Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Telekom Brief, ZeuS/ZBot

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 14.02.2013, 20:53   #1
noobie10
 
Telekom Brief, ZeuS/ZBot - Standard

Telekom Brief, ZeuS/ZBot



Guten Abend!

Mein Vater bekam heute Post von der Telekom, dass sein Computer wahrscheinlich mit dem ZeuS/ZBot infiziert wäre.

Ich hab mal malwarebytes (kein Fund) und OTL drüberlaufen lassen

Hier die Logs
MBAM

Code:
ATTFilter
Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.02.14.06

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Admin :: ADMIN-PC [Administrator]

14.02.2013 18:34:15
mbam-log-2013-02-14 (18-34-15).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 302997
Laufzeit: 11 Minute(n), 29 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         
OTL

Code:
ATTFilter
OTL logfile created on: 14.02.2013 19:57:25 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Wolfgang\Desktop
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,75 Gb Total Physical Memory | 0,92 Gb Available Physical Memory | 52,56% Memory free
3,50 Gb Paging File | 2,50 Gb Available in Paging File | 71,54% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 297,99 Gb Total Space | 129,86 Gb Free Space | 43,58% Space Free | Partition Type: NTFS
Drive D: | 1397,26 Gb Total Space | 1397,09 Gb Free Space | 99,99% Space Free | Partition Type: NTFS
Drive G: | 3,71 Gb Total Space | 3,70 Gb Free Space | 99,71% Space Free | Partition Type: FAT32
 
Computer Name: ADMIN-PC | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Wolfgang\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - c:\Programme\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
PRC - c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - C:\Programme\WinTV\TVServer\HauppaugeTVServer.exe (Hauppauge Computer Works)
PRC - C:\Programme\WinTV\TVServer\CaptureGenPCI.exe (Hauppauge Computer Works)
PRC - C:\Programme\WinTV\WinTV7\WinTVTray.exe (Hauppauge Computer Works, Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\WinTV\Ir.exe (Hauppauge Computer Works)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Programme\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Programme\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll ()
MOD - C:\Programme\WinTV\TVServer\HauppaugeTVServerps.dll ()
MOD - C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Programme\OpenOffice.org 3\program\libxml2.dll ()
MOD - C:\Programme\Corel\Corel PaintShop Photo Pro\X3\PSPClassic\PSPContextMenu.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (NisSrv) -- c:\Programme\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV - (HauppaugeTVServer) -- C:\Programme\WinTV\TVServer\HauppaugeTVServer.exe (Hauppauge Computer Works)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (PSI_SVC_2) -- C:\Programme\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (WINUSB) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (acedrv11) -- C:\Windows\System32\drivers\acedrv11.sys (Protect Software GmbH)
DRV - (L1E) -- C:\Windows\System32\drivers\L1E62x86.sys (Atheros Communications, Inc.)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (Ph3xIB32) -- C:\Windows\System32\drivers\Ph3xIB32.sys (NXP Semiconductors)
DRV - (MTsensor) -- C:\Windows\System32\drivers\ASACPI.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-3710322288-3227354555-318721060-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3710322288-3227354555-318721060-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-3710322288-3227354555-318721060-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 87 49 CA 76 5E EB CD 01  [binary data]
IE - HKU\S-1-5-21-3710322288-3227354555-318721060-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3710322288-3227354555-318721060-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3710322288-3227354555-318721060-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3710322288-3227354555-318721060-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
IE - HKU\S-1-5-21-3710322288-3227354555-318721060-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3710322288-3227354555-318721060-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-3710322288-3227354555-318721060-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = CD 10 A2 57 64 08 CE 01  [binary data]
IE - HKU\S-1-5-21-3710322288-3227354555-318721060-1004\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3710322288-3227354555-318721060-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3710322288-3227354555-318721060-1004\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADRA_deDE466
IE - HKU\S-1-5-21-3710322288-3227354555-318721060-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.10.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@logitech.com/HarmonyRemote,version=1.0.0: C:\Program Files\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll (Logitech Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.01.06 11:07:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
 
 
O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Corel File Shell Monitor] C:\Program Files\Corel\Corel PaintShop Photo Pro\X3\PSPClassic\CorelIOMonitor.exe File not found
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Standby] C:\Program Files\Common Files\Corel\Standby\Standby.exe (Corel)
O4 - HKU\S-1-5-21-3710322288-3227354555-318721060-1001..\Run: [Corel Photo Downloader] C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe (Corel, Inc.)
O4 - HKU\S-1-5-21-3710322288-3227354555-318721060-1001..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe File not found
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Wolfgang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-3710322288-3227354555-318721060-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3710322288-3227354555-318721060-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-3710322288-3227354555-318721060-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O7 - HKU\S-1-5-21-3710322288-3227354555-318721060-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3710322288-3227354555-318721060-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-3710322288-3227354555-318721060-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Java Plug-in 10.10.2)
O16 - DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Java Plug-in 10.10.2)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B3C7CE36-5710-42DB-96A9-ACD2EBB0D24D}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{480a5126-1b19-11df-9bc0-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{480a5126-1b19-11df-9bc0-806e6f6e6963}\Shell\AutoRun\command - "" = D:\AUTOSTARTER.EXE
O33 - MountPoints2\{783af817-1fbb-11df-bd25-90e6baa29dd8}\Shell - "" = AutoRun
O33 - MountPoints2\{783af817-1fbb-11df-bd25-90e6baa29dd8}\Shell\AutoRun\command - "" = F:\LaunchU3.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.02.14 18:33:05 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Malwarebytes
[2013.02.14 18:32:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.02.14 18:32:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.02.14 18:32:46 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013.02.14 18:32:46 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013.02.14 18:32:24 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Programs
[2013.02.13 13:50:37 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013.02.13 13:50:36 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013.02.13 13:50:35 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013.02.13 13:50:35 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013.02.13 13:50:35 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013.02.13 13:50:33 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013.02.13 13:50:33 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013.02.13 13:50:32 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013.02.13 13:18:57 | 002,347,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013.02.13 13:18:50 | 003,967,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2013.02.13 13:18:50 | 003,913,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2013.02.13 13:18:48 | 000,187,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\FWPKCLNT.SYS
[2013.02.13 13:18:47 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.02.14 19:55:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.02.14 19:22:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.02.14 18:37:07 | 000,015,152 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.02.14 18:37:07 | 000,015,152 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.02.14 18:35:15 | 000,654,150 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.02.14 18:35:15 | 000,616,032 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.02.14 18:35:15 | 000,130,022 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.02.14 18:35:15 | 000,106,412 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.02.14 18:32:55 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.02.14 18:29:59 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.02.14 18:29:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.02.14 18:29:34 | 1408,638,976 | -HS- | M] () -- C:\hiberfil.sys
[2013.02.13 17:22:41 | 000,443,168 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.02.11 13:57:25 | 000,004,096 | ---- | M] () -- C:\Users\Public\Documents\000016E6.LCS
[2013.02.09 14:22:53 | 000,697,712 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013.02.09 14:22:53 | 000,074,096 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013.01.30 11:53:21 | 000,232,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.02.14 18:32:55 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.01.12 16:49:11 | 000,000,265 | ---- | C] () -- C:\Windows\HCWBlast.ini
[2013.01.12 16:49:03 | 000,037,639 | ---- | C] () -- C:\Windows\Irremote.ini
[2013.01.12 16:48:24 | 000,142,337 | ---- | C] () -- C:\Windows\System32\Wait.exe
[2013.01.12 16:44:48 | 000,007,343 | ---- | C] () -- C:\Windows\HCWPNP.INI
[2013.01.05 18:29:17 | 000,007,605 | ---- | C] () -- C:\Users\Admin\AppData\Local\Resmon.ResmonCfg
[2011.08.17 15:24:59 | 000,005,120 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2011.07.15 09:56:41 | 000,003,402 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2011.07.15 09:56:41 | 000,000,008 | RHS- | C] () -- C:\ProgramData\4008E34291.sys
[2011.05.07 08:02:39 | 000,000,680 | RHS- | C] () -- C:\Users\Admin\ntuser.pol
[2011.04.28 13:37:04 | 000,021,840 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll
[2011.04.28 13:37:04 | 000,017,212 | ---- | C] () -- C:\Windows\System32\SIntf32.dll
[2011.04.28 13:37:04 | 000,012,067 | ---- | C] () -- C:\Windows\System32\SIntf16.dll
[2011.04.28 13:27:34 | 000,000,694 | ---- | C] () -- C:\Windows\SIERRA.INI
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >
         
und Extras

Code:
ATTFilter
OTL Extras logfile created on: 14.02.2013 19:57:25 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Wolfgang\Desktop
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,75 Gb Total Physical Memory | 0,92 Gb Available Physical Memory | 52,56% Memory free
3,50 Gb Paging File | 2,50 Gb Available in Paging File | 71,54% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 297,99 Gb Total Space | 129,86 Gb Free Space | 43,58% Space Free | Partition Type: NTFS
Drive D: | 1397,26 Gb Total Space | 1397,09 Gb Free Space | 99,99% Space Free | Partition Type: NTFS
Drive G: | 3,71 Gb Total Space | 3,70 Gb Free Space | 99,71% Space Free | Partition Type: FAT32
 
