Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Deutsche Post Service E-Mail; Anhang geöffnet (Trojaner?)

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 19.01.2013, 14:32   #1
Andreas78
 
Deutsche Post Service E-Mail; Anhang geöffnet (Trojaner?) - Standard

Deutsche Post Service E-Mail; Anhang geöffnet (Trojaner?)



Hallo Zusammen.

Wie der Titel schon sagt habe ich in einem Zustand der "geistigen Verwirrung" die ZIP Datei eine "Deutsche Post Service" E-Mail geöffent.

"Lieber Kunde,

Es ist unserem Boten leider*+++ misslungen einen Postsendung an Ihre Adresse zuzustellen.
Grund: Ein Fehler in der Leiferanschrift.
Sie konnen Ihre Postsendung in unserer Postabteilung personlich kriegen.
Sie sollen dieses Postetikett drucken lassen, um Ihre Postsendung in der Postabteilung empfangen zu konnen.

Vielen Dank!
Deutsche Post AG."
von "no_reply-525@buchloe.de"

Ich hatte diese E-Mail im Postfach meines Onlinekontos bei t-online. Im Anhang war eine zip-Datei, welche ich runtergeladen habe um diese auf meinem Rechner zu entpacken. Aus Gewohnheit habe ich dies vorher noch durch AVIRA Internetsecurity 2012 geprüft, ohne Warnung.

Bei "ersten" Entpackversuch kam eine Fehlermeldung: ca. "unzip konnte nicht ausgeführt werden, da der Pfad xyz ungültig ist. Geistesgegenwärtig habe ich dies gleich nochmals versucht, mit selben Resultat.

Danach habe ich 7-zip runtergeladen und installiert, in dem "Irrglauben" meine ZIP Software geht nicht.
Danach das selbe Spiel. Runterladen, Entpackungsversuch, Fehlermeldung.
Nachdem ich dies dann nochmals versucht habe, kam ich doch mal auf die Idee, dass ich hier massiv daneben gegriffen habe.

Bin dann über Google auf euer Forum gestoßen und habe mich durch einige der vorhandenen gleichartigen Vorgänge gelesen. Nun hoffe ich, ob mir hier einer für mein System Entwarnung geben kann.

Malwarebytes, defogger, OTL und GMER habe ich durchgeführt (logfiles folgen unten). Zudem dem habe ich mit Antivir Internet Security 2012 mein komplettes System prüfen lassen.

Keins der Systeme hat eine Warnung oder sonstiges gefunden.

Vielleicht hilft es euch bei den logfiles. Bei OTL ist schön bei FILES/FOLDERS die Installation von 7-zip zu sehen. 18.01.2012; 18:53 Uhr. D.h. davor und danach habe ich versucht die zip-Datei zu entpacken.

Die zip Datei habe ich auf meinem Rechner gelöscht. Die E-Mail inkl. zip Datei habe ich noch (online).
Falls diese benötigt wird, bitte kurz beschreiben wie und wem ich diese weiterleiten soll.

Malware logfile:
Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.01.18.08

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Andreas :: ANDREAS-PC [Administrator]

Schutz: Aktiviert

18.01.2013 20:58:04
mbam-log-2013-01-18 (20-58-04).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 327022
Laufzeit: 1 Stunde(n), 33 Minute(n), 33 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         
OTL logfile
Code:
ATTFilter
OTL logfile created on: 18.01.2013 23:17:56 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Andreas\Downloads
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,59 Gb Available Physical Memory | 53,15% Memory free
6,00 Gb Paging File | 4,08 Gb Available in Paging File | 68,11% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 298,09 Gb Total Space | 242,56 Gb Free Space | 81,37% Space Free | Partition Type: NTFS
 
Computer Name: ANDREAS-PC | User Name: Andreas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.01.18 23:17:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Andreas\Downloads\OTL.exe
PRC - [2012.12.29 00:02:24 | 028,539,392 | ---- | M] (Dropbox, Inc.) -- C:\Users\Andreas\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012.12.15 13:45:12 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\Macromed\Flash\FlashUtil32_11_5_502_135_ActiveX.exe
PRC - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.12.14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.11.30 03:55:25 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2012.11.23 03:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012.11.16 17:33:24 | 000,757,280 | ---- | M] (Microsoft Corporation) -- C:\Programme\Internet Explorer\iexplore.exe
PRC - [2012.09.19 15:27:56 | 001,100,680 | ---- | M] (Spigot, Inc.) -- C:\Programme\Common Files\Spigot\Search Settings\SearchSettings.exe
PRC - [2012.09.19 15:21:14 | 000,795,072 | ---- | M] (Spigot, Inc.) -- C:\Programme\Application Updater\ApplicationUpdater.exe
PRC - [2012.08.13 17:48:26 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.07.30 18:52:25 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2012.07.30 18:50:18 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe
PRC - [2012.07.30 18:50:13 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012.07.30 18:49:49 | 000,375,760 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avmailc.exe
PRC - [2012.07.30 18:49:44 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.07.30 18:49:38 | 000,619,472 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avfwsvc.exe
PRC - [2012.07.20 13:01:51 | 014,134,784 | ---- | M] (Deutsche Telekom AG) -- C:\Programme\Netzmanager\netzmanager.exe
PRC - [2012.07.20 13:00:51 | 002,635,776 | ---- | M] (Deutsche Telekom AG) -- C:\Programme\Netzmanager\NMInfraIS2\Netzmanager_Service.exe
PRC - [2012.06.20 12:18:08 | 001,568,976 | ---- | M] (Ask) -- C:\Programme\Ask.com\Updater\Updater.exe
PRC - [2011.07.31 14:07:18 | 000,189,808 | ---- | M] (Haufe-Lexware GmbH & Co. KG) -- C:\Programme\Common Files\Lexware\Update Manager\LxUpdateManager.exe
PRC - [2011.05.28 13:46:56 | 000,803,728 | ---- | M] (IObit) -- C:\Programme\IObit\Advanced SystemCare 4\PMonitor.exe
PRC - [2011.05.28 13:46:56 | 000,412,560 | ---- | M] (IObit) -- C:\Programme\IObit\Advanced SystemCare 4\ASCTray.exe
PRC - [2011.05.28 13:46:56 | 000,353,168 | ---- | M] (IObit) -- C:\Programme\IObit\Advanced SystemCare 4\ASCService.exe
PRC - [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.11.20 13:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2010.03.05 09:01:46 | 000,862,480 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe
PRC - [2010.03.05 08:43:50 | 000,473,360 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2010.01.09 20:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
PRC - [2009.03.30 14:00:54 | 000,221,184 | ---- | M] (Brother Industries, Ltd.) -- C:\Programme\Brother\Brmfcmon\BrMfcMon.exe
PRC - [2009.02.24 14:47:06 | 000,143,360 | ---- | M] (Brother Industries, Ltd.) -- C:\Programme\Brother\Brmfcmon\BrMfimon.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.01.13 12:55:03 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\302207b4fa3083899fd8ab4db98cecc5\System.Management.ni.dll
MOD - [2013.01.13 12:54:29 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\77dfcfed5fd5f67d0d3edc545935bb21\System.Core.ni.dll
MOD - [2013.01.13 12:51:35 | 017,478,656 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\3e79256ce40faa9682f9e3511ca115ea\System.ServiceModel.ni.dll
MOD - [2013.01.13 12:51:13 | 002,347,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\2ad51da1b752b19c992fcefd56eb7c01\System.Runtime.Serialization.ni.dll
MOD - [2013.01.13 12:51:09 | 001,084,928 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\219c68f83fa608b496b163fd6782e696\System.IdentityModel.ni.dll
MOD - [2013.01.13 12:51:07 | 000,256,000 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\eb33bf977e97e97b12e82c18e36fbaee\SMDiagnostics.ni.dll
MOD - [2013.01.13 12:50:38 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d7d20811a7ce7cc589153648cbb1ce5c\PresentationFramework.Aero.ni.dll
MOD - [2013.01.13 12:50:21 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\0ac577a8ad6528ff03b50db5eeeac8be\System.Web.ni.dll
MOD - [2013.01.13 12:50:09 | 000,628,224 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\01c6cb58745f397c9b7ccf3ab7bfc9cd\System.EnterpriseServices.ni.dll
MOD - [2013.01.13 12:50:08 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\536d704e93ffec9b54e4a0312fb5b996\System.Transactions.ni.dll
MOD - [2013.01.13 12:50:06 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\dd20416f723ee13ffb4173ec1afc4ec4\System.Data.ni.dll
MOD - [2013.01.13 12:49:49 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\ff7c9a4f41f7cccc47e696c11b9f8469\PresentationFramework.ni.dll
MOD - [2013.01.13 12:49:25 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\865d2bf19a7af7fab8660a42d92550fe\System.Windows.Forms.ni.dll
MOD - [2013.01.13 12:49:15 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2013.01.13 12:49:09 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\19b3d17c3ce0e264c4fb62028161adf7\PresentationCore.ni.dll
MOD - [2013.01.13 12:48:56 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll
MOD - [2013.01.13 12:48:47 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
MOD - [2013.01.13 12:48:41 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll
MOD - [2013.01.13 12:48:40 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013.01.13 12:48:30 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2013.01.12 17:57:16 | 013,199,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\e43f80b6a3a40323520dd89cb77500a8\System.Windows.Forms.ni.dll
MOD - [2013.01.12 17:57:05 | 001,667,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\b573c6a62bb88df0ee2af59b6a8ca910\System.Drawing.ni.dll
MOD - [2013.01.12 17:56:51 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\43cd41484df96d15df949eb17dd88152\System.Xml.ni.dll
MOD - [2013.01.12 17:56:46 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\5de5d8c1c02e33789e3cf7e3f54c0ec9\System.Configuration.ni.dll
MOD - [2013.01.12 17:56:32 | 009,094,656 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\15872842e3e63ddf0f720f406706198e\System.ni.dll
MOD - [2013.01.12 17:56:20 | 014,412,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3f95a6d480ed1ebe45cf27b770ba94ed\mscorlib.ni.dll
MOD - [2011.05.28 13:47:00 | 000,127,376 | ---- | M] () -- C:\Programme\IObit\Advanced SystemCare 4\ASCv4ExtMenu.dll
MOD - [2011.05.28 13:46:58 | 000,347,024 | ---- | M] () -- C:\Programme\IObit\Advanced SystemCare 4\madexcept_.bpl
MOD - [2011.05.28 13:46:58 | 000,179,088 | ---- | M] () -- C:\Programme\IObit\Advanced SystemCare 4\madbasic_.bpl
MOD - [2011.05.28 13:46:58 | 000,046,480 | ---- | M] () -- C:\Programme\IObit\Advanced SystemCare 4\maddisAsm_.bpl
MOD - [2010.11.13 00:19:34 | 000,098,304 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Serialization.resources\3.0.0.0_de_b77a5c561934e089\System.Runtime.Serialization.resources.dll
MOD - [2010.11.13 00:19:04 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010.11.05 02:58:05 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2009.07.14 09:47:20 | 000,110,592 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationCore.resources\3.0.0.0_de_31bf3856ad364e35\PresentationCore.resources.dll
MOD - [2009.07.14 09:47:15 | 000,167,936 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Xml.resources\2.0.0.0_de_b77a5c561934e089\System.Xml.resources.dll
MOD - [2009.06.10 22:23:19 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2009.02.27 15:38:20 | 000,139,264 | R--- | M] () -- C:\Programme\Brother\BrUtilities\BrLogAPI.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.11.09 11:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.09.19 15:21:14 | 000,795,072 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Programme\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2012.07.30 18:52:25 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.07.30 18:50:18 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService)
SRV - [2012.07.30 18:49:49 | 000,375,760 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService)
SRV - [2012.07.30 18:49:44 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.07.30 18:49:38 | 000,619,472 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avfwsvc.exe -- (AntiVirFirewallService)
SRV - [2012.07.20 13:00:51 | 002,635,776 | ---- | M] (Deutsche Telekom AG) [Auto | Running] -- C:\Programme\Netzmanager\NMInfraIS2\Netzmanager_Service.exe -- (Netzmanager Service)
SRV - [2011.05.28 13:46:56 | 000,353,168 | ---- | M] (IObit) [Auto | Running] -- C:\Programme\IObit\Advanced SystemCare 4\ASCService.exe -- (AdvancedSystemCareService)
SRV - [2010.11.20 13:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2010.03.05 09:01:46 | 000,862,480 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2010.03.05 08:43:50 | 000,473,360 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2010.01.09 20:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010.01.09 20:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2012.12.14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012.12.04 01:12:16 | 000,078,960 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BrSerIb.sys -- (BrSerIb)
DRV - [2012.12.04 01:12:16 | 000,018,800 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BrUsbSib.sys -- (BrUsbSIb)
DRV - [2012.11.13 15:32:10 | 000,112,584 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avfwot.sys -- (avfwot)
DRV - [2012.11.13 15:32:10 | 000,092,008 | ---- | M] (Avira GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avfwim.sys -- (avfwim)
DRV - [2012.07.30 18:53:55 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2012.05.09 17:51:11 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.05.09 17:51:11 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010.11.20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.09.16 16:02:33 | 000,035,040 | ---- | M] (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH) [Kernel | On_Demand | Running] -- C:\Programme\Netzmanager\NMInfraIS2\Driver\TelekomNM3.sys -- (TelekomNM3)
DRV - [2010.07.09 23:37:00 | 011,008,040 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010.06.17 14:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.05.31 10:58:34 | 006,638,080 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (netw5v32)
DRV - [2009.12.03 15:48:44 | 000,625,224 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATSwpWDF.sys -- (ATSwpWDF)
DRV - [2009.02.05 17:39:08 | 000,017,064 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SiWinAcc.sys -- (SiFilter)
DRV - [2009.02.05 17:39:00 | 000,012,200 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SiRemFil.sys -- (SiRemFil)
DRV - [2009.02.05 17:38:24 | 000,212,520 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\Si3531.sys -- (Si3531)
DRV - [2007.01.26 20:09:40 | 000,068,954 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\jl2005c.sys -- (JL2005C)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.web.de/br/ie9_startpage
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.web.de/br/ie9_startpage
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 67 FC AA B3 53 3C CB 01  [binary data]
IE - HKCU\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\6.3\pdfforgeToolbarIE.dll (Spigot, Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {6B1D1FB7-7233-4F7C-802C-21A1DDB12754}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{09038620-190C-402B-A92F-18864E6AB22F}: "URL" = hxxp://go.1und1.de/br/ie9_search_web/?su={searchTerms}
IE - HKCU\..\SearchScopes\{40064957-18EB-412d-9146-3F57E8D92EEC}: "URL" = hxxp://go.web.de/br/ie9_search_pic/?su={searchTerms}
IE - HKCU\..\SearchScopes\{5A817CF6-92D5-4DE5-AC38-82DF8A73EF28}: "URL" = hxxp://go.gmx.net/br/ie9_search_web/?su={searchTerms}
IE - HKCU\..\SearchScopes\{6B1D1FB7-7233-4F7C-802C-21A1DDB12754}: "URL" = hxxp://go.web.de/br/ie9_search_web/?su={searchTerms}
IE - HKCU\..\SearchScopes\{8D27B32E-89EE-460e-82D2-5FC354078EAD}: "URL" = hxxp://go.web.de/br/ie9_search_produkte/?su={searchTerms}
IE - HKCU\..\SearchScopes\{DAFD5B58-85CE-4FF0-BDCA-4F57FA4BF57D}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=302398&p={searchTerms}
IE - HKCU\..\SearchScopes\{DCE59F23-A446-45a5-9459-E68FDC0DE38D}: "URL" = hxxp://go.web.de/br/ie9_search_maps/?su={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Andreas\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\toolbar@web.de: C:\Program Files\WEB.DE Toolbar IE8\Firefox\WEBDE_toolbar [2011.04.03 06:59:09 | 000,000,000 | ---D | M]
 
[2012.01.21 13:33:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andreas\AppData\Roaming\mozilla\Extensions
[2012.01.21 13:33:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andreas\AppData\Roaming\mozilla\Extensions\ideskbrowser@haufe.de
 
