | M] -- C:\Users\Gabi\AppData\Roaming\fltk.org
[2011.09.29 13:49:51 | 000,000,000 | ---D | M] -- C:\Users\Gabi\AppData\Roaming\Leadertech
[2012.07.03 10:21:30 | 000,000,000 | ---D | M] -- C:\Users\Gabi\AppData\Roaming\LolClient
[2012.08.18 15:01:48 | 000,000,000 | ---D | M] -- C:\Users\Gabi\AppData\Roaming\MAGIX
[2012.05.04 06:51:51 | 000,000,000 | ---D | M] -- C:\Users\Gabi\AppData\Roaming\Propellerhead Software
[2012.06.17 15:13:03 | 000,000,000 | ---D | M] -- C:\Users\Gabi\AppData\Roaming\uTorrent
[2011.01.18 23:30:31 | 000,000,000 | ---D | M] -- C:\Users\Gabi\AppData\Roaming\wxMozBrowserLib
[2012.05.10 23:22:14 | 000,000,000 | ---D | M] -- C:\Users\Gabi\AppData\Roaming\YoudaGames
[2011.11.28 10:21:52 | 000,000,404 | ---- | M] () -- C:\Windows\Tasks\DriverEasy Scheduled Scan.job
[2012.08.19 23:31:00 | 000,001,132 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-796801859-272985792-655912762-1001Core.job
[2012.08.20 11:31:01 | 000,001,154 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-796801859-272985792-655912762-1001UA.job
[2012.08.20 00:58:47 | 000,032,606 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 208 bytes -> C:\Windows\System32\drivers:GbpKmAp.lst

< End of report >
         
--- --- ---

Alt 22.08.2012, 11:53   #12
TimTobi
 
"ATRAPS.gen" und "ATRAPS.gen2" Trojaner Fund - Standard

"ATRAPS.gen" und "ATRAPS.gen2" Trojaner Fund



Ich habe grade auch wieder Virenmeldungen bekommen hier einmal ganz genau was mir AntiVir gibt:

Meldung 1
HTML-Code:
C:\Users\TimTobias\AppData\Local\{ea168947-5v96-9785-e72d-62407ddcd2a4}\U\80000000.@  
Ist das Trojanische Pferd TR/ATRAPS.Gen  Aktion: In Quarantäne verschieben
Meldung 2
HTML-Code:
C:\Users\TimTobias\AppData\Local\{ea168947-5v96-9785-e72d-62407ddcd2a4}\U\800000cb.@
Ist das Trojanische Pferd TR/ATRAPS.Gen2  Aktion: In Quarantäne verschieben
Zudem hatte ich gestern den berühmten "Live Security Platinium"-Virus.
Ich hab den dann beim zweiten Hochfahren mit den Anti maleware und allem andren löschen können seit dem funktioniert mein Desktop wieder und seit dem meldet sich auch Antivirus wieder wegen den ATRAPS.

Alt 06.09.2012, 16:03   #13
TimTobi
 
"ATRAPS.gen" und "ATRAPS.gen2" Trojaner Fund - Standard

"ATRAPS.gen" und "ATRAPS.gen2" Trojaner Fund



So ich konnte jetzt echt nicht mehr warten. Ich hab mein Computer jetzt wieder neu aufgespielt "amilo recovery vorgang", so in der Art hieß das.

Ich denke das war, dass beste was ich machen konnte. Zu letzt kahm noch ein Virus, wo ich doch wegen Kinderpornografie meinen Rechner für 100 € wieder freischalten könnte, da er vom BKA gesperrt sei.

Naja jetzt leuft alles glatt. Vielen Dank für die Hilfe, sollte jetzt troztdem noch was kommen melde ich mich wieder sofort.

Vielen Dank !!!!!

Alt 11.09.2012, 14:45   #14
Chris4You
 
"ATRAPS.gen" und "ATRAPS.gen2" Trojaner Fund - Standard

"ATRAPS.gen" und "ATRAPS.gen2" Trojaner Fund



Hi,

sorry, war im Urlaub... Hab zwar mal versucht per Palm Pre hier reinzukommen bin aber immer nach der Anmeldung wieder rausgeflogen ("Sie haben keine Berechtigung etc.")...

