Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   "ATRAPS.gen" und "ATRAPS.gen2" Trojaner Fund (https://www.trojaner-board.de/121031-atraps-gen-atraps-gen2-trojaner-fund.html)

TimTobi 02.08.2012 10:49
"ATRAPS.gen" und "ATRAPS.gen2" Trojaner Fund
 
Hallo zusammen ich hoffe ihr könnt mir helfen siet heut Morgen tauchte plötzlich ein Virus Fund von Avira auf und meldete die Zwei Trojaner ATRAPS.gen und "".gen2.

Ich hab gleich mal wie bei allen anderen Themen die Tests durchlaufen lassen sprich OTL und Malwarebytes.

OTL.txt

Code:
OTL logfile created on: 02.08.2012 11:31:49 - Run 3
OTL by OldTimer - Version 3.2.31.0    Folder = C:\Users\TimTobias\Desktop\Nette Progs\HiJackThis Hilfe
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,87 Gb Total Physical Memory | 1,65 Gb Available Physical Memory | 57,52% Memory free
5,96 Gb Paging File | 4,70 Gb Available in Paging File | 78,88% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 303,84 Gb Total Space | 14,21 Gb Free Space | 4,68% Space Free | Partition Type: NTFS
Drive D: | 152,92 Gb Total Space | 29,02 Gb Free Space | 18,98% Space Free | Partition Type: NTFS
 
Computer Name: DERCOMPUTER | User Name: Gabi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\TimTobias\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
PRC - C:\Programme\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
PRC - C:\Programme\GbPlugin\gbpsv.exe ( )
PRC - C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Users\TimTobias\Desktop\Nette Progs\HiJackThis Hilfe\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Programme\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - c:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
PRC - c:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe (Fujitsu Siemens Computers)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - c:\Programme\Windows Defender\MpCmdRun.exe (Microsoft Corporation)
PRC - C:\Programme\Norman\Npm\Bin\Zanda.exe (Norman ASA)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\System32\Macromed\Flash\NPSWF32_11_2_202_228.dll ()
MOD - C:\Programme\Mozilla Firefox\js3250.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
SRV - (Hamachi2Svc) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SRV - (GbpSv) -- C:\Programme\GbPlugin\gbpsv.exe ( )
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (TeamViewer7) -- C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (TestHandler) -- C:\Program Files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe (Fujitsu Siemens Computers)
SRV - (NVOY) -- C:\Program Files\Norman\npm\bin\nvoy.exe (Norman ASA)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (Norman ZANDA) -- C:\Program Files\Norman\Npm\Bin\Zanda.exe (Norman ASA)
SRV - (eLoggerSvc6) -- C:\Program Files\Norman\Npm\Bin\Elogsvc.exe (Norman ASA)
SRV - (FSCLBaseUpdaterService) -- C:\Program Files\Fujitsu Siemens Computers\FSCLounge\FSCWBaseUpdaterService\2\FSCWBaseUpdaterService.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV - (GbpKm) -- C:\Windows\system32\drivers\gbpkm.sys (GAS Tecnologia)
DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys ()
DRV - (SASDIFSV) -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (ACEDRV09) -- C:\Windows\System32\drivers\ACEDRV09.sys (Protect Software GmbH)
DRV - (dtsoftbus01) -- C:\Windows\System32\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV - (ACEDRV07) -- C:\Windows\System32\drivers\ACEDRV07.sys (Protect Software GmbH)
DRV - (FsUsbExDisk) -- C:\Windows\System32\FsUsbExDisk.Sys ()
DRV - (sscemdm) -- C:\Windows\System32\drivers\sscemdm.sys (MCCI Corporation)
DRV - (sscebus) SAMSUNG USB Composite Device V2 driver (WDM) -- C:\Windows\System32\drivers\sscebus.sys (MCCI Corporation)
DRV - (sscemdfl) -- C:\Windows\System32\drivers\sscemdfl.sys (MCCI Corporation)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (RTL8187B) -- C:\Windows\System32\drivers\RTL8187B.sys (Realtek Semiconductor Corporation                          )
DRV - (ahcix86s) -- C:\Windows\system32\drivers\ahcix86s.sys (AMD Technologies Inc.)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation                                            )
DRV - (JRAID) -- C:\Windows\system32\drivers\jraid.sys (JMicron Technology Corp.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=FUJD&bmod=FUJD
 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: "hxxp://www.t-online.de/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:6.1.0.10441
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}:6.0.32
FF - prefs.js..extensions.enabledItems: battlefieldheroespatcher@ea.com:5.0.145.0
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_228.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.12.11 19:45:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.06.06 16:56:36 | 000,000,000 | ---D | M]
 
[2011.01.23 20:08:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gabi\AppData\Roaming\mozilla\Extensions
[2012.07.18 23:46:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gabi\AppData\Roaming\mozilla\Firefox\Profiles\1glfvulm.default\extensions
[2011.01.23 20:09:39 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Gabi\AppData\Roaming\mozilla\Firefox\Profiles\1glfvulm.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012.07.18 22:02:49 | 000,000,000 | ---D | M] (Battlefield Heroes Updater) -- C:\Users\Gabi\AppData\Roaming\mozilla\Firefox\Profiles\1glfvulm.default\extensions\battlefieldheroespatcher@ea.com
[2012.07.18 23:46:51 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.07.18 21:59:48 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2010.12.28 19:41:59 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2012.06.06 16:57:04 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}
[2012.07.18 21:59:48 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2010.12.28 19:41:59 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2012.06.06 16:57:04 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}
[2010.11.12 12:45:19 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.11.12 12:45:19 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010.11.12 12:45:19 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.11.12 12:45:20 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
 
========== Chrome  ==========
 
 
O1 HOSTS File: ([2012.01.16 02:03:23 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Programme\GbPlugin\gbieh.dll (Banco do Brasil)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - Startup: C:\Users\Gabi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Programme\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1 [2012.01.13 00:00:37 | 000,000,000 | ---D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1 [2012.01.13 00:00:37 | 000,000,000 | ---D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1 [2012.01.13 00:00:37 | 000,000,000 | ---D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1 [2012.01.13 00:00:37 | 000,000,000 | ---D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1 [2012.01.13 00:00:37 | 000,000,000 | ---D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 [2012.01.13 00:00:37 | 000,000,000 | ---D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 [2012.01.13 00:00:37 | 000,000,000 | ---D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1 [2012.01.13 00:00:37 | 000,000,000 | ---D | M]
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0169DC82-20BB-43D7-9C30-B0DA25C3A568}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AFA7E0B6-A087-4954-92D6-2FA645EC1AF7}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D0E9E3E0-3468-44F4-8735-70FF3931833B}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\ GbPluginBb: DllName - (C:\Program Files\GbPlugin\gbieh.dll) - C:\Programme\GbPlugin\gbieh.dll (Banco do Brasil)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O28 - HKLM ShellExecuteHooks: {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\Programme\GbPlugin\gbieh.dll (Banco do Brasil)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 21:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.07.31 23:51:55 | 000,000,000 | ---D | C] -- C:\Program Files\PermissionResearch
[2012.07.28 21:41:31 | 000,000,000 | ---D | C] -- C:\Program Files\THQ
[2012.07.22 19:20:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
[2012.07.22 19:20:08 | 000,000,000 | ---D | C] -- C:\Program Files\Steam
[2012.07.18 23:47:30 | 000,000,000 | ---D | C] -- C:\Users\Gabi\AppData\Local\PunkBuster
[2012.07.18 23:28:19 | 000,000,000 | ---D | C] -- C:\Users\Gabi\Documents\Battlefield Heroes
[2012.07.18 22:03:13 | 000,000,000 | ---D | C] -- C:\Program Files\EA Games
[2012.07.12 09:38:41 | 002,047,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012.07.12 09:35:12 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012.07.12 09:35:11 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.07.12 09:35:10 | 001,800,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012.07.12 09:35:10 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.07.12 09:35:10 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012.07.12 09:35:09 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012.07.12 09:35:08 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012.07.11 19:08:31 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2012.07.10 20:16:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2012.07.10 20:16:48 | 000,000,000 | ---D | C] -- C:\Program Files\LogMeIn Hamachi
[2010.11.03 10:33:35 | 000,695,296 | ---- | C] (AnjoCaido) -- C:\Users\Gabi\AppData\Roaming\MinecraftSP.exe
 
========== Files - Modified Within 30 Days ==========
 
[2012.08.02 11:31:56 | 000,001,154 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-796801859-272985792-655912762-1001UA.job
[2012.08.02 10:55:16 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.08.02 10:49:47 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.08.02 10:49:09 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.08.02 10:49:09 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.08.02 10:48:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.08.02 10:48:57 | 3079,262,208 | -HS- | M] () -- C:\hiberfil.sys
[2012.08.02 10:37:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.08.01 23:31:00 | 000,001,132 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-796801859-272985792-655912762-1001Core.job
[2012.07.22 19:20:28 | 000,000,792 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk
[2012.07.18 23:48:36 | 000,139,080 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2012.07.18 23:48:27 | 000,270,240 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr
[2012.07.18 22:53:04 | 000,138,056 | ---- | M] () -- C:\Users\Gabi\AppData\Roaming\PnkBstrK.sys
[2012.07.18 22:52:54 | 000,189,248 | ---- | M] () -- C:\Windows\System32\PnkBstrB.ex0
[2012.07.13 14:35:31 | 000,655,950 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.07.13 14:35:30 | 000,699,828 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.07.13 14:35:30 | 000,157,120 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.07.13 14:35:30 | 000,128,964 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.07.12 09:57:28 | 000,324,912 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
 
========== Files Created - No Company Name ==========
 
[2012.07.22 19:20:28 | 000,000,792 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk
[2012.07.18 23:48:27 | 000,270,240 | ---- | C] () -- C:\Windows\System32\PnkBstrB.xtr
[2012.07.18 22:53:05 | 000,139,080 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2012.07.18 22:53:04 | 000,138,056 | ---- | C] () -- C:\Users\Gabi\AppData\Roaming\PnkBstrK.sys
[2012.07.18 22:52:49 | 000,270,240 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2012.07.18 22:52:49 | 000,189,248 | ---- | C] () -- C:\Windows\System32\PnkBstrB.ex0
[2012.07.18 22:52:45 | 000,075,136 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2011.12.07 22:49:28 | 000,093,671 | ---- | C] () -- C:\Users\Gabi\AppData\Roaming\Uninstal.exe
[2011.11.13 21:48:09 | 000,271,360 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2011.11.13 21:47:37 | 000,018,048 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2011.10.27 22:01:45 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll
[2011.09.26 21:53:01 | 000,000,639 | ---- | C] () -- C:\Windows\eReg.dat
[2011.06.18 15:53:25 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011.06.18 15:52:22 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011.04.09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2011.03.06 20:52:38 | 000,000,000 | ---- | C] () -- C:\Windows\System32\Access.dat
[2011.01.24 13:25:09 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2011.01.24 12:57:10 | 000,069,632 | R--- | C] () -- C:\Windows\System32\xmltok.dll
[2011.01.24 12:57:10 | 000,036,864 | R--- | C] () -- C:\Windows\System32\xmlparse.dll
[2010.10.31 07:20:08 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010.09.17 18:51:57 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.09.13 18:53:41 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2010.09.13 18:53:41 | 000,036,640 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2010.09.11 10:41:05 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010.09.11 08:51:24 | 000,000,342 | ---- | C] () -- C:\Windows\{9A3BC157-B94F-4EFD-ABA9-1E56DEB00655}_WiseFW.ini
[2008.10.20 13:37:54 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1527.dll
[2008.10.20 13:37:53 | 002,192,024 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2008.10.20 13:37:52 | 000,495,376 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2008.10.20 13:37:52 | 000,147,172 | ---- | C] () -- C:\Windows\System32\igfcg550.bin
[2008.10.20 12:58:30 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008.04.25 12:23:38 | 000,012,288 | ---- | C] () -- C:\Windows\System32\EvOnlDiag.dll
[2008.01.21 07:15:58 | 000,699,828 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008.01.21 07:15:58 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008.01.21 07:15:58 | 000,157,120 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008.01.21 07:15:58 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2007.07.23 08:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2007.07.23 08:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2007.07.23 08:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2007.07.23 08:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2007.07.23 08:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2007.07.23 08:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2007.07.23 08:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2007.07.23 08:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2007.07.23 08:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2006.11.02 12:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 12:47:37 | 000,324,912 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 12:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 10:33:01 | 000,655,950 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 10:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 10:33:01 | 000,128,964 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 10:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 10:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 08:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 08:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 07:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 07:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2002.08.01 15:35:04 | 000,002,831 | ---- | C] () -- C:\Windows\wavemix.ini
 