O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (WEB.DE Konfiguration) - {17166733-40EA-4432-A85C-AE672FF0E236} - C:\ProgramData\1und1InternetExplorerAddon\BHOXML.dll (1&1 Mail & Media GmbH)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\6.3\pdfforgeToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (WEB.DE Toolbar BHO) - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Programme\WEB.DE Toolbar IE8\uitb.dll (1und1 Mail und Media GmbH)
O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\6.3\pdfforgeToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (WEB.DE Toolbar) - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Programme\WEB.DE Toolbar IE8\uitb.dll (1und1 Mail und Media GmbH)
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (WEB.DE Toolbar) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Programme\WEB.DE Toolbar IE8\uitb.dll (1und1 Mail und Media GmbH)
O3 - HKCU\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [LexwareInfoService] C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG)
O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKCU..\Run: [Advanced SystemCare 4] C:\Programme\IObit\Advanced SystemCare 4\ASCTray.exe (IObit)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Andreas\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Meine Dienste.lnk = C:\Programme\Telekom\Meine Dienste\StartMeineDienste.exe (Deutsche Telekom AG)
O4 - Startup: C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Netzmanager.lnk = C:\Programme\Netzmanager\netzmanager.exe (Deutsche Telekom AG)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {BF3CD111-6278-11D2-9EA3-00A0C9251384} hxxp://www.o2c.de/download/O2CPlayer.CAB (O2C-Player Version 1.x)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2E2443F6-C445-46A8-BA35-8501B93201D8}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\haufereader - No CLSID value found
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\webde {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Programme\WEB.DE Toolbar IE8\uitb.dll (1und1 Mail und Media GmbH)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{0d3bf3c8-a843-11df-b797-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{0d3bf3c8-a843-11df-b797-806e6f6e6963}\Shell\AutoRun\command - "" = D:\ArcticReporter.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.01.18 21:19:22 | 000,000,000 | ---D | C] -- C:\Users\Andreas\Desktop\Stick
[2013.01.18 20:43:19 | 000,000,000 | ---D | C] -- C:\Users\Andreas\AppData\Roaming\Malwarebytes
[2013.01.18 20:43:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.01.18 20:43:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.01.18 20:43:12 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013.01.18 20:43:11 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013.01.18 20:42:55 | 000,000,000 | ---D | C] -- C:\Users\Andreas\AppData\Local\Programs
[2013.01.18 18:53:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2013.01.18 18:53:23 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2013.01.16 20:00:47 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.12.30 12:54:08 | 000,000,000 | ---D | C] -- C:\Users\Andreas\AppData\Local\Telekom
[2012.12.30 12:54:00 | 000,457,336 | ---- | C] (Deutsche Telekom AG) -- C:\Windows\System32\MDS_Uninstall.exe
[2012.12.30 12:54:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Telekom
[2012.12.30 12:53:58 | 000,000,000 | ---D | C] -- C:\Program Files\Telekom
[2012.12.30 11:42:20 | 000,000,000 | ---D | C] -- C:\Users\Andreas\AppData\Local\ElevatedDiagnostics
[2012.12.25 10:46:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Netzmanager
[2012.12.25 10:46:18 | 000,000,000 | ---D | C] -- C:\Program Files\Netzmanager
[2012.12.25 10:46:08 | 000,000,000 | -H-D | C] -- C:\ProgramData\{87B61FE8-334F-4066-B7AA-68DC81782D4D}
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.01.18 23:22:53 | 000,472,749 | ---- | M] () -- C:\Users\Andreas\Documents\ANDREAS-PC_Andreas_2013_ 1_18.csv
[2013.01.18 23:16:26 | 000,000,000 | ---- | M] () -- C:\Users\Andreas\defogger_reenable
[2013.01.18 21:19:57 | 000,654,166 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.01.18 21:19:57 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.01.18 21:19:57 | 000,130,006 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.01.18 21:19:57 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.01.18 20:44:29 | 000,014,608 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.01.18 20:44:29 | 000,014,608 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.01.18 20:43:14 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.01.18 20:36:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.01.18 20:36:00 | 2414,682,112 | -HS- | M] () -- C:\hiberfil.sys
[2013.01.18 18:33:07 | 000,002,669 | ---- | M] () -- C:\Users\Public\Desktop\TAXMAN 2013.lnk
[2013.01.16 20:01:02 | 000,001,984 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2013.01.13 12:46:58 | 000,421,328 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.01.05 16:26:28 | 000,000,425 | ---- | M] () -- C:\Windows\BRWMARK.INI
[2013.01.05 16:26:28 | 000,000,027 | ---- | M] () -- C:\Windows\BRPP2KA.INI
[2013.01.01 14:04:08 | 000,000,922 | ---- | M] () -- C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Meine Dienste.lnk
[2012.12.30 12:54:00 | 000,002,254 | ---- | M] () -- C:\Users\Public\Desktop\Meine Dienste.lnk
[2012.12.30 10:42:26 | 000,001,053 | ---- | M] () -- C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012.12.30 10:42:04 | 000,001,025 | ---- | M] () -- C:\Users\Andreas\Desktop\Dropbox.lnk
[2012.12.25 10:46:37 | 000,001,063 | ---- | M] () -- C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Netzmanager.lnk
[2012.12.25 10:46:19 | 000,001,003 | ---- | M] () -- C:\Users\Public\Desktop\Netzmanager.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.01.18 23:16:26 | 000,000,000 | ---- | C] () -- C:\Users\Andreas\defogger_reenable
[2013.01.18 21:24:47 | 000,472,749 | ---- | C] () -- C:\Users\Andreas\Documents\ANDREAS-PC_Andreas_2013_ 1_18.csv
[2013.01.18 20:43:14 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.12.30 12:54:00 | 000,002,254 | ---- | C] () -- C:\Users\Public\Desktop\Meine Dienste.lnk
[2012.12.30 12:54:00 | 000,000,922 | ---- | C] () -- C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Meine Dienste.lnk
[2012.12.25 10:46:37 | 000,001,063 | ---- | C] () -- C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Netzmanager.lnk
[2012.12.25 10:46:19 | 000,001,003 | ---- | C] () -- C:\Users\Public\Desktop\Netzmanager.lnk
[2012.02.27 10:41:52 | 000,202,240 | ---- | C] () -- C:\Windows\System32\LXPrnUtil10.dll
[2012.02.27 10:40:44 | 000,304,128 | ---- | C] () -- C:\Windows\System32\LxDNT100.dll
[2012.02.27 10:38:36 | 000,133,120 | ---- | C] () -- C:\Windows\System32\LxDNTvmc100.dll
[2012.02.27 10:38:18 | 000,069,120 | ---- | C] () -- C:\Windows\System32\LxDNTvm100.dll
[2011.04.03 06:58:41 | 000,000,038 | ---- | C] () -- C:\Windows\System32\ZX9EQJT7_{CBC83C20-7F51-4867-8CFD-E55E5FA6877B}.dat
[2011.03.27 18:42:18 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2010.10.24 13:40:31 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\becker
[2013.01.18 20:37:40 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Dropbox
[2012.01.21 13:33:10 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Haufe Mediengruppe
[2011.07.24 08:49:28 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\IObit
[2010.08.15 12:19:40 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Lexware
[2010.08.15 14:25:25 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Uniblue
[2012.01.15 16:27:21 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Zoner
 
========== Purity Check ==========
 
 

< End of report >
         
OTL Logfile "extras"?:
Code:
ATTFilter
OTL Extras logfile created on: 18.01.2013 23:17:56 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Andreas\Downloads
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,59 Gb Available Physical Memory | 53,15% Memory free
6,00 Gb Paging File | 4,08 Gb Available in Paging File | 68,11% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 298,09 Gb Total Space | 242,56 Gb Free Space | 81,37% Space Free | Partition Type: NTFS
 
Computer Name: ANDREAS-PC | User Name: Andreas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00E977C5-96DB-4032-9289-CFAAF63E25A4}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{0615A8B2-D8B4-4899-983A-2BDDFAFBE02C}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe | 
"{360E4024-DA02-4F45-A91B-B6CE8FDCDCB4}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{389C62D5-2596-4FA4-A640-0ADD7B5889D4}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{40AA739B-EF99-42B0-B92F-E6D6A250107C}" = lport=139 | protocol=6 | dir=in | app=system | 
"{4893262A-E606-4837-8127-EC1A4D67C8CA}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{4F6E1C88-6FD3-4D9B-934B-1B9ABAF5883F}" = lport=445 | protocol=6 | dir=in | app=system | 
"{57F130B6-0215-485C-A454-B57074E64ACB}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{618FF688-3369-4298-80F2-F62463E0F01E}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{6F8B8F18-0B5E-48A5-85EA-1BF9F0950B87}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{6F8C59BA-2E6B-4860-ACFE-7DE03B2D4BC3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{7BE5CCBD-359F-49B9-9431-F0F28D0FB163}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{7E5EAE7F-180F-411B-A176-718AA7749F25}" = rport=445 | protocol=6 | dir=out | app=system | 
"{8726A51A-257E-4254-BD51-788816D14C09}" = rport=137 | protocol=17 | dir=out | app=system | 
"{93A120DE-F6AF-4BC8-99A3-08E94EFF317D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{99DCD916-B83E-445A-B776-E6573BF82E9C}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{AF6D3409-EF12-48EB-8005-2E44A4A95690}" = lport=137 | protocol=17 | dir=in | app=system | 
"{B7051344-1D0F-49BF-97D3-F8AAF0A5D2E5}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{C99018A0-9EC2-4C9E-9751-DD6755B06261}" = lport=138 | protocol=17 | dir=in | app=system | 
"{CB18B8C3-690D-420B-93BF-ACEF84F0024F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{CF1079A4-76D5-4158-839C-4E75BB6672BE}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{D615C4FE-9B38-4983-B1BE-031C4EE69D8F}" = rport=138 | protocol=17 | dir=out | app=system | 
"{DB235EC6-99A6-438B-A4BA-EFFAED0344AB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{E6A493FE-3C20-43D1-8E75-B308137505AD}" = rport=139 | protocol=6 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{11FDB3FE-A8DE-42C9-82F8-CBBC66FFFCB1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{307E300A-6739-46C9-8780-9D8E1DCF06F2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{340375C7-7E53-44F2-A7EB-B1E7A497F83A}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{5429B0D2-2F46-44A7-B646-34DCE43EEB58}" = protocol=17 | dir=in | app=c:\users\andreas\appdata\roaming\dropbox\bin\dropbox.exe | 
"{552200B4-C59E-4474-A5F1-42670CE77658}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{57CFFC62-8D1A-4D34-83A8-F77A513C7AB4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{5E49D7F9-8245-40B9-89DA-35B53C579BF0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{6FC8360F-D3D4-48B2-98CB-76734930D599}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{887EC8C9-01C0-4441-B23E-4274BAD53D0F}" = protocol=17 | dir=in | app=c:\program files\brother\bradmin light\bradmlight.exe | 
"{962DB5BE-3EB6-4D37-9D25-258BFE9822E6}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{BA94ADD4-5ADE-43F9-B740-87181FC1F69D}" = protocol=6 | dir=in | app=c:\program files\brother\bradmin light\bradmlight.exe | 
"{BEA222FE-B508-42F2-B4B1-9D144E4F3CE4}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{C1E6741A-78B9-4D7A-B8D5-3971E9AB2747}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{C6D9EEE7-B2CB-4729-BB59-EFCCF654FE66}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{CFB58312-4B8F-4F67-B5E4-5F2053535AFB}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{D05EAD91-2832-4C52-AF9F-2EA506560AC5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{D6452021-C45A-4B0A-92CA-B1BEBFD51D04}" = protocol=6 | dir=in | app=c:\users\andreas\appdata\roaming\dropbox\bin\dropbox.exe | 
"{DC88D12C-A897-4A8D-A436-3D6271BF2F2E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{DF65F043-2375-4B03-9F4C-32D9841BC832}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{E2223F77-E660-4D30-BD33-83075FD5BD32}" = protocol=6 | dir=out | app=system | 
"{F2CFDFDA-5374-4D15-B66B-563ED79E0CD1}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{F6581681-D975-442A-8700-D6688F87CE07}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{FE5E598A-8859-40F8-A6EF-DDB81515F3A4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"TCP Query User{87AFBA19-2CD4-444A-84D9-C65240C13606}C:\program files\phenomedia\die ersten 10 jahre\moorhuhn kart 3\moorhuhn_kart3.exe" = protocol=6 | dir=in | app=c:\program files\phenomedia\die ersten 10 jahre\moorhuhn kart 3\moorhuhn_kart3.exe | 
"TCP Query User{C5809F17-71D2-4E29-9A92-EB98F5310E5B}C:\users\andreas\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\andreas\appdata\roaming\dropbox\bin\dropbox.exe | 
"TCP Query User{F08C25F8-5DE8-4B79-87C2-4688FFD6ADFF}C:\users\andreas\appdata\local\microsoft\windows\temporary internet files\content.ie5\ees8t46k\blackshot_garenamessenger_installer.exe" = protocol=6 | dir=in | app=c:\users\andreas\appdata\local\microsoft\windows\temporary internet files\content.ie5\ees8t46k\blackshot_garenamessenger_installer.exe | 
"TCP Query User{FCD4FE47-BFDB-431B-8979-BF520C0FBCFC}C:\program files\phenomedia\die ersten 10 jahre\moorhuhn kart 3\moorhuhn_kart3.exe" = protocol=6 | dir=in | app=c:\program files\phenomedia\die ersten 10 jahre\moorhuhn kart 3\moorhuhn_kart3.exe | 
"UDP Query User{440BD34E-C73E-4D8F-BDEB-87AF8D7D4F0D}C:\users\andreas\appdata\local\microsoft\windows\temporary internet files\content.ie5\ees8t46k\blackshot_garenamessenger_installer.exe" = protocol=17 | dir=in | app=c:\users\andreas\appdata\local\microsoft\windows\temporary internet files\content.ie5\ees8t46k\blackshot_garenamessenger_installer.exe | 
"UDP Query User{66480C7D-1BCB-421C-BEEA-D6E424848D0E}C:\users\andreas\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\andreas\appdata\roaming\dropbox\bin\dropbox.exe | 
"UDP Query User{76C07919-F096-4D80-847D-7073A5D899D5}C:\program files\phenomedia\die ersten 10 jahre\moorhuhn kart 3\moorhuhn_kart3.exe" = protocol=17 | dir=in | app=c:\program files\phenomedia\die ersten 10 jahre\moorhuhn kart 3\moorhuhn_kart3.exe | 
"UDP Query User{F919533B-0651-442A-BBD8-B952DD04C2C2}C:\program files\phenomedia\die ersten 10 jahre\moorhuhn kart 3\moorhuhn_kart3.exe" = protocol=17 | dir=in | app=c:\program files\phenomedia\die ersten 10 jahre\moorhuhn kart 3\moorhuhn_kart3.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{0197D136-598D-4968-BEEA-91C1B764F05D}" = Lexware buchhalter 2012
"{0F32914F-A633-4516-B531-7084C8F19F93}" = Haufe iDesk-Browser
"{1923679F-C14B-4790-BC54-EFA3FCDE147B}" = Lexware Elster
"{1C12B0B2-91FB-439A-A64D-1A239F0B7FAB}" = Die ersten 10 Jahre
"{1D081AB0-B1CC-11E0-80C0-005056B12123}" = Haufe iDesk-Service
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20E970DF-A7B2-4345-9DEB-72213A29645E}" = Brother MFL-Pro Suite MFC-6490CW
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 37
"{3526C5B8-60EE-4199-BEFD-6BCC86F051B9}" = TAXMAN 2011
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{43B74FAB-FB58-447D-8D3A-5F638AF36FD1}" = Netzmanager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{537575D6-3B96-474C-BD8F-DFF667363DBD}" = Naviextras Toolbox Prerequesities
"{5C5B0836-9648-4057-8044-2DF181E073E2}" = TAXMAN 2010
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8AE7E507-BC49-4DF0-A236-26878691AB53}" = Lexware Info Service
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{97BBECCF-B1FD-4010-8D4B-EFC9E3CCEECF}" = Driver Whiz
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.3 - Deutsch
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{C2F6A415-2A69-48F1-8F91-B9381B33FF1A}" = pdfforge Toolbar v6.3
"{C9CF5815-A175-46F2-A802-F49B9F6A580A}" = FormsForWeb® Filler 3.2
"{D16A2127-B927-4379-B153-3DEC091E4EEB}" = Intel(R) PROSet/Wireless WiFi-Software
"{DB75941E-30C4-4D97-B000-D17C764B998C}" = Brother BRAdmin Light 1.18.0001
"{DF344785-0900-471E-B9F5-6F28C89AF638}" = TAXMAN Bibliothek 2012
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E6C44758-FF49-47D1-8182-65E3818ACE23}" = AuthenTec TrueSuite
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{EB788378-C27A-468F-BEAC-00C123D216E6}" = WEB.DE Toolbar MSVC90 CRT
"{EC2F8A30-787F-4DA5-9A8F-8E7DFE777CC2}" = Servicepack Datumsaktualisierung
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F289D934-2224-473B-B57E-0040D2693F83}" = TAXMAN 2013
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FA3FDB06-3368-4579-B2F2-5AE8AD6E7871}" = TAXMAN 2012
"1&1 Mail & Media GmbH 1und1InternetExplorerAddon" = WEB.DE Internet Explorer Addon
"1&1 Mail & Media GmbH 1und1Softwareaktualisierung" = WEB.DE Softwareaktualisierung
"1&1 Mail & Media GmbH Toolbar IE8" = WEB.DE Toolbar für Internet Explorer
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Advanced SystemCare 4_is1" = Advanced SystemCare 4
"Avira AntiVir Desktop" = Avira Internet Security 2012
"Content Manager 2" = Content Manager 2
"Dual Mode Camera_is1" = Uninstall Dual Mode Camera
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Meine Dienste Software" = Meine Dienste Software
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Netzmanager" = Netzmanager
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"ProInst" = Intel PROSet Wireless
"SystemRequirementsLab" = System Requirements Lab
"Video Journal_is1" = Video Journal Version 2.04
"VLC media player" = VLC media player 1.0.3
"ZonerPhotoStudio10_GER_is1" = Zoner Photo Studio 10
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Avira SearchFree Toolbar plus Web Protection Updater
"Dropbox" = Dropbox
"UnityWebPlayer" = Unity Web Player
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 18.01.2013 18:30:56 | Computer Name = Andreas-PC | Source = Brother BrLog | ID = 1001
Description = WDLMW BrtWDLMW: [2013/01/18 23:30:56.231]: [00003108]: lperrcode->api
 = 1 , lperrcode->code = 2   
 
Error - 18.01.2013 18:30:57 | Computer Name = Andreas-PC | Source = Brother BrLog | ID = 1001
Description = WDLMW BrtWDLMW: [2013/01/18 23:30:57.775]: [00003108]: lperrcode->api
 = 1 , lperrcode->code = 2   
 
Error - 18.01.2013 18:30:59 | Computer Name = Andreas-PC | Source = Brother BrLog | ID = 1001
Description = WDLMW BrtWDLMW: [2013/01/18 23:30:59.320]: [00003108]: lperrcode->api
 = 1 , lperrcode->code = 2   
 
Error - 18.01.2013 18:31:00 | Computer Name = Andreas-PC | Source = Brother BrLog | ID = 1001
Description = WDLMW BrtWDLMW: [2013/01/18 23:31:00.864]: [00003108]: lperrcode->api
 = 1 , lperrcode->code = 2   
 
Error - 18.01.2013 18:31:02 | Computer Name = Andreas-PC | Source = Brother BrLog | ID = 1001
Description = WDLMW BrtWDLMW: [2013/01/18 23:31:02.408]: [00003108]: lperrcode->api
 = 1 , lperrcode->code = 2   
 
Error - 18.01.2013 18:31:03 | Computer Name = Andreas-PC | Source = Brother BrLog | ID = 1001
Description = WDLMW BrtWDLMW: [2013/01/18 23:31:03.953]: [00003108]: lperrcode->api
 = 1 , lperrcode->code = 2   
 
Error - 18.01.2013 18:31:05 | Computer Name = Andreas-PC | Source = Brother BrLog | ID = 1001
Description = WDLMW BrtWDLMW: [2013/01/18 23:31:05.513]: [00003108]: lperrcode->api
 = 1 , lperrcode->code = 2   
 
Error - 18.01.2013 18:31:07 | Computer Name = Andreas-PC | Source = Brother BrLog | ID = 1001
Description = WDLMW BrtWDLMW: [2013/01/18 23:31:07.057]: [00003108]: lperrcode->api
 = 1 , lperrcode->code = 2   
 
Error - 18.01.2013 18:31:08 | Computer Name = Andreas-PC | Source = Brother BrLog | ID = 1001
Description = WDLMW BrtWDLMW: [2013/01/18 23:31:08.602]: [00003108]: lperrcode->api
 = 1 , lperrcode->code = 2   
 
Error - 18.01.2013 18:31:10 | Computer Name = Andreas-PC | Source = Brother BrLog | ID = 1001
Description = WDLMW BrtWDLMW: [2013/01/18 23:31:10.146]: [00003108]: lperrcode->api
 = 1 , lperrcode->code = 2   
 
[ System Events ]
Error - 07.10.2012 02:31:54 | Computer Name = Andreas-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 01.11.2012 13:16:30 | Computer Name = Andreas-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (60000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst ShellHWDetection erreicht.
 
Error - 29.11.2012 11:17:55 | Computer Name = Andreas-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (60000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst LanmanServer erreicht.
 
Error - 02.01.2013 11:38:44 | Computer Name = Andreas-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Netzmanager Infrastruktur Informationssystem Dienst" wurde
 unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen
 werden in 5000 Millisekunden durchgeführt: Neustart des Diensts.
 
Error - 12.01.2013 09:19:03 | Computer Name = Andreas-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Netzmanager Infrastruktur Informationssystem Dienst" wurde
 unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen
 werden in 5000 Millisekunden durchgeführt: Neustart des Diensts.
 
Error - 12.01.2013 12:50:16 | Computer Name = Andreas-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 18.01.2013 17:33:11 | Computer Name = Andreas-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR5 gefunden.
 
Error - 18.01.2013 17:33:12 | Computer Name = Andreas-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR5 gefunden.
 