Computer Name: ADMIN-PC | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Mit Corel PaintShop Photo Pro X3 durchsuchen] -- "C:\Program Files\Corel\Corel PaintShop Photo Pro\X3\PSPClassic\Corel Paint Shop Pro Photo.exe" "%L" (Corel, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05E55156-43BE-4BB7-88D9-DCC2992E5C76}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{0EA918B1-80D4-4CF5-9ED5-E8F99A2947B3}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{3DA4231A-439A-41C8-80F0-B4060A652C78}" = rport=137 | protocol=17 | dir=out | app=system | 
"{46718B0A-D774-4DCC-9939-C64F59DFB6D9}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{5265CF25-52C9-4DF3-BED3-87C55564144A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{554B2446-0A73-4B4F-A976-404B00233392}" = rport=445 | protocol=6 | dir=out | app=system | 
"{59C0C918-C771-4BE4-AE08-425C573EC2F1}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{5AD9193A-742B-48CB-B569-E17758997AA1}" = lport=138 | protocol=17 | dir=in | app=system | 
"{5FDA5DFA-5ABF-4EE0-B518-F19B7FD68DDE}" = rport=139 | protocol=6 | dir=out | app=system | 
"{6166C20D-42F8-422B-840B-6C5E4C16F24F}" = rport=138 | protocol=17 | dir=out | app=system | 
"{6AE81469-1084-4526-A004-CD5A8EFDEB50}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{73D056E4-6F50-431C-AFE6-9436F09F519E}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{7DEED581-FF27-42FB-93FD-B7967D0B4D06}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{955C9D6A-CC54-4184-976A-75FAFAD0BBE8}" = lport=445 | protocol=6 | dir=in | app=system | 
"{AEDC005C-7315-4250-B3CB-70D7B9A4824B}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{BAD756AF-39AC-4D07-8160-BAC43DDC5D5E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{C378D541-A76A-4889-954A-BB731F1CD41B}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{C5575710-B667-490C-901E-973C68C5F227}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{DD64EC55-DE25-4334-B7E1-5BCDB06717F6}" = lport=137 | protocol=17 | dir=in | app=system | 
"{DE762E4B-647F-4BBA-8F30-D2D5E04C80B6}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{E1DC544B-4A24-4962-8E6D-49C7145011AB}" = lport=139 | protocol=6 | dir=in | app=system | 
"{F44C94FA-93C7-4B8E-983C-AC855FA9A237}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{FA6133C5-7917-41B7-99F6-686174A772B4}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00C77E36-A68C-49C6-9D8D-18A0FF6384B3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{15BBC5FB-C776-4C10-85AF-2D8222BFCA9D}" = protocol=17 | dir=in | app=c:\windows\system32\taskhost.exe | 
"{17774AC7-7420-4570-882E-A1248AF25352}" = protocol=6 | dir=out | app=system | 
"{17A2814B-3F48-4504-9BB7-C59F2AE2AC3F}" = protocol=17 | dir=in | app=c:\program files\tv-browser\tvbrowser.exe | 
"{2880F5E3-508A-43A0-97D5-0981572336ED}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{2BDC4D7F-8495-49B7-BE50-C93C3DDCD7C9}" = protocol=6 | dir=in | app=c:\program files\wintv\wintv7\wintv7.exe | 
"{2C328582-5DBF-4BCD-BEC3-4719220EB44D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{2C7ACEDD-B50A-4029-989C-0E5DB86BC325}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{328E626F-97F8-409D-9F57-0BBAB14F4329}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{3462274B-6F55-42F6-9B7D-266C8E307879}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{52443B6E-F118-417B-86DB-3A95D78B45E3}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{5275D8DE-74A7-4253-BF9A-50DE96D2B90D}" = protocol=17 | dir=in | app=c:\program files\wintv\wintv7\wintv7.exe | 
"{57CD6992-4B96-47E6-BF13-B770779EDA3A}" = protocol=17 | dir=in | app=c:\program files\wintv\wintv7\wintv7.exe | 
"{5E19C4DF-2440-4390-9E4B-79AF7587A1D8}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{5FEA94EC-D8B6-4E20-A6A9-AF21EF575F87}" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\java.exe | 
"{61582D76-F223-45D2-ACE2-BDC3F2FC6EE8}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{6884AE11-0214-49E1-80F2-9FD2B4BAB4A1}" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"{6B4A0A4C-D024-4F44-9569-EBC7164CA01C}" = protocol=6 | dir=in | app=c:\windows\system32\taskhost.exe | 
"{6BC879F9-5566-4948-B136-BE501DF089A1}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{7A8756BD-EED9-4EE6-930D-8516AC673953}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{7C712863-8421-4856-89D9-7666C6CEAFA1}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{85F44710-37E0-4024-8E41-9A5ACBE2376A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{88F12741-6108-49D2-A080-C915C34157B7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{8F73838B-88F1-490B-ADED-66D4B3759401}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{97F483E8-8E7C-4D37-BE67-BB3F594C2E9A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{998507A4-4BE2-44EF-AE1D-3AE71A68D528}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{A1911F59-6641-47C1-8FBD-6124017F9A26}" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\java.exe | 
"{A7A024E4-45B1-42FD-A414-5AA9154E0010}" = protocol=17 | dir=in | app=c:\program files\tv-browser\tvbrowser_nodd.exe | 
"{AD70B6AD-B4AC-4D2E-B8F7-A2521D68354E}" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 
"{BED77841-4B9C-46CC-8067-B401173D0B71}" = protocol=6 | dir=in | app=c:\program files\tv-browser\tvbrowser_nodd.exe | 
"{C1F05630-9B1A-4BA9-B360-48F167C51574}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{C3F1EA9F-94AD-4F44-9B27-1A8F685ED347}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{C515CA98-8640-4E71-91A6-896F15F259B9}" = protocol=6 | dir=in | app=c:\program files\tv-browser\tvbrowser.exe | 
"{C5DB04A4-C7C3-48EF-B3F6-EDEDEAE0F57B}" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 
"{CBC73E50-857A-4EA7-9144-BE6CA2AA8FBF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{CBFCC461-9482-4707-A809-463F262D4E9F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{CFE6AAF2-ADFA-4C73-81A4-431A1A136328}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{D739BA42-8071-40C4-A873-88CA1A5028F2}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{DEC5A4E7-B905-49D0-A3CF-FE46240DFA4A}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{E12475F0-1D3D-4C3D-9A26-7EA6349427CB}" = protocol=6 | dir=in | app=c:\program files\wintv\wintv7\wintv7.exe | 
"{EEE16410-25A3-4DEE-A184-3C5A93A0CD5F}" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{D1AEB5DB-04FA-489D-94EF-8600898B93EE}" = Corel PaintShop Photo Pro X3
"{00170407-78E1-11D2-B60F-006097C998E7}" = Microsoft Word 2000 SR-1
"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{192A107E-C6B9-41B9-BDBF-38E3AA226054}" = OpenOffice.org 3.2
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 10
"{398AB469-77FC-4935-820B-D419388C0A6A}" = LEGO® Batman™
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3DA41E54-9526-40C0-8456-66B09379DFCC}" = PaintShop Photo Pro X3 Registration Incentive
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{459699C3-9430-4381-964B-4248D87B49F9}" = Apple Mobile Device Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50779A29-834E-4E36-BBEB-B7CABC67A825}" = Microsoft Security Client DE-DE Language Pack
"{578FA426-47C0-4A3F-98A4-01ACD26B7556}" = LEGO Star Wars II
"{5B680750-760B-49E4-81E7-21B2B337F9F7}" = Microsoft Works
"{5DDB3393-E08B-447E-925F-6C00B95D0FE7}" = iCloud
"{634F79E1-2A41-4C40-9E8D-89EC740AC9D6}" = Logitech Harmony Remote Software
"{710BF966-43C8-4216-A8EC-BC4E169FF7C1}" = MobileMe Control Panel
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7E4CB404-F1E4-4E81-A1CB-2CBB310481D1}" = MLE
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8F888AAB-DDAD-45A8-9A61-FFAB7521DBDD}" = Ping Flipper
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile-Gerätecenter
"{98EABC7F-B1A1-43A5-B505-5B4EC3908DCD}" = Microsoft Security Client
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A14C40E7-F7E5-498D-B8BD-A3EAE942EED0}" = LEGO® Indiana Jones™
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.5) - Deutsch
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B0261E53-B6F1-474A-864B-E7C3CBF468E0}" = iTunes
"{C7B8E06E-EBBC-4210-93AB-DFC8760E3FC9}" = Works Suite-Betriebssystem-Pack
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{D1612A3D-0DCC-4055-BB6A-0036F31158A0}" = Setup
"{D1AEB5DB-04FA-489D-94EF-8600898B93EE}" = ICA
"{D3BCC13A-E4F2-45EE-846F-D143CEDDDBCB}" = DeviceIO
"{D596980D-17BE-4425-B8F0-5640719AADE9}" = LEGO® Star Wars™: The Complete Saga
"{D7D99A66-493F-468B-BCE1-6F88612B89D5}" = Contents
"{D875FFEE-2FCE-4774-902A-749198C00A68}" = PureHD
"{D8C02397-E0EF-4891-820E-1547DCC6701B}" = ContentHD
"{D94ABC2B-5CA9-48B2-9266-15AB78384D3C}" = Share
"{D9C4FA35-7C6B-4C9E-863B-58C4D7472F41}" = VIO
"{DA4A2F61-1E26-4D51-94BB-36D77678BDAD}" = PSPH10Pro
"{DA4BF4BE-3CDC-43B5-BBDA-DDDA73103111}" = Corel PaintShop Photo Pro X3
"{DBA8B9E1-C6FF-4624-9598-73D3B41A0903}" = Microsoft Picture It! Foto Premium 9
"{DCD941B6-F2E7-4FAF-B102-F7D4DE5FF99A}" = IPM_PSP_Pro
"{DCF1928A-FC01-48E7-A7E6-4651D42EF6A1}" = PSPPRO_DCRAW
"{DF8B9311-ADE7-4EDE-B121-326CAA3D225D}" = PSPPContent
"{E34E9B33-46EC-4252-A52F-DDA3978CC0AF}" = Syberia
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"3D Live Pool_is1" = 3D Live Pool
"3DJongg" = 3DJongg
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"AmazingMahjongg3D" = AmazingMahjongg3D
"Astro Fury" = Astro Fury
"AutumnMahjongg" = AutumnMahjongg
"BudRedhead" = BudRedhead
"CityMahjongg" = CityMahjongg
"ffdshow_is1" = ffdshow [rev 497] [2006-11-04]
"FrozenMahjongg" = FrozenMahjongg
"Google Chrome" = Google Chrome
"Hauppauge WinTV 7" = Hauppauge WinTV 7
"InstallShield_{398AB469-77FC-4935-820B-D419388C0A6A}" = LEGO® Batman™
"InstallShield_{578FA426-47C0-4A3F-98A4-01ACD26B7556}" = LEGO Star Wars II
"InstallShield_{A14C40E7-F7E5-498D-B8BD-A3EAE942EED0}" = LEGO® Indiana Jones™
"InstallShield_{D596980D-17BE-4425-B8F0-5640719AADE9}" = LEGO® Star Wars™: Die Komplette Saga
"Mah Jongg II" = Mah Jongg II
"Mah-Jongger" = Mah-Jongger
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Memento Mori 2_is1" = Memento Mori 2
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Thunderbird (3.0.1)" = Mozilla Thunderbird (3.0.1)
"NeoBall" = NeoBall
"NetDevil_LEGO_Universe_is1" = LEGO Universe
"OpenAL" = OpenAL
"Patiencen + Solitaire" = Patiencen + Solitaire
"PictureIt_v9" = Microsoft Picture It! Foto Premium 9
"PrivateMahjongg" = PrivateMahjongg
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"Schmidt Mahjong" = Schmidt Mahjong
"Shockwave" = Shockwave
"Sierra Uninstall" = Sierra On-Line Games (Remove only)
"Soccerstars" = Soccerstars
"Stepok's One Click Wipe  Basic_is1" = One Click Wipe  Basic
"SuperSoli" = SuperSoli
"The Great Mahjongg" = The Great Mahjongg
"tvbrowser" = TV-Browser 3.2.1
"Twilight Mahjongg" = Twilight Mahjongg
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"Works2004Setup" = Setup-Start von Microsoft Works 2004
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 18.12.2011 13:06:38 | Computer Name = Admin-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 19.12.2011 11:03:47 | Computer Name = Admin-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 19.12.2011 11:03:48 | Computer Name = Admin-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 19.12.2011 14:57:10 | Computer Name = Admin-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 19.12.2011 14:57:10 | Computer Name = Admin-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 20.12.2011 06:17:18 | Computer Name = Admin-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 20.12.2011 06:17:18 | Computer Name = Admin-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 20.12.2011 17:38:50 | Computer Name = Admin-PC | Source = MsiInstaller | ID = 11706
Description = 
 
Error - 21.12.2011 08:07:39 | Computer Name = Admin-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 27.12.2011 17:17:23 | Computer Name = Admin-PC | Source = MsiInstaller | ID = 11706
Description = 
 
[ System Events ]
Error - 13.02.2013 08:11:09 | Computer Name = Admin-PC | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
 
Error - 13.02.2013 08:11:09 | Computer Name = Admin-PC | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 13.02.2013 12:22:35 | Computer Name = Admin-PC | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
 
Error - 13.02.2013 12:22:35 | Computer Name = Admin-PC | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 14.02.2013 13:29:38 | Computer Name = Admin-PC | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
 
Error - 14.02.2013 13:29:38 | Computer Name = Admin-PC | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 14.02.2013 13:55:15 | Computer Name = Admin-PC | Source = bowser | ID = 8003
Description = 
 
Error - 14.02.2013 14:11:10 | Computer Name = Admin-PC | Source = bowser | ID = 8003
Description = 
 
Error - 14.02.2013 14:47:09 | Computer Name = Admin-PC | Source = bowser | ID = 8003
Description = 
 
Error - 14.02.2013 15:11:11 | Computer Name = Admin-PC | Source = bowser | ID = 8003
Description = 
 
 
< End of report >
         

Könnt ihr mir bitte weiterhelfen?

Gruß
Noobie10

Alt 15.02.2013, 11:15   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Telekom Brief, ZeuS/ZBot - Standard

Telekom Brief, ZeuS/ZBot



Hy,

Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner? Wenn ja bitte alle nachreichen
Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!


Anschließend Logs mit GMER (<<< klick für Anleitung) und MBAR (Anleitung etwas weiter unten) erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim zweiten Mal nicht will, lass es einfach weg und führ nur MBAR aus.

Anleitung MBAR:

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________

__________________

Alt 15.02.2013, 15:10   #3
noobie10
 
Telekom Brief, ZeuS/ZBot - Standard

Telekom Brief, ZeuS/ZBot



Hallo Cosinus,
vielen Dank für Deine schnelle Antwort.

Auf dem Rechner ist das Programm von Microsoft security essentials installiert.
Ich kann hier keine logs finden, habe aber folgende Meldungen gefunden:


PWS:Win32/Fareit.gen!I in Process: pid: 1264 am 11.02

und

PWS:Win32/Zbot.gen!AL in am 13.02

file:C:\Users\Wolfgang\AppData\Roaming\Axini\feupic.exe
regkey:HKCU@S-1-5-21-3710322288-3227354555-318721060-1004\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\{59FBAEAF-4E74-AD7F-D6A6-5574EFFD7669}
runkey:HKCU@S-1-5-21-3710322288-3227354555-318721060-1004\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\{59FBAEAF-4E74-AD7F-D6A6-5574EFFD7669}

beide wurden in Quarantäne verschoben

von heute war die Meldung, dass das Programm folgende Dateinen in der Qurantäne hat:

Backdoor:Win32/Rbot
PWS:Win32/Zbot
PWS:Win32/Zbot.gen!AL



Hier nun das Log von GMER
Code:
ATTFilter
GMER 2.0.18454 - hxxp://www.gmer.net
Rootkit scan 2013-02-15 14:17:20
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Hitachi_HDT721032SLA360 rev.ST2OA3AA 298,09GB
Running: gmer_2.0.18454.exe; Driver: C:\Users\Admin\AppData\Local\Temp\aglorpod.sys


---- Kernel code sections - GMER 2.0 ----

.text  C:\Windows\system32\DRIVERS\atikmdag.sys  section is writeable [0x8E628000, 0x2D5378, 0xE8000020]
.vmp2  C:\Windows\system32\drivers\acedrv11.sys  entry point in ".vmp2" section [0x9CEC969D]
         

und vom malewarebytes Anti-Rootkit

Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.01.0.1020
www.malwarebytes.org

Database version: v2013.02.15.06

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Admin :: ADMIN-PC [administrator]

15.02.2013 14:48:00
mbar-log-2013-02-15 (14-48-00).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 30704
Time elapsed: 18 minute(s), 6 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
         
Gruß
Noobie10
__________________

Alt 15.02.2013, 15:38   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Telekom Brief, ZeuS/ZBot - Standard

Telekom Brief, ZeuS/ZBot



aswMBR

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).




TDSS-Killer

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 16.02.2013, 15:23   #5
noobie10
 
Telekom Brief, ZeuS/ZBot - Standard

Telekom Brief, ZeuS/ZBot



Hallo Cosinus,
hier nun die nächsten Logs.

aswMBR.exe

Code:
ATTFilter
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-02-16 14:53:08
-----------------------------
14:53:08.933    OS Version: Windows 6.1.7601 Service Pack 1
14:53:08.933    Number of processors: 2 586 0x4303
14:53:08.933    ComputerName: ADMIN-PC  UserName: Admin
14:53:49.040    Initialize success
14:57:28.617    AVAST engine defs: 13021600
14:59:53.876    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
14:59:53.876    Disk 0 Vendor: Hitachi_HDT721032SLA360 ST2OA3AA Size: 305245MB BusType: 3
14:59:53.891    Disk 1  \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T1L0-2
14:59:53.891    Disk 1 Vendor: WDC_WD15EARX-00PASB0 51.0AB51 Size: 1430799MB BusType: 3
14:59:54.110    Disk 0 MBR read successfully
14:59:54.110    Disk 0 MBR scan
14:59:54.125    Disk 0 Windows 7 default MBR code
14:59:54.141    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
14:59:54.188    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       305143 MB offset 206848
14:59:54.203    Disk 0 scanning sectors +625139712
14:59:54.328    Disk 0 scanning C:\Windows\system32\drivers
15:00:33.221    Service scanning
15:00:47.933    Service MpKsl432d55ac c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{67FB5C3C-503F-43F8-B234-4A6D5BA5A53C}\MpKsl432d55ac.sys **LOCKED** 32
15:01:04.734    Modules scanning
15:01:34.312    Disk 0 trace - called modules:
15:01:34.374    ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS pciide.sys 
15:01:34.390    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x858bb810]
15:01:34.405    3 CLASSPNP.SYS[8859c59e] -> nt!IofCallDriver -> [0x857dc918]
15:01:34.421    5 ACPI.sys[8802a3d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x857c0908]
15:01:36.075    AVAST engine scan C:\Windows
15:01:55.793    AVAST engine scan C:\Windows\system32
15:06:38.140    AVAST engine scan C:\Windows\system32\drivers
15:06:51.665    AVAST engine scan C:\Users\Admin
15:08:53.221    AVAST engine scan C:\ProgramData
15:12:07.160    Scan finished successfully
15:12:34.632    Disk 0 MBR has been saved successfully to "C:\Users\Wolfgang\Desktop\MBR.dat"
15:12:34.647    The log file has been saved successfully to "C:\Users\Wolfgang\Desktop\aswMBR.txt"
         