========== LOP Check ==========
 
[2011.12.15 18:55:55 | 000,000,000 | ---D | M] -- C:\Users\Gabi\AppData\Roaming\.minecraft
[2012.01.11 21:51:03 | 000,000,000 | ---D | M] -- C:\Users\Gabi\AppData\Roaming\DAEMON Tools Lite
[2011.11.12 20:22:32 | 000,000,000 | ---D | M] -- C:\Users\Gabi\AppData\Roaming\Easeware
[2011.11.12 20:12:53 | 000,000,000 | ---D | M] -- C:\Users\Gabi\AppData\Roaming\fltk.org
[2011.09.29 13:49:51 | 000,000,000 | ---D | M] -- C:\Users\Gabi\AppData\Roaming\Leadertech
[2012.07.03 10:21:30 | 000,000,000 | ---D | M] -- C:\Users\Gabi\AppData\Roaming\LolClient
[2012.05.04 06:51:51 | 000,000,000 | ---D | M] -- C:\Users\Gabi\AppData\Roaming\Propellerhead Software
[2012.06.17 15:13:03 | 000,000,000 | ---D | M] -- C:\Users\Gabi\AppData\Roaming\uTorrent
[2011.01.18 23:30:31 | 000,000,000 | ---D | M] -- C:\Users\Gabi\AppData\Roaming\wxMozBrowserLib
[2012.05.10 23:22:14 | 000,000,000 | ---D | M] -- C:\Users\Gabi\AppData\Roaming\YoudaGames
[2011.11.28 10:21:52 | 000,000,404 | ---- | M] () -- C:\Windows\Tasks\DriverEasy Scheduled Scan.job
[2012.08.01 23:31:00 | 000,001,132 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-796801859-272985792-655912762-1001Core.job
[2012.08.02 11:31:56 | 000,001,154 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-796801859-272985792-655912762-1001UA.job
[2012.08.02 10:47:58 | 000,032,606 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 208 bytes -> C:\Windows\System32\drivers:GbpKmAp.lst
@Alternate Data Stream - 2 bytes -> C:\Windows\System32:EF87F1B4_Bb.gbp

< End of report >

Extras.txt

Code:
OTL Extras logfile created on: 02.08.2012 11:31:49 - Run 3
OTL by OldTimer - Version 3.2.31.0    Folder = C:\Users\TimTobias\Desktop\Nette Progs\HiJackThis Hilfe
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,87 Gb Total Physical Memory | 1,65 Gb Available Physical Memory | 57,52% Memory free
5,96 Gb Paging File | 4,70 Gb Available in Paging File | 78,88% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 303,84 Gb Total Space | 14,21 Gb Free Space | 4,68% Space Free | Partition Type: NTFS
Drive D: | 152,92 Gb Total Space | 29,02 Gb Free Space | 18,98% Space Free | Partition Type: NTFS
 