Error - 18.01.2013 17:33:12 | Computer Name = Andreas-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR5 gefunden.
 
Error - 18.01.2013 17:33:13 | Computer Name = Andreas-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR5 gefunden.
 
 
< End of report >
         
gmer logfile:
Code:
ATTFilter
GMER 2.0.18444 - hxxp://www.gmer.net
Rootkit scan 2013-01-19 14:22:22
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4 WDC_WD3200BEVT-22ZCT0 rev.11.01A11 298,09GB
Running: gmer-2.0.18444.exe; Driver: C:\Users\Andreas\AppData\Local\Temp\uwtiqfob.sys


---- System - GMER 2.0 ----

SSDT   8EA53076                                                                                                                      ZwCreateSection
SSDT   8EA5304E                                                                                                                      ZwCreateSymbolicLinkObject
SSDT   8EA53053                                                                                                                      ZwLoadDriver
SSDT   8EA53049                                                                                                                      ZwOpenSection
SSDT   8EA53080                                                                                                                      ZwRequestWaitReplyPort
SSDT   8EA5307B                                                                                                                      ZwSetContextThread
SSDT   8EA53085                                                                                                                      ZwSetSecurityObject
SSDT   8EA53058                                                                                                                      ZwSetSystemInformation
SSDT   8EA5308A                                                                                                                      ZwSystemDebugControl
SSDT   8EA53017                                                                                                                      ZwTerminateProcess
SSDT   8EA53012                                                                                                                      ZwWriteVirtualMemory

---- Kernel code sections - GMER 2.0 ----

.text  ntkrnlpa.exe!ZwRollbackEnlistment + 140D                                                                                      82C47A49 1 Byte  [06]
.text  ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                                                        82C814D2 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text  ntkrnlpa.exe!KeRemoveQueueEx + 11F7                                                                                           82C8862C 4 Bytes  [76, 30, A5, 8E]
.text  ntkrnlpa.exe!KeRemoveQueueEx + 11FF                                                                                           82C88634 4 Bytes  [4E, 30, A5, 8E]
.text  ntkrnlpa.exe!KeRemoveQueueEx + 1313                                                                                           82C88748 4 Bytes  [53, 30, A5, 8E]
.text  ntkrnlpa.exe!KeRemoveQueueEx + 13AF                                                                                           82C887E4 4 Bytes  [49, 30, A5, 8E]
.text  ntkrnlpa.exe!KeRemoveQueueEx + 1553                                                                                           82C88988 4 Bytes  [80, 30, A5, 8E]
.text  ...                                                                                                                           
PAGE   peauth.sys                                                                                                                    9C561B9B 72 Bytes  [27, E8, 7F, A4, BD, B9, 83, ...]

---- User code sections - GMER 2.0 ----

.text  C:\Program Files\Internet Explorer\iexplore.exe[3924] kernel32.dll!CreateThread                                               75E7DCC2 5 Bytes  JMP 64FD75DB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[3924] ADVAPI32.dll!RegSetValueExW                                             75D914D6 6 Bytes  JMP 73481581 C:\Program Files\Common Files\Spigot\Search Settings\wth153.dll (WTH Dynamic Link Library/Spigot, Inc.)
.text  C:\Program Files\Internet Explorer\iexplore.exe[3924] USER32.dll!EnableWindow                                                 76448D02 5 Bytes  JMP 65019EB4 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[3924] USER32.dll!GetAsyncKeyState                                             7644A256 5 Bytes  JMP 64FBDED5 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[3924] USER32.dll!CallNextHookEx                                               7644ABE1 5 Bytes  JMP 65037FDF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[3924] USER32.dll!UnhookWindowsHookEx                                          7644ADF9 5 Bytes  JMP 6505ED00 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[3924] USER32.dll!DefWindowProcA                                               7644BB1C 7 Bytes  JMP 64FD9805 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[3924] USER32.dll!CreateWindowExA                                              7644BF40 5 Bytes  JMP 64FE363B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[3924] USER32.dll!SetWindowsHookExW                                            7644E30C 5 Bytes  JMP 650125AC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[3924] USER32.dll!CreateWindowExW                                              7644EC7C 5 Bytes  JMP 650403CF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[3924] USER32.dll!GetKeyState                                                  76452B4D 5 Bytes  JMP 64FBDDAB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[3924] USER32.dll!IsDialogMessageW                                             76454104 5 Bytes  JMP 65169A7A C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[3924] USER32.dll!DefWindowProcW                                               7645507D 7 Bytes  JMP 65038042 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[3924] USER32.dll!CreateDialogParamA                                           76461F42 5 Bytes  JMP 651692E8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[3924] USER32.dll!IsDialogMessage                                              76462019 5 Bytes  JMP 65169A52 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[3924] USER32.dll!DialogBoxParamW                                              76463B9B 5 Bytes  JMP 64F71893 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[3924] USER32.dll!CreateDialogIndirectParamA                                   7646721D 5 Bytes  JMP 65169358 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[3924] USER32.dll!CreateDialogIndirectParamW                                   7646EA10 5 Bytes  JMP 65169390 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[3924] USER32.dll!DialogBoxIndirectParamW                                      76473B7F 5 Bytes  JMP 65168FB6 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[3924] USER32.dll!EndDialog                                                    76473BA3 5 Bytes  JMP 65169D26 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[3924] USER32.dll!CreateDialogParamW                                           76475630 5 Bytes  JMP 65169320 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[3924] USER32.dll!SetKeyboardState                                             7647695A 5 Bytes  JMP 6516A341 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[3924] USER32.dll!SendInput                                                    76477019 5 Bytes  JMP 6516A2E9 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[3924] USER32.dll!SetCursorPos                                                 7648C1B0 5 Bytes  JMP 6516A3C2 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[3924] USER32.dll!DialogBoxParamA                                              7648CF42 5 Bytes  JMP 65168F51 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[3924] USER32.dll!DialogBoxIndirectParamA                                      7648D274 5 Bytes  JMP 6516901B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[3924] USER32.dll!MessageBoxIndirectA                                          7649E869 5 Bytes  JMP 65168ED8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[3924] USER32.dll!MessageBoxIndirectW                                          7649E963 5 Bytes  JMP 65168E5F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[3924] USER32.dll!MessageBoxExA                                                7649E9C9 5 Bytes  JMP 65168DFB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[3924] USER32.dll!MessageBoxExW                                                7649E9ED 5 Bytes  JMP 65168D97 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[3924] USER32.dll!keybd_event                                                  7649EC3B 5 Bytes  JMP 6516A2A6 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[3924] SHELL32.dll!RealDriveType + 173D                                        7682FE30 4 Bytes  [CF, 01, E2, 72]
.text  C:\Program Files\Internet Explorer\iexplore.exe[3924] SHELL32.dll!RealDriveType + 1745                                        7682FE38 8 Bytes  [E0, 61, E1, 72, 79, F7, E1, ...] {LOOPNZ 0x63; LOOPZ 0x76; JNS 0xfffffffd; LOOPZ 0x7a}
.text  C:\Program Files\Internet Explorer\iexplore.exe[3924] ole32.dll!OleLoadFromStream                                             773E6143 5 Bytes  JMP 65169784 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[4544] ADVAPI32.dll!RegSetValueExW                                             75D914D6 6 Bytes  JMP 73481581 C:\Program Files\Common Files\Spigot\Search Settings\wth153.dll (WTH Dynamic Link Library/Spigot, Inc.)
.text  C:\Program Files\Internet Explorer\iexplore.exe[4544] ADVAPI32.dll!RegSetValueW                                               75DAA68A 6 Bytes  JMP 7348155E C:\Program Files\Common Files\Spigot\Search Settings\wth153.dll (WTH Dynamic Link Library/Spigot, Inc.)
.text  C:\Program Files\Internet Explorer\iexplore.exe[4544] USER32.dll!EnableWindow                                                 76448D02 5 Bytes  JMP 65019EB4 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[4544] USER32.dll!DialogBoxParamW                                              76463B9B 5 Bytes  JMP 64F71893 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[4544] USER32.dll!DialogBoxIndirectParamW                                      76473B7F 5 Bytes  JMP 65168FB6 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[4544] USER32.dll!DialogBoxParamA                                              7648CF42 5 Bytes  JMP 65168F51 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[4544] USER32.dll!DialogBoxIndirectParamA                                      7648D274 5 Bytes  JMP 6516901B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[4544] USER32.dll!MessageBoxIndirectA                                          7649E869 5 Bytes  JMP 65168ED8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[4544] USER32.dll!MessageBoxIndirectW                                          7649E963 5 Bytes  JMP 65168E5F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[4544] USER32.dll!MessageBoxExA                                                7649E9C9 5 Bytes  JMP 65168DFB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[4544] USER32.dll!MessageBoxExW                                                7649E9ED 5 Bytes  JMP 65168D97 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[5836] kernel32.dll!CreateThread                                               75E7DCC2 5 Bytes  JMP 64FD75DB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[5836] ADVAPI32.dll!RegSetValueExW                                             75D914D6 6 Bytes  JMP 73481581 C:\Program Files\Common Files\Spigot\Search Settings\wth153.dll (WTH Dynamic Link Library/Spigot, Inc.)
.text  C:\Program Files\Internet Explorer\iexplore.exe[5836] USER32.dll!EnableWindow                                                 76448D02 5 Bytes  JMP 65019EB4 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[5836] USER32.dll!GetAsyncKeyState                                             7644A256 5 Bytes  JMP 64FBDED5 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[5836] USER32.dll!CallNextHookEx                                               7644ABE1 5 Bytes  JMP 65037FDF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[5836] USER32.dll!UnhookWindowsHookEx                                          7644ADF9 5 Bytes  JMP 6505ED00 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[5836] USER32.dll!DefWindowProcA                                               7644BB1C 7 Bytes  JMP 64FD9805 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[5836] USER32.dll!CreateWindowExA                                              7644BF40 5 Bytes  JMP 64FE363B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[5836] USER32.dll!SetWindowsHookExW                                            7644E30C 5 Bytes  JMP 650125AC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[5836] USER32.dll!CreateWindowExW                                              7644EC7C 5 Bytes  JMP 650403CF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[5836] USER32.dll!GetKeyState                                                  76452B4D 5 Bytes  JMP 64FBDDAB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[5836] USER32.dll!IsDialogMessageW                                             76454104 5 Bytes  JMP 65169A7A C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[5836] USER32.dll!DefWindowProcW                                               7645507D 7 Bytes  JMP 65038042 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[5836] USER32.dll!CreateDialogParamA                                           76461F42 5 Bytes  JMP 651692E8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[5836] USER32.dll!IsDialogMessage                                              76462019 5 Bytes  JMP 65169A52 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[5836] USER32.dll!DialogBoxParamW                                              76463B9B 5 Bytes  JMP 64F71893 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[5836] USER32.dll!CreateDialogIndirectParamA                                   7646721D 5 Bytes  JMP 65169358 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[5836] USER32.dll!CreateDialogIndirectParamW                                   7646EA10 5 Bytes  JMP 65169390 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[5836] USER32.dll!DialogBoxIndirectParamW                                      76473B7F 5 Bytes  JMP 65168FB6 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[5836] USER32.dll!EndDialog                                                    76473BA3 5 Bytes  JMP 65169D26 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[5836] USER32.dll!CreateDialogParamW                                           76475630 5 Bytes  JMP 65169320 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[5836] USER32.dll!SetKeyboardState                                             7647695A 5 Bytes  JMP 6516A341 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[5836] USER32.dll!SendInput                                                    76477019 5 Bytes  JMP 6516A2E9 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[5836] USER32.dll!SetCursorPos                                                 7648C1B0 5 Bytes  JMP 6516A3C2 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[5836] USER32.dll!DialogBoxParamA                                              7648CF42 5 Bytes  JMP 65168F51 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[5836] USER32.dll!DialogBoxIndirectParamA                                      7648D274 5 Bytes  JMP 6516901B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[5836] USER32.dll!MessageBoxIndirectA                                          7649E869 5 Bytes  JMP 65168ED8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[5836] USER32.dll!MessageBoxIndirectW                                          7649E963 5 Bytes  JMP 65168E5F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[5836] USER32.dll!MessageBoxExA                                                7649E9C9 5 Bytes  JMP 65168DFB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[5836] USER32.dll!MessageBoxExW                                                7649E9ED 5 Bytes  JMP 65168D97 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[5836] USER32.dll!keybd_event                                                  7649EC3B 5 Bytes  JMP 6516A2A6 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[5836] SHELL32.dll!RealDriveType + 173D                                        7682FE30 4 Bytes  [CF, 01, E2, 72]
.text  C:\Program Files\Internet Explorer\iexplore.exe[5836] SHELL32.dll!RealDriveType + 1745                                        7682FE38 8 Bytes  [E0, 61, E1, 72, 79, F7, E1, ...] {LOOPNZ 0x63; LOOPZ 0x76; JNS 0xfffffffd; LOOPZ 0x7a}
.text  C:\Program Files\Internet Explorer\iexplore.exe[5836] ole32.dll!OleLoadFromStream                                             773E6143 5 Bytes  JMP 65169784 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

---- Registry - GMER 2.0 ----

Reg    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ffwp\OpenWithProgids@Lucom GmbH.FormsForWeb\xae Filler 3.2  

---- EOF - GMER 2.0 ----
         
Vielen Dank für eure Hilfe.

Alt 19.01.2013, 14:53   #2
markusg
/// Malware-holic
 
Deutsche Post Service E-Mail; Anhang geöffnet (Trojaner?) - Standard

Deutsche Post Service E-Mail; Anhang geöffnet (Trojaner?)



Hi
hast du die Mail noch? dann leite sie mal, wie in meiner Signatur beschrieben, an mich weiter.
auch in Zukunft verdächtige Mails an uns zur Analyse weiterleiten bitte
Wenn man die Mail gründlich liest, fällt einem schon auf, dass das nur ne Fälschung sein kann, guck dir mal allein den Ausdruck dort an...
__________________

__________________

Alt 19.01.2013, 17:17   #3
Andreas78
 
Deutsche Post Service E-Mail; Anhang geöffnet (Trojaner?) - Standard

Deutsche Post Service E-Mail; Anhang geöffnet (Trojaner?)



Hi.

E-Mail habe ich an virus@trojaner-board.de gesendet.

Betreff: Andreas78 - Deutsche Post Service

Original ist als 7-zip in der Anlage.

Passt das?

Hi.
E-Mail habe ich an dich direkt auch weitergeleitet.

Gruß am Abend.
__________________

Alt 19.01.2013, 19:14   #4
markusg
/// Malware-holic
 
Deutsche Post Service E-Mail; Anhang geöffnet (Trojaner?) - Standard

Deutsche Post Service E-Mail; Anhang geöffnet (Trojaner?)



passt.
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die
    OTL.exe
    .
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die
    Textbox.
Code:
ATTFilter
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere
    nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 20.01.2013, 10:26   #5
Andreas78
 
Deutsche Post Service E-Mail; Anhang geöffnet (Trojaner?) - Standard

Deutsche Post Service E-Mail; Anhang geöffnet (Trojaner?)



Hi.

OTL habe ich ausgeführt.
System war Offline, Avira (Firewall,.... ), Malware (...) und alle anderen erkennbaren Programme waren während dem QuickScan geschlossen bzw. deaktiviert.
Diese sind jetzt wieder aktiv.

OTL hat nur ein logfile "OTL.txt" reportet. Eine neue Logfile "Extra.txt" wurde von OTL nicht erstellt.

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 20.01.2013 10:44:13 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Andreas\Downloads
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,11 Gb Available Physical Memory | 70,26% Memory free
6,00 Gb Paging File | 4,89 Gb Available in Paging File | 81,48% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 298,09 Gb Total Space | 242,61 Gb Free Space | 81,39% Space Free | Partition Type: NTFS
 
Computer Name: ANDREAS-PC | User Name: Andreas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.01.18 23:17:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Andreas\Downloads\OTL.exe
PRC - [2012.12.15 13:45:12 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\Macromed\Flash\FlashUtil32_11_5_502_135_ActiveX.exe
PRC - [2012.11.30 03:55:25 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2012.11.23 03:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012.09.19 15:27:56 | 001,100,680 | ---- | M] (Spigot, Inc.) -- C:\Programme\Common Files\Spigot\Search Settings\SearchSettings.exe
PRC - [2012.09.19 15:21:14 | 000,795,072 | ---- | M] (Spigot, Inc.) -- C:\Programme\Application Updater\ApplicationUpdater.exe
PRC - [2012.08.13 17:48:26 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.07.30 18:52:25 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2012.07.30 18:50:18 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe
PRC - [2012.07.30 18:50:13 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012.07.30 18:49:49 | 000,375,760 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avmailc.exe
PRC - [2012.07.30 18:49:44 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.07.30 18:49:38 | 000,619,472 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avfwsvc.exe
PRC - [2012.07.20 13:00:51 | 002,635,776 | ---- | M] (Deutsche Telekom AG) -- C:\Programme\Netzmanager\NMInfraIS2\Netzmanager_Service.exe
PRC - [2012.06.20 12:18:08 | 001,568,976 | ---- | M] (Ask) -- C:\Programme\Ask.com\Updater\Updater.exe
PRC - [2011.05.28 13:46:56 | 000,353,168 | ---- | M] (IObit) -- C:\Programme\IObit\Advanced SystemCare 4\ASCService.exe
PRC - [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.11.20 13:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2010.03.05 09:01:46 | 000,862,480 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe
PRC - [2010.03.05 08:43:50 | 000,473,360 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.05.28 13:47:00 | 000,127,376 | ---- | M] () -- C:\Programme\IObit\Advanced SystemCare 4\ASCv4ExtMenu.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.11.09 11:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.09.19 15:21:14 | 000,795,072 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Programme\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2012.07.30 18:52:25 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.07.30 18:50:18 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService)
SRV - [2012.07.30 18:49:49 | 000,375,760 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService)
SRV - [2012.07.30 18:49:44 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.07.30 18:49:38 | 000,619,472 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avfwsvc.exe -- (AntiVirFirewallService)
SRV - [2012.07.20 13:00:51 | 002,635,776 | ---- | M] (Deutsche Telekom AG) [Auto | Running] -- C:\Programme\Netzmanager\NMInfraIS2\Netzmanager_Service.exe -- (Netzmanager Service)
SRV - [2011.05.28 13:46:56 | 000,353,168 | ---- | M] (IObit) [Auto | Running] -- C:\Programme\IObit\Advanced SystemCare 4\ASCService.exe -- (AdvancedSystemCareService)
SRV - [2010.11.20 13:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2010.03.05 09:01:46 | 000,862,480 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2010.03.05 08:43:50 | 000,473,360 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2010.01.09 20:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010.01.09 20:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2012.12.14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012.12.04 01:12:16 | 000,078,960 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BrSerIb.sys -- (BrSerIb)
DRV - [2012.12.04 01:12:16 | 000,018,800 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BrUsbSib.sys -- (BrUsbSIb)
DRV - [2012.11.13 15:32:10 | 000,112,584 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avfwot.sys -- (avfwot)
DRV - [2012.11.13 15:32:10 | 000,092,008 | ---- | M] (Avira GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avfwim.sys -- (avfwim)
DRV - [2012.07.30 18:53:55 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2012.05.09 17:51:11 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.05.09 17:51:11 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010.11.20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.09.16 16:02:33 | 000,035,040 | ---- | M] (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH) [Kernel | On_Demand | Running] -- C:\Programme\Netzmanager\NMInfraIS2\Driver\TelekomNM3.sys -- (TelekomNM3)
DRV - [2010.07.09 23:37:00 | 011,008,040 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010.06.17 14:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.05.31 10:58:34 | 006,638,080 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (netw5v32)
DRV - [2009.12.03 15:48:44 | 000,625,224 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATSwpWDF.sys -- (ATSwpWDF)
DRV - [2009.02.05 17:39:08 | 000,017,064 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SiWinAcc.sys -- (SiFilter)
DRV - [2009.02.05 17:39:00 | 000,012,200 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SiRemFil.sys -- (SiRemFil)
DRV - [2009.02.05 17:38:24 | 000,212,520 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\Si3531.sys -- (Si3531)
DRV - [2007.01.26 20:09:40 | 000,068,954 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\jl2005c.sys -- (JL2005C)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.web.de/br/ie9_startpage
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.web.de/br/ie9_startpage
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 67 FC AA B3 53 3C CB 01  [binary data]
IE - HKCU\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\6.3\pdfforgeToolbarIE.dll (Spigot, Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {6B1D1FB7-7233-4F7C-802C-21A1DDB12754}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{09038620-190C-402B-A92F-18864E6AB22F}: "URL" = hxxp://go.1und1.de/br/ie9_search_web/?su={searchTerms}
IE - HKCU\..\SearchScopes\{40064957-18EB-412d-9146-3F57E8D92EEC}: "URL" = hxxp://go.web.de/br/ie9_search_pic/?su={searchTerms}
IE - HKCU\..\SearchScopes\{5A817CF6-92D5-4DE5-AC38-82DF8A73EF28}: "URL" = hxxp://go.gmx.net/br/ie9_search_web/?su={searchTerms}
IE - HKCU\..\SearchScopes\{6B1D1FB7-7233-4F7C-802C-21A1DDB12754}: "URL" = hxxp://go.web.de/br/ie9_search_web/?su={searchTerms}
IE - HKCU\..\SearchScopes\{8D27B32E-89EE-460e-82D2-5FC354078EAD}: "URL" = hxxp://go.web.de/br/ie9_search_produkte/?su={searchTerms}
IE - HKCU\..\SearchScopes\{DAFD5B58-85CE-4FF0-BDCA-4F57FA4BF57D}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=302398&p={searchTerms}
IE - HKCU\..\SearchScopes\{DCE59F23-A446-45a5-9459-E68FDC0DE38D}: "URL" = hxxp://go.web.de/br/ie9_search_maps/?su={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Andreas\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\toolbar@web.de: C:\Program Files\WEB.DE Toolbar IE8\Firefox\WEBDE_toolbar [2011.04.03 06:59:09 | 000,000,000 | ---D | M]
 