und vom TDSSKiller

Code:
ATTFilter
15:17:11.0092 3768  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
15:17:11.0373 3768  ============================================================
15:17:11.0373 3768  Current date / time: 2013/02/16 15:17:11.0373
15:17:11.0373 3768  SystemInfo:
15:17:11.0373 3768  
15:17:11.0373 3768  OS Version: 6.1.7601 ServicePack: 1.0
15:17:11.0373 3768  Product type: Workstation
15:17:11.0373 3768  ComputerName: ADMIN-PC
15:17:11.0373 3768  UserName: Admin
15:17:11.0373 3768  Windows directory: C:\Windows
15:17:11.0373 3768  System windows directory: C:\Windows
15:17:11.0373 3768  Processor architecture: Intel x86
15:17:11.0373 3768  Number of processors: 2
15:17:11.0373 3768  Page size: 0x1000
15:17:11.0373 3768  Boot type: Normal boot
15:17:11.0373 3768  ============================================================
15:17:13.0213 3768  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
15:17:13.0213 3768  Drive \Device\Harddisk1\DR1 - Size: 0x15D50F66000 (1397.27 Gb), SectorSize: 0x200, Cylinders: 0x2C881, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
15:17:13.0354 3768  ============================================================
15:17:13.0354 3768  \Device\Harddisk0\DR0:
15:17:13.0354 3768  MBR partitions:
15:17:13.0354 3768  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
15:17:13.0354 3768  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x253FB800
15:17:13.0354 3768  \Device\Harddisk1\DR1:
15:17:13.0354 3768  MBR partitions:
15:17:13.0354 3768  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xAEA86800
15:17:13.0354 3768  ============================================================
15:17:13.0385 3768  C: <-> \Device\Harddisk0\DR0\Partition2
15:17:13.0806 3768  D: <-> \Device\Harddisk1\DR1\Partition1
15:17:13.0806 3768  ============================================================
15:17:13.0806 3768  Initialize success
15:17:13.0806 3768  ============================================================
15:17:56.0177 2680  ============================================================
15:17:56.0177 2680  Scan started
15:17:56.0177 2680  Mode: Manual; SigCheck; TDLFS; 
15:17:56.0177 2680  ============================================================
15:17:58.0002 2680  ================ Scan system memory ========================
15:17:58.0002 2680  System memory - ok
15:17:58.0002 2680  ================ Scan services =============================
15:17:58.0174 2680  [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
15:17:58.0220 2680  1394ohci - ok
15:17:58.0267 2680  [ E6F53D6C0DEA3D375362265E175CA638 ] acedrv11        C:\Windows\system32\drivers\acedrv11.sys
15:17:58.0501 2680  acedrv11 - ok
15:17:58.0532 2680  [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
15:17:58.0548 2680  ACPI - ok
15:17:58.0595 2680  [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
15:17:58.0642 2680  AcpiPmi - ok
15:17:58.0751 2680  [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
15:17:58.0782 2680  AdobeARMservice - ok
15:17:58.0876 2680  [ EC807244904FA170C299AB06D87FBDBE ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
15:17:58.0891 2680  AdobeFlashPlayerUpdateSvc - ok
15:17:58.0954 2680  [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
15:17:58.0969 2680  adp94xx - ok
15:17:59.0000 2680  [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
15:17:59.0016 2680  adpahci - ok
15:17:59.0032 2680  [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
15:17:59.0047 2680  adpu320 - ok
15:17:59.0078 2680  [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
15:17:59.0110 2680  AeLookupSvc - ok
15:17:59.0172 2680  [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD             C:\Windows\system32\drivers\afd.sys
15:17:59.0203 2680  AFD - ok
15:17:59.0250 2680  [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440          C:\Windows\system32\drivers\agp440.sys
15:17:59.0250 2680  agp440 - ok
15:17:59.0297 2680  [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx         C:\Windows\system32\DRIVERS\djsvs.sys
15:17:59.0328 2680  aic78xx - ok
15:17:59.0375 2680  [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG             C:\Windows\System32\alg.exe
15:17:59.0390 2680  ALG - ok
15:17:59.0422 2680  [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide          C:\Windows\system32\drivers\aliide.sys
15:17:59.0437 2680  aliide - ok
15:17:59.0484 2680  [ B19505648F033393E907E2E419FDE8B3 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
15:17:59.0500 2680  AMD External Events Utility - ok
15:17:59.0562 2680  [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
15:17:59.0562 2680  amdagp - ok
15:17:59.0593 2680  [ CD5914170297126B6266860198D1D4F0 ] amdide          C:\Windows\system32\drivers\amdide.sys
15:17:59.0593 2680  amdide - ok
15:17:59.0640 2680  [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
15:17:59.0656 2680  AmdK8 - ok
15:17:59.0671 2680  [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
15:17:59.0687 2680  AmdPPM - ok
15:17:59.0718 2680  [ D320BF87125326F996D4904FE24300FC ] amdsata         C:\Windows\system32\drivers\amdsata.sys
15:17:59.0718 2680  amdsata - ok
15:17:59.0749 2680  [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
15:17:59.0765 2680  amdsbs - ok
15:17:59.0780 2680  [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
15:17:59.0796 2680  amdxata - ok
15:17:59.0843 2680  [ AEA177F783E20150ACE5383EE368DA19 ] AppID           C:\Windows\system32\drivers\appid.sys
15:17:59.0952 2680  AppID - ok
15:17:59.0999 2680  [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
15:18:00.0077 2680  AppIDSvc - ok
15:18:00.0108 2680  [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo         C:\Windows\System32\appinfo.dll
15:18:00.0139 2680  Appinfo - ok
15:18:00.0280 2680  [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
15:18:00.0295 2680  Apple Mobile Device - ok
15:18:00.0342 2680  [ 2932004F49677BD84DBC72EDB754FFB3 ] arc             C:\Windows\system32\DRIVERS\arc.sys
15:18:00.0358 2680  arc - ok
15:18:00.0373 2680  [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
15:18:00.0389 2680  arcsas - ok
15:18:00.0420 2680  [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
15:18:00.0482 2680  AsyncMac - ok
15:18:00.0529 2680  [ 338C86357871C167A96AB976519BF59E ] atapi           C:\Windows\system32\drivers\atapi.sys
15:18:00.0545 2680  atapi - ok
15:18:00.0654 2680  [ 04F09923A393E4E0E8453A8F78361E73 ] atikmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
15:18:00.0748 2680  atikmdag - ok
15:18:00.0794 2680  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
15:18:00.0888 2680  AudioEndpointBuilder - ok
15:18:00.0904 2680  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
15:18:00.0935 2680  Audiosrv - ok
15:18:00.0966 2680  [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV        C:\Windows\System32\AxInstSV.dll
15:18:01.0013 2680  AxInstSV - ok
15:18:01.0060 2680  [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbdx.sys
15:18:01.0075 2680  b06bdrv - ok
15:18:01.0106 2680  [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x        C:\Windows\system32\DRIVERS\b57nd60x.sys
15:18:01.0122 2680  b57nd60x - ok
15:18:01.0153 2680  [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC          C:\Windows\System32\bdesvc.dll
15:18:01.0216 2680  BDESVC - ok
15:18:01.0231 2680  [ 505506526A9D467307B3C393DEDAF858 ] Beep            C:\Windows\system32\drivers\Beep.sys
15:18:01.0247 2680  Beep - ok
15:18:01.0294 2680  [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE             C:\Windows\System32\bfe.dll
15:18:01.0325 2680  BFE - ok
15:18:01.0372 2680  [ E585445D5021971FAE10393F0F1C3961 ] BITS            C:\Windows\System32\qmgr.dll
15:18:01.0418 2680  BITS - ok
15:18:01.0450 2680  [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
15:18:01.0465 2680  blbdrive - ok
15:18:01.0574 2680  [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
15:18:01.0606 2680  Bonjour Service - ok
15:18:01.0668 2680  [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
15:18:01.0684 2680  bowser - ok
15:18:01.0699 2680  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
15:18:01.0762 2680  BrFiltLo - ok
15:18:01.0777 2680  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
15:18:01.0808 2680  BrFiltUp - ok
15:18:01.0840 2680  [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser         C:\Windows\System32\browser.dll
15:18:01.0855 2680  Browser - ok
15:18:01.0855 2680  [ 845B8CE732E67F3B4133164868C666EA ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
15:18:01.0886 2680  Brserid - ok
15:18:01.0902 2680  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
15:18:01.0933 2680  BrSerWdm - ok
15:18:01.0933 2680  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
15:18:01.0949 2680  BrUsbMdm - ok
15:18:01.0964 2680  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
15:18:01.0980 2680  BrUsbSer - ok
15:18:01.0996 2680  [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
15:18:02.0027 2680  BTHMODEM - ok
15:18:02.0074 2680  [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv         C:\Windows\system32\bthserv.dll
15:18:02.0120 2680  bthserv - ok
15:18:02.0167 2680  [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
15:18:02.0230 2680  cdfs - ok
15:18:02.0292 2680  [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom           C:\Windows\system32\drivers\cdrom.sys
15:18:02.0308 2680  cdrom - ok
15:18:02.0370 2680  [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc     C:\Windows\System32\certprop.dll
15:18:02.0401 2680  CertPropSvc - ok
15:18:02.0432 2680  [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
15:18:02.0448 2680  circlass - ok
15:18:02.0464 2680  [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS            C:\Windows\system32\CLFS.sys
15:18:02.0479 2680  CLFS - ok
15:18:02.0557 2680  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:18:02.0557 2680  clr_optimization_v2.0.50727_32 - ok
15:18:02.0651 2680  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:18:02.0666 2680  clr_optimization_v4.0.30319_32 - ok
15:18:02.0682 2680  [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
15:18:02.0682 2680  CmBatt - ok
15:18:02.0729 2680  [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
15:18:02.0760 2680  cmdide - ok
15:18:02.0807 2680  [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG             C:\Windows\system32\Drivers\cng.sys
15:18:02.0854 2680  CNG - ok
15:18:02.0869 2680  [ A6023D3823C37043986713F118A89BEE ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
15:18:02.0885 2680  Compbatt - ok
15:18:02.0900 2680  [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
15:18:02.0932 2680  CompositeBus - ok
15:18:02.0947 2680  COMSysApp - ok
15:18:02.0978 2680  [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
15:18:02.0994 2680  crcdisk - ok
15:18:03.0056 2680  [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc        C:\Windows\system32\cryptsvc.dll
15:18:03.0072 2680  CryptSvc - ok
15:18:03.0119 2680  [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch      C:\Windows\system32\rpcss.dll
15:18:03.0166 2680  DcomLaunch - ok
15:18:03.0197 2680  [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc       C:\Windows\System32\defragsvc.dll
15:18:03.0228 2680  defragsvc - ok
15:18:03.0275 2680  [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
15:18:03.0322 2680  DfsC - ok
15:18:03.0368 2680  [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp            C:\Windows\system32\dhcpcore.dll
15:18:03.0384 2680  Dhcp - ok
15:18:03.0415 2680  [ 1A050B0274BFB3890703D490F330C0DA ] discache        C:\Windows\system32\drivers\discache.sys
15:18:03.0446 2680  discache - ok
15:18:03.0478 2680  [ 565003F326F99802E68CA78F2A68E9FF ] Disk            C:\Windows\system32\DRIVERS\disk.sys
15:18:03.0493 2680  Disk - ok
15:18:03.0524 2680  [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
15:18:03.0571 2680  Dnscache - ok
15:18:03.0618 2680  [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc         C:\Windows\System32\dot3svc.dll
15:18:03.0680 2680  dot3svc - ok
15:18:03.0727 2680  [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS             C:\Windows\system32\dps.dll
15:18:03.0774 2680  DPS - ok
15:18:03.0790 2680  [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
15:18:03.0805 2680  drmkaud - ok
15:18:03.0852 2680  [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
15:18:03.0868 2680  DXGKrnl - ok
15:18:03.0914 2680  [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost         C:\Windows\System32\eapsvc.dll
15:18:03.0946 2680  EapHost - ok
15:18:04.0008 2680  [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv           C:\Windows\system32\DRIVERS\evbdx.sys
15:18:04.0070 2680  ebdrv - ok
15:18:04.0117 2680  [ 81951F51E318AECC2D68559E47485CC4 ] EFS             C:\Windows\System32\lsass.exe
15:18:04.0148 2680  EFS - ok
15:18:04.0242 2680  [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
15:18:04.0304 2680  ehRecvr - ok
15:18:04.0336 2680  [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched         C:\Windows\ehome\ehsched.exe
15:18:04.0351 2680  ehSched - ok
15:18:04.0414 2680  [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
15:18:04.0429 2680  elxstor - ok
15:18:04.0460 2680  [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
15:18:04.0492 2680  ErrDev - ok
15:18:04.0538 2680  [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem     C:\Windows\system32\es.dll
15:18:04.0585 2680  EventSystem - ok
15:18:04.0616 2680  [ 2DC9108D74081149CC8B651D3A26207F ] exfat           C:\Windows\system32\drivers\exfat.sys
15:18:04.0648 2680  exfat - ok
15:18:04.0663 2680  [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
15:18:04.0679 2680  fastfat - ok
15:18:04.0741 2680  [ 967EA5B213E9984CBE270205DF37755B ] Fax             C:\Windows\system32\fxssvc.exe
15:18:04.0772 2680  Fax - ok
15:18:04.0804 2680  [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
15:18:04.0804 2680  fdc - ok
15:18:04.0835 2680  [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost         C:\Windows\system32\fdPHost.dll
15:18:04.0850 2680  fdPHost - ok
15:18:04.0866 2680  [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub        C:\Windows\system32\fdrespub.dll
15:18:04.0897 2680  FDResPub - ok
15:18:04.0928 2680  [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
15:18:04.0944 2680  FileInfo - ok
15:18:04.0944 2680  [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
15:18:04.0991 2680  Filetrace - ok
15:18:05.0006 2680  [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
15:18:05.0022 2680  flpydisk - ok
15:18:05.0053 2680  [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
15:18:05.0069 2680  FltMgr - ok
15:18:05.0116 2680  [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache       C:\Windows\system32\FntCache.dll
15:18:05.0194 2680  FontCache - ok
15:18:05.0240 2680  [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
15:18:05.0256 2680  FontCache3.0.0.0 - ok
15:18:05.0287 2680  [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
15:18:05.0303 2680  FsDepends - ok
15:18:05.0334 2680  [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
15:18:05.0350 2680  Fs_Rec - ok
15:18:05.0412 2680  [ 8A73E79089B282100B9393B644CB853B ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
15:18:05.0428 2680  fvevol - ok
15:18:05.0459 2680  [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
15:18:05.0474 2680  gagp30kx - ok
15:18:05.0521 2680  [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
15:18:05.0521 2680  GEARAspiWDM - ok
15:18:05.0568 2680  [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc           C:\Windows\System32\gpsvc.dll
15:18:05.0615 2680  gpsvc - ok
15:18:05.0724 2680  [ F02A533F517EB38333CB12A9E8963773 ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
15:18:05.0740 2680  gupdate - ok
15:18:05.0740 2680  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
15:18:05.0755 2680  gupdatem - ok
15:18:05.0802 2680  [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc           C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
15:18:05.0833 2680  gusvc - ok
15:18:05.0989 2680  [ CCEEE2B29DC6A6F6F702D282CA407033 ] HauppaugeTVServer C:\Program Files\WinTV\TVServer\HauppaugeTVServer.exe
15:18:06.0208 2680  HauppaugeTVServer ( UnsignedFile.Multi.Generic ) - warning
15:18:06.0208 2680  HauppaugeTVServer - detected UnsignedFile.Multi.Generic (1)
15:18:06.0223 2680  [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
15:18:06.0239 2680  hcw85cir - ok
15:18:06.0317 2680  [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
15:18:06.0348 2680  HdAudAddService - ok
15:18:06.0364 2680  [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
15:18:06.0379 2680  HDAudBus - ok
15:18:06.0379 2680  [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
15:18:06.0410 2680  HidBatt - ok
15:18:06.0410 2680  [ 89448F40E6DF260C206A193A4683BA78 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
15:18:06.0442 2680  HidBth - ok
15:18:06.0473 2680  [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
15:18:06.0488 2680  HidIr - ok
15:18:06.0504 2680  [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv         C:\Windows\system32\hidserv.dll
15:18:06.0551 2680  hidserv - ok
15:18:06.0629 2680  [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
15:18:06.0644 2680  HidUsb - ok
15:18:06.0691 2680  [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc          C:\Windows\system32\kmsvc.dll
15:18:06.0769 2680  hkmsvc - ok
15:18:06.0800 2680  [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
15:18:06.0847 2680  HomeGroupListener - ok
15:18:06.0878 2680  [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
15:18:06.0925 2680  HomeGroupProvider - ok
15:18:06.0988 2680  [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
15:18:07.0003 2680  HpSAMD - ok
15:18:07.0066 2680  [ 871917B07A141BFF43D76D8844D48106 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
15:18:07.0081 2680  HTTP - ok