Computer Name: DERCOMPUTER | User Name: Gabi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1 -- [2012.01.13 00:00:37 | 000,000,000 | ---D | M]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1 -- [2012.01.13 00:00:37 | 000,000,000 | ---D | M]
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1 -- [2012.01.13 00:00:37 | 000,000,000 | ---D | M]
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1 -- [2012.01.13 00:00:37 | 000,000,000 | ---D | M]
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0F8B0B26-FFE6-4ECF-8298-FAA609342576}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{1512EB15-60C0-49B2-9E99-C5E1AA49E3C3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1F7D19CF-8C14-40C7-A8B5-10C7C64A6177}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{31D7BAA4-BA38-4658-939E-7E44CA66549C}" = lport=2869 | protocol=6 | dir=in | app=system |
"{34D94C5E-6CF4-4FF0-8D74-34F4872A4F24}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{4D8FAA36-EAEF-407B-ABF5-9DBB172149A3}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{4ED82306-77B9-4275-95C5-F78AAE64573E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{55CE7E2A-6A0B-419C-9AE4-49ECE309E4C1}" = lport=8381 | protocol=6 | dir=in | name=league of legends launcher |
"{5809861F-42A1-4D62-B03B-5C1CA7879407}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5B359E3A-DC14-4C0F-AE4A-3ED21DC60012}" = rport=10243 | protocol=6 | dir=out | app=system |
"{66F66EC7-6B56-40A6-ABD2-1927E8AB473F}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{88DB133D-8FD7-49DD-9F0A-8CDE93EB9369}" = lport=8381 | protocol=17 | dir=in | name=league of legends launcher |
"{B384ACE6-62BC-4111-BDA0-8662B42B4C79}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C2DE4EAC-1C83-4399-A973-5D4E81CD1155}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D10EC664-C2B0-4AEF-913E-772EADC2E965}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{D961EDCC-C6FB-41E4-AEAF-D1F7B3F36986}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe |
"{E3FBDF1D-4938-4589-AA6F-3A9CB0A68757}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{E44B06BF-5D13-4C1F-8818-73ED4E7CE463}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F89769C0-96AA-4DF0-81D1-DE4010D76881}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{F95014A7-6422-4E14-965E-9600C352B3C7}" = lport=2869 | protocol=6 | dir=in | app=system |
"{FAB0312A-4B8E-40C9-9192-5F354BF378C4}" = lport=10243 | protocol=6 | dir=in | app=system |
"{FB091B93-6B0A-4E9E-A130-DB813553F089}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0ECDE24D-FC5B-4127-A1BB-D5D97E0F6588}" = protocol=6 | dir=in | app=c:\program files\thq\company of heroes\relicdownloader\relicdownloader.exe |
"{161AAFC7-5028-49B7-BFE8-42B29BD054FF}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe |
"{274A62D6-5858-4AA3-8E66-6C5D14DFC351}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe |
"{28C22EFD-DF7C-4CE4-884B-0ED50BD85229}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{29924917-17A2-4086-A372-BD4D22FA3FB0}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{2A81C4F9-D67A-4F0A-8B80-BC674EC92AEA}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{2C9A92BB-EAE3-44CA-AB31-CA9AF3087FDB}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{3DBEEFB1-6993-499A-A374-C5D031758E19}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe |
"{4D856B98-6146-43A3-8702-F423D0F61367}" = protocol=6 | dir=in | app=c:\users\timtobias\desktop\nette progs\utorrent.exe |
"{4F5AFC8E-44FF-48ED-93AF-CB9D505C60F0}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{5011F880-A715-4C74-9062-B6F04E22E2E8}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{55DFB885-A669-4B23-85D5-E39A2C1B72B9}" = protocol=6 | dir=in | app=c:\program files\fujitsu siemens computers\fsclounge\fscwbaseupdaterservice\2\fscwbaseupdaterservice.exe |
"{5A0D3E12-75DA-4732-9E75-033F069D7AAC}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{5A443BAE-2A02-46C5-9B42-3416730F594B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5BF0AC86-618E-48E8-BA7D-4E3347A10C4F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5C0EBF5F-5327-41EC-ABB1-CDC7B988FC97}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{5FA39179-E25C-419C-8D61-FC4A7DF37E09}" = protocol=17 | dir=in | app=c:\program files\fujitsu siemens computers\fsclounge\fscwbaseupdaterservice\2\fscwbaseupdaterservice.exe |
"{635C9861-3C11-4497-94AB-7B3D61FC1CB7}" = protocol=17 | dir=in | app=c:\program files\thq\company of heroes\relicdownloader\relicdownloader.exe |
"{72988D27-8115-4873-9367-57CD44038BB4}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{7A3EEFA8-8744-4656-9A2E-F145A2315124}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7EDCF0C9-BE3E-4BDA-B01A-B47004D6A801}" = protocol=17 | dir=in | app=c:\program files\thq\company of heroes\reliccoh.exe |
"{8146D948-5BAD-44A8-8F89-5D921176F3AD}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{8295C084-2610-43BF-AFFD-BE99FBE775A0}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{8D2F7495-D886-4022-AD74-09AA63CCEDB5}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{8E01978C-70C5-4EA5-AF9B-EF5A6A17A573}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{94AA5E7B-33AF-44DA-8212-DBF26B972D90}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9CDE3B11-F727-4C18-9302-9B59826E3936}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A3917432-99FA-4B0E-92BC-7B8F71451FE9}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{B6D80CBE-4FFC-468D-AFFB-43858CB40273}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{B9365176-101D-40CE-99AA-C141EB26851E}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{BC0626C6-ADF7-4033-9716-38D818A32071}" = protocol=6 | dir=out | app=system |
"{BD485E64-E3A2-4EB6-8257-938669840A80}" = protocol=17 | dir=in | app=c:\users\timtobias\desktop\nette progs\utorrent.exe |
"{C156407D-1115-4D9A-A3F6-0EB939B27F61}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{C7B72D04-0138-4F32-BF9B-F20C7FBCAD00}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{CF964DCC-3BFA-444B-91E8-22F1EAE29226}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe |
"{D58B76A8-EFE8-4C00-A59C-9D86A21C3B7F}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{D69339DB-3F77-427C-9D96-43B00C439955}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{D94EADB9-06ED-4F93-9F35-908C142D2828}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{DB0584F7-C39E-4C86-AD42-E42EBD26D245}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{DBAA6259-CF4D-4E86-BFFC-A6119E16795D}" = protocol=6 | dir=in | app=c:\program files\thq\company of heroes\reliccoh.exe |
"{E28C2411-862D-4615-88F7-CEA15B3F78CD}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{E39504C4-BE72-42C1-82D5-D3673723069A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{0A94F50F-8626-47EF-B382-89BF7995ECDD}D:\games\praetorians +mod\praetorians\praetorians.exe" = protocol=6 | dir=in | app=d:\games\praetorians +mod\praetorians\praetorians.exe |
"TCP Query User{0EF0ACD2-5DC4-4C48-96DD-3BB776C4C89F}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{3774265D-BC09-417E-9BAA-972C741048D8}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{467DE04B-BD31-44EA-B53C-A1A9B9BF4E76}C:\program files\lucasarts\star wars jedi knight jedi academy\gamedata\jamp.exe" = protocol=6 | dir=in | app=c:\program files\lucasarts\star wars jedi knight jedi academy\gamedata\jamp.exe |
"TCP Query User{46BEB7B7-5F79-4691-98AF-03927CBEAA56}C:\users\timtobias\appdata\local\temp\905deee008c840e0aba80974ef3b06cf\relicdownloader.exe" = protocol=6 | dir=in | app=c:\users\timtobias\appdata\local\temp\905deee008c840e0aba80974ef3b06cf\relicdownloader.exe |
"TCP Query User{47BCE3A5-72D2-4509-85F0-E6E5E1EA5B6F}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{50DA31AC-065B-462A-B086-EFF8CC7BAB2A}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{60DD221A-4AB9-47EA-A2FC-40D491336DB2}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"TCP Query User{6C734ABE-0C82-405A-965D-16E1EE156A92}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"TCP Query User{76C0570D-ADF4-4729-BAE3-3DC7C1ECF522}C:\users\timtobias\appdata\roaming\icq\application\icq7.5\icq.exe" = protocol=6 | dir=in | app=c:\users\timtobias\appdata\roaming\icq\application\icq7.5\icq.exe |
"TCP Query User{871A49B7-FAA2-45B9-8350-1937DFC80748}C:\users\timtobias\appdata\local\facebook\video\skype\facebookvideocalling.exe" = protocol=6 | dir=in | app=c:\users\timtobias\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"TCP Query User{8D3A0D2C-9D55-49B7-904E-160FC09801E0}C:\users\timtobias\appdata\roaming\icq\application\icq7.5\icq.exe" = protocol=6 | dir=in | app=c:\users\timtobias\appdata\roaming\icq\application\icq7.5\icq.exe |
"TCP Query User{966415D1-E67D-49CE-9FF9-096AEDF1D4B9}C:\program files\audiosurf\engine\questviewer.exe" = protocol=6 | dir=in | app=c:\program files\audiosurf\engine\questviewer.exe |
"TCP Query User{9BAC6973-1E4E-4F34-A838-0F0368AFA828}C:\users\timtobias\appdata\local\temp\efda6c7eda5d424ea73d2df644900481\relicdownloader.exe" = protocol=6 | dir=in | app=c:\users\timtobias\appdata\local\temp\efda6c7eda5d424ea73d2df644900481\relicdownloader.exe |
"TCP Query User{9E53D579-4135-4F1E-A446-A515E6979189}C:\users\timtobias\appdata\local\temp\9f5671545fa140baae8736b640041bf2\relicdownloader.exe" = protocol=6 | dir=in | app=c:\users\timtobias\appdata\local\temp\9f5671545fa140baae8736b640041bf2\relicdownloader.exe |
"TCP Query User{A6BEB1A9-F5D0-4912-8C91-0C0B2350838A}C:\users\timtobias\desktop\nette progs\utorrent.exe" = protocol=6 | dir=in | app=c:\users\timtobias\desktop\nette progs\utorrent.exe |
"TCP Query User{C275CBF3-3FAA-40F5-A5B7-2482859908F3}C:\program files\audiosurf\engine\questviewer.exe" = protocol=6 | dir=in | app=c:\program files\audiosurf\engine\questviewer.exe |
"TCP Query User{E187C766-12E1-4648-B790-419B7715204E}D:\games\praetorians +mod\praetorians\praetorians.exe" = protocol=6 | dir=in | app=d:\games\praetorians +mod\praetorians\praetorians.exe |
"TCP Query User{EF1E3FEA-F7DA-4E4E-96BE-96064B184907}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"TCP Query User{F891D6AA-6C19-4C89-BB4C-A2E2F5CC4FA3}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{FCCA50B1-05FD-4525-A783-55863C30DC0D}C:\users\timtobias\desktop\nette progs\utorrent.exe" = protocol=6 | dir=in | app=c:\users\timtobias\desktop\nette progs\utorrent.exe |
"UDP Query User{094577A3-94F8-418F-9838-D24E00679FB5}C:\users\timtobias\appdata\local\temp\905deee008c840e0aba80974ef3b06cf\relicdownloader.exe" = protocol=17 | dir=in | app=c:\users\timtobias\appdata\local\temp\905deee008c840e0aba80974ef3b06cf\relicdownloader.exe |
"UDP Query User{1D60A1EA-A8E2-42F7-8461-B5F6240A8E3D}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"UDP Query User{28BABCA5-EC32-499B-9704-B390745551E7}C:\users\timtobias\desktop\nette progs\utorrent.exe" = protocol=17 | dir=in | app=c:\users\timtobias\desktop\nette progs\utorrent.exe |
"UDP Query User{3678918A-76CE-4FE8-9764-7DCC84D92EA0}C:\program files\audiosurf\engine\questviewer.exe" = protocol=17 | dir=in | app=c:\program files\audiosurf\engine\questviewer.exe |
"UDP Query User{3682CD82-1806-4337-B253-4DE30352B0AA}C:\program files\audiosurf\engine\questviewer.exe" = protocol=17 | dir=in | app=c:\program files\audiosurf\engine\questviewer.exe |
"UDP Query User{4953406A-6C61-426B-ACB5-3CAC74284E09}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{4A7D287B-F79F-4713-925C-7636F63E4F1B}C:\users\timtobias\appdata\roaming\icq\application\icq7.5\icq.exe" = protocol=17 | dir=in | app=c:\users\timtobias\appdata\roaming\icq\application\icq7.5\icq.exe |
"UDP Query User{4A900F4F-56E8-4C7F-9649-20F290F932F4}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"UDP Query User{4BBC645A-5C68-4F87-BDA3-CFB95F4C8E9F}D:\games\praetorians +mod\praetorians\praetorians.exe" = protocol=17 | dir=in | app=d:\games\praetorians +mod\praetorians\praetorians.exe |
"UDP Query User{6896719B-28B5-4818-910C-31224730447A}D:\games\praetorians +mod\praetorians\praetorians.exe" = protocol=17 | dir=in | app=d:\games\praetorians +mod\praetorians\praetorians.exe |
"UDP Query User{78D224F1-8702-4044-AF40-8CDA759CAAD6}C:\users\timtobias\appdata\local\temp\efda6c7eda5d424ea73d2df644900481\relicdownloader.exe" = protocol=17 | dir=in | app=c:\users\timtobias\appdata\local\temp\efda6c7eda5d424ea73d2df644900481\relicdownloader.exe |
"UDP Query User{9E21719A-0E5B-4722-9D31-0DBFE2420725}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{A5CE583C-CCD0-4E9A-ACA9-4824083BE17C}C:\users\timtobias\appdata\roaming\icq\application\icq7.5\icq.exe" = protocol=17 | dir=in | app=c:\users\timtobias\appdata\roaming\icq\application\icq7.5\icq.exe |
"UDP Query User{BBE1723B-F277-4FE1-9737-9245C3EE3596}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"UDP Query User{C72BAC74-9DB7-4AB1-A279-44876756F44A}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{DABD39E1-B7CD-406A-A7AC-EE408F466B10}C:\program files\lucasarts\star wars jedi knight jedi academy\gamedata\jamp.exe" = protocol=17 | dir=in | app=c:\program files\lucasarts\star wars jedi knight jedi academy\gamedata\jamp.exe |
"UDP Query User{DBBE56E1-A8EC-459F-ADA1-5C6792770E0D}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{DC2BEA43-F32C-4323-AF81-FE503FCA2A36}C:\users\timtobias\desktop\nette progs\utorrent.exe" = protocol=17 | dir=in | app=c:\users\timtobias\desktop\nette progs\utorrent.exe |
"UDP Query User{E8470E48-447E-4694-9F52-FEFF05E58A11}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{E88A7570-C7EB-4F14-9DE9-1E382CABFF3C}C:\users\timtobias\appdata\local\temp\9f5671545fa140baae8736b640041bf2\relicdownloader.exe" = protocol=17 | dir=in | app=c:\users\timtobias\appdata\local\temp\9f5671545fa140baae8736b640041bf2\relicdownloader.exe |
"UDP Query User{F4B34126-5377-48D1-8B08-81A08684C37B}C:\users\timtobias\appdata\local\facebook\video\skype\facebookvideocalling.exe" = protocol=17 | dir=in | app=c:\users\timtobias\appdata\local\facebook\video\skype\facebookvideocalling.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0125D081-30D0-4A97-82A8-C28D444B6256}" = Microsoft SQL Server Compact 3.5 SP2 DEU
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{06ACD0D6-537A-4831-9608-AA74A5795698}" = Fantasy Sound Pack
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{09298F26-A95C-31E2-9D95-2C60F586F075}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{111DB3F0-0C58-4475-9954-1BD5B7B28618}" = League of Legends
"{14574B7F-75D1-4718-B7F2-EBF6E2862A35}" = Company of Heroes - FAKEMSI
"{199E6632-EB28-4F73-AECB-3E192EB92D18}" = Company of Heroes - FAKEMSI
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20052CA0-FF43-4901-8261-E6DBF0A09ED1}" = Farm Animal Sounds
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{25724802-CC14-4B90-9F3B-3D6955EE27B1}" = Company of Heroes - FAKEMSI
"{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java(TM) 6 Update 32
"{28999392-5871-4A39-863A-D2A6EA3260AF}" = League of Legends
"{2F8B731A-5F2D-3EA8-8B25-C3E5E43F4BDB}" = Microsoft Visual C++  Compilers 2010 Standard - enu - x86
"{2F926AE7-9FB7-4B34-906F-9C29A6D146A7}" = SystemDiagnostics
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{32C4A4EB-C97D-414E-99C5-38F8DFD31D5D}" = Company of Heroes - FAKEMSI
"{373C3C97-2FA9-4E18-85A2-255060C21031}" = Nero 8 Essentials
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{41A01180-D9FD-3428-9FD6-749F4C637CBF}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{45235788-142C-44BE-8A4D-DDE9A84492E5}" = AGEIA PhysX v7.09.13
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{50193078-F553-4EBA-AA77-64C9FAA12F98}" = Company of Heroes - FAKEMSI
"{51D718D1-DA81-4FAD-919F-5C1CE3C33379}" = Company of Heroes - FAKEMSI
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57BB52B7-6B7B-31F3-89F4-4EE8FE5CEF6D}" = Microsoft Help Viewer 1.1
"{5AB7D739-1735-3A9E-BE73-C43507CB4E6F}" = Microsoft Visual Studio 2010 Service Pack 1
"{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}" = Microsoft Visual C++ 2010  x86 Runtime - 10.0.40219
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{66F78C51-D108-4F0C-A93C-1CBE74CE338F}" = Company of Heroes - FAKEMSI
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6EB4FCC1-B3B7-4599-8921-905D095A49FA}" = Launch Manager
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{79A743FA-FF99-42DF-8C35-BA40EAEA6668}" = Comic Sound Pack
"{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159
"{7F4B1592-222F-4E5F-A100-E5AFD61A0BB3}" = Company of Heroes - FAKEMSI
"{7FB413C8-3CAD-49F7-A67C-6EFEB4B04050}" = LogMeIn Hamachi
"{80D03817-7943-4839-8E96-B9F924C5E67D}" = Company of Heroes - FAKEMSI
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{943A8D28-80D6-41DC-AE94-81FEB42041BF}" = System Requirements Lab CYRI
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97E5205F-EA4F-438F-B211-F1846419F1C1}" = Company of Heroes - FAKEMSI
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{99A7722D-9ACB-43F3-A222-ABC7133F159E}" = Company of Heroes - FAKEMSI
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A3BC157-B94F-4EFD-ABA9-1E56DEB00655}" = FSCLounge
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9E2BD6FF-CE8D-47B5-AD9C-0A5C2D54EB3C}" = League of Legends
"{A36B158D-8E9D-4BD3-8BDA-4B5EDC9C2E8C}" = Norman Security Suite
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.0 - Deutsch
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{AFC454ED-A26F-4816-826B-C35129D82E1F}" = Fujitsu Siemens Computers Recovery
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0
"{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
"{BA801B94-C28D-46EE-B806-E1E021A3D519}" = Company of Heroes - FAKEMSI
"{C05BC4CD-C001-37E7-939C-3392604DFBEF}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86) Language Pack - DEU
"{C83CD843-260E-3BD0-86BC-4E613BFDDE0A}" = Microsoft Help Viewer 1.1 Language Pack - DEU
"{C85B6A70-2ABB-4A31-8FD1-E183553A94F9}" = MoD ImperiaL v4.1
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D4D244D1-05E0-4D24-86A2-B2433C435671}" = Company of Heroes - FAKEMSI
"{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}" = Microsoft XNA Framework Redistributable 4.0 Refresh
"{D801B39E-CE01-409F-8E7C-B7976EA3C9DC}_is1" = Audiosurf
"{D813EF9B-69CF-4996-893C-B400AE7292FA}" = Spooky Sounds
"{D91802D9-6A42-4563-BC37-B3E2D04DC95B}" = Ancient Weapon Sounds
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DEEB5FE3-40F5-3C5B-8F85-5306EF3C08F4}" = Microsoft Visual C++ 2010 Express - DEU
"{E6B28CE4-9D73-4B7D-9329-A0ED4855D686}" = FSC OSD Utility
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{EAF636A9-F664-4703-A659-85A894DA264F}" = Company of Heroes - FAKEMSI
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"7-Zip" = 7-Zip 9.20
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner
"Company of Heroes" = Company of Heroes
"DAEMON Tools Lite" = DAEMON Tools Lite
"DriverEasy_is1" = DriverEasy 3.11.0
"Eastern Front" = Eastern Front
"ESET Online Scanner" = ESET Online Scanner v3
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{6EB4FCC1-B3B7-4599-8921-905D095A49FA}" = Launch Manager
"InstallShield_{E6B28CE4-9D73-4B7D-9329-A0ED4855D686}" = FSC OSD Utility
"JDownloader" = JDownloader
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.0.1800
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft Help Viewer 1.1" = Microsoft Help Viewer 1.1
"Microsoft Help Viewer 1.1 Language Pack - DEU" = Microsoft Help Viewer 1.1 Language Pack - DEU
"Microsoft Visual C++ 2010 Express - DEU" = Microsoft Visual C++ 2010 Express - DEU
"Microsoft Visual Studio 2010 Service Pack 1" = Microsoft Visual Studio 2010 Service Pack 1
"Microsoft Visual Studio 2010 Tools for Office Runtime (x86)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
"Microsoft Visual Studio 2010 Tools for Office Runtime (x86) Language Pack - DEU" = Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x86) Language Pack - DEU
"Minecraft 1.2.0_02" = Minecraft 1.2.0_02
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"Picasa 3" = Picasa 3
"PONS Softwarekurs für Anfänger Portugiesisch" = PONS Softwarekurs für Anfänger Portugiesisch
"PunkBusterSvc" = PunkBuster Services
"Reason5_is1" = Reason 5.0
"TeamViewer 7" = TeamViewer 7
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.1.4
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{8DC910CD-8EE3-4ffc-A4EB-9B02701059C4}" = Battlefield Heroes (Gabi)
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 03.10.2011 01:19:50 | Computer Name = DERComputer | Source = System Restore | ID = 8193
Description =
 
Error - 03.10.2011 01:23:42 | Computer Name = DERComputer | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung mb_warband.exe, Version 1.0.0.0, Zeitstempel
 0x4bb1ab6e, fehlerhaftes Modul mb_warband.exe, Version 1.0.0.0, Zeitstempel 0x4bb1ab6e,
 Ausnahmecode 0xc0000005, Fehleroffset 0x00200c05,  Prozess-ID 0x1484, Anwendungsstartzeit
 01cc818c9c11149d.
 