[2012.01.21 13:33:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andreas\AppData\Roaming\mozilla\Extensions
[2012.01.21 13:33:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andreas\AppData\Roaming\mozilla\Extensions\ideskbrowser@haufe.de
 
O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (WEB.DE Konfiguration) - {17166733-40EA-4432-A85C-AE672FF0E236} - C:\ProgramData\1und1InternetExplorerAddon\BHOXML.dll (1&1 Mail & Media GmbH)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\6.3\pdfforgeToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (WEB.DE Toolbar BHO) - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Programme\WEB.DE Toolbar IE8\uitb.dll (1und1 Mail und Media GmbH)
O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\6.3\pdfforgeToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (WEB.DE Toolbar) - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Programme\WEB.DE Toolbar IE8\uitb.dll (1und1 Mail und Media GmbH)
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (WEB.DE Toolbar) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Programme\WEB.DE Toolbar IE8\uitb.dll (1und1 Mail und Media GmbH)
O3 - HKCU\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [LexwareInfoService] C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG)
O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKCU..\Run: [Advanced SystemCare 4] C:\Programme\IObit\Advanced SystemCare 4\ASCTray.exe (IObit)
O4 - Startup: C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Andreas\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Meine Dienste.lnk = C:\Programme\Telekom\Meine Dienste\StartMeineDienste.exe (Deutsche Telekom AG)
O4 - Startup: C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Netzmanager.lnk = C:\Programme\Netzmanager\netzmanager.exe (Deutsche Telekom AG)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {BF3CD111-6278-11D2-9EA3-00A0C9251384} hxxp://www.o2c.de/download/O2CPlayer.CAB (O2C-Player Version 1.x)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2E2443F6-C445-46A8-BA35-8501B93201D8}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\haufereader - No CLSID value found
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\webde {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Programme\WEB.DE Toolbar IE8\uitb.dll (1und1 Mail und Media GmbH)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{0d3bf3c8-a843-11df-b797-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{0d3bf3c8-a843-11df-b797-806e6f6e6963}\Shell\AutoRun\command - "" = D:\ArcticReporter.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{B0680657-3DC9-4D53-A3BA-720B36A114A1} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.01.18 21:19:22 | 000,000,000 | ---D | C] -- C:\Users\Andreas\Desktop\Stick
[2013.01.18 20:43:19 | 000,000,000 | ---D | C] -- C:\Users\Andreas\AppData\Roaming\Malwarebytes
[2013.01.18 20:43:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.01.18 20:43:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.01.18 20:43:12 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013.01.18 20:43:11 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013.01.18 20:42:55 | 000,000,000 | ---D | C] -- C:\Users\Andreas\AppData\Local\Programs
[2013.01.18 18:53:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2013.01.18 18:53:23 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2013.01.16 20:00:47 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.12.30 12:54:08 | 000,000,000 | ---D | C] -- C:\Users\Andreas\AppData\Local\Telekom
[2012.12.30 12:54:00 | 000,457,336 | ---- | C] (Deutsche Telekom AG) -- C:\Windows\System32\MDS_Uninstall.exe
[2012.12.30 12:54:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Telekom
[2012.12.30 12:53:58 | 000,000,000 | ---D | C] -- C:\Program Files\Telekom
[2012.12.30 11:42:20 | 000,000,000 | ---D | C] -- C:\Users\Andreas\AppData\Local\ElevatedDiagnostics
[2012.12.25 10:46:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Netzmanager
[2012.12.25 10:46:18 | 000,000,000 | ---D | C] -- C:\Program Files\Netzmanager
[2012.12.25 10:46:08 | 000,000,000 | -H-D | C] -- C:\ProgramData\{87B61FE8-334F-4066-B7AA-68DC81782D4D}
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.01.20 10:23:14 | 000,014,608 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.01.20 10:23:14 | 000,014,608 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.01.20 10:15:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.01.20 10:15:15 | 2414,682,112 | -HS- | M] () -- C:\hiberfil.sys
[2013.01.19 18:02:09 | 000,007,607 | ---- | M] () -- C:\Users\Andreas\AppData\Local\Resmon.ResmonCfg
[2013.01.18 23:48:39 | 000,575,749 | ---- | M] () -- C:\Users\Andreas\Documents\ANDREAS-PC_Andreas_2013_ 1_18.csv
[2013.01.18 23:16:26 | 000,000,000 | ---- | M] () -- C:\Users\Andreas\defogger_reenable
[2013.01.18 21:19:57 | 000,654,166 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.01.18 21:19:57 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.01.18 21:19:57 | 000,130,006 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.01.18 21:19:57 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.01.18 20:43:14 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.01.18 18:33:07 | 000,002,669 | ---- | M] () -- C:\Users\Public\Desktop\TAXMAN 2013.lnk
[2013.01.16 20:01:02 | 000,001,984 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2013.01.13 12:46:58 | 000,421,328 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.01.05 16:26:28 | 000,000,425 | ---- | M] () -- C:\Windows\BRWMARK.INI
[2013.01.05 16:26:28 | 000,000,027 | ---- | M] () -- C:\Windows\BRPP2KA.INI
[2013.01.01 14:04:08 | 000,000,922 | ---- | M] () -- C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Meine Dienste.lnk
[2012.12.30 12:54:00 | 000,002,254 | ---- | M] () -- C:\Users\Public\Desktop\Meine Dienste.lnk
[2012.12.30 10:42:26 | 000,001,053 | ---- | M] () -- C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012.12.30 10:42:04 | 000,001,025 | ---- | M] () -- C:\Users\Andreas\Desktop\Dropbox.lnk
[2012.12.25 10:46:37 | 000,001,063 | ---- | M] () -- C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Netzmanager.lnk
[2012.12.25 10:46:19 | 000,001,003 | ---- | M] () -- C:\Users\Public\Desktop\Netzmanager.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.01.19 18:02:09 | 000,007,607 | ---- | C] () -- C:\Users\Andreas\AppData\Local\Resmon.ResmonCfg
[2013.01.18 23:16:26 | 000,000,000 | ---- | C] () -- C:\Users\Andreas\defogger_reenable
[2013.01.18 21:24:47 | 000,575,749 | ---- | C] () -- C:\Users\Andreas\Documents\ANDREAS-PC_Andreas_2013_ 1_18.csv
[2013.01.18 20:43:14 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.12.30 12:54:00 | 000,002,254 | ---- | C] () -- C:\Users\Public\Desktop\Meine Dienste.lnk
[2012.12.30 12:54:00 | 000,000,922 | ---- | C] () -- C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Meine Dienste.lnk
[2012.12.25 10:46:37 | 000,001,063 | ---- | C] () -- C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Netzmanager.lnk
[2012.12.25 10:46:19 | 000,001,003 | ---- | C] () -- C:\Users\Public\Desktop\Netzmanager.lnk
[2012.02.27 10:41:52 | 000,202,240 | ---- | C] () -- C:\Windows\System32\LXPrnUtil10.dll
[2012.02.27 10:40:44 | 000,304,128 | ---- | C] () -- C:\Windows\System32\LxDNT100.dll
[2012.02.27 10:38:36 | 000,133,120 | ---- | C] () -- C:\Windows\System32\LxDNTvmc100.dll
[2012.02.27 10:38:18 | 000,069,120 | ---- | C] () -- C:\Windows\System32\LxDNTvm100.dll
[2011.04.03 06:58:41 | 000,000,038 | ---- | C] () -- C:\Windows\System32\ZX9EQJT7_{CBC83C20-7F51-4867-8CFD-E55E5FA6877B}.dat
[2011.03.27 18:42:18 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2010.10.24 13:40:31 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\becker
[2013.01.20 10:18:49 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Dropbox
[2012.01.21 13:33:10 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Haufe Mediengruppe
[2011.07.24 08:49:28 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\IObit
[2010.08.15 12:19:40 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Lexware
[2010.08.15 14:25:25 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Uniblue
[2012.01.15 16:27:21 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Zoner
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2010.10.17 12:29:01 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2011.02.26 14:30:34 | 000,000,000 | -HSD | M] -- C:\Boot
[2013.01.18 20:35:59 | 000,000,000 | -HSD | M] -- C:\Config.Msi
[2011.02.04 21:36:49 | 000,000,000 | ---D | M] -- C:\Daten
[2009.07.14 05:53:55 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2010.08.15 09:13:09 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2012.02.11 19:41:41 | 000,000,000 | ---D | M] -- C:\Firefox
[2011.03.27 19:31:34 | 000,000,000 | ---D | M] -- C:\Medion
[2010.08.16 17:21:02 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2010.08.15 09:56:20 | 000,000,000 | ---D | M] -- C:\NVIDIA
[2009.07.14 03:37:05 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2013.01.18 20:43:11 | 000,000,000 | R--D | M] -- C:\Program Files
[2013.01.18 20:43:13 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2010.08.15 09:13:09 | 000,000,000 | -HSD | M] -- C:\Programme
[2010.08.15 09:13:10 | 000,000,000 | -HSD | M] -- C:\Recovery
[2013.01.20 10:47:05 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2010.08.15 09:13:22 | 000,000,000 | R--D | M] -- C:\Users
[2012.04.15 13:20:33 | 000,000,000 | ---D | M] -- C:\Windows
[2011.07.25 17:54:46 | 000,000,000 | ---D | M] -- C:\{BFFABDB7-DE96-4467-9C57-1BFDA39C34AF}
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< C:\Windows\system32\*.tsp >
[2009.07.14 02:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp
[2009.07.14 02:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp
[2009.07.14 02:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp
[2009.07.14 02:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp
[2010.11.20 13:16:53 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp
[2009.07.14 05:53:46 | 000,032,640 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2009.07.14 05:53:47 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
 
< MD5 for: AGP440.SYS  >
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011.02.26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2010.11.20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2009.08.03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009.08.03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009.10.31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
 
< MD5 for: IASTORV.SYS  >
[2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys
[2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys
[2011.03.11 06:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys
[2011.03.11 06:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys
[2009.07.14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
[2010.11.20 13:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 13:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
[2011.03.11 06:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys
[2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011.03.11 06:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys
[2011.03.11 06:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2011.03.11 06:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys
[2010.11.20 13:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 13:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
[2009.07.14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.07.14 02:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
[2010.11.20 13:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll
[2010.11.20 13:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.12.14 16:49:28 | 000,216,424 | ---- | M] () MD5=22101A85B3CA2FE2BE05FE9A61A7A83D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.10.28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 06:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010.11.20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010.11.20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009.07.14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
< %USERPROFILE%\*.* >
[2013.01.18 23:16:26 | 000,000,000 | ---- | M] () -- C:\Users\Andreas\defogger_reenable
[2013.01.20 11:07:59 | 002,621,440 | -HS- | M] () -- C:\Users\Andreas\ntuser.dat
[2013.01.20 11:07:59 | 000,262,144 | -HS- | M] () -- C:\Users\Andreas\ntuser.dat.LOG1
[2010.08.15 09:13:24 | 000,000,000 | -HS- | M] () -- C:\Users\Andreas\ntuser.dat.LOG2
[2010.08.15 09:15:16 | 000,065,536 | -HS- | M] () -- C:\Users\Andreas\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf
[2010.08.15 09:15:16 | 000,524,288 | -HS- | M] () -- C:\Users\Andreas\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
[2010.08.15 09:15:16 | 000,524,288 | -HS- | M] () -- C:\Users\Andreas\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
[2012.01.10 09:04:30 | 000,065,536 | -HS- | M] () -- C:\Users\Andreas\ntuser.dat{7a788a38-3b61-11e1-b300-001f1606c28b}.TM.blf
[2012.01.10 09:04:30 | 000,524,288 | -HS- | M] () -- C:\Users\Andreas\ntuser.dat{7a788a38-3b61-11e1-b300-001f1606c28b}.TMContainer00000000000000000001.regtrans-ms
[2012.01.10 09:04:30 | 000,524,288 | -HS- | M] () -- C:\Users\Andreas\ntuser.dat{7a788a38-3b61-11e1-b300-001f1606c28b}.TMContainer00000000000000000002.regtrans-ms
[2010.08.15 09:13:24 | 000,000,020 | -HS- | M] () -- C:\Users\Andreas\ntuser.ini
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

< End of report >
         
--- --- ---


Hoffe das war so richtig.


Alt 20.01.2013, 13:51   #6
markusg
/// Malware-holic
 
Deutsche Post Service E-Mail; Anhang geöffnet (Trojaner?) - Standard

Deutsche Post Service E-Mail; Anhang geöffnet (Trojaner?)



Hi
download tdss killer:
http://www.trojaner-board.de/82358-t...entfernen.html
Klicke auf Change parameters
• Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system
• Klick auf OK und anschließend auf Start scan
- bei funden erst mal immer skip wählen, log posten
c: öffnen, tdsskiller-datum-version.txt öffnen, Inhalt posten
__________________
--> Deutsche Post Service E-Mail; Anhang geöffnet (Trojaner?)

Alt 20.01.2013, 15:27   #7
Andreas78
 
Deutsche Post Service E-Mail; Anhang geöffnet (Trojaner?) - Standard

Deutsche Post Service E-Mail; Anhang geöffnet (Trojaner?)



Hi.

TDSSKiller ausgeführt (Offline, alle sonstigen Programme aus).