15:18:07.0112 2680  [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
15:18:07.0112 2680  hwpolicy - ok
15:18:07.0175 2680  [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
15:18:07.0190 2680  i8042prt - ok
15:18:07.0206 2680  [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
15:18:07.0222 2680  iaStorV - ok
15:18:07.0300 2680  [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
15:18:07.0346 2680  idsvc - ok
15:18:07.0409 2680  [ 4173FF5708F3236CF25195FECD742915 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
15:18:07.0409 2680  iirsp - ok
15:18:07.0487 2680  [ F95622F161474511B8D80D6B093AA610 ] IKEEXT          C:\Windows\System32\ikeext.dll
15:18:07.0534 2680  IKEEXT - ok
15:18:07.0565 2680  [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide        C:\Windows\system32\drivers\intelide.sys
15:18:07.0580 2680  intelide - ok
15:18:07.0612 2680  [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
15:18:07.0627 2680  intelppm - ok
15:18:07.0658 2680  [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
15:18:07.0705 2680  IPBusEnum - ok
15:18:07.0705 2680  [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:18:07.0736 2680  IpFilterDriver - ok
15:18:07.0799 2680  [ 58F67245D041FBE7AF88F4EAF79DF0FA ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
15:18:07.0830 2680  iphlpsvc - ok
15:18:07.0877 2680  [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
15:18:07.0924 2680  IPMIDRV - ok
15:18:07.0955 2680  [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
15:18:08.0002 2680  IPNAT - ok
15:18:08.0080 2680  [ E8A39D41474BE42FD8830CED32932D6C ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
15:18:08.0095 2680  iPod Service - ok
15:18:08.0126 2680  [ 42996CFF20A3084A56017B7902307E9F ] IRENUM          C:\Windows\system32\drivers\irenum.sys
15:18:08.0142 2680  IRENUM - ok
15:18:08.0189 2680  [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
15:18:08.0204 2680  isapnp - ok
15:18:08.0220 2680  [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
15:18:08.0236 2680  iScsiPrt - ok
15:18:08.0267 2680  [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
15:18:08.0267 2680  kbdclass - ok
15:18:08.0298 2680  [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
15:18:08.0314 2680  kbdhid - ok
15:18:08.0345 2680  [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso          C:\Windows\system32\lsass.exe
15:18:08.0345 2680  KeyIso - ok
15:18:08.0376 2680  [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
15:18:08.0392 2680  KSecDD - ok
15:18:08.0423 2680  [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
15:18:08.0438 2680  KSecPkg - ok
15:18:08.0470 2680  [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm           C:\Windows\system32\msdtckrm.dll
15:18:08.0501 2680  KtmRm - ok
15:18:08.0532 2680  [ F7CDABA15C7E853F0A11AF6D77FCA990 ] L1E             C:\Windows\system32\DRIVERS\L1E62x86.sys
15:18:08.0548 2680  L1E - ok
15:18:08.0594 2680  [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer    C:\Windows\system32\srvsvc.dll
15:18:08.0672 2680  LanmanServer - ok
15:18:08.0704 2680  [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
15:18:08.0735 2680  LanmanWorkstation - ok
15:18:08.0782 2680  [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
15:18:08.0797 2680  lltdio - ok
15:18:08.0828 2680  [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
15:18:08.0875 2680  lltdsvc - ok
15:18:08.0906 2680  [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts         C:\Windows\System32\lmhsvc.dll
15:18:08.0938 2680  lmhosts - ok
15:18:08.0969 2680  [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
15:18:08.0984 2680  LSI_FC - ok
15:18:09.0000 2680  [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
15:18:09.0000 2680  LSI_SAS - ok
15:18:09.0016 2680  [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
15:18:09.0031 2680  LSI_SAS2 - ok
15:18:09.0062 2680  [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
15:18:09.0078 2680  LSI_SCSI - ok
15:18:09.0094 2680  [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv           C:\Windows\system32\drivers\luafv.sys
15:18:09.0125 2680  luafv - ok
15:18:09.0156 2680  [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
15:18:09.0187 2680  Mcx2Svc - ok
15:18:09.0218 2680  [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
15:18:09.0250 2680  megasas - ok
15:18:09.0265 2680  [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
15:18:09.0281 2680  MegaSR - ok
15:18:09.0328 2680  [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS           C:\Windows\system32\mmcss.dll
15:18:09.0359 2680  MMCSS - ok
15:18:09.0374 2680  [ F001861E5700EE84E2D4E52C712F4964 ] Modem           C:\Windows\system32\drivers\modem.sys
15:18:09.0406 2680  Modem - ok
15:18:09.0437 2680  [ 79D10964DE86B292320E9DFE02282A23 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
15:18:09.0452 2680  monitor - ok
15:18:09.0484 2680  [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
15:18:09.0499 2680  mouclass - ok
15:18:09.0530 2680  [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
15:18:09.0562 2680  mouhid - ok
15:18:09.0593 2680  [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
15:18:09.0608 2680  mountmgr - ok
15:18:09.0671 2680  [ EE728AF83850DDAD9A3FCAC0AAB3AD97 ] MpFilter        C:\Windows\system32\DRIVERS\MpFilter.sys
15:18:09.0718 2680  MpFilter - ok
15:18:09.0764 2680  [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio            C:\Windows\system32\drivers\mpio.sys
15:18:09.0796 2680  mpio - ok
15:18:09.0796 2680  [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
15:18:09.0842 2680  mpsdrv - ok
15:18:09.0889 2680  [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc          C:\Windows\system32\mpssvc.dll
15:18:09.0936 2680  MpsSvc - ok
15:18:09.0983 2680  [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
15:18:09.0998 2680  MRxDAV - ok
15:18:10.0045 2680  [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
15:18:10.0076 2680  mrxsmb - ok
15:18:10.0123 2680  [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:18:10.0170 2680  mrxsmb10 - ok
15:18:10.0201 2680  [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:18:10.0232 2680  mrxsmb20 - ok
15:18:10.0279 2680  [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci          C:\Windows\system32\drivers\msahci.sys
15:18:10.0295 2680  msahci - ok
15:18:10.0310 2680  [ 55055F8AD8BE27A64C831322A780A228 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
15:18:10.0326 2680  msdsm - ok
15:18:10.0373 2680  [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC           C:\Windows\System32\msdtc.exe
15:18:10.0404 2680  MSDTC - ok
15:18:10.0435 2680  [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs            C:\Windows\system32\drivers\Msfs.sys
15:18:10.0451 2680  Msfs - ok
15:18:10.0466 2680  [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
15:18:10.0498 2680  mshidkmdf - ok
15:18:10.0529 2680  [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
15:18:10.0529 2680  msisadrv - ok
15:18:10.0591 2680  [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
15:18:10.0638 2680  MSiSCSI - ok
15:18:10.0654 2680  msiserver - ok
15:18:10.0654 2680  [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
15:18:10.0685 2680  MSKSSRV - ok
15:18:10.0794 2680  [ E077FCA2A7E79FB9BF67D3E30B5CE593 ] MsMpSvc         c:\Program Files\Microsoft Security Client\MsMpEng.exe
15:18:10.0825 2680  MsMpSvc - ok
15:18:10.0856 2680  [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
15:18:10.0888 2680  MSPCLOCK - ok
15:18:10.0903 2680  [ F456E973590D663B1073E9C463B40932 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
15:18:10.0934 2680  MSPQM - ok
15:18:10.0950 2680  [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
15:18:10.0966 2680  MsRPC - ok
15:18:11.0012 2680  [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
15:18:11.0028 2680  mssmbios - ok
15:18:11.0028 2680  [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
15:18:11.0059 2680  MSTEE - ok
15:18:11.0075 2680  [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
15:18:11.0075 2680  MTConfig - ok
15:18:11.0106 2680  [ D48659BB24C48345D926ECB45C1EBDF5 ] MTsensor        C:\Windows\system32\DRIVERS\ASACPI.sys
15:18:11.0122 2680  MTsensor - ok
15:18:11.0137 2680  [ 159FAD02F64E6381758C990F753BCC80 ] Mup             C:\Windows\system32\Drivers\mup.sys
15:18:11.0137 2680  Mup - ok
15:18:11.0184 2680  [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent        C:\Windows\system32\qagentRT.dll
15:18:11.0200 2680  napagent - ok
15:18:11.0246 2680  [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
15:18:11.0293 2680  NativeWifiP - ok
15:18:11.0356 2680  [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS            C:\Windows\system32\drivers\ndis.sys
15:18:11.0387 2680  NDIS - ok
15:18:11.0387 2680  [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
15:18:11.0434 2680  NdisCap - ok
15:18:11.0465 2680  [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
15:18:11.0512 2680  NdisTapi - ok
15:18:11.0543 2680  [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
15:18:11.0558 2680  Ndisuio - ok
15:18:11.0590 2680  [ 38FBE267E7E6983311179230FACB1017 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
15:18:11.0636 2680  NdisWan - ok
15:18:11.0668 2680  [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
15:18:11.0714 2680  NDProxy - ok
15:18:11.0730 2680  [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
15:18:11.0761 2680  NetBIOS - ok
15:18:11.0808 2680  [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
15:18:11.0902 2680  NetBT - ok
15:18:11.0933 2680  [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon        C:\Windows\system32\lsass.exe
15:18:11.0933 2680  Netlogon - ok
15:18:11.0980 2680  [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman          C:\Windows\System32\netman.dll
15:18:12.0026 2680  Netman - ok
15:18:12.0042 2680  [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm        C:\Windows\System32\netprofm.dll
15:18:12.0073 2680  netprofm - ok
15:18:12.0120 2680  [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:18:12.0136 2680  NetTcpPortSharing - ok
15:18:12.0167 2680  [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
15:18:12.0182 2680  nfrd960 - ok
15:18:12.0245 2680  [ 2CD24A6AF497D0E9B9BF3DA924ED05E6 ] NisDrv          C:\Windows\system32\DRIVERS\NisDrvWFP.sys
15:18:12.0260 2680  NisDrv - ok
15:18:12.0307 2680  [ 3B846434055F80D9E89D0742F3ADAD34 ] NisSrv          c:\Program Files\Microsoft Security Client\NisSrv.exe
15:18:12.0323 2680  NisSrv - ok
15:18:12.0354 2680  [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc          C:\Windows\System32\nlasvc.dll
15:18:12.0385 2680  NlaSvc - ok
15:18:12.0401 2680  [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
15:18:12.0432 2680  Npfs - ok
15:18:12.0448 2680  [ BA387E955E890C8A88306D9B8D06BF17 ] nsi             C:\Windows\system32\nsisvc.dll
15:18:12.0463 2680  nsi - ok
15:18:12.0494 2680  [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
15:18:12.0526 2680  nsiproxy - ok
15:18:12.0604 2680  [ 0D87503986BB3DFED58E343FE39DDE13 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
15:18:12.0666 2680  Ntfs - ok
15:18:12.0682 2680  [ F9756A98D69098DCA8945D62858A812C ] Null            C:\Windows\system32\drivers\Null.sys
15:18:12.0713 2680  Null - ok
15:18:12.0775 2680  [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
15:18:12.0791 2680  nvraid - ok
15:18:12.0822 2680  [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
15:18:12.0838 2680  nvstor - ok
15:18:12.0853 2680  [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
15:18:12.0869 2680  nv_agp - ok
15:18:12.0884 2680  [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
15:18:12.0900 2680  ohci1394 - ok
15:18:12.0916 2680  [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
15:18:12.0947 2680  p2pimsvc - ok
15:18:12.0978 2680  [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc          C:\Windows\system32\p2psvc.dll
15:18:12.0994 2680  p2psvc - ok
15:18:13.0009 2680  [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
15:18:13.0040 2680  Parport - ok
15:18:13.0072 2680  [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr         C:\Windows\system32\drivers\partmgr.sys
15:18:13.0087 2680  partmgr - ok
15:18:13.0103 2680  [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm          C:\Windows\system32\DRIVERS\parvdm.sys
15:18:13.0118 2680  Parvdm - ok
15:18:13.0134 2680  [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc          C:\Windows\System32\pcasvc.dll
15:18:13.0150 2680  PcaSvc - ok
15:18:13.0196 2680  [ 673E55C3498EB970088E812EA820AA8F ] pci             C:\Windows\system32\drivers\pci.sys
15:18:13.0228 2680  pci - ok
15:18:13.0259 2680  [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide          C:\Windows\system32\drivers\pciide.sys
15:18:13.0274 2680  pciide - ok
15:18:13.0306 2680  [ F396431B31693E71E8A80687EF523506 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
15:18:13.0321 2680  pcmcia - ok
15:18:13.0337 2680  [ 250F6B43D2B613172035C6747AEEB19F ] pcw             C:\Windows\system32\drivers\pcw.sys
15:18:13.0352 2680  pcw - ok
15:18:13.0384 2680  [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
15:18:13.0462 2680  PEAUTH - ok
15:18:13.0555 2680  [ 8B7AEC0ABA77DE5D2FEAC1824C15A3FA ] Ph3xIB32        C:\Windows\system32\DRIVERS\Ph3xIB32.sys
15:18:13.0586 2680  Ph3xIB32 - ok
15:18:13.0649 2680  [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla             C:\Windows\system32\pla.dll
15:18:13.0696 2680  pla - ok
15:18:13.0758 2680  [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
15:18:13.0774 2680  PlugPlay - ok
15:18:13.0805 2680  [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
15:18:13.0852 2680  PNRPAutoReg - ok
15:18:13.0883 2680  [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
15:18:13.0914 2680  PNRPsvc - ok
15:18:13.0945 2680  [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
15:18:13.0976 2680  PolicyAgent - ok
15:18:14.0008 2680  [ F87D30E72E03D579A5199CCB3831D6EA ] Power           C:\Windows\system32\umpo.dll
15:18:14.0023 2680  Power - ok
15:18:14.0086 2680  [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
15:18:14.0117 2680  PptpMiniport - ok
15:18:14.0132 2680  [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor       C:\Windows\system32\DRIVERS\processr.sys
15:18:14.0164 2680  Processor - ok
15:18:14.0210 2680  [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc         C:\Windows\system32\profsvc.dll
15:18:14.0242 2680  ProfSvc - ok
15:18:14.0273 2680  [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
15:18:14.0288 2680  ProtectedStorage - ok
15:18:14.0320 2680  [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
15:18:14.0335 2680  Psched - ok
15:18:14.0413 2680  [ A6A7AD767BF5141665F5C675F671B3E1 ] PSI_SVC_2       C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
15:18:14.0444 2680  PSI_SVC_2 - ok
15:18:14.0522 2680  [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
15:18:14.0569 2680  ql2300 - ok
15:18:14.0600 2680  [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
15:18:14.0616 2680  ql40xx - ok
15:18:14.0632 2680  [ 31AC809E7707EB580B2BDB760390765A ] QWAVE           C:\Windows\system32\qwave.dll
15:18:14.0663 2680  QWAVE - ok
15:18:14.0694 2680  [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
15:18:14.0694 2680  QWAVEdrv - ok
15:18:14.0788 2680  [ 8F97D374AD1857E1EED85A79F29A1D3D ] RapiMgr         C:\Windows\WindowsMobile\rapimgr.dll
15:18:14.0788 2680  RapiMgr - ok
15:18:14.0803 2680  [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
15:18:14.0850 2680  RasAcd - ok
15:18:14.0866 2680  [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
15:18:14.0897 2680  RasAgileVpn - ok
15:18:14.0928 2680  [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto         C:\Windows\System32\rasauto.dll
15:18:14.0944 2680  RasAuto - ok
15:18:14.0975 2680  [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
15:18:15.0006 2680  Rasl2tp - ok
15:18:15.0100 2680  [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan          C:\Windows\System32\rasmans.dll
15:18:15.0178 2680  RasMan - ok
15:18:15.0193 2680  [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
15:18:15.0240 2680  RasPppoe - ok
15:18:15.0256 2680  [ 44101F495A83EA6401D886E7FD70096B ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
15:18:15.0287 2680  RasSstp - ok
15:18:15.0318 2680  [ D528BC58A489409BA40334EBF96A311B ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
15:18:15.0365 2680  rdbss - ok
15:18:15.0365 2680  [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
15:18:15.0380 2680  rdpbus - ok
15:18:15.0412 2680  [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
15:18:15.0474 2680  RDPCDD - ok
15:18:15.0490 2680  [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
15:18:15.0505 2680  RDPENCDD - ok
15:18:15.0536 2680  [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
15:18:15.0552 2680  RDPREFMP - ok
15:18:15.0599 2680  [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
15:18:15.0630 2680  RDPWD - ok
15:18:15.0677 2680  [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
15:18:15.0708 2680  rdyboost - ok
15:18:15.0755 2680  [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess    C:\Windows\System32\mprdim.dll
15:18:15.0833 2680  RemoteAccess - ok
15:18:15.0864 2680  [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
15:18:15.0911 2680  RemoteRegistry - ok
15:18:15.0942 2680  [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
15:18:15.0989 2680  RpcEptMapper - ok
15:18:16.0004 2680  [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator      C:\Windows\system32\locator.exe
15:18:16.0036 2680  RpcLocator - ok
15:18:16.0067 2680  [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs           C:\Windows\system32\rpcss.dll
15:18:16.0082 2680  RpcSs - ok
15:18:16.0129 2680  [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
15:18:16.0145 2680  rspndr - ok
15:18:16.0176 2680  [ 81951F51E318AECC2D68559E47485CC4 ] SamSs           C:\Windows\system32\lsass.exe