Error - 03.10.2011 01:24:06 | Computer Name = DERComputer | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung mb_warband.exe, Version 1.0.0.0, Zeitstempel
 0x4bb1ab6e, fehlerhaftes Modul mb_warband.exe, Version 1.0.0.0, Zeitstempel 0x4bb1ab6e,
 Ausnahmecode 0xc0000005, Fehleroffset 0x00200c05,  Prozess-ID 0x16cc, Anwendungsstartzeit
 01cc818caacfa5ad.
 
Error - 03.10.2011 01:24:12 | Computer Name = DERComputer | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung mb_warband.exe, Version 1.0.0.0, Zeitstempel
 0x4bb1ab6e, fehlerhaftes Modul mb_warband.exe, Version 1.0.0.0, Zeitstempel 0x4bb1ab6e,
 Ausnahmecode 0xc0000005, Fehleroffset 0x00200c05,  Prozess-ID 0x750, Anwendungsstartzeit
 01cc818cae3a6efd.
 
Error - 03.10.2011 02:04:43 | Computer Name = DERComputer | Source = WinMgmt | ID = 10
Description =
 
Error - 03.10.2011 09:48:50 | Computer Name = DERComputer | Source = WinMgmt | ID = 10
Description =
 
Error - 04.10.2011 12:47:14 | Computer Name = DERComputer | Source = WinMgmt | ID = 10
Description =
 
Error - 04.10.2011 13:20:39 | Computer Name = DERComputer | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung stdrt.exe, Version 3.0.239.0, Zeitstempel 0x4462f982,
 fehlerhaftes Modul oggflt.sft, Version 1.0.1.0, Zeitstempel 0x4460ff48, Ausnahmecode
 0xc0000005, Fehleroffset 0x0000fa77,  Prozess-ID 0x484, Anwendungsstartzeit 01cc82b54fabe0a2.
 
Error - 04.10.2011 13:32:18 | Computer Name = DERComputer | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung stdrt.exe, Version 3.0.239.0, Zeitstempel 0x4462f982,
 fehlerhaftes Modul oggflt.sft, Version 1.0.1.0, Zeitstempel 0x4460ff48, Ausnahmecode
 0xc0000005, Fehleroffset 0x00016300,  Prozess-ID 0x1580, Anwendungsstartzeit 01cc82b9f6b96492.
 
Error - 05.10.2011 09:17:56 | Computer Name = DERComputer | Source = WinMgmt | ID = 10
Description =
 
[ System Events ]
Error - 02.08.2012 05:44:35 | Computer Name = DERComputer | Source = Dhcp | ID = 1001
Description = Diesem Computer konnte keine Netzwerkadresse durch den DHCP-Server
 für die Netzwerkkarte mit der Netzwerkadresse 00238B55C2FD zugeteilt werden. Der
 folgende Fehler ist aufgetreten:  %%1223. Es wird weiterhin im Hintergrund versucht,
 eine Adresse vom Netzwerkadressserver (DHCP) zugeteilt zu bekommen.
 
Error - 02.08.2012 05:46:14 | Computer Name = DERComputer | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.1.5 für die Netzwerkkarte mit der Netzwerkadresse
 00238B55C2FD wurde durch den DHCP-Server 0.0.0.0 abgelehnt (der DHCP-Server hat
 eine DHCPNACK-Meldung gesendet).
 
Error - 02.08.2012 05:46:29 | Computer Name = DERComputer | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.1.6 für die Netzwerkkarte mit der Netzwerkadresse
 00238B55C2FD wurde durch den DHCP-Server 0.0.0.0 abgelehnt (der DHCP-Server hat
 eine DHCPNACK-Meldung gesendet).
 
Error - 02.08.2012 05:46:51 | Computer Name = DERComputer | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.1.7 für die Netzwerkkarte mit der Netzwerkadresse
 00238B55C2FD wurde durch den DHCP-Server 0.0.0.0 abgelehnt (der DHCP-Server hat
 eine DHCPNACK-Meldung gesendet).
 
Error - 02.08.2012 05:49:42 | Computer Name = DERComputer | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.1.8 für die Netzwerkkarte mit der Netzwerkadresse
 00238B55C2FD wurde durch den DHCP-Server 0.0.0.0 abgelehnt (der DHCP-Server hat
 eine DHCPNACK-Meldung gesendet).
 
Error - 02.08.2012 05:49:51 | Computer Name = DERComputer | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.1.2 für die Netzwerkkarte mit der Netzwerkadresse
 00238B55C2FD wurde durch den DHCP-Server 0.0.0.0 abgelehnt (der DHCP-Server hat
 eine DHCPNACK-Meldung gesendet).
 
Error - 02.08.2012 05:50:00 | Computer Name = DERComputer | Source = Dhcp | ID = 1001
Description = Diesem Computer konnte keine Netzwerkadresse durch den DHCP-Server
 für die Netzwerkkarte mit der Netzwerkadresse 00238B55C2FD zugeteilt werden. Der
 folgende Fehler ist aufgetreten:  %%1223. Es wird weiterhin im Hintergrund versucht,
 eine Adresse vom Netzwerkadressserver (DHCP) zugeteilt zu bekommen.
 
Error - 02.08.2012 06:50:38 | Computer Name = DERComputer | Source = Service Control Manager | ID = 7023
Description =
 
Error - 02.08.2012 06:51:43 | Computer Name = DERComputer | Source = Service Control Manager | ID = 7024
Description =
 
Error - 02.08.2012 07:10:04 | Computer Name = DERComputer | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.1.4 für die Netzwerkkarte mit der Netzwerkadresse
 00238B55C2FD wurde durch den DHCP-Server 0.0.0.0 abgelehnt (der DHCP-Server hat
 eine DHCPNACK-Meldung gesendet).
 
 
< End of report >

Malewarebytes

Code:
Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.10.05

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
TimTobias :: DERCOMPUTER [limited]

02.08.2012 11:22:34
mbam-log-2012-08-02 (11-22-34).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 167506
Time elapsed: 5 minute(s), 12 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 1
C:\Program Files\PermissionResearch (Spyware.PermissionResearch) -> Delete on reboot.

Files Detected: 4
C:\Program Files\PermissionResearch\prls.dll (Spyware.PermissionResearch) -> Delete on reboot.
C:\Program Files\PermissionResearch\prls64.dll (Spyware.PermissionResearch) -> Delete on reboot.
C:\Program Files\PermissionResearch\prmrsr64.exe (Spyware.PermissionResearch) -> Delete on reboot.
C:\Program Files\PermissionResearch\prservice.exe (Spyware.PermissionResearch) -> Delete on reboot.

(end)
Für mich sind diese Texte ein Riesen wirrwar ihr blickt da warscheinlich sehr viel besser durch.
Ich hoffe es ist nichts schlimmes, wisst ihr was der ATRAPS Trojaner genau macht ?? Ich hab gesehen ihr hattet das Probelm ja schon öfter hier im Forum.

Danke im vorraus schonmal und nen Lieben Gruß, Tim.

Chris4You 02.08.2012 13:54
Hi,

es sind keine der üblichen Files zu finden, taucht die Malware noch auf?

Bitte folgende Files prüfen (Hast Du Banking-SW der Bank of Brasil auf dem Rechner)?:

Dateien Online überprüfen lassen:
  • Suche die Seite Virtustotal auf, klicke auf den Button „Durchsuchen“ und suche folgende Datei/Dateien:
Code:
C:\Programme\GbPlugin\gbieh.dll
  • Lade nun nacheinander jede/alle Datei/Dateien hoch, und warte bis der Scan vorbei ist. (kann bis zu 2 Minuten dauern.)
  • Poste im Anschluss das Ergebnis der Auswertung, alles abkopieren und in einen Beitrag einfügen.
  • Wichtig: Auch die Größenangabe sowie den HASH mit kopieren!

Fix für OTL:
  • Doppelklick auf die OTL.exe, um das Programm auszuführen.
  • Vista/Win7-User bitte per Rechtsklick und "Ausführen als Administrator" starten.
  • Kopiere den Inhalt der folgenden Codebox komplett in die OTL-Box unter "Custom Scan/Fixes"
http://oldtimer.geekstogo.com/OTL/OTL_Main_Tutorial.gif
Code:

:OTL
@Alternate Data Stream - 208 bytes -> C:\Windows\System32\drivers:GbpKmAp.lst
@Alternate Data Stream - 2 bytes -> C:\Windows\System32:EF87F1B4_Bb.gbp

:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = dword:0x01

:Commands
[emptytemp]
[resethosts]
[Reboot]
  • Den roten Run Fixes! Button anklicken.
  • Bitte alles aus dem Ergebnisfenster (Results) herauskopieren.
  • Eine Kopie eines OTL-Fix-Logs wird in einer Textdatei in folgendem Ordner gespeichert:
  • %systemroot%\_OTL

Gmer:
http://www.trojaner-board.de/74908-a...t-scanner.html
Den Downloadlink findest Du links oben (GMER - Rootkit Detector and Remover), dort dann
auf den Button "Download EXE", dabei wird ein zufälliger Name generiert (den und den Pfad wo Du sie gespeichert hast bitte merken).
Starte gmer und schaue, ob es schon was meldet. Macht es das, bitte alle Fragen mit "nein" beantworten, auf den Reiter "rootkit" gehen, wiederum die Frage mit "nein" beantworten und mit Hilfe von copy den Bericht in den Thread einfügen. Meldet es so nichts, gehe auf den Reiter Rootkit und mache einen Scan. Ist dieser beendet, wähle Copy und füge den Bericht ein. Stürzt GMER ab, bitte im abgesicherten Modus (F8 beim Booten) probieren!

TDSS-Killer
Download und Anweisung unter: Wie werden Schadprogramme der Familie Rootkit.Win32.TDSS bekämpft?
Entpacke alle Dateien in einem eigenen Verzeichnis (z. B: C:\TDSS)!
Aufruf über den Explorer duch Doppelklick auf die TDSSKiller.exe.
Stelle den Killer wir folgt ein:
http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg
Dann den Scan starten durch (Start Scan).
Wenn der Scan fertig ist bitte "Report" anwählen (eventuelle Funde erstmal mit Skip übergehen). Es öffnet sich ein Fenster (Report anklicken), den Text abkopieren und hier posten...

MAM updaten und Fullscan machen, Log posten!

chris

TimTobi 03.08.2012 17:35
Ok nu haben wirs. Danke erstmal das ihr mir helft ist ja jetzt endlich nicht selbst verständlich. ^^

Ok bei Virustotal war ich mir nicht sicher was genau du alles Kopiert haben wolltest, somit ist hier ALLES.