Code:
ATTFilter
16:19:03.0861 4820  TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
16:19:03.0908 4820  ============================================================
16:19:03.0908 4820  Current date / time: 2013/01/20 16:19:03.0908
16:19:03.0908 4820  SystemInfo:
16:19:03.0908 4820  
16:19:03.0908 4820  OS Version: 6.1.7601 ServicePack: 1.0
16:19:03.0908 4820  Product type: Workstation
16:19:03.0908 4820  ComputerName: ANDREAS-PC
16:19:03.0908 4820  UserName: Andreas
16:19:03.0908 4820  Windows directory: C:\Windows
16:19:03.0908 4820  System windows directory: C:\Windows
16:19:03.0908 4820  Processor architecture: Intel x86
16:19:03.0908 4820  Number of processors: 2
16:19:03.0908 4820  Page size: 0x1000
16:19:03.0908 4820  Boot type: Normal boot
16:19:03.0908 4820  ============================================================
16:19:05.0187 4820  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
16:19:05.0265 4820  ============================================================
16:19:05.0265 4820  \Device\Harddisk0\DR0:
16:19:05.0265 4820  MBR partitions:
16:19:05.0265 4820  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x2542E000
16:19:05.0265 4820  ============================================================
16:19:05.0280 4820  C: <-> \Device\Harddisk0\DR0\Partition1
16:19:05.0280 4820  ============================================================
16:19:05.0280 4820  Initialize success
16:19:05.0280 4820  ============================================================
16:20:38.0163 5448  ============================================================
16:20:38.0163 5448  Scan started
16:20:38.0163 5448  Mode: Manual; SigCheck; TDLFS; 
16:20:38.0163 5448  ============================================================
16:20:39.0598 5448  ================ Scan system memory ========================
16:20:39.0598 5448  System memory - ok
16:20:39.0598 5448  ================ Scan services =============================
16:20:39.0941 5448  [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
16:20:40.0097 5448  1394ohci - ok
16:20:40.0144 5448  [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
16:20:40.0175 5448  ACPI - ok
16:20:40.0207 5448  [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
16:20:40.0285 5448  AcpiPmi - ok
16:20:40.0363 5448  [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
16:20:40.0425 5448  adp94xx - ok
16:20:40.0456 5448  [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
16:20:40.0503 5448  adpahci - ok
16:20:40.0534 5448  [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
16:20:40.0565 5448  adpu320 - ok
16:20:40.0721 5448  [ 18BA414C06B667FA2CB48DC3E27C8F97 ] AdvancedSystemCareService C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe
16:20:40.0784 5448  AdvancedSystemCareService ( UnsignedFile.Multi.Generic ) - warning
16:20:40.0784 5448  AdvancedSystemCareService - detected UnsignedFile.Multi.Generic (1)
16:20:40.0831 5448  [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
16:20:40.0909 5448  AeLookupSvc - ok
16:20:40.0955 5448  [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD             C:\Windows\system32\drivers\afd.sys
16:20:41.0049 5448  AFD - ok
16:20:41.0080 5448  [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440          C:\Windows\system32\drivers\agp440.sys
16:20:41.0111 5448  agp440 - ok
16:20:41.0158 5448  [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx         C:\Windows\system32\DRIVERS\djsvs.sys
16:20:41.0189 5448  aic78xx - ok
16:20:41.0236 5448  [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG             C:\Windows\System32\alg.exe
16:20:41.0314 5448  ALG - ok
16:20:41.0330 5448  [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide          C:\Windows\system32\drivers\aliide.sys
16:20:41.0361 5448  aliide - ok
16:20:41.0392 5448  [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
16:20:41.0423 5448  amdagp - ok
16:20:41.0455 5448  [ CD5914170297126B6266860198D1D4F0 ] amdide          C:\Windows\system32\drivers\amdide.sys
16:20:41.0470 5448  amdide - ok
16:20:41.0533 5448  [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
16:20:41.0595 5448  AmdK8 - ok
16:20:41.0611 5448  [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
16:20:41.0673 5448  AmdPPM - ok
16:20:41.0735 5448  [ D320BF87125326F996D4904FE24300FC ] amdsata         C:\Windows\system32\drivers\amdsata.sys
16:20:41.0767 5448  amdsata - ok
16:20:41.0813 5448  [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
16:20:41.0845 5448  amdsbs - ok
16:20:41.0860 5448  [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
16:20:41.0891 5448  amdxata - ok
16:20:42.0001 5448  [ 6ACC11E9D2F01C88251123D26C1C5489 ] AntiVirFirewallService C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe
16:20:42.0047 5448  AntiVirFirewallService - ok
16:20:42.0110 5448  [ B7FA28AEFA586FB5A04876C7B31D03E6 ] AntiVirMailService C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
16:20:42.0141 5448  AntiVirMailService - ok
16:20:42.0188 5448  [ 2E35310D600F4CC64624786A813A041E ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
16:20:42.0219 5448  AntiVirSchedulerService - ok
16:20:42.0281 5448  [ 984102B9E2F6513008ED4E0C5AC4151D ] AntiVirService  C:\Program Files\Avira\AntiVir Desktop\avguard.exe
16:20:42.0297 5448  AntiVirService - ok
16:20:42.0344 5448  [ 9BC7247FD7379307BCFF92CF8EB64B87 ] AntiVirWebService C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
16:20:42.0375 5448  AntiVirWebService - ok
16:20:42.0437 5448  [ AEA177F783E20150ACE5383EE368DA19 ] AppID           C:\Windows\system32\drivers\appid.sys
16:20:42.0593 5448  AppID - ok
16:20:42.0640 5448  [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
16:20:42.0718 5448  AppIDSvc - ok
16:20:42.0749 5448  [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo         C:\Windows\System32\appinfo.dll
16:20:42.0812 5448  Appinfo - ok
16:20:42.0921 5448  [ 52AD9ED5BD05E7801AF5EFD99652C74F ] Application Updater C:\Program Files\Application Updater\ApplicationUpdater.exe
16:20:42.0968 5448  Application Updater - ok
16:20:43.0015 5448  [ 2932004F49677BD84DBC72EDB754FFB3 ] arc             C:\Windows\system32\DRIVERS\arc.sys
16:20:43.0030 5448  arc - ok
16:20:43.0046 5448  [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
16:20:43.0077 5448  arcsas - ok
16:20:43.0108 5448  [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
16:20:43.0264 5448  AsyncMac - ok
16:20:43.0311 5448  [ 338C86357871C167A96AB976519BF59E ] atapi           C:\Windows\system32\drivers\atapi.sys
16:20:43.0342 5448  atapi - ok
16:20:43.0436 5448  [ BEFE54E9BC648A3C79C917A63B6EE7DA ] ATSwpWDF        C:\Windows\system32\Drivers\ATSwpWDF.sys
16:20:43.0545 5448  ATSwpWDF - ok
16:20:43.0607 5448  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
16:20:43.0685 5448  AudioEndpointBuilder - ok
16:20:43.0732 5448  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
16:20:43.0795 5448  Audiosrv - ok
16:20:43.0841 5448  [ 43380A10AE4B76EE2F8AE1A4467D09CE ] avfwim          C:\Windows\system32\DRIVERS\avfwim.sys
16:20:43.0919 5448  avfwim - ok
16:20:43.0966 5448  [ 42D9D5AA9EA8816215DE5876C6284141 ] avfwot          C:\Windows\system32\DRIVERS\avfwot.sys
16:20:44.0044 5448  avfwot - ok
16:20:44.0091 5448  [ D5541F0AFB767E85FC412FC609D96A74 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
16:20:44.0153 5448  avgntflt - ok
16:20:44.0200 5448  [ 7D967A682D4694DF7FA57D63A2DB01FE ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
16:20:44.0278 5448  avipbb - ok
16:20:44.0309 5448  [ 53E56450DA16A1A7F0D002F511113F67 ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
16:20:44.0387 5448  avkmgr - ok
16:20:44.0434 5448  [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV        C:\Windows\System32\AxInstSV.dll
16:20:44.0528 5448  AxInstSV - ok
16:20:44.0575 5448  [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbdx.sys
16:20:44.0699 5448  b06bdrv - ok
16:20:44.0840 5448  [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x        C:\Windows\system32\DRIVERS\b57nd60x.sys
16:20:44.0887 5448  b57nd60x - ok
16:20:44.0965 5448  [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC          C:\Windows\System32\bdesvc.dll
16:20:45.0027 5448  BDESVC - ok
16:20:45.0043 5448  [ 505506526A9D467307B3C393DEDAF858 ] Beep            C:\Windows\system32\drivers\Beep.sys
16:20:45.0121 5448  Beep - ok
16:20:45.0199 5448  [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE             C:\Windows\System32\bfe.dll
16:20:45.0292 5448  BFE - ok
16:20:45.0339 5448  [ E585445D5021971FAE10393F0F1C3961 ] BITS            C:\Windows\System32\qmgr.dll
16:20:45.0433 5448  BITS - ok
16:20:45.0479 5448  [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
16:20:45.0542 5448  blbdrive - ok
16:20:45.0604 5448  [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
16:20:45.0667 5448  bowser - ok
16:20:45.0682 5448  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
16:20:45.0791 5448  BrFiltLo - ok
16:20:45.0807 5448  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
16:20:45.0854 5448  BrFiltUp - ok
16:20:45.0916 5448  [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser         C:\Windows\System32\browser.dll
16:20:45.0979 5448  Browser - ok
16:20:46.0010 5448  [ 7FDC0A90C231874253C0F4AC4343E288 ] BrSerIb         C:\Windows\system32\DRIVERS\BrSerIb.sys
16:20:46.0025 5448  BrSerIb - ok
16:20:46.0057 5448  [ 845B8CE732E67F3B4133164868C666EA ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
16:20:46.0135 5448  Brserid - ok
16:20:46.0181 5448  [ 1A5FC78E41840EDF79D65EC16EFF2787 ] BrSerIf         C:\Windows\system32\Drivers\BrSerIf.sys
16:20:46.0244 5448  BrSerIf - ok
16:20:46.0275 5448  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
16:20:46.0337 5448  BrSerWdm - ok
16:20:46.0369 5448  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
16:20:46.0415 5448  BrUsbMdm - ok
16:20:46.0478 5448  [ A24C7B39602218F8DBDB2B6704325FC7 ] BrUsbSer        C:\Windows\system32\Drivers\BrUsbSer.sys
16:20:46.0525 5448  BrUsbSer - ok
16:20:46.0571 5448  [ F5390255C73F8CB4995BDC687555FD19 ] BrUsbSIb        C:\Windows\system32\DRIVERS\BrUsbSIb.sys
16:20:46.0603 5448  BrUsbSIb - ok
16:20:46.0634 5448  [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
16:20:46.0681 5448  BTHMODEM - ok
16:20:46.0743 5448  [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv         C:\Windows\system32\bthserv.dll
16:20:46.0821 5448  bthserv - ok
16:20:46.0852 5448  [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
16:20:46.0946 5448  cdfs - ok
16:20:47.0024 5448  [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
16:20:47.0071 5448  cdrom - ok
16:20:47.0117 5448  [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc     C:\Windows\System32\certprop.dll
16:20:47.0211 5448  CertPropSvc - ok
16:20:47.0258 5448  [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
16:20:47.0289 5448  circlass - ok
16:20:47.0320 5448  [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS            C:\Windows\system32\CLFS.sys
16:20:47.0367 5448  CLFS - ok
16:20:47.0445 5448  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:20:47.0476 5448  clr_optimization_v2.0.50727_32 - ok
16:20:47.0554 5448  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:20:47.0601 5448  clr_optimization_v4.0.30319_32 - ok
16:20:47.0632 5448  [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
16:20:47.0663 5448  CmBatt - ok
16:20:47.0695 5448  [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
16:20:47.0726 5448  cmdide - ok
16:20:47.0851 5448  [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG             C:\Windows\system32\Drivers\cng.sys
16:20:47.0897 5448  CNG - ok
16:20:47.0929 5448  [ A6023D3823C37043986713F118A89BEE ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
16:20:47.0944 5448  Compbatt - ok
16:20:48.0007 5448  [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
16:20:48.0038 5448  CompositeBus - ok
16:20:48.0069 5448  COMSysApp - ok
16:20:48.0085 5448  [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
16:20:48.0116 5448  crcdisk - ok
16:20:48.0163 5448  [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc        C:\Windows\system32\cryptsvc.dll
16:20:48.0256 5448  CryptSvc - ok
16:20:48.0319 5448  [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch      C:\Windows\system32\rpcss.dll
16:20:48.0412 5448  DcomLaunch - ok
16:20:48.0459 5448  [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc       C:\Windows\System32\defragsvc.dll
16:20:48.0553 5448  defragsvc - ok
16:20:48.0599 5448  [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
16:20:48.0677 5448  DfsC - ok
16:20:48.0740 5448  [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp            C:\Windows\system32\dhcpcore.dll
16:20:48.0818 5448  Dhcp - ok
16:20:48.0865 5448  [ 1A050B0274BFB3890703D490F330C0DA ] discache        C:\Windows\system32\drivers\discache.sys
16:20:48.0943 5448  discache - ok
16:20:48.0989 5448  [ 565003F326F99802E68CA78F2A68E9FF ] Disk            C:\Windows\system32\DRIVERS\disk.sys
16:20:49.0021 5448  Disk - ok
16:20:49.0067 5448  [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
16:20:49.0145 5448  Dnscache - ok
16:20:49.0208 5448  [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc         C:\Windows\System32\dot3svc.dll
16:20:49.0286 5448  dot3svc - ok
16:20:49.0364 5448  [ B5E479EB83707DD698F66953E922042C ] Dot4            C:\Windows\system32\DRIVERS\Dot4.sys
16:20:49.0442 5448  Dot4 - ok
16:20:49.0473 5448  [ CAEFD09B6A6249C53A67D55A9A9FCABF ] Dot4Print       C:\Windows\system32\DRIVERS\Dot4Prt.sys
16:20:49.0520 5448  Dot4Print - ok
16:20:49.0535 5448  [ CF491FF38D62143203C065260567E2F7 ] dot4usb         C:\Windows\system32\DRIVERS\dot4usb.sys
16:20:49.0613 5448  dot4usb - ok
16:20:49.0691 5448  [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS             C:\Windows\system32\dps.dll
16:20:49.0801 5448  DPS - ok
16:20:49.0894 5448  [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
16:20:49.0972 5448  drmkaud - ok
16:20:50.0019 5448  [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
16:20:50.0081 5448  DXGKrnl - ok
16:20:50.0144 5448  [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost         C:\Windows\System32\eapsvc.dll
16:20:50.0237 5448  EapHost - ok
16:20:50.0362 5448  [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv           C:\Windows\system32\DRIVERS\evbdx.sys
16:20:50.0549 5448  ebdrv - ok
16:20:50.0596 5448  [ 81951F51E318AECC2D68559E47485CC4 ] EFS             C:\Windows\System32\lsass.exe
16:20:50.0674 5448  EFS - ok
16:20:50.0768 5448  [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
16:20:50.0861 5448  ehRecvr - ok
16:20:50.0908 5448  [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched         C:\Windows\ehome\ehsched.exe
16:20:50.0986 5448  ehSched - ok
16:20:51.0049 5448  [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
16:20:51.0111 5448  elxstor - ok
16:20:51.0127 5448  [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
16:20:51.0173 5448  ErrDev - ok
16:20:51.0236 5448  [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem     C:\Windows\system32\es.dll
16:20:51.0329 5448  EventSystem - ok
16:20:51.0485 5448  [ 8597822F0E0EAA61A9FFD18778828792 ] EvtEng          C:\Program Files\Intel\WiFi\bin\EvtEng.exe
16:20:51.0532 5448  EvtEng - ok
16:20:51.0579 5448  [ 2DC9108D74081149CC8B651D3A26207F ] exfat           C:\Windows\system32\drivers\exfat.sys
16:20:51.0688 5448  exfat - ok
16:20:51.0719 5448  [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
16:20:51.0797 5448  fastfat - ok
16:20:51.0875 5448  [ 967EA5B213E9984CBE270205DF37755B ] Fax             C:\Windows\system32\fxssvc.exe
16:20:51.0969 5448  Fax - ok
16:20:52.0000 5448  [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
16:20:52.0047 5448  fdc - ok
16:20:52.0109 5448  [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost         C:\Windows\system32\fdPHost.dll
16:20:52.0187 5448  fdPHost - ok
16:20:52.0219 5448  [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub        C:\Windows\system32\fdrespub.dll
16:20:52.0312 5448  FDResPub - ok
16:20:52.0343 5448  [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
16:20:52.0375 5448  FileInfo - ok
16:20:52.0390 5448  [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
16:20:52.0468 5448  Filetrace - ok
16:20:52.0515 5448  [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
16:20:52.0562 5448  flpydisk - ok
16:20:52.0609 5448  [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
16:20:52.0640 5448  FltMgr - ok
16:20:52.0718 5448  [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache       C:\Windows\system32\FntCache.dll
16:20:52.0796 5448  FontCache - ok
16:20:52.0905 5448  [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
16:20:52.0921 5448  FontCache3.0.0.0 - ok
16:20:52.0952 5448  [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
16:20:52.0983 5448  FsDepends - ok
16:20:53.0030 5448  [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
16:20:53.0045 5448  Fs_Rec - ok
16:20:53.0092 5448  [ 8A73E79089B282100B9393B644CB853B ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
16:20:53.0139 5448  fvevol - ok
16:20:53.0201 5448  [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
16:20:53.0233 5448  gagp30kx - ok
16:20:53.0279 5448  [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc           C:\Windows\System32\gpsvc.dll
16:20:53.0373 5448  gpsvc - ok
16:20:53.0420 5448  [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
16:20:53.0482 5448  hcw85cir - ok
16:20:53.0529 5448  [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
16:20:53.0576 5448  HdAudAddService - ok
16:20:53.0607 5448  [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
16:20:53.0654 5448  HDAudBus - ok
16:20:53.0685 5448  [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
16:20:53.0732 5448  HidBatt - ok
16:20:53.0763 5448  [ 89448F40E6DF260C206A193A4683BA78 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
16:20:53.0825 5448  HidBth - ok
16:20:53.0872 5448  [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
16:20:53.0919 5448  HidIr - ok
16:20:53.0950 5448  [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv         C:\Windows\system32\hidserv.dll
16:20:54.0044 5448  hidserv - ok
16:20:54.0091 5448  [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
16:20:54.0122 5448  HidUsb - ok
16:20:54.0153 5448  [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc          C:\Windows\system32\kmsvc.dll
16:20:54.0231 5448  hkmsvc - ok
16:20:54.0293 5448  [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
16:20:54.0387 5448  HomeGroupListener - ok
16:20:54.0418 5448  [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
16:20:54.0465 5448  HomeGroupProvider - ok
16:20:54.0512 5448  [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
16:20:54.0543 5448  HpSAMD - ok
16:20:54.0605 5448  [ 871917B07A141BFF43D76D8844D48106 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
16:20:54.0668 5448  HTTP - ok
16:20:54.0715 5448  [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
16:20:54.0730 5448  hwpolicy - ok
16:20:54.0777 5448  [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
16:20:54.0824 5448  i8042prt - ok
16:20:54.0949 5448  [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
16:20:54.0995 5448  iaStorV - ok
16:20:55.0214 5448  [ 6F95324909B502E2651442C1548AB12F ] IDriverT        C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
16:20:55.0245 5448  IDriverT ( UnsignedFile.Multi.Generic ) - warning
16:20:55.0245 5448  IDriverT - detected UnsignedFile.Multi.Generic (1)
16:20:55.0323 5448  [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
16:20:55.0401 5448  idsvc - ok
16:20:55.0463 5448  [ 4173FF5708F3236CF25195FECD742915 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
16:20:55.0479 5448  iirsp - ok
16:20:55.0541 5448  [ F95622F161474511B8D80D6B093AA610 ] IKEEXT          C:\Windows\System32\ikeext.dll
16:20:55.0635 5448  IKEEXT - ok
16:20:55.0682 5448  [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide        C:\Windows\system32\drivers\intelide.sys
16:20:55.0713 5448  intelide - ok
16:20:55.0729 5448  [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
16:20:55.0760 5448  intelppm - ok
16:20:55.0807 5448  [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
16:20:55.0869 5448  IPBusEnum - ok
16:20:55.0900 5448  [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:20:55.0978 5448  IpFilterDriver - ok
16:20:56.0025 5448  [ 58F67245D041FBE7AF88F4EAF79DF0FA ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
16:20:56.0103 5448  iphlpsvc - ok
16:20:56.0134 5448  [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
16:20:56.0181 5448  IPMIDRV - ok
16:20:56.0228 5448  [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
16:20:56.0306 5448  IPNAT - ok
16:20:56.0353 5448  [ 42996CFF20A3084A56017B7902307E9F ] IRENUM          C:\Windows\system32\drivers\irenum.sys
16:20:56.0399 5448  IRENUM - ok
16:20:56.0415 5448  [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
16:20:56.0446 5448  isapnp - ok
16:20:56.0493 5448  [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
16:20:56.0524 5448  iScsiPrt - ok
16:20:56.0587 5448  [ 637898B8EE8C0CC3342C61A49E3FF088 ] JL2005C         C:\Windows\system32\Drivers\jl2005c.sys
16:20:56.0618 5448  JL2005C ( UnsignedFile.Multi.Generic ) - warning
16:20:56.0618 5448  JL2005C - detected UnsignedFile.Multi.Generic (1)
16:20:56.0665 5448  [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass        C:\Windows\system32\drivers\kbdclass.sys
16:20:56.0680 5448  kbdclass - ok
16:20:56.0727 5448  [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
16:20:56.0789 5448  kbdhid - ok
16:20:56.0821 5448  [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso          C:\Windows\system32\lsass.exe
16:20:56.0852 5448  KeyIso - ok
16:20:56.0883 5448  [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
16:20:56.0914 5448  KSecDD - ok
16:20:56.0930 5448  [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
16:20:56.0961 5448  KSecPkg - ok
16:20:57.0008 5448  [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm           C:\Windows\system32\msdtckrm.dll
16:20:57.0101 5448  KtmRm - ok
16:20:57.0133 5448  [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer    C:\Windows\system32\srvsvc.dll
16:20:57.0195 5448  LanmanServer - ok
16:20:57.0242 5448  [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
16:20:57.0304 5448  LanmanWorkstation - ok
16:20:57.0367 5448  [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
16:20:57.0445 5448  lltdio - ok
16:20:57.0491 5448  [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
16:20:57.0554 5448  lltdsvc - ok
16:20:57.0585 5448  [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts         C:\Windows\System32\lmhsvc.dll
16:20:57.0632 5448  lmhosts - ok
16:20:57.0679 5448  [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
16:20:57.0710 5448  LSI_FC - ok
16:20:57.0741 5448  [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
16:20:57.0772 5448  LSI_SAS - ok
16:20:57.0772 5448  [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
16:20:57.0803 5448  LSI_SAS2 - ok
16:20:57.0835 5448  [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
16:20:57.0866 5448  LSI_SCSI - ok
16:20:57.0897 5448  [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv           C:\Windows\system32\drivers\luafv.sys
16:20:57.0959 5448  luafv - ok
16:20:58.0022 5448  [ 629CABB0421668C9D3D402A3C3D77E14 ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
16:20:58.0084 5448  MBAMProtector - ok
16:20:58.0162 5448  [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler   C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
16:20:58.0193 5448  MBAMScheduler - ok
16:20:58.0256 5448  [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService     C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
16:20:58.0303 5448  MBAMService - ok
16:20:58.0349 5448  [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
16:20:58.0381 5448  Mcx2Svc - ok
16:20:58.0396 5448  [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
16:20:58.0427 5448  megasas - ok
16:20:58.0474 5448  [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
16:20:58.0505 5448  MegaSR - ok
16:20:58.0537 5448  [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS           C:\Windows\system32\mmcss.dll
16:20:58.0615 5448  MMCSS - ok
16:20:58.0646 5448  [ F001861E5700EE84E2D4E52C712F4964 ] Modem           C:\Windows\system32\drivers\modem.sys
16:20:58.0693 5448  Modem - ok
16:20:58.0724 5448  [ 79D10964DE86B292320E9DFE02282A23 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
16:20:58.0771 5448  monitor - ok
16:20:58.0817 5448  [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
16:20:58.0849 5448  mouclass - ok
16:20:58.0880 5448  [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
16:20:58.0927 5448  mouhid - ok
16:20:58.0958 5448  [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
16:20:58.0989 5448  mountmgr - ok
16:20:59.0020 5448  [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio            C:\Windows\system32\drivers\mpio.sys
16:20:59.0051 5448  mpio - ok
16:20:59.0083 5448  [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
16:20:59.0161 5448  mpsdrv - ok
16:20:59.0207 5448  [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc          C:\Windows\system32\mpssvc.dll
16:20:59.0301 5448  MpsSvc - ok
16:20:59.0332 5448  [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
16:20:59.0379 5448  MRxDAV - ok
16:20:59.0441 5448  [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
16:20:59.0504 5448  mrxsmb - ok
16:20:59.0551 5448  [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:20:59.0597 5448  mrxsmb10 - ok
16:20:59.0613 5448  [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:20:59.0660 5448  mrxsmb20 - ok
16:20:59.0707 5448  [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci          C:\Windows\system32\drivers\msahci.sys
16:20:59.0722 5448  msahci - ok
16:20:59.0738 5448  [ 55055F8AD8BE27A64C831322A780A228 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
16:20:59.0769 5448  msdsm - ok
16:20:59.0816 5448  [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC           C:\Windows\System32\msdtc.exe
16:20:59.0863 5448  MSDTC - ok
16:20:59.0909 5448  [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs            C:\Windows\system32\drivers\Msfs.sys
16:20:59.0972 5448  Msfs - ok
16:20:59.0987 5448  [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
16:21:00.0065 5448  mshidkmdf - ok
16:21:00.0112 5448  [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
16:21:00.0128 5448  msisadrv - ok
16:21:00.0221 5448  [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
16:21:00.0253 5448  MSiSCSI - ok
16:21:00.0268 5448  msiserver - ok
16:21:00.0299 5448  [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
16:21:00.0362 5448  MSKSSRV - ok
16:21:00.0377 5448  [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
16:21:00.0580 5448  MSPCLOCK - ok
16:21:00.0611 5448  [ F456E973590D663B1073E9C463B40932 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
16:21:00.0689 5448  MSPQM - ok
16:21:00.0736 5448  [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
16:21:00.0767 5448  MsRPC - ok
16:21:00.0783 5448  [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
16:21:00.0814 5448  mssmbios - ok
16:21:00.0845 5448  [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
16:21:00.0892 5448  MSTEE - ok
16:21:00.0908 5448  [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
16:21:00.0955 5448  MTConfig - ok
16:21:00.0986 5448  [ 159FAD02F64E6381758C990F753BCC80 ] Mup             C:\Windows\system32\Drivers\mup.sys
16:21:01.0001 5448  Mup - ok
16:21:01.0048 5448  [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent        C:\Windows\system32\qagentRT.dll
16:21:01.0126 5448  napagent - ok
16:21:01.0189 5448  [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
16:21:01.0220 5448  NativeWifiP - ok
16:21:01.0298 5448  [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS            C:\Windows\system32\drivers\ndis.sys
16:21:01.0360 5448  NDIS - ok
16:21:01.0391 5448  [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
16:21:01.0469 5448  NdisCap - ok
16:21:01.0501 5448  [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
16:21:01.0579 5448  NdisTapi - ok