Das war ein Rootkit das gerne in Verbindung mit "Liver Security" auftritt...

chris
__________________
Don't bring me down
Vor dem posten beachten!
Spenden
(Wer spenden will, kann sich gerne melden )

Alt 12.09.2012, 21:31   #15
TimTobi
 
"ATRAPS.gen" und "ATRAPS.gen2" Trojaner Fund - Standard

"ATRAPS.gen" und "ATRAPS.gen2" Trojaner Fund



Keine Benachrichtungen mehr und auch sonst nichts ungewöhnliches

Macht nichts

Antwort

Themen zu "ATRAPS.gen" und "ATRAPS.gen2" Trojaner Fund
7-zip, antivir, avira, bho, desktop, error, excel, firefox, flash player, helper, hijack, hijackthis, home, install.exe, jdownloader, league of legends, logfile, norman, object, office 2007, realtek, registry, scan, security, senden, software, spyware.permissionresearch, svchost.exe, trojaner, virus, vista, visual studio



Ähnliche Themen: "ATRAPS.gen" und "ATRAPS.gen2" Trojaner Fund


  1. Trojaner "TR/ATRAPS.Gen2" auf Rechner
    Log-Analyse und Auswertung - 04.11.2013 (21)
  2. "TR/ATRAPS.Gen2" in "C:\$Recycle.Bin\S-1-5-18\ " gefunden
    Log-Analyse und Auswertung - 27.04.2013 (15)
  3. Avira meldet Trojaner "TR/Sirefef.AG.9" und "TR/ATRAPS.Gen2"
    Plagegeister aller Art und deren Bekämpfung - 26.04.2013 (9)
  4. Virus ATRAPS.Gen2 sowie "services.exe" infiziert
    Plagegeister aller Art und deren Bekämpfung - 13.04.2013 (17)
  5. TR/ATRAPS.Gen2 in der "services.exe" und in "C:\Windows\Installer.."
    Plagegeister aller Art und deren Bekämpfung - 08.02.2013 (5)
  6. services.exe mit "W32/Patched.UC" infiziert || TR/ATRAPS.GEN2 und TR/Sirefref.W.16896 gefunden
    Log-Analyse und Auswertung - 18.10.2012 (1)
  7. Facebook-Virus "weeeeeeerrrr ist daaaaaass? " TR/ATRAPS.Gen2
    Plagegeister aller Art und deren Bekämpfung - 28.08.2012 (11)
  8. "TR/ATRAPS.Gen2" - Win32/Sirefef.EV trojan
    Log-Analyse und Auswertung - 27.08.2012 (1)
  9. W32/Patched.UA in "C:\Windows\System32\services.exe" + TR/Small.FI, TR/ATRAPS.Gen und TR/ATRAPS.GEN2
    Plagegeister aller Art und deren Bekämpfung - 26.08.2012 (2)
  10. "TR/ATRAPS.Gen2" und "TR/Kazy.79800.1"
    Plagegeister aller Art und deren Bekämpfung - 31.07.2012 (2)
  11. AVIRA meldet "W32/Patched.ZA", "TR/ATRAPS.Gen2", "TR/ATRAPS.Gen", "ZR/sirefe.P.487"
    Log-Analyse und Auswertung - 30.07.2012 (9)
  12. Fund von "TR/ATRAPS.Gen2"
    Log-Analyse und Auswertung - 18.07.2012 (3)
  13. unbekannter prozess "datfc86.tmp.exe*32" zusammen mit TR/ATRAPS.gen2
    Plagegeister aller Art und deren Bekämpfung - 05.07.2012 (5)
  14. TR/Small.FI, TR/ATRAPS.Gen, TR/ATRAPS.GEN2 und W32/Patched.UA in "C:\Windows\System32\services.exe"
    Plagegeister aller Art und deren Bekämpfung - 04.07.2012 (15)
  15. Fund von "TR/ATRAPS.Gen2"
    Plagegeister aller Art und deren Bekämpfung - 18.06.2012 (2)
  16. "TR/ATRAPS.Gen" & "TR/ATRAPS.Gen2" gefunden
    Plagegeister aller Art und deren Bekämpfung - 08.06.2012 (1)
  17. "TR/ATRAPS.Gen2 PC" Performance & Stability Analysis Report
    Log-Analyse und Auswertung - 09.11.2011 (1)

Zum Thema "ATRAPS.gen" und "ATRAPS.gen2" Trojaner Fund - Hallo zusammen ich hoffe ihr könnt mir helfen siet heut Morgen tauchte plötzlich ein Virus Fund von Avira auf und meldete die Zwei Trojaner ATRAPS.gen und "".gen2. Ich hab gleich - "ATRAPS.gen" und "ATRAPS.gen2" Trojaner Fund...
Archiv
Du betrachtest: "ATRAPS.gen" und "ATRAPS.gen2" Trojaner Fund auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.