Virustotal

HTML-Code:
SHA256:        9b6eb848604850bddf331fbbe70240d5caa326c92eba8b5ac1ed8ffb76c56e0a
SHA1:        a2266d6ea4791a784cd8f647c9d08dc5abab8237
MD5:        f136508dd68d1973ba934164bc13e94a
File size:        1.3 MB ( 1313864 bytes )
File name:        gbieh.dll
File type:        Win32 DLL
Detection ratio:        0 / 41
Analysis date:        2012-08-03 15:04:21 UTC ( 1 Minute ago )
1
2
More details
Antivirus        Result        Update
AhnLab-V3        -        20120803
AntiVir        -        20120803
Antiy-AVL        -        20120803
Avast        -        20120803
AVG        -        20120803
BitDefender        -        20120803
ByteHero        -        20120723
CAT-QuickHeal        -        20120803
ClamAV        -        20120803
Commtouch        -        20120803
Comodo        -        20120803
DrWeb        -        20120803
Emsisoft        -        20120803
eSafe        -        20120802
ESET-NOD32        -        20120803
F-Prot        -        20120803
F-Secure        -        20120803
Fortinet        -        20120803
GData        -        20120803
Ikarus        -        20120803
Jiangmin        -        20120803
K7AntiVirus        -        20120802
Kaspersky        -        20120803
McAfee        -        20120803
McAfee-GW-Edition        -        20120802
Microsoft        -        20120803
Norman        -        20120803
nProtect        -        20120803
Panda        -        20120803
Rising        -        20120803
Sophos        -        20120803
SUPERAntiSpyware        -        20120803
Symantec        -        20120803
TheHacker        -        20120801
TotalDefense        -        20120802
TrendMicro        -        20120803
TrendMicro-HouseCall        -        20120803
VBA32        -        20120803
VIPRE        -        20120803
ViRobot        -        20120803
VirusBuster        -        20120803

    * Comments
    * Votes
    * Additional information

No comments
NUEVA VARIANTE DE SPY BANKER GB

controlado a partir de ELISTARA 25.74

www.satinfo.es
Posted 1 Monat, 1 Woche ago by SATINFO
More comments
Leave your comment...
?
Rich Text Area
Toolbar
        Bold (Ctrl+B)        Italic (Ctrl+I)        Underline (Ctrl+U)        Undo (Ctrl+Z)        Redo (Ctrl+Y)               
StylesStyles        ▼
                Remove Formatting       
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!
Sign in Join the community
No votes

    *
      anonymous
      +1
      2012-06-08 12:50:52 UTC ( 1 Monat, 3 Wochen ago )
    *
      anonymous
      -1
      2012-06-21 16:42:11 UTC ( 1 Monat, 1 Woche ago )
    *
      SATINFO
      -34
      2012-06-21 14:53:33 UTC ( 1 Monat, 1 Woche ago )

More votes
An error occurred
ssdeep
24576:3KIJzr7Irr+oyhoHCAZWInmXYbyYquDchkOTr5tr2qqsglzAsKUMa7+19Z11mNw8:3KMH7Irr+CCAAImXgLquoH5d3qsgdKU9
TrID
Windows OCX File (90.7%)
Win32 Executable Generic (6.2%)
Generic Win/DOS Executable (1.4%)
DOS Executable Generic (1.4%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
ExifTool

CodeSize.................: 1314304
SubsystemVersion.........: 5.0
Comments.................:
InitializedDataSize......: 481280
ImageVersion.............: 0.0
ProductName..............: Banco do Brasil Gbieh
FileVersionNumber........: 3.14.11.8
UninitializedDataSize....: 0
LanguageCode.............: Portuguese (Brazilian)
FileFlagsMask............: 0x003f
CharacterSet.............: Unicode
LinkerVersion............: 9.0
OriginalFilename.........: Gbieh.dll
PrivateBuild.............: Banco do Brasil
MIMEType.................: application/octet-stream
Subsystem................: Windows GUI
FileVersion..............: 3,14,11,8
TimeStamp................: 2012:04:28 00:36:26+02:00
FileType.................: Win32 DLL
PEType...................: PE32
InternalName.............: Gbieh
OLESelfRegister..........: yes
ProductVersion...........: 3,14,11,8
FileDescription..........: Gbieh Module
OSVersion................: 5.0
FileOS...................: Win32
LegalCopyright...........: Copyright    2003-2012, Banco do Brasil
MachineType..............: Intel 386 or later, and compatibles
CompanyName..............: Banco do Brasil
LegalTrademarks..........: Banco do Brasil, Gbieh
FileSubtype..............: 0
ProductVersionNumber.....: 3.14.11.8
EntryPoint...............: 0x300bd7
ObjectFileType...........: Dynamic link library

Sigcheck

publisher................: Banco do Brasil
product..................: Banco do Brasil Gbieh
internal name............: Gbieh
copyright................: Copyright (c) 2003-2012, Banco do Brasil
original name............: Gbieh.dll
signing date.............: 2:00 PM 5/9/2012
comments.................:
file version.............: 3,14,11,8
signers..................: Banco do Brasil S.A.; VeriSign Class 3 Code Signing 2010 CA; VeriSign Class 3 Public Primary Certification Authority - G5
description..............: Gbieh Module

Portable Executable structural information

Compilation timedatestamp.....: 2012-04-27 22:36:26
Target machine................: 0x14C (Intel 386 or later processors and compatible processors)
Entry point address...........: 0x00300BD7

PE Sections...................:

Name        Virtual Address  Virtual Size  Raw Size  Entropy  MD5
.text                  4096      1187984        0    0.00  d41d8cd98f00b204e9800998ecf8427e
CODE                1196032        125924        0    0.00  d41d8cd98f00b204e9800998ecf8427e
.rdata              1323008        301660        0    0.00  d41d8cd98f00b204e9800998ecf8427e
.data              1626112        81224        0    0.00  d41d8cd98f00b204e9800998ecf8427e
DATA                1708032          5232        0    0.00  d41d8cd98f00b204e9800998ecf8427e
BSS                1716224          2421        0    0.00  d41d8cd98f00b204e9800998ecf8427e
.tls                1720320            2      512    0.00  bf619eac0cdf3f68d496ea9344137e8b
.vmp0              1724416        519480        0    0.00  d41d8cd98f00b204e9800998ecf8427e
.vmp1              2244608      1295147  1295360    7.95  18c2fb3971b81fb417cf1b87997b52fa
.reloc              3543040          244      512    2.78  5b5904154dd9af512bd40aa6a02af142
.rsrc              3547136        39850      8704    4.84  a777e70b9974f74d2797edd655077ca3

PE Imports....................:

[[ADVAPI32.dll]]
CryptGetHashParam

[[KERNEL32.dll]]
GetModuleHandleA, LoadLibraryA, LocalAlloc, LocalFree, GetModuleFileNameA, ExitProcess

[[ole32.dll]]
CoCreateInstance

[[USER32.dll]]
GetCursorPos

[[OLEAUT32.dll]]


PE Exports....................:

DllCanUnloadNow, DllGetClassObject, DllRegisterServer, DllUnregisterServer, SpecialFunction

First seen by VirusTotal
2012-05-16 08:03:41 UTC ( 2 Monate, 2 Wochen ago )
Last seen by VirusTotal
2012-08-03 15:04:21 UTC ( 3 Minuten ago )
File names (max. 25)

  1. gbieh.dll
  2. Gbieh.dll
  3. Gbieh(1).dll
  4. FBC2ACA048500C0C0CDB149807234A00A7FBCBAA.dll
  5. Gbieh
  6. file-3978820_dll
HTML-Code:
All processes killed
========== OTL ==========
ADS C:\Windows\System32\drivers:GbpKmAp.lst deleted successfully.
ADS C:\Windows\System32:EF87F1B4_Bb.gbp deleted successfully.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\"cval" | dword:0x01 /E : value set successfully!
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
 
User: Gabi
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 119014 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 32227176 bytes
->Flash cache emptied: 120779 bytes
 
User: Juergen
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
User: TimTobias
->Temp folder emptied: 171775359 bytes
->Temporary Internet Files folder emptied: 63187195 bytes
->Java cache emptied: 535796 bytes
->FireFox cache emptied: 116403246 bytes
->Flash cache emptied: 144695 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1840228 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 368,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.31.0 log created on 08022012_175545

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Dann habe wir hier den GMER-Bericht.

GMER Logfile:
Code:
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-08-03 18:16:58
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-1 WDC_WD5000BEVT-22ZAT0 rev.01.01A01
Running: vyww7tu9.exe; Driver: C:\Users\Gabi\AppData\Local\Temp\uxtciaog.sys


---- System - GMER 1.0.15 ----

SSDT    8CF63DBE                                                                                      ZwCreateSection
SSDT    8CF63DC3                                                                                      ZwSetContextThread
SSDT    8CF63D5F                                                                                      ZwTerminateProcess

---- Kernel code sections - GMER 1.0.15 ----

.text    ntkrnlpa.exe!KeSetEvent + 215                                                                828AF8D8 4 Bytes  [BE, 3D, F6, 8C]
.text    ntkrnlpa.exe!KeSetEvent + 56D                                                                828AFC30 4 Bytes  [C3, 3D, F6, 8C]
.text    ntkrnlpa.exe!KeSetEvent + 621                                                                828AFCE4 4 Bytes  [5F, 3D, F6, 8C]
.text    C:\Windows\system32\drivers\ACEDRV07.sys                                                      section is writeable [0x91D6A000, 0x328BA, 0xE8000020]
.pklstb  C:\Windows\system32\drivers\ACEDRV07.sys                                                      entry point in ".pklstb" section [0x91DAE000]
.relo2  C:\Windows\system32\drivers\ACEDRV07.sys                                                      unknown last section [0x91DCA000, 0x8E, 0x42000040]
.text    C:\Windows\system32\drivers\ACEDRV09.sys                                                      section is writeable [0x81001000, 0x3326E, 0xE8000020]
.pklstb  C:\Windows\system32\drivers\ACEDRV09.sys                                                      entry point in ".pklstb" section [0x81046000]
.relo2  C:\Windows\system32\drivers\ACEDRV09.sys                                                      unknown last section [0x81062000, 0x8E, 0x42000040]
.text    C:\Windows\system32\DRIVERS\atksgt.sys                                                        section is writeable [0xB0709300, 0x3ACC8, 0xE8000020]
.text    C:\Windows\system32\DRIVERS\lirsgt.sys                                                        section is writeable [0xB074C300, 0x1B7E, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text    C:\Windows\system32\services.exe[592] kernel32.dll!FreeLibrary                                773B3FA4 5 Bytes  JMP 3B09A607 C:\Program Files\GbPlugin\gbieh.dll (Gbieh Module/Banco do Brasil)
.text    C:\Windows\system32\services.exe[592] kernel32.dll!FreeLibraryAndExitThread                  773B485E 5 Bytes  JMP 3B09A57F C:\Program Files\GbPlugin\gbieh.dll (Gbieh Module/Banco do Brasil)
.text    C:\Program Files\Mozilla Firefox\firefox.exe[1200] ntdll.dll!LdrLoadDll                      77479378 5 Bytes  JMP 013813F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
---- Processes - GMER 1.0.15 ----

Library  c:\windows\system32\n (*** hidden *** ) @ C:\Windows\Explorer.EXE [4088]                      0x038D0000                                                                                               

---- Files - GMER 1.0.15 ----

File    C:\Users\TimTobias\AppData\Local\Mozilla\Firefox\Profiles\yopvhr2r.default\Cache\F9D211E4d01  0 bytes
File    C:\Users\TimTobias\AppData\Local\Mozilla\Firefox\Profiles\yopvhr2r.default\Cache\4856EEC6d01  0 bytes
File    C:\Users\TimTobias\AppData\Local\Mozilla\Firefox\Profiles\yopvhr2r.default\Cache\B3318661d01  0 bytes