16:21:01.0610 5448  [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
16:21:01.0688 5448  Ndisuio - ok
16:21:01.0735 5448  [ 38FBE267E7E6983311179230FACB1017 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
16:21:01.0797 5448  NdisWan - ok
16:21:01.0844 5448  [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
16:21:01.0922 5448  NDProxy - ok
16:21:01.0953 5448  [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
16:21:02.0015 5448  NetBIOS - ok
16:21:02.0078 5448  [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
16:21:02.0140 5448  NetBT - ok
16:21:02.0156 5448  [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon        C:\Windows\system32\lsass.exe
16:21:02.0187 5448  Netlogon - ok
16:21:02.0234 5448  [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman          C:\Windows\System32\netman.dll
16:21:02.0327 5448  Netman - ok
16:21:02.0343 5448  [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm        C:\Windows\System32\netprofm.dll
16:21:02.0421 5448  netprofm - ok
16:21:02.0452 5448  [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:21:02.0483 5448  NetTcpPortSharing - ok
16:21:02.0717 5448  [ 72466ACB50784545689EAD2473003CB5 ] netw5v32        C:\Windows\system32\DRIVERS\netw5v32.sys
16:21:03.0061 5448  netw5v32 - ok
16:21:03.0263 5448  [ 82FFC84EC3AFC2F2D38DB880F50157C0 ] Netzmanager Service C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe
16:21:03.0357 5448  Netzmanager Service ( UnsignedFile.Multi.Generic ) - warning
16:21:03.0357 5448  Netzmanager Service - detected UnsignedFile.Multi.Generic (1)
16:21:03.0404 5448  [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
16:21:03.0435 5448  nfrd960 - ok
16:21:03.0482 5448  [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc          C:\Windows\System32\nlasvc.dll
16:21:03.0529 5448  NlaSvc - ok
16:21:03.0560 5448  [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
16:21:03.0622 5448  Npfs - ok
16:21:03.0653 5448  [ BA387E955E890C8A88306D9B8D06BF17 ] nsi             C:\Windows\system32\nsisvc.dll
16:21:03.0716 5448  nsi - ok
16:21:03.0731 5448  [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
16:21:03.0809 5448  nsiproxy - ok
16:21:03.0903 5448  [ 0D87503986BB3DFED58E343FE39DDE13 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
16:21:03.0997 5448  Ntfs - ok
16:21:04.0028 5448  [ F9756A98D69098DCA8945D62858A812C ] Null            C:\Windows\system32\drivers\Null.sys
16:21:04.0075 5448  Null - ok
16:21:04.0433 5448  [ 377140A534D013BD661C69F1741DE43C ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
16:21:05.0057 5448  nvlddmkm - ok
16:21:05.0120 5448  [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
16:21:05.0151 5448  nvraid - ok
16:21:05.0338 5448  [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
16:21:05.0385 5448  nvstor - ok
16:21:05.0432 5448  [ 4ED813EFD77A9B7E57E341CDC1C5CBC4 ] nvsvc           C:\Windows\system32\nvvsvc.exe
16:21:05.0510 5448  nvsvc - ok
16:21:05.0541 5448  [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
16:21:05.0572 5448  nv_agp - ok
16:21:05.0666 5448  [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
16:21:05.0713 5448  ohci1394 - ok
16:21:05.0791 5448  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:21:05.0822 5448  ose - ok
16:21:05.0993 5448  [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
16:21:06.0243 5448  osppsvc - ok
16:21:06.0290 5448  [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
16:21:06.0368 5448  p2pimsvc - ok
16:21:06.0383 5448  [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc          C:\Windows\system32\p2psvc.dll
16:21:06.0430 5448  p2psvc - ok
16:21:06.0461 5448  [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
16:21:06.0524 5448  Parport - ok
16:21:06.0571 5448  [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr         C:\Windows\system32\drivers\partmgr.sys
16:21:06.0602 5448  partmgr - ok
16:21:06.0617 5448  [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm          C:\Windows\system32\DRIVERS\parvdm.sys
16:21:06.0664 5448  Parvdm - ok
16:21:06.0711 5448  [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc          C:\Windows\System32\pcasvc.dll
16:21:06.0742 5448  PcaSvc - ok
16:21:06.0789 5448  [ 673E55C3498EB970088E812EA820AA8F ] pci             C:\Windows\system32\drivers\pci.sys
16:21:06.0820 5448  pci - ok
16:21:06.0851 5448  [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide          C:\Windows\system32\drivers\pciide.sys
16:21:06.0867 5448  pciide - ok
16:21:06.0914 5448  [ F396431B31693E71E8A80687EF523506 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
16:21:06.0945 5448  pcmcia - ok
16:21:06.0961 5448  [ 250F6B43D2B613172035C6747AEEB19F ] pcw             C:\Windows\system32\drivers\pcw.sys
16:21:06.0992 5448  pcw - ok
16:21:07.0039 5448  [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
16:21:07.0148 5448  PEAUTH - ok
16:21:07.0257 5448  [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla             C:\Windows\system32\pla.dll
16:21:07.0397 5448  pla - ok
16:21:07.0444 5448  [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
16:21:07.0538 5448  PlugPlay - ok
16:21:07.0585 5448  [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
16:21:07.0647 5448  PNRPAutoReg - ok
16:21:07.0678 5448  [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
16:21:07.0709 5448  PNRPsvc - ok
16:21:07.0741 5448  [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
16:21:07.0834 5448  PolicyAgent - ok
16:21:07.0897 5448  [ F87D30E72E03D579A5199CCB3831D6EA ] Power           C:\Windows\system32\umpo.dll
16:21:07.0959 5448  Power - ok
16:21:08.0006 5448  [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
16:21:08.0068 5448  PptpMiniport - ok
16:21:08.0084 5448  [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor       C:\Windows\system32\DRIVERS\processr.sys
16:21:08.0131 5448  Processor - ok
16:21:08.0193 5448  [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc         C:\Windows\system32\profsvc.dll
16:21:08.0271 5448  ProfSvc - ok
16:21:08.0287 5448  [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
16:21:08.0318 5448  ProtectedStorage - ok
16:21:08.0349 5448  [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
16:21:08.0411 5448  Psched - ok
16:21:08.0474 5448  [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
16:21:08.0567 5448  ql2300 - ok
16:21:08.0583 5448  [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
16:21:08.0614 5448  ql40xx - ok
16:21:08.0661 5448  [ 31AC809E7707EB580B2BDB760390765A ] QWAVE           C:\Windows\system32\qwave.dll
16:21:08.0723 5448  QWAVE - ok
16:21:08.0755 5448  [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
16:21:08.0786 5448  QWAVEdrv - ok
16:21:08.0817 5448  [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
16:21:08.0879 5448  RasAcd - ok
16:21:08.0926 5448  [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
16:21:09.0004 5448  RasAgileVpn - ok
16:21:09.0035 5448  [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto         C:\Windows\System32\rasauto.dll
16:21:09.0098 5448  RasAuto - ok
16:21:09.0113 5448  [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
16:21:09.0191 5448  Rasl2tp - ok
16:21:09.0238 5448  [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan          C:\Windows\System32\rasmans.dll
16:21:09.0316 5448  RasMan - ok
16:21:09.0347 5448  [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
16:21:09.0425 5448  RasPppoe - ok
16:21:09.0488 5448  [ 44101F495A83EA6401D886E7FD70096B ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
16:21:09.0550 5448  RasSstp - ok
16:21:09.0597 5448  [ D528BC58A489409BA40334EBF96A311B ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
16:21:09.0675 5448  rdbss - ok
16:21:09.0706 5448  [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
16:21:09.0737 5448  rdpbus - ok
16:21:09.0769 5448  [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
16:21:09.0831 5448  RDPCDD - ok
16:21:09.0878 5448  [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
16:21:09.0956 5448  RDPENCDD - ok
16:21:09.0971 5448  [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
16:21:10.0034 5448  RDPREFMP - ok
16:21:10.0049 5448  [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
16:21:10.0127 5448  RDPWD - ok
16:21:10.0190 5448  [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
16:21:10.0221 5448  rdyboost - ok
16:21:10.0315 5448  [ 7AFCBE32616E08D45E4EAADB0A1DD5CF ] RegSrvc         C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
16:21:10.0346 5448  RegSrvc - ok
16:21:10.0377 5448  [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess    C:\Windows\System32\mprdim.dll
16:21:10.0455 5448  RemoteAccess - ok
16:21:10.0517 5448  [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
16:21:10.0658 5448  RemoteRegistry - ok
16:21:10.0829 5448  [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
16:21:10.0923 5448  RpcEptMapper - ok
16:21:10.0970 5448  [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator      C:\Windows\system32\locator.exe
16:21:11.0017 5448  RpcLocator - ok
16:21:11.0063 5448  [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs           C:\Windows\system32\rpcss.dll
16:21:11.0126 5448  RpcSs - ok
16:21:11.0173 5448  [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
16:21:11.0251 5448  rspndr - ok
16:21:11.0313 5448  [ 7DFD48E24479B68B258D8770121155A0 ] RTL8167         C:\Windows\system32\DRIVERS\Rt86win7.sys
16:21:11.0360 5448  RTL8167 - ok
16:21:11.0391 5448  [ 81951F51E318AECC2D68559E47485CC4 ] SamSs           C:\Windows\system32\lsass.exe
16:21:11.0422 5448  SamSs - ok
16:21:11.0453 5448  [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
16:21:11.0485 5448  sbp2port - ok
16:21:11.0516 5448  [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
16:21:11.0594 5448  SCardSvr - ok
16:21:11.0625 5448  [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
16:21:11.0687 5448  scfilter - ok
16:21:11.0750 5448  [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule        C:\Windows\system32\schedsvc.dll
16:21:11.0859 5448  Schedule - ok
16:21:11.0890 5448  [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc     C:\Windows\System32\certprop.dll
16:21:11.0953 5448  SCPolicySvc - ok
16:21:11.0999 5448  [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
16:21:12.0077 5448  SDRSVC - ok
16:21:12.0124 5448  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
16:21:12.0202 5448  secdrv - ok
16:21:12.0233 5448  [ A59B3A4442C52060CC7A85293AA3546F ] seclogon        C:\Windows\system32\seclogon.dll
16:21:12.0311 5448  seclogon - ok
16:21:12.0343 5448  [ DCB7FCDCC97F87360F75D77425B81737 ] SENS            C:\Windows\System32\sens.dll
16:21:12.0421 5448  SENS - ok
16:21:12.0467 5448  [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc        C:\Windows\system32\sensrsvc.dll
16:21:12.0530 5448  SensrSvc - ok
16:21:12.0545 5448  [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
16:21:12.0608 5448  Serenum - ok
16:21:12.0639 5448  [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
16:21:12.0686 5448  Serial - ok
16:21:12.0733 5448  [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
16:21:12.0764 5448  sermouse - ok
16:21:12.0795 5448  [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv      C:\Windows\system32\sessenv.dll
16:21:12.0873 5448  SessionEnv - ok
16:21:12.0920 5448  [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
16:21:12.0982 5448  sffdisk - ok
16:21:13.0013 5448  [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
16:21:13.0045 5448  sffp_mmc - ok
16:21:13.0076 5448  [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
16:21:13.0107 5448  sffp_sd - ok
16:21:13.0138 5448  [ DB96666CC8312EBC45032F30B007A547 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
16:21:13.0185 5448  sfloppy - ok
16:21:13.0232 5448  [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
16:21:13.0310 5448  SharedAccess - ok
16:21:13.0357 5448  [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
16:21:13.0419 5448  ShellHWDetection - ok
16:21:13.0481 5448  [ 93BEACC3815A4653A655C8BD7622FF63 ] Si3531          C:\Windows\system32\DRIVERS\Si3531.sys
16:21:13.0559 5448  Si3531 - ok
16:21:13.0591 5448  [ 165448BC832D424B97270C8D1276E24A ] SiFilter        C:\Windows\system32\DRIVERS\SiWinAcc.sys
16:21:13.0653 5448  SiFilter - ok
16:21:13.0669 5448  [ 9BE8EA3A8C7E6D47E710F6FA14B7442B ] SiRemFil        C:\Windows\system32\DRIVERS\SiRemFil.sys
16:21:13.0731 5448  SiRemFil - ok
16:21:13.0762 5448  [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp          C:\Windows\system32\drivers\sisagp.sys
16:21:13.0793 5448  sisagp - ok
16:21:13.0856 5448  [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
16:21:13.0887 5448  SiSRaid2 - ok
16:21:13.0918 5448  [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
16:21:13.0949 5448  SiSRaid4 - ok
16:21:14.0027 5448  [ A4FAB5F7818A69DA6E740943CB8F7CA9 ] SkypeUpdate     C:\Program Files\Skype\Updater\Updater.exe
16:21:14.0043 5448  SkypeUpdate - ok
16:21:14.0074 5448  [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb             C:\Windows\system32\DRIVERS\smb.sys
16:21:14.0137 5448  Smb - ok
16:21:14.0199 5448  [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
16:21:14.0230 5448  SNMPTRAP - ok
16:21:14.0246 5448  [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr           C:\Windows\system32\drivers\spldr.sys
16:21:14.0277 5448  spldr - ok
16:21:14.0308 5448  [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler         C:\Windows\System32\spoolsv.exe
16:21:14.0402 5448  Spooler - ok
16:21:14.0527 5448  [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc          C:\Windows\system32\sppsvc.exe
16:21:14.0651 5448  sppsvc - ok
16:21:14.0745 5448  [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
16:21:14.0823 5448  sppuinotify - ok
16:21:14.0854 5448  [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv             C:\Windows\system32\DRIVERS\srv.sys
16:21:14.0932 5448  srv - ok
16:21:14.0948 5448  [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
16:21:15.0010 5448  srv2 - ok
16:21:15.0026 5448  [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
16:21:15.0057 5448  srvnet - ok
16:21:15.0088 5448  [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
16:21:15.0151 5448  SSDPSRV - ok
16:21:15.0182 5448  [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv          C:\Windows\system32\DRIVERS\ssmdrv.sys
16:21:15.0197 5448  ssmdrv - ok
16:21:15.0213 5448  [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
16:21:15.0291 5448  SstpSvc - ok
16:21:15.0338 5448  [ DB32D325C192B801DF274BFD12A7E72B ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
16:21:15.0369 5448  stexstor - ok
16:21:15.0416 5448  [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc          C:\Windows\System32\wiaservc.dll
16:21:15.0494 5448  StiSvc - ok
16:21:15.0525 5448  [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum          C:\Windows\system32\drivers\swenum.sys
16:21:15.0556 5448  swenum - ok
16:21:15.0587 5448  [ A28BD92DF340E57B024BA433165D34D7 ] swprv           C:\Windows\System32\swprv.dll
16:21:15.0665 5448  swprv - ok
16:21:15.0743 5448  [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain         C:\Windows\system32\sysmain.dll
16:21:15.0806 5448  SysMain - ok
16:21:15.0853 5448  [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
16:21:15.0915 5448  TabletInputService - ok
16:21:16.0040 5448  [ 613BF4820361543956909043A265C6AC ] TapiSrv         C:\Windows\System32\tapisrv.dll
16:21:16.0102 5448  TapiSrv - ok
16:21:16.0118 5448  [ B799D9FDB26111737F58288D8DC172D9 ] TBS             C:\Windows\System32\tbssvc.dll
16:21:16.0196 5448  TBS - ok
16:21:16.0289 5448  [ E23A56F843E2AEBBB209D0ACCA73C640 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
16:21:16.0399 5448  Tcpip - ok
16:21:16.0445 5448  [ E23A56F843E2AEBBB209D0ACCA73C640 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
16:21:16.0508 5448  TCPIP6 - ok
16:21:16.0555 5448  [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
16:21:16.0586 5448  tcpipreg - ok
16:21:16.0648 5448  [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
16:21:16.0695 5448  TDPIPE - ok
16:21:16.0742 5448  [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
16:21:16.0789 5448  TDTCP - ok
16:21:16.0835 5448  [ B459575348C20E8121D6039DA063C704 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
16:21:16.0913 5448  tdx - ok
16:21:17.0007 5448  [ 5D528200679C3B4595B4237E02C077D5 ] TelekomNM3      C:\Program Files\Netzmanager\NMInfraIS2\Driver\TelekomNM3.sys
16:21:17.0085 5448  TelekomNM3 - ok
16:21:17.0116 5448  [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD          C:\Windows\system32\drivers\termdd.sys
16:21:17.0147 5448  TermDD - ok
16:21:17.0194 5448  [ 382C804C92811BE57829D8E550A900E2 ] TermService     C:\Windows\System32\termsrv.dll
16:21:17.0257 5448  TermService - ok
16:21:17.0288 5448  [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes          C:\Windows\system32\themeservice.dll
16:21:17.0319 5448  Themes - ok
16:21:17.0335 5448  [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER     C:\Windows\system32\mmcss.dll
16:21:17.0397 5448  THREADORDER - ok
16:21:17.0428 5448  [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks          C:\Windows\System32\trkwks.dll
16:21:17.0506 5448  TrkWks - ok
16:21:17.0569 5448  [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
16:21:17.0647 5448  TrustedInstaller - ok
16:21:17.0693 5448  [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
16:21:17.0771 5448  tssecsrv - ok
16:21:17.0818 5448  [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
16:21:17.0896 5448  TsUsbFlt - ok
16:21:17.0959 5448  [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
16:21:18.0037 5448  tunnel - ok
16:21:18.0083 5448  [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
16:21:18.0115 5448  uagp35 - ok
16:21:18.0146 5448  [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
16:21:18.0224 5448  udfs - ok
16:21:18.0271 5448  [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
16:21:18.0333 5448  UI0Detect - ok
16:21:18.0395 5448  [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
16:21:18.0411 5448  uliagpkx - ok
16:21:18.0473 5448  [ D295BED4B898F0FD999FCFA9B32B071B ] umbus           C:\Windows\system32\drivers\umbus.sys
16:21:18.0505 5448  umbus - ok
16:21:18.0536 5448  [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
16:21:18.0567 5448  UmPass - ok
16:21:18.0598 5448  [ 833FBB672460EFCE8011D262175FAD33 ] upnphost        C:\Windows\System32\upnphost.dll
16:21:18.0661 5448  upnphost - ok
16:21:18.0723 5448  [ 1D9F2BD026E8E2D45033A4DF3F16B78C ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
16:21:18.0770 5448  usbaudio - ok
16:21:18.0817 5448  [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
16:21:18.0879 5448  usbccgp - ok
16:21:18.0926 5448  [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
16:21:18.0973 5448  usbcir - ok
16:21:19.0004 5448  [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
16:21:19.0035 5448  usbehci - ok
16:21:19.0082 5448  [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
16:21:19.0144 5448  usbhub - ok
16:21:19.0175 5448  [ A6FB7957EA7AFB1165991E54CE934B74 ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
16:21:19.0222 5448  usbohci - ok
16:21:19.0269 5448  [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
16:21:19.0300 5448  usbprint - ok
16:21:19.0331 5448  [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
16:21:19.0394 5448  usbscan - ok
16:21:19.0425 5448  [ F991AB9CC6B908DB552166768176896A ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:21:19.0456 5448  USBSTOR - ok
16:21:19.0503 5448  [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
16:21:19.0534 5448  usbuhci - ok
16:21:19.0581 5448  [ 45F4E7BF43DB40A6C6B4D92C76CBC3F2 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
16:21:19.0612 5448  usbvideo - ok
16:21:19.0643 5448  [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms           C:\Windows\System32\uxsms.dll
16:21:19.0706 5448  UxSms - ok
16:21:19.0737 5448  [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc        C:\Windows\system32\lsass.exe
16:21:19.0753 5448  VaultSvc - ok
16:21:19.0799 5448  [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
16:21:19.0831 5448  vdrvroot - ok
16:21:19.0862 5448  [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds             C:\Windows\System32\vds.exe
16:21:19.0940 5448  vds - ok
16:21:19.0987 5448  [ 17C408214EA61696CEC9C66E388B14F3 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
16:21:20.0033 5448  vga - ok
16:21:20.0033 5448  [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave         C:\Windows\System32\drivers\vga.sys
16:21:20.0096 5448  VgaSave - ok
16:21:20.0158 5448  [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
16:21:20.0189 5448  vhdmp - ok
16:21:20.0221 5448  [ C829317A37B4BEA8F39735D4B076E923 ] viaagp          C:\Windows\system32\drivers\viaagp.sys
16:21:20.0252 5448  viaagp - ok
16:21:20.0283 5448  [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7           C:\Windows\system32\DRIVERS\viac7.sys
16:21:20.0330 5448  ViaC7 - ok
16:21:20.0361 5448  [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide          C:\Windows\system32\drivers\viaide.sys
16:21:20.0377 5448  viaide - ok
16:21:20.0408 5448  [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
16:21:20.0439 5448  volmgr - ok
16:21:20.0470 5448  [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
16:21:20.0501 5448  volmgrx - ok
16:21:20.0533 5448  [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
16:21:20.0564 5448  volsnap - ok
16:21:20.0595 5448  [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
16:21:20.0626 5448  vsmraid - ok
16:21:20.0689 5448  [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS             C:\Windows\system32\vssvc.exe
16:21:20.0782 5448  VSS - ok
16:21:20.0813 5448  [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
16:21:20.0907 5448  vwifibus - ok
16:21:21.0032 5448  [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time         C:\Windows\system32\w32time.dll
16:21:21.0110 5448  W32Time - ok
16:21:21.0203 5448  [ DE3721E89C653AA281428C8A69745D90 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
16:21:21.0250 5448  WacomPen - ok
16:21:21.0313 5448  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
16:21:21.0375 5448  WANARP - ok
16:21:21.0391 5448  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
16:21:21.0437 5448  Wanarpv6 - ok
16:21:21.0500 5448  [ 691E3285E53DCA558E1A84667F13E15A ] wbengine        C:\Windows\system32\wbengine.exe
16:21:21.0593 5448  wbengine - ok
16:21:21.0625 5448  [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
16:21:21.0656 5448  WbioSrvc - ok
16:21:21.0703 5448  [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc         C:\Windows\System32\wcncsvc.dll
16:21:21.0781 5448  wcncsvc - ok
16:21:21.0812 5448  [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
16:21:21.0874 5448  WcsPlugInService - ok
16:21:21.0921 5448  [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd              C:\Windows\system32\DRIVERS\wd.sys
16:21:21.0952 5448  Wd - ok
16:21:21.0999 5448  [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
16:21:22.0046 5448  Wdf01000 - ok
16:21:22.0077 5448  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
16:21:22.0155 5448  WdiServiceHost - ok
16:21:22.0155 5448  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost   C:\Windows\system32\wdi.dll
16:21:22.0202 5448  WdiSystemHost - ok
16:21:22.0233 5448  [ A9D880F97530D5B8FEE278923349929D ] WebClient       C:\Windows\System32\webclnt.dll
16:21:22.0311 5448  WebClient - ok
16:21:22.0358 5448  [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc          C:\Windows\system32\wecsvc.dll
16:21:22.0420 5448  Wecsvc - ok
16:21:22.0436 5448  [ AC804569BB2364FB6017370258A4091B ] wercplsupport   C:\Windows\System32\wercplsupport.dll
16:21:22.0514 5448  wercplsupport - ok
16:21:22.0576 5448  [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc          C:\Windows\System32\WerSvc.dll
16:21:22.0639 5448  WerSvc - ok
16:21:22.0701 5448  [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
16:21:22.0763 5448  WfpLwf - ok
16:21:22.0779 5448  [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
16:21:22.0810 5448  WIMMount - ok
16:21:22.0873 5448  [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
16:21:22.0951 5448  WinDefend - ok
16:21:22.0951 5448  WinHttpAutoProxySvc - ok
16:21:23.0044 5448  [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
16:21:23.0122 5448  Winmgmt - ok
16:21:23.0200 5448  [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM           C:\Windows\system32\WsmSvc.dll
16:21:23.0325 5448  WinRM - ok
16:21:23.0419 5448  [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc         C:\Windows\System32\wlansvc.dll
16:21:23.0512 5448  Wlansvc - ok
16:21:23.0559 5448  [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
16:21:23.0606 5448  WmiAcpi - ok
16:21:23.0668 5448  [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
16:21:23.0699 5448  wmiApSrv - ok
16:21:23.0793 5448  [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
16:21:23.0855 5448  WMPNetworkSvc - ok
16:21:23.0887 5448  [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc          C:\Windows\System32\wpcsvc.dll
16:21:23.0949 5448  WPCSvc - ok
16:21:23.0980 5448  [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
16:21:24.0043 5448  WPDBusEnum - ok
16:21:24.0074 5448  [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
16:21:24.0152 5448  ws2ifsl - ok
16:21:24.0183 5448  [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc          C:\Windows\System32\wscsvc.dll
16:21:24.0245 5448  wscsvc - ok
16:21:24.0245 5448  WSearch - ok
16:21:24.0339 5448  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\Windows\system32\wuaueng.dll
16:21:24.0433 5448  wuauserv - ok
16:21:24.0479 5448  [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
16:21:24.0542 5448  WudfPf - ok
16:21:24.0557 5448  [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
16:21:24.0620 5448  WUDFRd - ok
16:21:24.0667 5448  [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
16:21:24.0729 5448  wudfsvc - ok
16:21:24.0760 5448  [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc         C:\Windows\System32\wwansvc.dll
16:21:24.0807 5448  WwanSvc - ok
16:21:24.0838 5448  ================ Scan global ===============================
16:21:24.0869 5448  [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
16:21:24.0901 5448  [ D70FE45855CAD4C0C6B1C1426ABDEBA9 ] C:\Windows\system32\winsrv.dll
16:21:24.0932 5448  [ D70FE45855CAD4C0C6B1C1426ABDEBA9 ] C:\Windows\system32\winsrv.dll
16:21:24.0963 5448  [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
16:21:24.0994 5448  [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
16:21:25.0010 5448  [Global] - ok
16:21:25.0010 5448  ================ Scan MBR ==================================
16:21:25.0025 5448  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
16:21:25.0462 5448  \Device\Harddisk0\DR0 - ok
16:21:25.0462 5448  ================ Scan VBR ==================================
16:21:25.0462 5448  [ 9823588BE07DD425CA349A4ABDFA4AB7 ] \Device\Harddisk0\DR0\Partition1
16:21:25.0462 5448  \Device\Harddisk0\DR0\Partition1 - ok
16:21:25.0478 5448  ============================================================
16:21:25.0478 5448  Scan finished
16:21:25.0478 5448  ============================================================
16:21:25.0493 3704  Detected object count: 4
16:21:25.0493 3704  Actual detected object count: 4
16:22:17.0067 3704  AdvancedSystemCareService ( UnsignedFile.Multi.Generic ) - skipped by user
16:22:17.0067 3704  AdvancedSystemCareService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
16:22:17.0067 3704  IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
16:22:17.0067 3704  IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 
16:22:17.0083 3704  JL2005C ( UnsignedFile.Multi.Generic ) - skipped by user
16:22:17.0083 3704  JL2005C ( UnsignedFile.Multi.Generic ) - User select action: Skip 
16:22:17.0083 3704  Netzmanager Service ( UnsignedFile.Multi.Generic ) - skipped by user
16:22:17.0083 3704  Netzmanager Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
16:22:22.0902 2364  Deinitialize success
         