15:18:16.0192 2680  SamSs - ok
15:18:16.0238 2680  [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
15:18:16.0254 2680  sbp2port - ok
15:18:16.0285 2680  [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
15:18:16.0316 2680  SCardSvr - ok
15:18:16.0332 2680  [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
15:18:16.0348 2680  scfilter - ok
15:18:16.0410 2680  [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule        C:\Windows\system32\schedsvc.dll
15:18:16.0488 2680  Schedule - ok
15:18:16.0519 2680  [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc     C:\Windows\System32\certprop.dll
15:18:16.0535 2680  SCPolicySvc - ok
15:18:16.0566 2680  [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
15:18:16.0613 2680  SDRSVC - ok
15:18:16.0644 2680  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
15:18:16.0675 2680  secdrv - ok
15:18:16.0691 2680  [ A59B3A4442C52060CC7A85293AA3546F ] seclogon        C:\Windows\system32\seclogon.dll
15:18:16.0738 2680  seclogon - ok
15:18:16.0769 2680  [ DCB7FCDCC97F87360F75D77425B81737 ] SENS            C:\Windows\System32\sens.dll
15:18:16.0784 2680  SENS - ok
15:18:16.0816 2680  [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc        C:\Windows\system32\sensrsvc.dll
15:18:16.0831 2680  SensrSvc - ok
15:18:16.0847 2680  [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
15:18:16.0847 2680  Serenum - ok
15:18:16.0894 2680  [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
15:18:16.0909 2680  Serial - ok
15:18:16.0940 2680  [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
15:18:16.0972 2680  sermouse - ok
15:18:17.0018 2680  [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv      C:\Windows\system32\sessenv.dll
15:18:17.0065 2680  SessionEnv - ok
15:18:17.0081 2680  [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
15:18:17.0128 2680  sffdisk - ok
15:18:17.0159 2680  [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
15:18:17.0190 2680  sffp_mmc - ok
15:18:17.0206 2680  [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
15:18:17.0221 2680  sffp_sd - ok
15:18:17.0252 2680  [ DB96666CC8312EBC45032F30B007A547 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
15:18:17.0268 2680  sfloppy - ok
15:18:17.0299 2680  [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
15:18:17.0346 2680  SharedAccess - ok
15:18:17.0377 2680  [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
15:18:17.0424 2680  ShellHWDetection - ok
15:18:17.0471 2680  [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp          C:\Windows\system32\drivers\sisagp.sys
15:18:17.0471 2680  sisagp - ok
15:18:17.0518 2680  [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
15:18:17.0533 2680  SiSRaid2 - ok
15:18:17.0549 2680  [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
15:18:17.0564 2680  SiSRaid4 - ok
15:18:17.0596 2680  [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb             C:\Windows\system32\DRIVERS\smb.sys
15:18:17.0611 2680  Smb - ok
15:18:17.0658 2680  [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
15:18:17.0674 2680  SNMPTRAP - ok
15:18:17.0689 2680  [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr           C:\Windows\system32\drivers\spldr.sys
15:18:17.0689 2680  spldr - ok
15:18:17.0736 2680  [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler         C:\Windows\System32\spoolsv.exe
15:18:17.0814 2680  Spooler - ok
15:18:17.0908 2680  [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc          C:\Windows\system32\sppsvc.exe
15:18:17.0970 2680  sppsvc - ok
15:18:18.0001 2680  [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
15:18:18.0095 2680  sppuinotify - ok
15:18:18.0110 2680  [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv             C:\Windows\system32\DRIVERS\srv.sys
15:18:18.0157 2680  srv - ok
15:18:18.0173 2680  [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
15:18:18.0204 2680  srv2 - ok
15:18:18.0235 2680  [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
15:18:18.0266 2680  srvnet - ok
15:18:18.0298 2680  [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
15:18:18.0313 2680  SSDPSRV - ok
15:18:18.0329 2680  [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
15:18:18.0360 2680  SstpSvc - ok
15:18:18.0391 2680  [ DB32D325C192B801DF274BFD12A7E72B ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
15:18:18.0391 2680  stexstor - ok
15:18:18.0438 2680  [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc          C:\Windows\System32\wiaservc.dll
15:18:18.0485 2680  StiSvc - ok
15:18:18.0532 2680  [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum          C:\Windows\system32\drivers\swenum.sys
15:18:18.0532 2680  swenum - ok
15:18:18.0578 2680  [ A28BD92DF340E57B024BA433165D34D7 ] swprv           C:\Windows\System32\swprv.dll
15:18:18.0610 2680  swprv - ok
15:18:18.0672 2680  [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain         C:\Windows\system32\sysmain.dll
15:18:18.0734 2680  SysMain - ok
15:18:18.0766 2680  [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
15:18:18.0797 2680  TabletInputService - ok
15:18:18.0844 2680  [ 613BF4820361543956909043A265C6AC ] TapiSrv         C:\Windows\System32\tapisrv.dll
15:18:18.0875 2680  TapiSrv - ok
15:18:18.0906 2680  [ B799D9FDB26111737F58288D8DC172D9 ] TBS             C:\Windows\System32\tbssvc.dll
15:18:18.0937 2680  TBS - ok
15:18:19.0031 2680  [ 7C0507D2391AF5933600CBCED799F277 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
15:18:19.0062 2680  Tcpip - ok
15:18:19.0078 2680  [ 7C0507D2391AF5933600CBCED799F277 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
15:18:19.0109 2680  TCPIP6 - ok
15:18:19.0156 2680  [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
15:18:19.0171 2680  tcpipreg - ok
15:18:19.0218 2680  [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
15:18:19.0265 2680  TDPIPE - ok
15:18:19.0312 2680  [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
15:18:19.0358 2680  TDTCP - ok
15:18:19.0390 2680  [ B459575348C20E8121D6039DA063C704 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
15:18:19.0421 2680  tdx - ok
15:18:19.0452 2680  [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD          C:\Windows\system32\drivers\termdd.sys
15:18:19.0468 2680  TermDD - ok
15:18:19.0530 2680  [ 382C804C92811BE57829D8E550A900E2 ] TermService     C:\Windows\System32\termsrv.dll
15:18:19.0561 2680  TermService - ok
15:18:19.0608 2680  [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes          C:\Windows\system32\themeservice.dll
15:18:19.0624 2680  Themes - ok
15:18:19.0639 2680  [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER     C:\Windows\system32\mmcss.dll
15:18:19.0655 2680  THREADORDER - ok
15:18:19.0655 2680  [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks          C:\Windows\System32\trkwks.dll
15:18:19.0702 2680  TrkWks - ok
15:18:19.0764 2680  [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
15:18:19.0795 2680  TrustedInstaller - ok
15:18:19.0826 2680  [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
15:18:19.0858 2680  tssecsrv - ok
15:18:19.0951 2680  [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
15:18:19.0982 2680  TsUsbFlt - ok
15:18:20.0045 2680  [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
15:18:20.0092 2680  tunnel - ok
15:18:20.0123 2680  [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
15:18:20.0123 2680  uagp35 - ok
15:18:20.0170 2680  [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
15:18:20.0216 2680  udfs - ok
15:18:20.0232 2680  [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
15:18:20.0263 2680  UI0Detect - ok
15:18:20.0310 2680  [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
15:18:20.0326 2680  uliagpkx - ok
15:18:20.0341 2680  [ D295BED4B898F0FD999FCFA9B32B071B ] umbus           C:\Windows\system32\drivers\umbus.sys
15:18:20.0357 2680  umbus - ok
15:18:20.0372 2680  [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
15:18:20.0388 2680  UmPass - ok
15:18:20.0404 2680  [ 833FBB672460EFCE8011D262175FAD33 ] upnphost        C:\Windows\System32\upnphost.dll
15:18:20.0435 2680  upnphost - ok
15:18:20.0482 2680  [ 8BF5D980CDCE35FB26F05047144BB57E ] USBAAPL         C:\Windows\system32\Drivers\usbaapl.sys
15:18:20.0528 2680  USBAAPL - ok
15:18:20.0560 2680  [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
15:18:20.0606 2680  usbccgp - ok
15:18:20.0653 2680  [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
15:18:20.0684 2680  usbcir - ok
15:18:20.0716 2680  [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
15:18:20.0716 2680  usbehci - ok
15:18:20.0762 2680  [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
15:18:20.0794 2680  usbhub - ok
15:18:20.0840 2680  [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
15:18:20.0872 2680  usbohci - ok
15:18:20.0887 2680  [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
15:18:20.0903 2680  usbprint - ok
15:18:20.0918 2680  [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
15:18:20.0950 2680  usbscan - ok
15:18:20.0965 2680  [ F991AB9CC6B908DB552166768176896A ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:18:20.0996 2680  USBSTOR - ok
15:18:21.0012 2680  [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
15:18:21.0059 2680  usbuhci - ok
15:18:21.0090 2680  [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms           C:\Windows\System32\uxsms.dll
15:18:21.0168 2680  UxSms - ok
15:18:21.0199 2680  [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc        C:\Windows\system32\lsass.exe
15:18:21.0199 2680  VaultSvc - ok
15:18:21.0230 2680  [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
15:18:21.0246 2680  vdrvroot - ok
15:18:21.0293 2680  [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds             C:\Windows\System32\vds.exe
15:18:21.0324 2680  vds - ok
15:18:21.0355 2680  [ 17C408214EA61696CEC9C66E388B14F3 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
15:18:21.0371 2680  vga - ok
15:18:21.0386 2680  [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave         C:\Windows\System32\drivers\vga.sys
15:18:21.0402 2680  VgaSave - ok
15:18:21.0449 2680  [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
15:18:21.0464 2680  vhdmp - ok
15:18:21.0496 2680  [ C829317A37B4BEA8F39735D4B076E923 ] viaagp          C:\Windows\system32\drivers\viaagp.sys
15:18:21.0511 2680  viaagp - ok
15:18:21.0511 2680  [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7           C:\Windows\system32\DRIVERS\viac7.sys
15:18:21.0527 2680  ViaC7 - ok
15:18:21.0558 2680  [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide          C:\Windows\system32\drivers\viaide.sys
15:18:21.0558 2680  viaide - ok
15:18:21.0605 2680  [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
15:18:21.0605 2680  volmgr - ok
15:18:21.0636 2680  [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
15:18:21.0652 2680  volmgrx - ok
15:18:21.0667 2680  [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
15:18:21.0683 2680  volsnap - ok
15:18:21.0730 2680  [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
15:18:21.0730 2680  vsmraid - ok
15:18:21.0776 2680  [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS             C:\Windows\system32\vssvc.exe
15:18:21.0808 2680  VSS - ok
15:18:21.0823 2680  [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
15:18:21.0854 2680  vwifibus - ok
15:18:21.0886 2680  [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time         C:\Windows\system32\w32time.dll
15:18:21.0917 2680  W32Time - ok
15:18:21.0948 2680  [ DE3721E89C653AA281428C8A69745D90 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
15:18:21.0948 2680  WacomPen - ok
15:18:21.0995 2680  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
15:18:22.0073 2680  WANARP - ok
15:18:22.0088 2680  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
15:18:22.0120 2680  Wanarpv6 - ok
15:18:22.0213 2680  [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
15:18:22.0244 2680  WatAdminSvc - ok
15:18:22.0291 2680  [ 691E3285E53DCA558E1A84667F13E15A ] wbengine        C:\Windows\system32\wbengine.exe
15:18:22.0338 2680  wbengine - ok
15:18:22.0369 2680  [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
15:18:22.0400 2680  WbioSrvc - ok
15:18:22.0447 2680  [ 59E19BD13C3BDB857646B9E436BA27F7 ] WcesComm        C:\Windows\WindowsMobile\wcescomm.dll
15:18:22.0463 2680  WcesComm - ok
15:18:22.0510 2680  [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc         C:\Windows\System32\wcncsvc.dll
15:18:22.0556 2680  wcncsvc - ok
15:18:22.0588 2680  [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
15:18:22.0619 2680  WcsPlugInService - ok
15:18:22.0650 2680  [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd              C:\Windows\system32\DRIVERS\wd.sys
15:18:22.0666 2680  Wd - ok
15:18:22.0728 2680  [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
15:18:22.0744 2680  Wdf01000 - ok
15:18:22.0775 2680  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
15:18:22.0790 2680  WdiServiceHost - ok
15:18:22.0790 2680  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost   C:\Windows\system32\wdi.dll
15:18:22.0806 2680  WdiSystemHost - ok
15:18:22.0853 2680  [ A9D880F97530D5B8FEE278923349929D ] WebClient       C:\Windows\System32\webclnt.dll
15:18:22.0884 2680  WebClient - ok
15:18:22.0915 2680  [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc          C:\Windows\system32\wecsvc.dll
15:18:22.0946 2680  Wecsvc - ok
15:18:22.0962 2680  [ AC804569BB2364FB6017370258A4091B ] wercplsupport   C:\Windows\System32\wercplsupport.dll
15:18:23.0009 2680  wercplsupport - ok
15:18:23.0040 2680  [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc          C:\Windows\System32\WerSvc.dll
15:18:23.0071 2680  WerSvc - ok
15:18:23.0102 2680  [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
15:18:23.0118 2680  WfpLwf - ok
15:18:23.0134 2680  [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
15:18:23.0149 2680  WIMMount - ok
15:18:23.0196 2680  [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
15:18:23.0227 2680  WinDefend - ok
15:18:23.0227 2680  WinHttpAutoProxySvc - ok
15:18:23.0290 2680  [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
15:18:23.0336 2680  Winmgmt - ok
15:18:23.0399 2680  [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM           C:\Windows\system32\WsmSvc.dll
15:18:23.0492 2680  WinRM - ok
15:18:23.0555 2680  [ A67E5F9A400F3BD1BE3D80613B45F708 ] WINUSB          C:\Windows\system32\drivers\WinUSB.SYS
15:18:23.0586 2680  WINUSB - ok
15:18:23.0617 2680  [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc         C:\Windows\System32\wlansvc.dll
15:18:23.0648 2680  Wlansvc - ok
15:18:23.0695 2680  [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
15:18:23.0726 2680  WmiAcpi - ok
15:18:23.0758 2680  [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
15:18:23.0773 2680  wmiApSrv - ok
15:18:23.0867 2680  [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
15:18:23.0945 2680  WMPNetworkSvc - ok
15:18:23.0976 2680  [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc          C:\Windows\System32\wpcsvc.dll
15:18:24.0007 2680  WPCSvc - ok
15:18:24.0054 2680  [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
15:18:24.0070 2680  WPDBusEnum - ok
15:18:24.0101 2680  [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
15:18:24.0132 2680  ws2ifsl - ok
15:18:24.0148 2680  [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc          C:\Windows\System32\wscsvc.dll
15:18:24.0163 2680  wscsvc - ok
15:18:24.0179 2680  WSearch - ok
15:18:24.0241 2680  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\Windows\system32\wuaueng.dll
15:18:24.0288 2680  wuauserv - ok
15:18:24.0319 2680  [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
15:18:24.0335 2680  WudfPf - ok
15:18:24.0366 2680  [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
15:18:24.0366 2680  WUDFRd - ok
15:18:24.0413 2680  [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
15:18:24.0460 2680  wudfsvc - ok
15:18:24.0491 2680  [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc         C:\Windows\System32\wwansvc.dll
15:18:24.0538 2680  WwanSvc - ok
15:18:24.0569 2680  ================ Scan global ===============================
15:18:24.0600 2680  [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
15:18:24.0647 2680  [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
15:18:24.0725 2680  [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
15:18:24.0756 2680  [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
15:18:24.0772 2680  [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
15:18:24.0772 2680  [Global] - ok
15:18:24.0772 2680  ================ Scan MBR ==================================
15:18:24.0787 2680  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
15:18:24.0974 2680  \Device\Harddisk0\DR0 - ok
15:18:24.0990 2680  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
15:18:25.0505 2680  \Device\Harddisk1\DR1 - ok
15:18:25.0505 2680  ================ Scan VBR ==================================
15:18:25.0520 2680  [ 5F70E8A904FB0A30D261E29148AFF787 ] \Device\Harddisk0\DR0\Partition1
15:18:25.0520 2680  \Device\Harddisk0\DR0\Partition1 - ok
15:18:25.0567 2680  [ 470DDC6AC5DAD4FBC4FF39EFA2E2AAE0 ] \Device\Harddisk0\DR0\Partition2
15:18:25.0567 2680  \Device\Harddisk0\DR0\Partition2 - ok
15:18:25.0567 2680  [ 546171F619B3AF0F03722A92C46576E3 ] \Device\Harddisk1\DR1\Partition1
15:18:25.0567 2680  \Device\Harddisk1\DR1\Partition1 - ok
15:18:25.0567 2680  ============================================================
15:18:25.0567 2680  Scan finished
15:18:25.0567 2680  ============================================================
15:18:25.0583 0336  Detected object count: 1
15:18:25.0583 0336  Actual detected object count: 1
15:18:49.0014 0336  HauppaugeTVServer ( UnsignedFile.Multi.Generic ) - skipped by user
15:18:49.0014 0336  HauppaugeTVServer ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:19:09.0747 3744  Deinitialize success
         