---- EOF - GMER 1.0.15 ----[/HTML]
--- --- ---


Und zu guter letzt der Kaspersky TDSSKiller- Bericht

HTML-Code:
18:19:05.0199 0280        TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
18:19:05.0384 0280        ============================================================
18:19:05.0384 0280        Current date / time: 2012/08/03 18:19:05.0384
18:19:05.0384 0280        SystemInfo:
18:19:05.0384 0280       
18:19:05.0384 0280        OS Version: 6.0.6002 ServicePack: 2.0
18:19:05.0384 0280        Product type: Workstation
18:19:05.0384 0280        ComputerName: DERCOMPUTER
18:19:05.0384 0280        UserName: Gabi
18:19:05.0384 0280        Windows directory: C:\Windows
18:19:05.0384 0280        System windows directory: C:\Windows
18:19:05.0384 0280        Processor architecture: Intel x86
18:19:05.0384 0280        Number of processors: 2
18:19:05.0384 0280        Page size: 0x1000
18:19:05.0384 0280        Boot type: Normal boot
18:19:05.0384 0280        ============================================================
18:19:07.0011 0280        Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
18:19:07.0013 0280        ============================================================
18:19:07.0013 0280        \Device\Harddisk0\DR0:
18:19:07.0013 0280        MBR partitions:
18:19:07.0013 0280        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1200800, BlocksNum 0x25FAD800
18:19:07.0013 0280        \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x271AE000, BlocksNum 0x131D7800
18:19:07.0013 0280        ============================================================
18:19:07.0086 0280        C: <-> \Device\Harddisk0\DR0\Partition0
18:19:07.0181 0280        D: <-> \Device\Harddisk0\DR0\Partition1
18:19:07.0181 0280        ============================================================
18:19:07.0181 0280        Initialize success
18:19:07.0181 0280        ============================================================
18:19:18.0623 3260        ============================================================
18:19:18.0623 3260        Scan started
18:19:18.0623 3260        Mode: Manual; SigCheck; TDLFS;
18:19:18.0623 3260        ============================================================
18:19:19.0634 3260        !SASCORE        (c0393eb99a6c72c6bef9bfc4a72b33a6) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
18:19:19.0750 3260        !SASCORE - ok
18:19:19.0940 3260        ACEDRV07        (4e5451dd0aec8504d7f8030dd2d4c416) C:\Windows\system32\drivers\ACEDRV07.sys
18:19:19.0967 3260        ACEDRV07 ( UnsignedFile.Multi.Generic ) - warning
18:19:19.0967 3260        ACEDRV07 - detected UnsignedFile.Multi.Generic (1)
18:19:20.0008 3260        ACEDRV09        (ec818aed40e3359fe49ddb1700151e56) C:\Windows\system32\drivers\ACEDRV09.sys
18:19:20.0027 3260        ACEDRV09 - ok
18:19:20.0091 3260        ACPI            (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
18:19:20.0111 3260        ACPI - ok
18:19:20.0227 3260        Adobe LM Service (8b46d5a1d3ef08232c04d0eafb871fb2) C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
18:19:20.0255 3260        Adobe LM Service ( UnsignedFile.Multi.Generic ) - warning
18:19:20.0255 3260        Adobe LM Service - detected UnsignedFile.Multi.Generic (1)
18:19:20.0361 3260        AdobeFlashPlayerUpdateSvc (0d4c486a24a711a45fd83acdf4d18506) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
18:19:20.0376 3260        AdobeFlashPlayerUpdateSvc - ok
18:19:20.0440 3260        adp94xx        (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
18:19:20.0463 3260        adp94xx - ok
18:19:20.0513 3260        adpahci        (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
18:19:20.0530 3260        adpahci - ok
18:19:20.0553 3260        adpu160m        (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
18:19:20.0567 3260        adpu160m - ok
18:19:20.0595 3260        adpu320        (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
18:19:20.0609 3260        adpu320 - ok
18:19:20.0643 3260        AeLookupSvc    (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
18:19:20.0740 3260        AeLookupSvc - ok
18:19:20.0808 3260        AFD            (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
18:19:20.0866 3260        AFD - ok
18:19:20.0897 3260        agp440          (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
18:19:20.0910 3260        agp440 - ok
18:19:20.0942 3260        ahcix86s        (fbe4016f9ef3ab3db547e40a936b6cd9) C:\Windows\system32\drivers\ahcix86s.sys
18:19:20.0955 3260        ahcix86s - ok
18:19:20.0974 3260        aic78xx        (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
18:19:20.0986 3260        aic78xx - ok
18:19:21.0018 3260        ALG            (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
18:19:21.0138 3260        ALG - ok
18:19:21.0159 3260        aliide          (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
18:19:21.0172 3260        aliide - ok
18:19:21.0188 3260        amdagp          (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
18:19:21.0201 3260        amdagp - ok
18:19:21.0211 3260        amdide          (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
18:19:21.0223 3260        amdide - ok
18:19:21.0246 3260        AmdK7          (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
18:19:21.0302 3260        AmdK7 - ok
18:19:21.0325 3260        AmdK8          (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
18:19:21.0370 3260        AmdK8 - ok
18:19:21.0488 3260        AntiVirSchedulerService (c27d46b06d340293670450fce9dfb166) C:\Program Files\Avira\AntiVir Desktop\sched.exe
18:19:21.0499 3260        AntiVirSchedulerService - ok
18:19:21.0565 3260        AntiVirService  (72d90e56563165984224493069c69ed4) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
18:19:21.0577 3260        AntiVirService - ok
18:19:21.0606 3260        Appinfo        (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
18:19:21.0638 3260        Appinfo - ok
18:19:21.0679 3260        arc            (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
18:19:21.0692 3260        arc - ok
18:19:21.0710 3260        arcsas          (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
18:19:21.0723 3260        arcsas - ok
18:19:21.0880 3260        aspnet_state    (776acefa0ca9df0faa51a5fb2f435705) C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
18:19:21.0892 3260        aspnet_state - ok
18:19:21.0915 3260        AsyncMac        (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
18:19:21.0973 3260        AsyncMac - ok
18:19:22.0009 3260        atapi          (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
18:19:22.0022 3260        atapi - ok
18:19:22.0089 3260        atksgt          (6e996cf8459a2594e0e9609d0e34d41f) C:\Windows\system32\DRIVERS\atksgt.sys
18:19:22.0118 3260        atksgt ( UnsignedFile.Multi.Generic ) - warning
18:19:22.0118 3260        atksgt - detected UnsignedFile.Multi.Generic (1)
18:19:22.0213 3260        AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
18:19:22.0256 3260        AudioEndpointBuilder - ok
18:19:22.0261 3260        Audiosrv        (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
18:19:22.0285 3260        Audiosrv - ok
18:19:22.0315 3260        avgntflt        (1e4114685de1ffa9675e09c6a1fb3f4b) C:\Windows\system32\DRIVERS\avgntflt.sys
18:19:22.0325 3260        avgntflt - ok
18:19:22.0380 3260        avipbb          (0f78d3dae6dedd99ae54c9491c62adf2) C:\Windows\system32\DRIVERS\avipbb.sys
18:19:22.0392 3260        avipbb - ok
18:19:22.0421 3260        Beep            (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
18:19:22.0468 3260        Beep - ok
18:19:22.0534 3260        BFE            (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll
18:19:22.0595 3260        BFE - ok
18:19:22.0739 3260        BITS            (93952506c6d67330367f7e7934b6a02f) C:\Windows\System32\qmgr.dll
18:19:22.0808 3260        BITS - ok
18:19:23.0073 3260        blbdrive        (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
18:19:23.0133 3260        blbdrive - ok
18:19:23.0181 3260        bowser          (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
18:19:23.0231 3260        bowser - ok
18:19:23.0259 3260        BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
18:19:23.0298 3260        BrFiltLo - ok
18:19:23.0326 3260        BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
18:19:23.0367 3260        BrFiltUp - ok
18:19:23.0418 3260        Browser        (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
18:19:23.0468 3260        Browser - ok
18:19:23.0497 3260        Brserid        (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
18:19:23.0676 3260        Brserid - ok
18:19:23.0700 3260        BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
18:19:23.0760 3260        BrSerWdm - ok
18:19:23.0789 3260        BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
18:19:23.0868 3260        BrUsbMdm - ok
18:19:23.0873 3260        BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
18:19:23.0920 3260        BrUsbSer - ok
18:19:23.0951 3260        BTHMODEM        (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
18:19:24.0027 3260        BTHMODEM - ok
18:19:24.0060 3260        cdfs            (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
18:19:24.0143 3260        cdfs - ok
18:19:24.0185 3260        cdrom          (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
18:19:24.0226 3260        cdrom - ok
18:19:24.0243 3260        CertPropSvc    (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
18:19:24.0283 3260        CertPropSvc - ok
18:19:24.0315 3260        circlass        (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
18:19:24.0361 3260        circlass - ok
18:19:24.0402 3260        CLFS            (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
18:19:24.0418 3260        CLFS - ok
18:19:24.0500 3260        clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:19:24.0512 3260        clr_optimization_v2.0.50727_32 - ok
18:19:24.0604 3260        clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:19:24.0617 3260        clr_optimization_v4.0.30319_32 - ok
18:19:24.0633 3260        CmBatt          (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
18:19:24.0680 3260        CmBatt - ok
18:19:24.0706 3260        cmdide          (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
18:19:24.0718 3260        cmdide - ok
18:19:24.0732 3260        Compbatt        (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
18:19:24.0744 3260        Compbatt - ok
18:19:24.0749 3260        COMSysApp - ok
18:19:24.0765 3260        crcdisk        (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
18:19:24.0778 3260        crcdisk - ok
18:19:24.0796 3260        Crusoe          (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
18:19:24.0844 3260        Crusoe - ok
18:19:24.0906 3260        CryptSvc        (75c6a297e364014840b48eccd7525e30) C:\Windows\system32\cryptsvc.dll
18:19:24.0966 3260        CryptSvc - ok
18:19:25.0058 3260        DcomLaunch      (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
18:19:25.0127 3260        DcomLaunch - ok
18:19:25.0212 3260        DfsC            (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
18:19:25.0272 3260        DfsC - ok
18:19:25.0506 3260        DFSR            (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
18:19:25.0692 3260        DFSR - ok
18:19:25.0814 3260        dgderdrv - ok
18:19:25.0893 3260        Dhcp            (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
18:19:25.0942 3260        Dhcp - ok
18:19:26.0012 3260        disk            (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
18:19:26.0025 3260        disk - ok
18:19:26.0074 3260        Dnscache        (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
18:19:26.0127 3260        Dnscache - ok
18:19:26.0181 3260        dot3svc        (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
18:19:26.0280 3260        dot3svc - ok
18:19:26.0330 3260        DPS            (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
18:19:26.0375 3260        DPS - ok
18:19:26.0399 3260        drmkaud        (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
18:19:26.0453 3260        drmkaud - ok
18:19:26.0505 3260        dtsoftbus01    (b672b993207dd5e2f73fcda8c0427b0f) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
18:19:26.0517 3260        dtsoftbus01 - ok
18:19:26.0616 3260        DXGKrnl        (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
18:19:26.0643 3260        DXGKrnl - ok
18:19:26.0670 3260        E1G60          (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
18:19:26.0713 3260        E1G60 - ok
18:19:26.0752 3260        EapHost        (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
18:19:26.0797 3260        EapHost - ok
18:19:26.0855 3260        Ecache          (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
18:19:26.0869 3260        Ecache - ok
18:19:26.0940 3260        ehRecvr        (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
18:19:26.0957 3260        ehRecvr - ok
18:19:26.0979 3260        ehSched        (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
18:19:27.0008 3260        ehSched - ok
18:19:27.0028 3260        ehstart        (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
18:19:27.0065 3260        ehstart - ok
18:19:27.0148 3260        eLoggerSvc6    (2a2f1fa78751c9932098529ee1edeb1a) C:\Program Files\Norman\Npm\Bin\Elogsvc.exe
18:19:27.0158 3260        eLoggerSvc6 ( UnsignedFile.Multi.Generic ) - warning
18:19:27.0158 3260        eLoggerSvc6 - detected UnsignedFile.Multi.Generic (1)
18:19:27.0216 3260        elxstor        (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
18:19:27.0236 3260        elxstor - ok
18:19:27.0369 3260        EMDMgmt        (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
18:19:27.0446 3260        EMDMgmt - ok
18:19:27.0461 3260        ErrDev          (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
18:19:27.0506 3260        ErrDev - ok
18:19:27.0597 3260        EventSystem    (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
18:19:27.0641 3260        EventSystem - ok
18:19:27.0672 3260        exfat          (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
18:19:27.0711 3260        exfat - ok
18:19:27.0764 3260        fastfat        (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
18:19:27.0803 3260        fastfat - ok
18:19:27.0843 3260        fdc            (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