Alt 20.01.2013, 15:28   #8
markusg
/// Malware-holic
 
Deutsche Post Service E-Mail; Anhang geöffnet (Trojaner?) - Standard

Deutsche Post Service E-Mail; Anhang geöffnet (Trojaner?)



Hi,
combofix:
Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.
Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 20.01.2013, 16:05   #9
Andreas78
 
Deutsche Post Service E-Mail; Anhang geöffnet (Trojaner?) - Standard

Deutsche Post Service E-Mail; Anhang geöffnet (Trojaner?)



Hi.

Habe ComboFix durchgeführt.

[code]
Combofix Logfile:
Code:
ATTFilter
ComboFix 13-01-17.04 - Andreas 20.01.2013  16:45:00.1.2 - x86
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.3070.1973 [GMT 1:00]
ausgeführt von:: c:\users\Andreas\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
FW: FireWall *Disabled* {CE40CCC0-8ADB-6D67-25A0-C5B6438E4B57}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\win
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-12-20 bis 2013-01-20  ))))))))))))))))))))))))))))))
.
.
2013-01-20 15:52 . 2013-01-20 15:52	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-01-20 15:11 . 2013-01-20 15:11	60872	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{5B6FFD2C-E67F-4832-82F3-F63029663850}\offreg.dll
2013-01-18 19:43 . 2013-01-18 19:43	--------	d-----w-	c:\users\Andreas\AppData\Roaming\Malwarebytes
2013-01-18 19:43 . 2013-01-18 19:43	--------	d-----w-	c:\programdata\Malwarebytes
2013-01-18 19:43 . 2012-12-14 15:49	21104	----a-w-	c:\windows\system32\drivers\mbam.sys
2013-01-18 19:43 . 2013-01-18 19:43	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2013-01-18 19:42 . 2013-01-18 19:42	--------	d-----w-	c:\users\Andreas\AppData\Local\Programs
2013-01-18 17:53 . 2013-01-18 17:53	--------	d-----w-	c:\program files\7-Zip
2013-01-18 17:28 . 2013-01-08 04:57	6991832	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{5B6FFD2C-E67F-4832-82F3-F63029663850}\mpengine.dll
2013-01-12 16:12 . 2012-11-22 04:45	626688	----a-w-	c:\windows\system32\usp10.dll
2013-01-12 16:12 . 2012-11-23 02:56	2345984	----a-w-	c:\windows\system32\win32k.sys
2013-01-12 16:10 . 2012-11-01 04:47	1389568	----a-w-	c:\windows\system32\msxml6.dll
2013-01-12 16:10 . 2012-11-09 04:43	492032	----a-w-	c:\windows\system32\win32spl.dll
2013-01-12 16:10 . 2012-11-20 04:51	220160	----a-w-	c:\windows\system32\ncrypt.dll
2013-01-12 16:06 . 2012-11-30 04:47	293376	----a-w-	c:\windows\system32\KernelBase.dll
2012-12-30 11:54 . 2012-12-30 11:54	--------	d-----w-	c:\users\Andreas\AppData\Local\Telekom
2012-12-30 11:54 . 2012-03-01 11:51	457336	----a-w-	c:\windows\system32\MDS_Uninstall.exe
2012-12-30 11:53 . 2012-12-30 11:53	--------	d-----w-	c:\program files\Telekom
2012-12-30 10:42 . 2012-12-30 10:42	--------	d-----w-	c:\users\Andreas\AppData\Local\ElevatedDiagnostics
2012-12-25 09:46 . 2012-12-25 09:46	--------	d-----w-	c:\program files\Netzmanager
2012-12-25 09:46 . 2012-12-25 09:46	--------	dc-h--w-	c:\programdata\{87B61FE8-334F-4066-B7AA-68DC81782D4D}
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-16 14:13 . 2012-12-21 10:08	295424	----a-w-	c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-21 10:08	34304	----a-w-	c:\windows\system32\atmlib.dll
2012-12-15 12:45 . 2012-04-15 12:16	697272	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2012-12-15 12:45 . 2011-07-24 07:28	73656	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-12-04 00:12 . 2012-12-04 00:12	78960	----a-w-	c:\windows\system32\drivers\BrSerIb.sys
2012-12-04 00:12 . 2012-12-04 00:12	18800	----a-w-	c:\windows\system32\drivers\BrUsbSib.sys
2012-11-14 02:09 . 2012-12-14 19:04	1800704	----a-w-	c:\windows\system32\jscript9.dll
2012-11-14 01:58 . 2012-12-14 19:04	1427968	----a-w-	c:\windows\system32\inetcpl.cpl
2012-11-14 01:57 . 2012-12-14 19:04	1129472	----a-w-	c:\windows\system32\wininet.dll
2012-11-14 01:49 . 2012-12-14 19:04	142848	----a-w-	c:\windows\system32\ieUnatt.exe
2012-11-14 01:48 . 2012-12-14 19:04	420864	----a-w-	c:\windows\system32\vbscript.dll
2012-11-14 01:44 . 2012-12-14 19:04	2382848	----a-w-	c:\windows\system32\mshtml.tlb
2012-11-13 14:32 . 2012-07-30 17:56	92008	----a-w-	c:\windows\system32\drivers\avfwim.sys
2012-11-13 14:32 . 2012-07-30 17:56	112584	----a-w-	c:\windows\system32\drivers\avfwot.sys
2012-11-09 04:42 . 2012-12-14 18:54	2048	----a-w-	c:\windows\system32\tzres.dll
2012-11-02 05:11 . 2012-12-14 18:54	376832	----a-w-	c:\windows\system32\dpnet.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{17166733-40EA-4432-A85C-AE672FF0E236}]
2011-03-18 12:50	154728	----a-w-	c:\programdata\1und1InternetExplorerAddon\BHOXML.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	129272	----a-w-	c:\users\Andreas\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	129272	----a-w-	c:\users\Andreas\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	129272	----a-w-	c:\users\Andreas\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 4"="c:\program files\IObit\Advanced SystemCare 4\ASCTray.exe" [2011-05-28 412560]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2009-05-26 1159168]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2012-06-20 1568976]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-08-13 348664]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-12-19 41208]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"SearchSettings"="c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe" [2012-09-19 1100680]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896]
"LexwareInfoService"="c:\program files\Common Files\Lexware\Update Manager\LxUpdateManager.exe" [2011-07-31 189808]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Meine Dienste.lnk - c:\program files\Telekom\Meine Dienste\StartMeineDienste.exe [2012-12-30 269944]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
S0 Si3531;SiI-3531 SATA Controller;c:\windows\system32\DRIVERS\Si3531.sys [x]
S1 avfwot;avfwot;c:\windows\system32\DRIVERS\avfwot.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S2 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files\IObit\Advanced SystemCare 4\ASCService.exe [x]
S2 AntiVirFirewallService;Avira FireWall;c:\program files\Avira\AntiVir Desktop\avfwsvc.exe [x]
S2 AntiVirMailService;Avira Email Schutz;c:\program files\Avira\AntiVir Desktop\avmailc.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [x]
S2 AntiVirWebService;Avira Browser Schutz;c:\program files\Avira\AntiVir Desktop\AVWEBGRD.EXE [x]
S2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [x]
S2 Netzmanager Service;Netzmanager Infrastruktur Informationssystem Dienst;c:\program files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe  [x]
S3 ATSwpWDF;AuthenTec TruePrint USB WBF WDF Driver;c:\windows\system32\Drivers\ATSwpWDF.sys [x]
S3 avfwim;AvFw Packet Filter Miniport;c:\windows\system32\DRIVERS\avfwim.sys [x]
S3 BrSerIb;Brother Serial Interface Driver(WDM);c:\windows\system32\DRIVERS\BrSerIb.sys [x]
S3 BrUsbSIb;Brother Serial USB Driver(WDM);c:\windows\system32\DRIVERS\BrUsbSIb.sys [x]
S3 netw5v32;Intel(R) Wireless WiFi Link der Serie 5000 Adaptertreiber für Windows Vista 32-Bit;c:\windows\system32\DRIVERS\netw5v32.sys [x]
S3 RTL8167;Realtek 8167 NT-Treiber;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
S3 TelekomNM3;Telekom Netzmanager Packet Filter Driver;c:\program files\Netzmanager\NMInfraIS2\Driver\TelekomNM3.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 64818531
*Deregistered* - 64818531
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://go.web.de/br/ie9_startpage
uInternet Settings,ProxyOverride = <local>
IE: An OneNote s&enden - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.2.1
Handler: webde - {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - c:\program files\WEB.DE Toolbar IE8\uitb.dll
DPF: {BF3CD111-6278-11D2-9EA3-00A0C9251384} - hxxp://www.o2c.de/download/O2CPlayer.CAB
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(2276)
c:\users\Andreas\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
Zeit der Fertigstellung: 2013-01-20  16:54:26
ComboFix-quarantined-files.txt  2013-01-20 15:54
.
Vor Suchlauf: 10 Verzeichnis(se), 263.789.682.688 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 264.325.050.368 Bytes frei
.
- - End Of File - - C9C909C97C9F6B728D44C5FD98225C27
         