Gruß
Noobie10


Alt 16.02.2013, 18:34   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Telekom Brief, ZeuS/ZBot - Standard

Telekom Brief, ZeuS/ZBot



Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.
__________________
--> Telekom Brief, ZeuS/ZBot

Alt 16.02.2013, 22:54   #7
noobie10
 
Telekom Brief, ZeuS/ZBot - Standard

Telekom Brief, ZeuS/ZBot



Guten Abend,

Hier nun das Log von Combofix

Code:
ATTFilter
ComboFix 13-02-15.01 - Admin 16.02.2013  22:30:27.1.2 - x86
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.1791.975 [GMT 1:00]
ausgeführt von:: c:\users\Wolfgang\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\programdata\4008E34291.sys
c:\users\Wolfgang\4526835.exe
c:\windows\IsUn0407.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-01-16 bis 2013-02-16  ))))))))))))))))))))))))))))))
.
.
2013-02-16 21:48 . 2013-02-16 21:48	--------	d-----w-	c:\users\Wolfgang\AppData\Local\temp
2013-02-16 21:48 . 2013-02-16 21:48	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-02-16 21:47 . 2013-02-16 21:48	--------	d-----w-	c:\users\Admin\AppData\Local\temp
2013-02-16 21:47 . 2013-02-16 21:47	--------	d-----w-	c:\users\Philip\AppData\Local\temp
2013-02-16 21:47 . 2013-02-16 21:47	--------	d-----w-	c:\users\Oliver\AppData\Local\temp
2013-02-16 21:47 . 2013-02-16 21:47	--------	d-----w-	c:\users\Hannelore\AppData\Local\temp
2013-02-16 20:56 . 2013-02-16 20:56	29904	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DBB43943-110A-4F3B-BD6B-FA4399D60B21}\MpKslbf1fffbf.sys
2013-02-16 14:14 . 2013-01-08 04:57	6991832	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DBB43943-110A-4F3B-BD6B-FA4399D60B21}\mpengine.dll
2013-02-15 13:24 . 2013-01-08 04:57	6991832	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-02-14 17:33 . 2013-02-14 17:33	--------	d-----w-	c:\users\Admin\AppData\Roaming\Malwarebytes
2013-02-14 17:32 . 2013-02-14 17:32	--------	d-----w-	c:\programdata\Malwarebytes
2013-02-14 17:32 . 2013-02-14 17:32	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2013-02-14 17:32 . 2012-12-14 15:49	21104	----a-w-	c:\windows\system32\drivers\mbam.sys
2013-02-14 17:32 . 2013-02-14 17:32	--------	d-----w-	c:\users\Admin\AppData\Local\Programs
2013-02-13 12:18 . 2013-01-04 03:00	2347008	----a-w-	c:\windows\system32\win32k.sys
2013-02-13 12:18 . 2013-01-05 05:00	3967848	----a-w-	c:\windows\system32\ntkrnlpa.exe
2013-02-13 12:18 . 2013-01-05 05:00	3913064	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-02-13 12:18 . 2013-01-03 05:05	1293672	----a-w-	c:\windows\system32\drivers\tcpip.sys
2013-02-13 12:18 . 2013-01-03 05:04	187752	----a-w-	c:\windows\system32\drivers\FWPKCLNT.SYS
2013-02-13 12:18 . 2013-01-04 04:50	169984	----a-w-	c:\windows\system32\winsrv.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-09 13:22 . 2012-04-05 07:53	697712	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2013-02-09 13:22 . 2011-05-14 14:27	74096	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2013-01-30 10:53 . 2010-02-16 16:48	232336	------w-	c:\windows\system32\MpSigStub.exe
2013-01-05 18:03 . 2011-07-15 08:56	3402	--sha-w-	c:\programdata\KGyGaAvL.sys
2012-12-16 14:13 . 2012-12-21 14:12	295424	----a-w-	c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-21 14:12	34304	----a-w-	c:\windows\system32\atmlib.dll
2012-12-07 12:26 . 2013-01-09 13:34	308736	----a-w-	c:\windows\system32\Wpc.dll
2012-12-07 12:20 . 2013-01-09 13:34	2576384	----a-w-	c:\windows\system32\gameux.dll
2012-12-07 10:46 . 2013-01-09 13:34	43520	----a-w-	c:\windows\system32\csrr.rs
2012-12-07 10:46 . 2013-01-09 13:34	30720	----a-w-	c:\windows\system32\usk.rs
2012-12-07 10:46 . 2013-01-09 13:34	45568	----a-w-	c:\windows\system32\oflc-nz.rs
2012-12-07 10:46 . 2013-01-09 13:34	44544	----a-w-	c:\windows\system32\pegibbfc.rs
2012-12-07 10:46 . 2013-01-09 13:34	20480	----a-w-	c:\windows\system32\pegi-pt.rs
2012-12-07 10:46 . 2013-01-09 13:34	23552	----a-w-	c:\windows\system32\oflc.rs
2012-12-07 10:46 . 2013-01-09 13:34	20480	----a-w-	c:\windows\system32\pegi-fi.rs
2012-12-07 10:46 . 2013-01-09 13:34	46592	----a-w-	c:\windows\system32\fpb.rs
2012-12-07 10:46 . 2013-01-09 13:34	20480	----a-w-	c:\windows\system32\pegi.rs
2012-12-07 10:46 . 2013-01-09 13:34	21504	----a-w-	c:\windows\system32\grb.rs
2012-12-07 10:46 . 2013-01-09 13:34	40960	----a-w-	c:\windows\system32\cob-au.rs
2012-12-07 10:46 . 2013-01-09 13:34	15360	----a-w-	c:\windows\system32\djctq.rs
2012-12-07 10:46 . 2013-01-09 13:34	51712	----a-w-	c:\windows\system32\esrb.rs
2012-12-07 10:46 . 2013-01-09 13:34	55296	----a-w-	c:\windows\system32\cero.rs
2012-11-30 04:47 . 2013-01-09 13:34	293376	----a-w-	c:\windows\system32\KernelBase.dll
2012-11-30 04:45 . 2013-01-09 13:34	4608	---ha-w-	c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 13:34	4096	---ha-w-	c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 13:34	4096	---ha-w-	c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 13:34	4096	---ha-w-	c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 13:34	4096	---ha-w-	c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 13:34	3584	---ha-w-	c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 13:34	3584	---ha-w-	c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 13:34	3584	---ha-w-	c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 13:34	3584	---ha-w-	c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 13:34	3584	---ha-w-	c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 13:34	3584	---ha-w-	c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 13:34	3072	---ha-w-	c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 13:34	3072	---ha-w-	c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 13:34	3072	---ha-w-	c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 13:34	4096	---ha-w-	c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 13:34	3072	---ha-w-	c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 13:34	5120	---ha-w-	c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 13:34	3072	---ha-w-	c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 13:34	3072	---ha-w-	c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 13:34	3072	---ha-w-	c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 13:34	3072	---ha-w-	c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 13:34	3072	---ha-w-	c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 13:34	3072	---ha-w-	c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 13:34	3072	---ha-w-	c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2012-11-30 02:55 . 2013-01-09 13:34	271360	----a-w-	c:\windows\system32\conhost.exe
2012-11-30 02:38 . 2013-01-09 13:34	6144	---ha-w-	c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2012-11-30 02:38 . 2013-01-09 13:34	4608	---ha-w-	c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2012-11-30 02:38 . 2013-01-09 13:34	3584	---ha-w-	c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2012-11-30 02:38 . 2013-01-09 13:34	3072	---ha-w-	c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2012-11-29 09:56 . 2012-11-29 09:57	740840	------w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{048DA4B8-BEB9-4082-8343-0D5F87EFAA57}\gapaengine.dll
2012-11-28 09:35 . 2013-01-05 16:25	93640	----a-w-	c:\windows\system32\WindowsAccessBridge.dll
2012-11-23 02:48 . 2013-01-09 13:33	49152	----a-w-	c:\windows\system32\taskhost.exe
2012-11-22 04:45 . 2013-01-09 13:34	626688	----a-w-	c:\windows\system32\usp10.dll
2012-11-20 04:51 . 2013-01-09 13:33	220160	----a-w-	c:\windows\system32\ncrypt.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Corel Photo Downloader"="c:\program files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" [2009-12-30 523408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-11-02 59240]
"Standby"="c:\program files\Common Files\Corel\Standby\Standby.exe" [2009-12-29 105632]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 947176]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-12-12 152544]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
" Malwarebytes Anti-Malware "="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-12-14 512360]
"Z1"="c:\users\Wolfgang\Desktop\mbar-1.01.0.1020\mbar\mbar.exe" [2013-02-15 1363528]
"*WerKernelReporting"="c:\windows\SYSTEM32\WerFault.exe" [2009-07-14 360448]
.
c:\users\Wolfgang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-12-15 384000]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AutoStart IR.lnk - c:\program files\WinTV\Ir.exe [2013-1-12 117344]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]
WinTV Recording Status.lnk - c:\program files\WinTV\WinTV7\WinTVTray.exe [2013-1-12 155136]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 MpKslbf1fffbf;MpKslbf1fffbf;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DBB43943-110A-4F3B-BD6B-FA4399D60B21}\MpKslbf1fffbf.sys [x]
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 HauppaugeTVServer;HauppaugeTVServer;c:\program files\WinTV\TVServer\HauppaugeTVServer.exe [x]
S3 Ph3xIB32;Philips 713x VU PCI TV Card;c:\windows\system32\DRIVERS\Ph3xIB32.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - MPKSLBF1FFFBF
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile	REG_MULTI_SZ   	wcescomm rapimgr
LocalServiceRestricted	REG_MULTI_SZ   	WcesComm RapiMgr
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-02-04 12:50	1607120	----a-w-	c:\program files\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-02-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 13:22]
.
2013-02-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-01-15 10:20]
.
2013-02-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-01-15 10:20]
.
.
------- Zusätzlicher Suchlauf -------
.
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.2.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKCU-Run-MobileDocuments - c:\program files\Common Files\Apple\Internet Services\ubd.exe
HKLM-Run-Corel File Shell Monitor - c:\program files\Corel\Corel PaintShop Photo Pro\X3\PSPClassic\CorelIOMonitor.exe
AddRemove-Mah Jongg II - c:\windows\IsUn0407.exe
AddRemove-Schmidt Mahjong - c:\windows\IsUn0407.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-02-16  22:51:14
ComboFix-quarantined-files.txt  2013-02-16 21:51
.
Vor Suchlauf: 13 Verzeichnis(se), 139.823.067.136 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 140.480.802.816 Bytes frei
.
- - End Of File - - DF10AB7DED5EF6DEF806D6E9879460E3
         
Gruß
Noobie10

Alt 18.02.2013, 13:30   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Telekom Brief, ZeuS/ZBot - Standard

Telekom Brief, ZeuS/ZBot



adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).