18:19:27.0895 3260        fdc - ok
18:19:27.0918 3260        fdPHost        (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
18:19:27.0944 3260        fdPHost - ok
18:19:27.0952 3260        FDResPub        (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
18:19:27.0995 3260        FDResPub - ok
18:19:28.0016 3260        FileInfo        (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
18:19:28.0029 3260        FileInfo - ok
18:19:28.0052 3260        Filetrace      (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
18:19:28.0093 3260        Filetrace - ok
18:19:28.0162 3260        flpydisk        (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
18:19:28.0224 3260        flpydisk - ok
18:19:28.0336 3260        FltMgr          (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
18:19:28.0351 3260        FltMgr - ok
18:19:28.0469 3260        FontCache      (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll
18:19:28.0519 3260        FontCache - ok
18:19:28.0617 3260        FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
18:19:28.0629 3260        FontCache3.0.0.0 - ok
18:19:28.0717 3260        FSCLBaseUpdaterService (6a4125edbe6d5907d4b1e4514f1f5675) C:\Program Files\Fujitsu Siemens Computers\FSCLounge\FSCWBaseUpdaterService\2\FSCWBaseUpdaterService.exe
18:19:28.0740 3260        FSCLBaseUpdaterService ( UnsignedFile.Multi.Generic ) - warning
18:19:28.0740 3260        FSCLBaseUpdaterService - detected UnsignedFile.Multi.Generic (1)
18:19:28.0783 3260        FsUsbExDisk    (b07663a810e861eebfd0eac7e82ca62d) C:\Windows\system32\FsUsbExDisk.SYS
18:19:28.0804 3260        FsUsbExDisk ( UnsignedFile.Multi.Generic ) - warning
18:19:28.0804 3260        FsUsbExDisk - detected UnsignedFile.Multi.Generic (1)
18:19:28.0847 3260        Fs_Rec          (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32\drivers\Fs_Rec.sys
18:19:28.0892 3260        Fs_Rec - ok
18:19:28.0935 3260        gagp30kx        (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
18:19:28.0947 3260        gagp30kx - ok
18:19:29.0007 3260        GbpKm          (738a994af1a7cbd40327986fa3254450) C:\Windows\system32\drivers\gbpkm.sys
18:19:29.0018 3260        GbpKm - ok
18:19:29.0078 3260        GbpSv          (831dcb0d2e1e1e7a7e1d9a22f2cde330) C:\PROGRA~1\GbPlugin\GbpSv.exe
18:19:29.0090 3260        GbpSv - ok
18:19:29.0187 3260        gpsvc          (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
18:19:29.0248 3260        gpsvc - ok
18:19:29.0329 3260        gupdate        (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
18:19:29.0341 3260        gupdate - ok
18:19:29.0345 3260        gupdatem        (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
18:19:29.0358 3260        gupdatem - ok
18:19:29.0403 3260        gusvc          (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
18:19:29.0417 3260        gusvc - ok
18:19:29.0455 3260        hamachi        (833051c6c6c42117191935f734cfbd97) C:\Windows\system32\DRIVERS\hamachi.sys
18:19:29.0465 3260        hamachi - ok
18:19:29.0670 3260        Hamachi2Svc    (f31d7f8a7699575dbb3b3a3ab4aa6216) C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
18:19:29.0757 3260        Hamachi2Svc - ok
18:19:29.0941 3260        HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
18:19:30.0002 3260        HdAudAddService - ok
18:19:30.0081 3260        HDAudBus        (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
18:19:30.0173 3260        HDAudBus - ok
18:19:30.0202 3260        HidBth          (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
18:19:30.0265 3260        HidBth - ok
18:19:30.0293 3260        HidIr          (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
18:19:30.0356 3260        HidIr - ok
18:19:30.0441 3260        hidserv        (84067081f3318162797385e11a8f0582) C:\Windows\system32\hidserv.dll
18:19:30.0471 3260        hidserv - ok
18:19:30.0505 3260        HidUsb          (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
18:19:30.0548 3260        HidUsb - ok
18:19:30.0590 3260        hkmsvc          (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
18:19:30.0634 3260        hkmsvc - ok
18:19:30.0679 3260        HpCISSs        (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
18:19:30.0693 3260        HpCISSs - ok
18:19:30.0763 3260        HTTP            (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
18:19:30.0834 3260        HTTP - ok
18:19:30.0849 3260        i2omp          (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
18:19:30.0862 3260        i2omp - ok
18:19:30.0875 3260        i8042prt        (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
18:19:30.0920 3260        i8042prt - ok
18:19:30.0977 3260        iaStor          (e5a0034847537eaee3c00349d5c34c5f) C:\Windows\system32\drivers\iastor.sys
18:19:30.0991 3260        iaStor - ok
18:19:31.0023 3260        iaStorV        (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
18:19:31.0039 3260        iaStorV - ok
18:19:31.0175 3260        IDriverT        (6f95324909b502e2651442c1548ab12f) C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
18:19:31.0180 3260        IDriverT ( UnsignedFile.Multi.Generic ) - warning
18:19:31.0180 3260        IDriverT - detected UnsignedFile.Multi.Generic (1)
18:19:31.0351 3260        idsvc          (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
18:19:31.0441 3260        idsvc - ok
18:19:31.0728 3260        igfx            (0627fc0c422cd6e0f23e1b0d1d9f0899) C:\Windows\system32\DRIVERS\igdkmd32.sys
18:19:31.0813 3260        igfx - ok
18:19:31.0950 3260        iirsp          (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
18:19:31.0962 3260        iirsp - ok
18:19:32.0044 3260        IKEEXT          (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
18:19:32.0107 3260        IKEEXT - ok
18:19:32.0352 3260        IntcAzAudAddService (d9b869a909cc93aec507d4f7dfa24434) C:\Windows\system32\drivers\RTKVHDA.sys
18:19:32.0437 3260        IntcAzAudAddService - ok
18:19:32.0602 3260        intelide        (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
18:19:32.0615 3260        intelide - ok
18:19:32.0628 3260        intelppm        (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
18:19:32.0669 3260        intelppm - ok
18:19:32.0711 3260        IPBusEnum      (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
18:19:32.0757 3260        IPBusEnum - ok
18:19:32.0781 3260        IpFilterDriver  (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:19:32.0828 3260        IpFilterDriver - ok
18:19:32.0889 3260        iphlpsvc        (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll
18:19:32.0940 3260        iphlpsvc - ok
18:19:32.0944 3260        IpInIp - ok
18:19:32.0968 3260        IPMIDRV        (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
18:19:33.0017 3260        IPMIDRV - ok
18:19:33.0047 3260        IPNAT          (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
18:19:33.0072 3260        IPNAT - ok
18:19:33.0089 3260        IRENUM          (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
18:19:33.0115 3260        IRENUM - ok
18:19:33.0137 3260        isapnp          (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
18:19:33.0149 3260        isapnp - ok
18:19:33.0219 3260        iScsiPrt        (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
18:19:33.0235 3260        iScsiPrt - ok
18:19:33.0250 3260        iteatapi        (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
18:19:33.0262 3260        iteatapi - ok
18:19:33.0272 3260        iteraid        (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
18:19:33.0284 3260        iteraid - ok
18:19:33.0322 3260        JRAID          (c36f3a1a4e8416ef43f30deab7701730) C:\Windows\system32\drivers\jraid.sys
18:19:33.0438 3260        JRAID - ok
18:19:33.0466 3260        kbdclass        (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
18:19:33.0480 3260        kbdclass - ok
18:19:33.0493 3260        kbdhid          (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys
18:19:33.0536 3260        kbdhid - ok
18:19:33.0590 3260        KeyIso          (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
18:19:33.0635 3260        KeyIso - ok
18:19:33.0717 3260        KSecDD          (4a1445efa932a3baf5bdb02d7131ee20) C:\Windows\system32\Drivers\ksecdd.sys
18:19:33.0738 3260        KSecDD - ok
18:19:33.0803 3260        KtmRm          (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
18:19:33.0871 3260        KtmRm - ok
18:19:33.0918 3260        LanmanServer    (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\system32\srvsvc.dll
18:19:33.0960 3260        LanmanServer - ok
18:19:34.0018 3260        LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
18:19:34.0057 3260        LanmanWorkstation - ok
18:19:34.0098 3260        lirsgt          (975b6cf65f44e95883f3855bae8cecaf) C:\Windows\system32\DRIVERS\lirsgt.sys
18:19:34.0124 3260        lirsgt ( UnsignedFile.Multi.Generic ) - warning
18:19:34.0124 3260        lirsgt - detected UnsignedFile.Multi.Generic (1)
18:19:34.0163 3260        lltdio          (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
18:19:34.0206 3260        lltdio - ok
18:19:34.0261 3260        lltdsvc        (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
18:19:34.0307 3260        lltdsvc - ok
18:19:34.0337 3260        lmhosts        (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
18:19:34.0380 3260        lmhosts - ok
18:19:34.0414 3260        LSI_FC          (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
18:19:34.0427 3260        LSI_FC - ok
18:19:34.0450 3260        LSI_SAS        (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
18:19:34.0465 3260        LSI_SAS - ok
18:19:34.0482 3260        LSI_SCSI        (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
18:19:34.0496 3260        LSI_SCSI - ok
18:19:34.0512 3260        luafv          (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
18:19:34.0555 3260        luafv - ok
18:19:34.0587 3260        Mcx2Svc        (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll
18:19:34.0625 3260        Mcx2Svc - ok
18:19:34.0646 3260        megasas        (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
18:19:34.0661 3260        megasas - ok
18:19:34.0712 3260        MegaSR          (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
18:19:34.0734 3260        MegaSR - ok
18:19:34.0770 3260        MMCSS          (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
18:19:34.0817 3260        MMCSS - ok
18:19:34.0849 3260        Modem          (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
18:19:34.0895 3260        Modem - ok
18:19:34.0925 3260        monitor        (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
18:19:34.0950 3260        monitor - ok
18:19:34.0969 3260        mouclass        (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
18:19:34.0982 3260        mouclass - ok
18:19:34.0996 3260        mouhid          (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
18:19:35.0046 3260        mouhid - ok
18:19:35.0071 3260        MountMgr        (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
18:19:35.0084 3260        MountMgr - ok
18:19:35.0112 3260        mpio            (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
18:19:35.0125 3260        mpio - ok
18:19:35.0150 3260        mpsdrv          (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
18:19:35.0195 3260        mpsdrv - ok
18:19:35.0271 3260        MpsSvc          (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll
18:19:35.0336 3260        MpsSvc - ok
18:19:35.0368 3260        Mraid35x        (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
18:19:35.0379 3260        Mraid35x - ok
18:19:35.0415 3260        MRxDAV          (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
18:19:35.0442 3260        MRxDAV - ok
18:19:35.0485 3260        mrxsmb          (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
18:19:35.0550 3260        mrxsmb - ok
18:19:35.0606 3260        mrxsmb10        (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:19:35.0646 3260        mrxsmb10 - ok
18:19:35.0678 3260        mrxsmb20        (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:19:35.0724 3260        mrxsmb20 - ok
18:19:35.0765 3260        msahci          (5457dcfa7c0da43522f4d9d4049c1472) C:\Windows\system32\drivers\msahci.sys
18:19:35.0779 3260        msahci - ok
18:19:35.0822 3260        msdsm          (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
18:19:35.0835 3260        msdsm - ok
18:19:35.0873 3260        MSDTC          (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
18:19:35.0923 3260        MSDTC - ok
18:19:35.0937 3260        Msfs            (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
18:19:35.0969 3260        Msfs - ok
18:19:36.0000 3260        msisadrv        (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
18:19:36.0011 3260        msisadrv - ok
18:19:36.0048 3260        MSiSCSI        (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
18:19:36.0102 3260        MSiSCSI - ok
18:19:36.0106 3260        msiserver - ok
18:19:36.0126 3260        MSKSSRV        (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
18:19:36.0173 3260        MSKSSRV - ok
18:19:36.0178 3260        MSPCLOCK        (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
18:19:36.0215 3260        MSPCLOCK - ok
18:19:36.0220 3260        MSPQM          (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
18:19:36.0246 3260        MSPQM - ok
18:19:36.0297 3260        MsRPC          (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
18:19:36.0333 3260        MsRPC - ok
18:19:36.0358 3260        mssmbios        (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
18:19:36.0370 3260        mssmbios - ok
18:19:36.0375 3260        MSTEE          (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
18:19:36.0403 3260        MSTEE - ok
18:19:36.0420 3260        Mup            (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
18:19:36.0435 3260        Mup - ok
18:19:36.0506 3260        napagent        (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
18:19:36.0554 3260        napagent - ok
18:19:36.0603 3260        NativeWifiP    (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
18:19:36.0618 3260        NativeWifiP - ok
18:19:36.0715 3260        NDIS            (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
18:19:36.0737 3260        NDIS - ok
18:19:36.0771 3260        NdisTapi        (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