--- --- ---

Hab gerade im logfile gesehen, dass der MS Defender noch aktiv war. Ist das problematisch?

Alt 20.01.2013, 16:21   #10
markusg
/// Malware-holic
 
Deutsche Post Service E-Mail; Anhang geöffnet (Trojaner?) - Standard

Deutsche Post Service E-Mail; Anhang geöffnet (Trojaner?)



ok dass passt alles
lade den CCleaner standard:
CCleaner - Download - Filepony
falls der CCleaner
bereits instaliert, überspringen.
öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 20.01.2013, 16:51   #11
Andreas78
 
Deutsche Post Service E-Mail; Anhang geöffnet (Trojaner?) - Standard

Deutsche Post Service E-Mail; Anhang geöffnet (Trojaner?)



Hi.

Hab anscheinend einiges drauf, was ich nicht kenn bzw. nicht brauch.

Frage: Was ist besser Chrome oder ie?

Code:
ATTFilter
7-Zip 9.20		18.01.2013		
Adobe Flash Player 11 ActiveX	Adobe Systems Incorporated	15.12.2012	6,00MB	11.5.502.135, notwendig
Adobe Reader 9.5.3 - Deutsch	Adobe Systems Incorporated	16.01.2013	118MB	9.5.3, notwendig
Advanced SystemCare 4	IObit	24.07.2011	68,3MB	4.0.1, unnötig (war Demo Version)
AuthenTec TrueSuite	AuthenTec, Inc.	15.08.2010	6,54MB	2.0.0.57, unbekannt
Avira Internet Security 2012	Avira	13.11.2012	135MB	12.1.9.1197 notwendig
Avira SearchFree Toolbar plus Web Protection	Ask.com	18.01.2013	6,24MB	1.15.13.0, unbekannt
Avira SearchFree Toolbar plus Web Protection Updater	Ask.com	18.01.2013		1.3.0.23930, unbekannt
Brother BRAdmin Light 1.18.0001	Brother	15.08.2010		1.18.0001, notwendig
Brother MFL-Pro Suite MFC-6490CW	Brother Industries, Ltd.	15.08.2010		1.0.1.0, notwendig
CCleaner	Piriform	19.12.2012		3.26, unbekannt
Content Manager 2	Harman Becker Automotive Systems	24.10.2010		2.0.4.62, notwendig
Die ersten 10 Jahre		18.12.2011		1.00.0000, unötig
Driver Whiz	Driver Whiz	27.03.2011	9,99MB	8.0.1, unbekannt
Dropbox	Dropbox, Inc.	30.12.2012		1.6.11, notwendig
FormsForWeb® Filler 3.2	Lucom GmbH	07.10.2012	11,4MB	3.2, unnötig
Google Chrome	Google Inc.	20.01.2013		24.0.1312.52, (was ist sicherer: Chome oder IE?)
Google Toolbar for Internet Explorer	Google Inc.	20.01.2013		7.4.3607.2246, unbekannt
Haufe iDesk-Browser	Haufe-Lexware GmbH & Co. KG	21.01.2012	26,7MB	10.10.14.0000, notwendig
Haufe iDesk-Service	Haufe	21.01.2012	137MB	11.07.19.8023, notwendig
Intel(R) PROSet/Wireless WiFi-Software	Intel Corporation	15.08.2010	96,2MB	13.02.1000, unbekannt
Java(TM) 6 Update 37	Oracle	05.08.2012	95,6MB	6.0.370, unbekannt
Lexware buchhalter 2012	Haufe-Lexware GmbH & Co.KG	20.04.2012	316MB	17.02.00.0185, notwendig
Lexware Elster	Haufe-Lexware GmbH & Co.KG	21.01.2012	86,4MB	11.00.00.0109, notwendig
Lexware Info Service	Haufe-Lexware GmbH & Co.KG	15.12.2012	13,7MB	2.90.00.0009, notwendig
Malwarebytes Anti-Malware Version 1.70.0.1100	Malwarebytes Corporation	18.01.2013	18,4MB	1.70.0.1100, unbekannt
Meine Dienste Software	Telekom	30.12.2012	31,8MB	2.0.5.0, unnötig
Microsoft .NET Framework 4 Client Profile	Microsoft Corporation	15.08.2010	38,8MB	4.0.30319, unbekannt
Microsoft .NET Framework 4 Client Profile DEU Language Pack	Microsoft Corporation	15.08.2010	2,93MB	4.0.30319, unbekannt
Microsoft Office Home and Student 2010	Microsoft Corporation	02.11.2011		14.0.6029.1000, notwendig
Microsoft Silverlight	Microsoft Corporation	10.05.2012	80,3MB	4.1.10329.0, unbekannt
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053	Microsoft Corporation	16.08.2010	250KB	8.0.50727.4053, unbekannt
Microsoft Visual C++ 2005 Redistributable	Microsoft Corporation	15.06.2011	300KB	8.0.61001, unbekannt
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570	Microsoft Corporation	27.05.2011	598KB	9.0.30729.5570, unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17	Microsoft Corporation	21.01.2012	240KB	9.0.30729, unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148	Microsoft Corporation	15.08.2010	596KB	9.0.30729.4148, unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161	Microsoft Corporation	15.06.2011	600KB	9.0.30729.6161, unbekannt
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219	Microsoft Corporation	22.01.2012	15,0MB	10.0.40219, unbekannt
Microsoft WSE 3.0 Runtime	Microsoft Corp.	07.12.2012	942KB	3.0.5305.0, unbekannt
MSXML 4.0 SP2 (KB954430)	Microsoft Corporation	15.08.2010	35,0KB	4.20.9870.0, unbekannt
MSXML 4.0 SP2 (KB973688)	Microsoft Corporation	15.08.2010	1,33MB	4.20.9876.0, unbekannt
Naviextras Toolbox Prerequesities	Nav N Go Ltd.	24.10.2010	4,05MB	1.0.0, unbekannt
Netzmanager	Deutsche Telekom AG	25.12.2012		1.071, benotwendignötigt
NVIDIA Display Control Panel	NVIDIA Corporation	15.08.2010		6.14.12.5896, unbekannt
NVIDIA Drivers	NVIDIA Corporation	15.08.2010	63,0MB	1.10.62.40, unbekannt
PDFCreator	Frank Heindörfer, Philip Chinery	15.08.2010		1.0.1, notwendig
pdfforge Toolbar v6.3	Spigot, Inc.	29.09.2012	3,39MB	6.3, unbekannt
Skype Click to Call	Skype Technologies S.A.	14.04.2012	8,21MB	5.9.9216, notwendig
Skype™ 6.0	Skype Technologies S.A.	23.11.2012	20,3MB	6.0.126, notwendig
System Requirements Lab		15.08.2010		, unbekannt
TAXMAN 2010	Haufe-Lexware GmbH & Co. KG	20.04.2012	521MB	16.14.00.0002, notwendig
TAXMAN 2011	Haufe-Lexware GmbH & Co.KG	13.04.2012	503MB	17.07.00.0001, notwendig
TAXMAN 2012	Haufe-Lexware GmbH & Co.KG	17.05.2012	547MB	18.07.00.0008, notwendig
TAXMAN 2013	Haufe-Lexware GmbH & Co.KG	18.01.2013	604MB	19.03.00.0001, notwendig
TAXMAN Bibliothek 2012	Haufe-Lexware GmbH & Co. KG	04.03.2012	464MB	18.1.0.0, notwendig
Uninstall Dual Mode Camera		22.08.2010		, unbekannt
Unity Web Player	Unity Technologies ApS	11.06.2011	12,0MB	, unbekannt
Video Journal Version 2.04	GirlTech	22.08.2010		, unnötig
VLC media player 1.0.3	VideoLAN Team	07.11.2010		1.0.3, unbekannt
WEB.DE Internet Explorer Addon	1&1 Mail & Media GmbH	18.03.2011		1.0.0.3, unnötig
WEB.DE Softwareaktualisierung	1&1 Mail & Media GmbH	18.03.2011		2.0.0.5, unnötig
WEB.DE Toolbar für Internet Explorer	1&1 Mail & Media GmbH	03.04.2011		1.6.0.0 unnötig
Zoner Photo Studio 10	ZONER software	15.01.2012, unnötig
         

Alt 20.01.2013, 16:55   #12
markusg
/// Malware-holic
 
Deutsche Post Service E-Mail; Anhang geöffnet (Trojaner?) - Standard

Deutsche Post Service E-Mail; Anhang geöffnet (Trojaner?)



Hi,
ich würd chrome nutzen.
Is doch noch mal was flotter und auch sicher.

deinstaliere:
Adobe Flash Player alle
Adobe - Adobe Flash Player installieren
neueste version laden, instalieren.
adobe reader:
Java-Downloads für alle Betriebssysteme
klicke:
Download der Java-Software für Windows Offline
laden, und instalieren
deinstaliere:
Meine Dienste
pdfforge Toolbar
Unity
Video Journal
WEB.DE : alle
Zoner

Öffne OTL, bereinigen, pc startet neu, löscht Remover.
Downloade Dir bitte AdwCleaner auf deinen Desktop.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Suche.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste
    mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 20.01.2013, 18:06   #13
Andreas78
 
Deutsche Post Service E-Mail; Anhang geöffnet (Trojaner?) - Standard

Deutsche Post Service E-Mail; Anhang geöffnet (Trojaner?)



Hi.

Alle Schritte durchgeführt. AdwCleaner durchgeführt (System war online, Avira & Malware aktiv, hoffe das passt).

Code:
ATTFilter
# AdwCleaner v2.106 - Datei am 20/01/2013 um 19:03:10 erstellt
# Aktualisiert am 17/01/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)
# Benutzer : Andreas - ANDREAS-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Andreas\Desktop\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****


***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKCU\Software\Softonic
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASMANCS
Schlüssel Gefunden : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Schlüssel Gefunden : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Schlüssel Gefunden : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Schlüssel Gefunden : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Schlüssel Gefunden : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Schlüssel Gefunden : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Schlüssel Gefunden : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Schlüssel Gefunden : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Schlüssel Gefunden : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Schlüssel Gefunden : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Schlüssel Gefunden : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Schlüssel Gefunden : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Schlüssel Gefunden : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
Schlüssel Gefunden : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Google Chrome v24.0.1312.52

Datei : C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [3344 octets] - [20/01/2013 19:03:10]

########## EOF - C:\AdwCleaner[R1].txt - [3404 octets] ##########
         

Alt 20.01.2013, 18:08   #14
markusg
/// Malware-holic
 
Deutsche Post Service E-Mail; Anhang geöffnet (Trojaner?) - Standard

Deutsche Post Service E-Mail; Anhang geöffnet (Trojaner?)



hi
Malwarebytes is ja eh ne Testversion, da kannst du den Hintergrundwächter auch deaktivieren.


Downloade Dir bitte AdwCleaner auf deinen Desktop.
  • Schließe
    alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Löschen.
  • Bestätige jeweils mit Ok.
  • Dein
    Rechner wird neu gestartet, je nach Schwere der Infektion auch mehrmals - das ist normal. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den
    Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[Sx].txt. (x = fortlaufende Nummer)

neustarten, testen, wie der PC + Programme wie Browser laufen
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 20.01.2013, 18:25   #15
Andreas78
 
Deutsche Post Service E-Mail; Anhang geöffnet (Trojaner?) - Standard

Deutsche Post Service E-Mail; Anhang geöffnet (Trojaner?)



Hi.

AdwCleaner ausgeführt. Nur ein Neustart erforderlich.

Bauchgefühl: Windows fährt nach Anmeldung schneller hoch bis ich online bin und arbeiten kann z.B. Chrome öffnen.

Code:
ATTFilter
# AdwCleaner v2.106 - Datei am 20/01/2013 um 19:13:38 erstellt
# Aktualisiert am 17/01/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)
# Benutzer : Andreas - ANDREAS-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Andreas\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****


***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASMANCS
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Google Chrome v24.0.1312.52

Datei : C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [3473 octets] - [20/01/2013 19:03:10]
AdwCleaner[S1].txt - [3406 octets] - [20/01/2013 19:13:38]

########## EOF - C:\AdwCleaner[S1].txt - [3466 octets] ##########
         

Antwort

Themen zu Deutsche Post Service E-Mail; Anhang geöffnet (Trojaner?)
7-zip, antivir, autorun, avira, avira searchfree toolbar, bho, desktop, e-mail, error, fehler, firefox, flash player, google, helper, home, installation, kunde, object, pdfforge toolbar, registry, scan, security, senden, software, svchost.exe, system, systemcare, trojaner, trojaner?, zip-datei



Ähnliche Themen: Deutsche Post Service E-Mail; Anhang geöffnet (Trojaner?)


  1. Trojaner durch Fake- Deutsche Post Mail eingefangen
    Log-Analyse und Auswertung - 10.01.2015 (14)
  2. E-Mail Anhang herruntergeladen und geöffnet von eindeutig unseriösem Absender (Service AG Download)
    Log-Analyse und Auswertung - 07.05.2014 (10)
  3. Mail mit ZIP-Datei im Anhang geöffnet - Trojaner?
    Log-Analyse und Auswertung - 14.05.2013 (9)
  4. E-Mail Deutsche Post - ein Fehler in der Lieferanschrift
    Plagegeister aller Art und deren Bekämpfung - 04.04.2013 (4)
  5. Misteriöse e-mail von: Deutsche Post !
    Diskussionsforum - 12.02.2013 (11)
  6. Deutsche Post Mail
    Plagegeister aller Art und deren Bekämpfung - 05.02.2013 (17)
  7. Deutsche Post E-Mail
    Plagegeister aller Art und deren Bekämpfung - 05.02.2013 (5)
  8. Deutsche Post Email Anhang geöffnet
    Log-Analyse und Auswertung - 31.12.2012 (24)
  9. Deutsche Post-mail mit Rogue.PCDefenderPlus
    Plagegeister aller Art und deren Bekämpfung - 25.12.2012 (20)
  10. Trojaner durch Deutsche Post E-Mail
    Log-Analyse und Auswertung - 14.11.2012 (3)
  11. Trojaner aus Deutsche Post Fake Mail
    Plagegeister aller Art und deren Bekämpfung - 12.11.2012 (22)
  12. Deutsche Post Mail-Attacke - Live Platinum Trojaner + Kazy Trojaner
    Log-Analyse und Auswertung - 02.10.2012 (5)
  13. E-Mail: Deutsche Post. Ein Fehler in der Lieferanschrift.
    Plagegeister aller Art und deren Bekämpfung - 03.08.2012 (33)
  14. Trojaner auf dem PC wg Phishing-Mail (Deutsche Post) (BrowserModifier win32 zwangi)
    Plagegeister aller Art und deren Bekämpfung - 25.07.2012 (10)
  15. Trojaner nach falscher Deutsche-Post e-mail.
    Log-Analyse und Auswertung - 13.06.2012 (1)
  16. GMX Mail mit Anhang Rechnung geöffnet= Trojaner
    Plagegeister aller Art und deren Bekämpfung - 04.06.2012 (1)
  17. UPS-Mail Anhang geöffnet -> Verschiedene Trojaner auf Rechner
    Log-Analyse und Auswertung - 09.02.2010 (3)

Zum Thema Deutsche Post Service E-Mail; Anhang geöffnet (Trojaner?) - Hallo Zusammen. Wie der Titel schon sagt habe ich in einem Zustand der "geistigen Verwirrung" die ZIP Datei eine "Deutsche Post Service" E-Mail geöffent. "Lieber Kunde, Es ist unserem Boten - Deutsche Post Service E-Mail; Anhang geöffnet (Trojaner?)...
Archiv
Du betrachtest: Deutsche Post Service E-Mail; Anhang geöffnet (Trojaner?) auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.