Danach eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles in CODE-Tags hier in den Thread.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 18.02.2013, 23:46   #9
noobie10
 
Telekom Brief, ZeuS/ZBot - Standard

Telekom Brief, ZeuS/ZBot



Guten Abend,
hier nun die Logs von adwCleaner

Code:
ATTFilter
# AdwCleaner v2.112 - Datei am 18/02/2013 um 22:30:29 erstellt
# Aktualisiert am 10/02/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)
# Benutzer : Admin - ADMIN-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Wolfgang\Desktop\adwcleaner0.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****


***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16464

[OK] Die Registrierungsdatenbank ist sauber.

*************************

AdwCleaner[S1].txt - [711 octets] - [18/02/2013 22:30:29]

########## EOF - \AdwCleaner[S1].txt - [770 octets] ##########
         
und von OTL

Code:
ATTFilter
OTL logfile created on: 18.02.2013 22:37:21 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Wolfgang\Desktop
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,75 Gb Total Physical Memory | 1,04 Gb Available Physical Memory | 59,39% Memory free
3,50 Gb Paging File | 2,60 Gb Available in Paging File | 74,35% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 297,99 Gb Total Space | 130,89 Gb Free Space | 43,93% Space Free | Partition Type: NTFS
Drive D: | 1397,26 Gb Total Space | 1397,09 Gb Free Space | 99,99% Space Free | Partition Type: NTFS
 
Computer Name: ADMIN-PC | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Wolfgang\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - c:\Programme\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
PRC - c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - C:\Programme\WinTV\TVServer\HauppaugeTVServer.exe (Hauppauge Computer Works)
PRC - C:\Programme\WinTV\TVServer\CaptureGenPCI.exe (Hauppauge Computer Works)
PRC - C:\Programme\WinTV\WinTV7\WinTVTray.exe (Hauppauge Computer Works, Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\WinTV\Ir.exe (Hauppauge Computer Works)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Programme\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Programme\Common Files\Corel\Standby\Standby.exe (Corel)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Programme\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll ()
MOD - C:\Programme\WinTV\TVServer\HauppaugeTVServerps.dll ()
MOD - C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Programme\OpenOffice.org 3\program\libxml2.dll ()
MOD - C:\Programme\Corel\Corel PaintShop Photo Pro\X3\PSPClassic\PSPContextMenu.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (NisSrv) -- c:\Programme\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV - (HauppaugeTVServer) -- C:\Programme\WinTV\TVServer\HauppaugeTVServer.exe (Hauppauge Computer Works)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (PSI_SVC_2) -- C:\Programme\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (catchme) -- C:\Users\Admin\AppData\Local\Temp\catchme.sys File not found
DRV - (MpKslaf66d9dd) -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{51833551-3FA8-46E6-89BA-9135F982C0E9}\MpKslaf66d9dd.sys (Microsoft Corporation)
DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (WINUSB) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (acedrv11) -- C:\Windows\System32\drivers\acedrv11.sys (Protect Software GmbH)
DRV - (L1E) -- C:\Windows\System32\drivers\L1E62x86.sys (Atheros Communications, Inc.)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (Ph3xIB32) -- C:\Windows\System32\drivers\Ph3xIB32.sys (NXP Semiconductors)
DRV - (MTsensor) -- C:\Windows\System32\drivers\ASACPI.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-3710322288-3227354555-318721060-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3710322288-3227354555-318721060-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-3710322288-3227354555-318721060-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D5 26 CE D8 8F 0C CE 01  [binary data]
IE - HKU\S-1-5-21-3710322288-3227354555-318721060-1001\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-3710322288-3227354555-318721060-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3710322288-3227354555-318721060-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-3710322288-3227354555-318721060-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3710322288-3227354555-318721060-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
IE - HKU\S-1-5-21-3710322288-3227354555-318721060-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3710322288-3227354555-318721060-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-3710322288-3227354555-318721060-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F9 C2 C6 AF 1F 0E CE 01  [binary data]
IE - HKU\S-1-5-21-3710322288-3227354555-318721060-1004\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3710322288-3227354555-318721060-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3710322288-3227354555-318721060-1004\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADRA_deDE466
IE - HKU\S-1-5-21-3710322288-3227354555-318721060-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.10.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@logitech.com/HarmonyRemote,version=1.0.0: C:\Program Files\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll (Logitech Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.01.06 11:07:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
 
 
O1 HOSTS File: ([2013.02.16 22:48:18 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Standby] C:\Program Files\Common Files\Corel\Standby\Standby.exe (Corel)
O4 - HKU\S-1-5-21-3710322288-3227354555-318721060-1001..\Run: [Corel Photo Downloader] C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe (Corel, Inc.)
O4 - HKLM..\RunOnce: [*WerKernelReporting] C:\Windows\System32\WerFault.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\RunOnce: [Z1] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3710322288-3227354555-318721060-1001..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil32_11_5_502_149_ActiveX.exe (Adobe Systems Incorporated)
O4 - HKU\S-1-5-21-3710322288-3227354555-318721060-1001..\RunOnce: [Report] \AdwCleaner[S1].txt File not found
O4 - Startup: C:\Users\Wolfgang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3710322288-3227354555-318721060-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3710322288-3227354555-318721060-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3710322288-3227354555-318721060-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-3710322288-3227354555-318721060-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-3710322288-3227354555-318721060-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O7 - HKU\S-1-5-21-3710322288-3227354555-318721060-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3710322288-3227354555-318721060-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3710322288-3227354555-318721060-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-3710322288-3227354555-318721060-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Java Plug-in 10.10.2)
O16 - DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Java Plug-in 10.10.2)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B3C7CE36-5710-42DB-96A9-ACD2EBB0D24D}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.02.16 22:51:20 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.02.16 22:51:16 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\temp
[2013.02.16 22:26:58 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.02.16 22:26:58 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.02.16 22:26:58 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.02.16 22:26:51 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.02.16 22:26:40 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.02.15 14:27:22 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2013.02.14 18:33:05 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Malwarebytes
[2013.02.14 18:32:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.02.14 18:32:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.02.14 18:32:46 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013.02.14 18:32:46 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013.02.14 18:32:24 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Programs
[2013.02.13 13:50:37 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013.02.13 13:50:36 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013.02.13 13:50:35 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013.02.13 13:50:35 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013.02.13 13:50:35 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013.02.13 13:50:33 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013.02.13 13:50:33 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013.02.13 13:50:32 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013.02.13 13:18:57 | 002,347,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013.02.13 13:18:50 | 003,967,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2013.02.13 13:18:50 | 003,913,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2013.02.13 13:18:48 | 000,187,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\FWPKCLNT.SYS
[2013.02.13 13:18:47 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.02.18 22:39:30 | 000,015,152 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.02.18 22:39:30 | 000,015,152 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.02.18 22:31:59 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.02.18 22:31:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.02.18 22:31:37 | 1408,638,976 | -HS- | M] () -- C:\hiberfil.sys
[2013.02.18 22:22:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.02.16 22:55:01 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.02.16 22:48:18 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013.02.15 14:27:15 | 355,049,412 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013.02.14 18:35:15 | 000,654,150 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.02.14 18:35:15 | 000,616,032 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.02.14 18:35:15 | 000,130,022 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.02.14 18:35:15 | 000,106,412 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.02.14 18:32:55 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.02.13 17:22:41 | 000,443,168 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.02.11 13:57:25 | 000,004,096 | ---- | M] () -- C:\Users\Public\Documents\000016E6.LCS
[2013.02.09 14:22:53 | 000,697,712 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013.02.09 14:22:53 | 000,074,096 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013.01.30 11:53:21 | 000,232,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.02.16 22:26:58 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.02.16 22:26:58 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.02.16 22:26:58 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.02.16 22:26:58 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.02.16 22:26:58 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.02.15 14:27:15 | 355,049,412 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2013.02.14 18:32:55 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.01.12 16:49:11 | 000,000,265 | ---- | C] () -- C:\Windows\HCWBlast.ini
[2013.01.12 16:49:03 | 000,037,639 | ---- | C] () -- C:\Windows\Irremote.ini
[2013.01.12 16:48:24 | 000,142,337 | ---- | C] () -- C:\Windows\System32\Wait.exe
[2013.01.12 16:44:48 | 000,007,343 | ---- | C] () -- C:\Windows\HCWPNP.INI
[2013.01.05 18:29:17 | 000,007,605 | ---- | C] () -- C:\Users\Admin\AppData\Local\Resmon.ResmonCfg
[2011.08.17 15:24:59 | 000,005,120 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2011.07.15 09:56:41 | 000,003,402 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2011.05.07 08:02:39 | 000,000,680 | RHS- | C] () -- C:\Users\Admin\ntuser.pol
[2011.04.28 13:37:04 | 000,021,840 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll
[2011.04.28 13:37:04 | 000,017,212 | ---- | C] () -- C:\Windows\System32\SIntf32.dll
[2011.04.28 13:37:04 | 000,012,067 | ---- | C] () -- C:\Windows\System32\SIntf16.dll
[2011.04.28 13:27:34 | 000,000,694 | ---- | C] () -- C:\Windows\SIERRA.INI
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >
         
und noch der Extralog

Code:
ATTFilter
OTL Extras logfile created on: 18.02.2013 22:37:21 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Wolfgang\Desktop
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,75 Gb Total Physical Memory | 1,04 Gb Available Physical Memory | 59,39% Memory free
3,50 Gb Paging File | 2,60 Gb Available in Paging File | 74,35% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 297,99 Gb Total Space | 130,89 Gb Free Space | 43,93% Space Free | Partition Type: NTFS
Drive D: | 1397,26 Gb Total Space | 1397,09 Gb Free Space | 99,99% Space Free | Partition Type: NTFS
 
Computer Name: ADMIN-PC | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Mit Corel PaintShop Photo Pro X3 durchsuchen] -- "C:\Program Files\Corel\Corel PaintShop Photo Pro\X3\PSPClassic\Corel Paint Shop Pro Photo.exe" "%L" (Corel, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05E55156-43BE-4BB7-88D9-DCC2992E5C76}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{0EA918B1-80D4-4CF5-9ED5-E8F99A2947B3}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{3DA4231A-439A-41C8-80F0-B4060A652C78}" = rport=137 | protocol=17 | dir=out | app=system | 
"{46718B0A-D774-4DCC-9939-C64F59DFB6D9}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{5265CF25-52C9-4DF3-BED3-87C55564144A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{554B2446-0A73-4B4F-A976-404B00233392}" = rport=445 | protocol=6 | dir=out | app=system | 
"{59C0C918-C771-4BE4-AE08-425C573EC2F1}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{5AD9193A-742B-48CB-B569-E17758997AA1}" = lport=138 | protocol=17 | dir=in | app=system | 
"{5FDA5DFA-5ABF-4EE0-B518-F19B7FD68DDE}" = rport=139 | protocol=6 | dir=out | app=system | 
"{6166C20D-42F8-422B-840B-6C5E4C16F24F}" = rport=138 | protocol=17 | dir=out | app=system | 
"{6AE81469-1084-4526-A004-CD5A8EFDEB50}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{73D056E4-6F50-431C-AFE6-9436F09F519E}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{7DEED581-FF27-42FB-93FD-B7967D0B4D06}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{955C9D6A-CC54-4184-976A-75FAFAD0BBE8}" = lport=445 | protocol=6 | dir=in | app=system | 
"{AEDC005C-7315-4250-B3CB-70D7B9A4824B}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{BAD756AF-39AC-4D07-8160-BAC43DDC5D5E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{C378D541-A76A-4889-954A-BB731F1CD41B}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{C5575710-B667-490C-901E-973C68C5F227}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{DD64EC55-DE25-4334-B7E1-5BCDB06717F6}" = lport=137 | protocol=17 | dir=in | app=system | 
"{DE762E4B-647F-4BBA-8F30-D2D5E04C80B6}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{E1DC544B-4A24-4962-8E6D-49C7145011AB}" = lport=139 | protocol=6 | dir=in | app=system | 
"{F44C94FA-93C7-4B8E-983C-AC855FA9A237}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{FA6133C5-7917-41B7-99F6-686174A772B4}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00C77E36-A68C-49C6-9D8D-18A0FF6384B3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{15BBC5FB-C776-4C10-85AF-2D8222BFCA9D}" = protocol=17 | dir=in | app=c:\windows\system32\taskhost.exe | 
"{17774AC7-7420-4570-882E-A1248AF25352}" = protocol=6 | dir=out | app=system | 
"{17A2814B-3F48-4504-9BB7-C59F2AE2AC3F}" = protocol=17 | dir=in | app=c:\program files\tv-browser\tvbrowser.exe | 
"{2880F5E3-508A-43A0-97D5-0981572336ED}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{2BDC4D7F-8495-49B7-BE50-C93C3DDCD7C9}" = protocol=6 | dir=in | app=c:\program files\wintv\wintv7\wintv7.exe | 
"{2C328582-5DBF-4BCD-BEC3-4719220EB44D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{2C7ACEDD-B50A-4029-989C-0E5DB86BC325}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{328E626F-97F8-409D-9F57-0BBAB14F4329}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{3462274B-6F55-42F6-9B7D-266C8E307879}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{52443B6E-F118-417B-86DB-3A95D78B45E3}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{5275D8DE-74A7-4253-BF9A-50DE96D2B90D}" = protocol=17 | dir=in | app=c:\program files\wintv\wintv7\wintv7.exe | 
"{57CD6992-4B96-47E6-BF13-B770779EDA3A}" = protocol=17 | dir=in | app=c:\program files\wintv\wintv7\wintv7.exe | 
"{5E19C4DF-2440-4390-9E4B-79AF7587A1D8}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{5FEA94EC-D8B6-4E20-A6A9-AF21EF575F87}" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\java.exe | 
"{61582D76-F223-45D2-ACE2-BDC3F2FC6EE8}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{6884AE11-0214-49E1-80F2-9FD2B4BAB4A1}" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"{6B4A0A4C-D024-4F44-9569-EBC7164CA01C}" = protocol=6 | dir=in | app=c:\windows\system32\taskhost.exe | 
"{6BC879F9-5566-4948-B136-BE501DF089A1}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{7A8756BD-EED9-4EE6-930D-8516AC673953}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{7C712863-8421-4856-89D9-7666C6CEAFA1}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{85F44710-37E0-4024-8E41-9A5ACBE2376A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{88F12741-6108-49D2-A080-C915C34157B7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{8F73838B-88F1-490B-ADED-66D4B3759401}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{97F483E8-8E7C-4D37-BE67-BB3F594C2E9A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{998507A4-4BE2-44EF-AE1D-3AE71A68D528}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{A1911F59-6641-47C1-8FBD-6124017F9A26}" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\java.exe | 
"{A7A024E4-45B1-42FD-A414-5AA9154E0010}" = protocol=17 | dir=in | app=c:\program files\tv-browser\tvbrowser_nodd.exe | 
"{AD70B6AD-B4AC-4D2E-B8F7-A2521D68354E}" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 
"{BED77841-4B9C-46CC-8067-B401173D0B71}" = protocol=6 | dir=in | app=c:\program files\tv-browser\tvbrowser_nodd.exe | 
"{C1F05630-9B1A-4BA9-B360-48F167C51574}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{C3F1EA9F-94AD-4F44-9B27-1A8F685ED347}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{C515CA98-8640-4E71-91A6-896F15F259B9}" = protocol=6 | dir=in | app=c:\program files\tv-browser\tvbrowser.exe | 
"{C5DB04A4-C7C3-48EF-B3F6-EDEDEAE0F57B}" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 
"{CBC73E50-857A-4EA7-9144-BE6CA2AA8FBF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{CBFCC461-9482-4707-A809-463F262D4E9F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{CFE6AAF2-ADFA-4C73-81A4-431A1A136328}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{D739BA42-8071-40C4-A873-88CA1A5028F2}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{DEC5A4E7-B905-49D0-A3CF-FE46240DFA4A}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{E12475F0-1D3D-4C3D-9A26-7EA6349427CB}" = protocol=6 | dir=in | app=c:\program files\wintv\wintv7\wintv7.exe | 
"{EEE16410-25A3-4DEE-A184-3C5A93A0CD5F}" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{D1AEB5DB-04FA-489D-94EF-8600898B93EE}" = Corel PaintShop Photo Pro X3
"{00170407-78E1-11D2-B60F-006097C998E7}" = Microsoft Word 2000 SR-1
"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{192A107E-C6B9-41B9-BDBF-38E3AA226054}" = OpenOffice.org 3.2
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 10
"{398AB469-77FC-4935-820B-D419388C0A6A}" = LEGO® Batman™
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3DA41E54-9526-40C0-8456-66B09379DFCC}" = PaintShop Photo Pro X3 Registration Incentive
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{459699C3-9430-4381-964B-4248D87B49F9}" = Apple Mobile Device Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50779A29-834E-4E36-BBEB-B7CABC67A825}" = Microsoft Security Client DE-DE Language Pack
"{578FA426-47C0-4A3F-98A4-01ACD26B7556}" = LEGO Star Wars II
"{5B680750-760B-49E4-81E7-21B2B337F9F7}" = Microsoft Works
"{5DDB3393-E08B-447E-925F-6C00B95D0FE7}" = iCloud
"{634F79E1-2A41-4C40-9E8D-89EC740AC9D6}" = Logitech Harmony Remote Software
"{710BF966-43C8-4216-A8EC-BC4E169FF7C1}" = MobileMe Control Panel
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7E4CB404-F1E4-4E81-A1CB-2CBB310481D1}" = MLE
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8F888AAB-DDAD-45A8-9A61-FFAB7521DBDD}" = Ping Flipper
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile-Gerätecenter
"{98EABC7F-B1A1-43A5-B505-5B4EC3908DCD}" = Microsoft Security Client
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A14C40E7-F7E5-498D-B8BD-A3EAE942EED0}" = LEGO® Indiana Jones™
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.5) - Deutsch
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B0261E53-B6F1-474A-864B-E7C3CBF468E0}" = iTunes
"{C7B8E06E-EBBC-4210-93AB-DFC8760E3FC9}" = Works Suite-Betriebssystem-Pack
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{D1612A3D-0DCC-4055-BB6A-0036F31158A0}" = Setup
"{D1AEB5DB-04FA-489D-94EF-8600898B93EE}" = ICA
"{D3BCC13A-E4F2-45EE-846F-D143CEDDDBCB}" = DeviceIO
"{D596980D-17BE-4425-B8F0-5640719AADE9}" = LEGO® Star Wars™: The Complete Saga
"{D7D99A66-493F-468B-BCE1-6F88612B89D5}" = Contents
"{D875FFEE-2FCE-4774-902A-749198C00A68}" = PureHD
"{D8C02397-E0EF-4891-820E-1547DCC6701B}" = ContentHD
"{D94ABC2B-5CA9-48B2-9266-15AB78384D3C}" = Share
"{D9C4FA35-7C6B-4C9E-863B-58C4D7472F41}" = VIO
"{DA4A2F61-1E26-4D51-94BB-36D77678BDAD}" = PSPH10Pro
"{DA4BF4BE-3CDC-43B5-BBDA-DDDA73103111}" = Corel PaintShop Photo Pro X3
"{DBA8B9E1-C6FF-4624-9598-73D3B41A0903}" = Microsoft Picture It! Foto Premium 9
"{DCD941B6-F2E7-4FAF-B102-F7D4DE5FF99A}" = IPM_PSP_Pro
"{DCF1928A-FC01-48E7-A7E6-4651D42EF6A1}" = PSPPRO_DCRAW
"{DF8B9311-ADE7-4EDE-B121-326CAA3D225D}" = PSPPContent
"{E34E9B33-46EC-4252-A52F-DDA3978CC0AF}" = Syberia
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"3D Live Pool_is1" = 3D Live Pool
"3DJongg" = 3DJongg
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"AmazingMahjongg3D" = AmazingMahjongg3D
"Astro Fury" = Astro Fury
"AutumnMahjongg" = AutumnMahjongg
"BudRedhead" = BudRedhead
"CityMahjongg" = CityMahjongg
"ffdshow_is1" = ffdshow [rev 497] [2006-11-04]
"FrozenMahjongg" = FrozenMahjongg
"Google Chrome" = Google Chrome
"Hauppauge WinTV 7" = Hauppauge WinTV 7
"InstallShield_{398AB469-77FC-4935-820B-D419388C0A6A}" = LEGO® Batman™
"InstallShield_{578FA426-47C0-4A3F-98A4-01ACD26B7556}" = LEGO Star Wars II
"InstallShield_{A14C40E7-F7E5-498D-B8BD-A3EAE942EED0}" = LEGO® Indiana Jones™
"InstallShield_{D596980D-17BE-4425-B8F0-5640719AADE9}" = LEGO® Star Wars™: Die Komplette Saga
"Mah-Jongger" = Mah-Jongger
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Memento Mori 2_is1" = Memento Mori 2
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Thunderbird (3.0.1)" = Mozilla Thunderbird (3.0.1)
"NeoBall" = NeoBall
"NetDevil_LEGO_Universe_is1" = LEGO Universe
"OpenAL" = OpenAL
"Patiencen + Solitaire" = Patiencen + Solitaire
"PictureIt_v9" = Microsoft Picture It! Foto Premium 9
"PrivateMahjongg" = PrivateMahjongg
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"Shockwave" = Shockwave
"Sierra Uninstall" = Sierra On-Line Games (Remove only)
"Soccerstars" = Soccerstars
"Stepok's One Click Wipe  Basic_is1" = One Click Wipe  Basic
"SuperSoli" = SuperSoli
"The Great Mahjongg" = The Great Mahjongg
"tvbrowser" = TV-Browser 3.2.1
"Twilight Mahjongg" = Twilight Mahjongg
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"Works2004Setup" = Setup-Start von Microsoft Works 2004
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 18.12.2011 13:06:38 | Computer Name = Admin-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 19.12.2011 11:03:47 | Computer Name = Admin-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 19.12.2011 11:03:48 | Computer Name = Admin-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 19.12.2011 14:57:10 | Computer Name = Admin-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 19.12.2011 14:57:10 | Computer Name = Admin-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 20.12.2011 06:17:18 | Computer Name = Admin-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 20.12.2011 06:17:18 | Computer Name = Admin-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 20.12.2011 17:38:50 | Computer Name = Admin-PC | Source = MsiInstaller | ID = 11706
Description = 
 
Error - 21.12.2011 08:07:39 | Computer Name = Admin-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 27.12.2011 17:17:23 | Computer Name = Admin-PC | Source = MsiInstaller | ID = 11706
Description = 
 
[ System Events ]
Error - 16.02.2013 09:47:24 | Computer Name = Admin-PC | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 16.02.2013 16:56:33 | Computer Name = Admin-PC | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
 
Error - 16.02.2013 16:56:33 | Computer Name = Admin-PC | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 16.02.2013 17:30:20 | Computer Name = Admin-PC | Source = Service Control Manager | ID = 7030
Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet.
 Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
 sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
 
Error - 16.02.2013 17:41:09 | Computer Name = Admin-PC | Source = Service Control Manager | ID = 7030
Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet.
 Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
 sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
 
Error - 16.02.2013 17:48:25 | Computer Name = Admin-PC | Source = Service Control Manager | ID = 7030
Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet.
 Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
 sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
 
Error - 18.02.2013 17:07:14 | Computer Name = Admin-PC | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
 
Error - 18.02.2013 17:07:14 | Computer Name = Admin-PC | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 18.02.2013 17:31:40 | Computer Name = Admin-PC | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
 
Error - 18.02.2013 17:31:40 | Computer Name = Admin-PC | Source = atikmdag | ID = 43029
Description = Display is not active
 
 
< End of report >
         
Gruß
Noobie10

Alt 20.02.2013, 13:10   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Telekom Brief, ZeuS/ZBot - Standard

Telekom Brief, ZeuS/ZBot



Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren

Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

__________________
Logfiles bitte immer in CODE-Tags posten

Alt 21.02.2013, 15:38   #11
noobie10
 
Telekom Brief, ZeuS/ZBot - Standard

Telekom Brief, ZeuS/ZBot



so, hier nun die Logs von Malwarebytes:

Code:
ATTFilter
Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.02.20.04

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Admin :: ADMIN-PC [Administrator]

20.02.2013 17:13:29
mbam-log-2013-02-20 (17-13-29).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 298688
Laufzeit: 9 Minute(n), 39 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         

und Eset

Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=d3ceaa979a2ce7458713a7f88e99f9f7
# engine=13199
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-02-21 12:09:36
# local_time=2013-02-21 01:09:36 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 49721366 113036567 0 0
# scanned=461764
# found=0
# cleaned=0
# scan_time=27493
         
Gruß
Noobie10

Alt 21.02.2013, 17:04   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Telekom Brief, ZeuS/ZBot - Standard

Telekom Brief, ZeuS/ZBot



Sieht soweit ok aus

Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat.

Info: Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )

Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller
Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird.

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 21.02.2013, 22:00   #13
noobie10
 
Telekom Brief, ZeuS/ZBot - Standard

Telekom Brief, ZeuS/ZBot



Guten Abend!
der Rechner scheint normal zu laufen, aktuell sind keine weiteren Probleme aufgetreten.

die bekannten Funde:

Backdoor:Win32/Rbot
PWS:Win32/Zbot
PWS:Win32/Zbot.gen!AL

liegen noch in der Quarantäne der Microsoft security essentials

soll ich diese nun löschen?

Gruß
Noobie10

Alt 21.02.2013, 23:00   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Telekom Brief, ZeuS/ZBot - Standard

Telekom Brief, ZeuS/ZBot



Zitat:
liegen noch in der Quarantäne der Microsoft security essentials

soll ich diese nun löschen?
Was habt ihr alle immer nur mit der Quarantäne?
Überleg doch mal was eine Quarantäne ist. Ob da die schädliche Datei drinbleibt oder nicht, das hat keine Auswirkungen. Schädlinge in der Quarantäne können nichts mehr anrichten, sie sind dort isoliert. Du solltest grundsätzlich mit der Quarantäne arbeiten, denn falls der Virenscanner durch einen Fehlalarm was wichtiges löscht, kannst Du notfalls noch über die Quarantäne an die Datei ran.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 22.02.2013, 17:09   #15
noobie10
 
Telekom Brief, ZeuS/ZBot - Standard

Telekom Brief, ZeuS/ZBot



okay

Danke für die schnelle Antwort!!!

Soll ich die benutzten Programme nun deinstallieren?

Gruß
Noobie10

Antwort

Themen zu Telekom Brief, ZeuS/ZBot
7-zip, administrator, adobe, bho, bonjour, brief, computer, defender, downloader, error, explorer, fehler, firefox, flash player, format, helper, home, infiziert, install.exe, kein fund, logfile, monitor, msiinstaller, nvidia, object, plug-in, registry, rundll, security, software, svchost.exe, taskhost.exe



Ähnliche Themen: Telekom Brief, ZeuS/ZBot


  1. Telekom Brief Zeus/Zbot
    Log-Analyse und Auswertung - 26.05.2015 (32)
  2. Telekom E-Mail 'zeuS' 'Zbot'
    Log-Analyse und Auswertung - 01.02.2014 (3)
  3. Telekom e-mail Zeus/ZBot
    Log-Analyse und Auswertung - 26.11.2013 (7)
  4. Telekom Brief - ZeuS/ZBot Infektion
    Log-Analyse und Auswertung - 26.11.2013 (9)
  5. Sicherheitswarnung Telekom ZeuS/ZBot
    Plagegeister aller Art und deren Bekämpfung - 04.10.2013 (9)
  6. Zeus/ZBot Telekom email
    Plagegeister aller Art und deren Bekämpfung - 12.09.2013 (29)
  7. ZeuS/ZBot Warnung von der Telekom
    Log-Analyse und Auswertung - 30.05.2013 (23)
  8. Brief von der Telekom bezüglich des ZeuS/Zbot Schädling....
    Plagegeister aller Art und deren Bekämpfung - 18.04.2013 (9)
  9. Telekom Brief Zeus/Zbot
    Plagegeister aller Art und deren Bekämpfung - 14.04.2013 (22)
  10. Telekom Warnung vor ZeuS/ZBot
    Log-Analyse und Auswertung - 05.03.2013 (15)
  11. Telekom-Hinweis auf ZeuS/ZBot
    Log-Analyse und Auswertung - 18.02.2013 (7)
  12. Trojaner ZeuS/ZBot Telekom Brief
    Plagegeister aller Art und deren Bekämpfung - 15.12.2012 (20)
  13. Brief von der Telekom, Trojaner, ZeuS/ZBot
    Plagegeister aller Art und deren Bekämpfung - 02.12.2012 (13)
  14. Post von der Telekom (ZeuS/ZBot)
    Plagegeister aller Art und deren Bekämpfung - 26.11.2012 (4)
  15. Telekom verweist auf ZeuS/ZBot
    Plagegeister aller Art und deren Bekämpfung - 13.11.2012 (11)
  16. Trojanerwarnung Zeus/ZBot von Telekom
    Log-Analyse und Auswertung - 28.10.2012 (5)
  17. Telekom beanstandet ZeuS/ZBot
    Plagegeister aller Art und deren Bekämpfung - 03.10.2012 (7)

Zum Thema Telekom Brief, ZeuS/ZBot - Guten Abend! Mein Vater bekam heute Post von der Telekom, dass sein Computer wahrscheinlich mit dem ZeuS/ZBot infiziert wäre. Ich hab mal malwarebytes (kein Fund) und OTL drüberlaufen lassen Hier - Telekom Brief, ZeuS/ZBot...
Archiv
Du betrachtest: Telekom Brief, ZeuS/ZBot auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.