18:19:36.0808 3260        NdisTapi - ok
18:19:36.0830 3260        Ndisuio        (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
18:19:36.0856 3260        Ndisuio - ok
18:19:36.0877 3260        NdisWan        (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
18:19:36.0915 3260        NdisWan - ok
18:19:36.0939 3260        NDProxy        (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
18:19:36.0959 3260        NDProxy - ok
18:19:37.0140 3260        Nero BackItUp Scheduler 3 (b044bb341e164da6750a9b8e6a5ff6a1) C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
18:19:37.0192 3260        Nero BackItUp Scheduler 3 - ok
18:19:37.0213 3260        NetBIOS        (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
18:19:37.0253 3260        NetBIOS - ok
18:19:37.0307 3260        netbt          (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
18:19:37.0347 3260        netbt - ok
18:19:37.0412 3260        Netlogon        (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
18:19:37.0427 3260        Netlogon - ok
18:19:37.0493 3260        Netman          (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
18:19:37.0539 3260        Netman - ok
18:19:37.0653 3260        NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
18:19:37.0666 3260        NetMsmqActivator - ok
18:19:37.0670 3260        NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
18:19:37.0687 3260        NetPipeActivator - ok
18:19:37.0740 3260        netprofm        (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
18:19:37.0783 3260        netprofm - ok
18:19:37.0787 3260        NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
18:19:37.0800 3260        NetTcpActivator - ok
18:19:37.0807 3260        NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
18:19:37.0820 3260        NetTcpPortSharing - ok
18:19:37.0857 3260        nfrd960        (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
18:19:37.0869 3260        nfrd960 - ok
18:19:37.0894 3260        NlaSvc          (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
18:19:37.0928 3260        NlaSvc - ok
18:19:38.0065 3260        NMIndexingService (eba1b4bf2e2375abdadedb649f283541) C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
18:19:38.0087 3260        NMIndexingService - ok
18:19:38.0167 3260        Norman ZANDA    (d59585f50e86160408db33ba3096d405) C:\Program Files\Norman\Npm\Bin\Zanda.exe
18:19:38.0207 3260        Norman ZANDA ( UnsignedFile.Multi.Generic ) - warning
18:19:38.0208 3260        Norman ZANDA - detected UnsignedFile.Multi.Generic (1)
18:19:38.0242 3260        Npfs            (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
18:19:38.0281 3260        Npfs - ok
18:19:38.0429 3260        nsi            (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
18:19:38.0479 3260        nsi - ok
18:19:38.0547 3260        nsiproxy        (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
18:19:38.0591 3260        nsiproxy - ok
18:19:38.0738 3260        Ntfs            (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
18:19:38.0802 3260        Ntfs - ok
18:19:38.0822 3260        ntrigdigi      (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
18:19:38.0865 3260        ntrigdigi - ok
18:19:38.0875 3260        Null            (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
18:19:38.0925 3260        Null - ok
18:19:39.0011 3260        NVOY            (1e60fbb015999c1929e46847a3448e24) C:\Program Files\Norman\npm\bin\nvoy.exe
18:19:39.0019 3260        NVOY ( UnsignedFile.Multi.Generic ) - warning
18:19:39.0019 3260        NVOY - detected UnsignedFile.Multi.Generic (1)
18:19:39.0056 3260        nvraid          (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
18:19:39.0070 3260        nvraid - ok
18:19:39.0090 3260        nvstor          (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
18:19:39.0102 3260        nvstor - ok
18:19:39.0125 3260        nv_agp          (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
18:19:39.0139 3260        nv_agp - ok
18:19:39.0143 3260        NwlnkFlt - ok
18:19:39.0153 3260        NwlnkFwd - ok
18:19:39.0256 3260        odserv          (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
18:19:39.0277 3260        odserv - ok
18:19:39.0317 3260        ohci1394        (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
18:19:39.0358 3260        ohci1394 - ok
18:19:39.0418 3260        ose            (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:19:39.0442 3260        ose - ok
18:19:39.0547 3260        p2pimsvc        (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
18:19:39.0608 3260        p2pimsvc - ok
18:19:39.0618 3260        p2psvc          (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
18:19:39.0665 3260        p2psvc - ok
18:19:39.0710 3260        Parport        (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
18:19:39.0752 3260        Parport - ok
18:19:39.0814 3260        partmgr        (b9c2b89f08670e159f7181891e449cd9) C:\Windows\system32\drivers\partmgr.sys
18:19:39.0827 3260        partmgr - ok
18:19:39.0851 3260        Parvdm          (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
18:19:39.0912 3260        Parvdm - ok
18:19:39.0955 3260        PcaSvc          (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
18:19:39.0995 3260        PcaSvc - ok
18:19:40.0000 3260        pccsmcfd - ok
18:19:40.0061 3260        pci            (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
18:19:40.0076 3260        pci - ok
18:19:40.0085 3260        pciide          (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
18:19:40.0098 3260        pciide - ok
18:19:40.0122 3260        pcmcia          (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
18:19:40.0136 3260        pcmcia - ok
18:19:40.0251 3260        PEAUTH          (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
18:19:40.0339 3260        PEAUTH - ok
18:19:40.0520 3260        pla            (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
18:19:40.0627 3260        pla - ok
18:19:40.0771 3260        PLFlash DeviceIoControl Service (875e4e0661f3a5994df9e5e3a0a4f96b) C:\Windows\system32\IoctlSvc.exe
18:19:40.0792 3260        PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - warning
18:19:40.0792 3260        PLFlash DeviceIoControl Service - detected UnsignedFile.Multi.Generic (1)
18:19:40.0846 3260        PlugPlay        (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
18:19:40.0894 3260        PlugPlay - ok
18:19:40.0973 3260        PnkBstrA        (3a2bdd76e7d2a5f40a7174793d1ba794) C:\Windows\system32\PnkBstrA.exe
18:19:40.0985 3260        PnkBstrA - ok
18:19:41.0102 3260        PNRPAutoReg    (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
18:19:41.0127 3260        PNRPAutoReg - ok
18:19:41.0136 3260        PNRPsvc        (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
18:19:41.0162 3260        PNRPsvc - ok
18:19:41.0237 3260        PolicyAgent    (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
18:19:41.0294 3260        PolicyAgent - ok
18:19:41.0373 3260        PptpMiniport    (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
18:19:41.0418 3260        PptpMiniport - ok
18:19:41.0447 3260        Processor      (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
18:19:41.0494 3260        Processor - ok
18:19:41.0544 3260        ProfSvc        (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
18:19:41.0567 3260        ProfSvc - ok
18:19:41.0612 3260        ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
18:19:41.0626 3260        ProtectedStorage - ok
18:19:41.0673 3260        PSched          (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
18:19:41.0694 3260        PSched - ok
18:19:41.0725 3260        PxHelp20        (49452bfcec22f36a7a9b9c2181bc3042) C:\Windows\system32\Drivers\PxHelp20.sys
18:19:41.0735 3260        PxHelp20 - ok
18:19:41.0858 3260        ql2300          (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
18:19:41.0943 3260        ql2300 - ok
18:19:41.0976 3260        ql40xx          (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
18:19:41.0990 3260        ql40xx - ok
18:19:42.0039 3260        QWAVE          (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
18:19:42.0077 3260        QWAVE - ok
18:19:42.0116 3260        QWAVEdrv        (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
18:19:42.0130 3260        QWAVEdrv - ok
18:19:42.0148 3260        RasAcd          (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
18:19:42.0198 3260        RasAcd - ok
18:19:42.0237 3260        RasAuto        (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
18:19:42.0284 3260        RasAuto - ok
18:19:42.0316 3260        Rasl2tp        (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
18:19:42.0356 3260        Rasl2tp - ok
18:19:42.0415 3260        RasMan          (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
18:19:42.0459 3260        RasMan - ok
18:19:42.0492 3260        RasPppoe        (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
18:19:42.0528 3260        RasPppoe - ok
18:19:42.0559 3260        RasSstp        (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
18:19:42.0575 3260        RasSstp - ok
18:19:42.0641 3260        rdbss          (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
18:19:42.0684 3260        rdbss - ok
18:19:42.0720 3260        RDPCDD          (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
18:19:42.0761 3260        RDPCDD - ok
18:19:42.0807 3260        rdpdr          (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
18:19:42.0834 3260        rdpdr - ok
18:19:42.0840 3260        RDPENCDD        (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
18:19:42.0866 3260        RDPENCDD - ok
18:19:42.0915 3260        RDPWD          (c127ebd5afab31524662c48dfceb773a) C:\Windows\system32\drivers\RDPWD.sys
18:19:42.0950 3260        RDPWD - ok
18:19:42.0993 3260        RemoteAccess    (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
18:19:43.0019 3260        RemoteAccess - ok
18:19:43.0068 3260        RemoteRegistry  (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
18:19:43.0090 3260        RemoteRegistry - ok
18:19:43.0114 3260        RpcLocator      (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
18:19:43.0149 3260        RpcLocator - ok
18:19:43.0235 3260        RpcSs          (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
18:19:43.0264 3260        RpcSs - ok
18:19:43.0307 3260        rspndr          (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
18:19:43.0355 3260        rspndr - ok
18:19:43.0406 3260        RTL8169        (2fc33077f85d7dc0d03678c06d43898c) C:\Windows\system32\DRIVERS\Rtlh86.sys
18:19:43.0483 3260        RTL8169 - ok
18:19:43.0530 3260        RTL8187B        (c279a9a9f946359548e5665c0e8bab15) C:\Windows\system32\DRIVERS\RTL8187B.sys
18:19:43.0573 3260        RTL8187B - ok
18:19:43.0709 3260        RTSTOR          (5717e47c952382e7166448517f030787) C:\Windows\system32\drivers\RTSTOR.SYS
18:19:43.0785 3260        RTSTOR - ok
18:19:43.0823 3260        SamSs          (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
18:19:43.0837 3260        SamSs - ok
18:19:43.0914 3260        SASDIFSV        (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
18:19:43.0924 3260        SASDIFSV - ok
18:19:43.0947 3260        SASKUTIL        (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
18:19:43.0958 3260        SASKUTIL - ok
18:19:43.0982 3260        sbp2port        (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
18:19:43.0994 3260        sbp2port - ok
18:19:44.0055 3260        SCardSvr        (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
18:19:44.0077 3260        SCardSvr - ok
18:19:44.0170 3260        Schedule        (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
18:19:44.0238 3260        Schedule - ok
18:19:44.0285 3260        SCPolicySvc    (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
18:19:44.0305 3260        SCPolicySvc - ok
18:19:44.0336 3260        SDRSVC          (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
18:19:44.0376 3260        SDRSVC - ok
18:19:44.0414 3260        secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
18:19:44.0482 3260        secdrv - ok
18:19:44.0537 3260        seclogon        (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
18:19:44.0565 3260        seclogon - ok
18:19:44.0584 3260        SENS            (a9bbab5759771e523f55563d6cbe140f) C:\Windows\System32\sens.dll
18:19:44.0629 3260        SENS - ok
18:19:44.0659 3260        Serenum        (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
18:19:44.0701 3260        Serenum - ok
18:19:44.0724 3260        Serial          (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
18:19:44.0782 3260        Serial - ok
18:19:44.0811 3260        sermouse        (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
18:19:44.0836 3260        sermouse - ok
18:19:44.0865 3260        SessionEnv      (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
18:19:44.0893 3260        SessionEnv - ok
18:19:44.0911 3260        sffdisk        (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
18:19:44.0931 3260        sffdisk - ok
18:19:44.0943 3260        sffp_mmc        (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
18:19:44.0991 3260        sffp_mmc - ok
18:19:44.0997 3260        sffp_sd        (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
18:19:45.0029 3260        sffp_sd - ok
18:19:45.0036 3260        sfloppy        (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
18:19:45.0090 3260        sfloppy - ok
18:19:45.0174 3260        SharedAccess    (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
18:19:45.0225 3260        SharedAccess - ok
18:19:45.0311 3260        ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
18:19:45.0329 3260        ShellHWDetection - ok
18:19:45.0343 3260        sisagp          (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
18:19:45.0357 3260        sisagp - ok
18:19:45.0379 3260        SiSRaid2        (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
18:19:45.0392 3260        SiSRaid2 - ok
18:19:45.0417 3260        SiSRaid4        (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
18:19:45.0431 3260        SiSRaid4 - ok
18:19:45.0797 3260        Skype C2C Service (0f97e7a47a52f4a36969f0fc319654c2) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
18:19:45.0958 3260        Skype C2C Service - ok
18:19:46.0066 3260        SkypeUpdate    (6128e98eaaed364ed1a32708d2fd22cb) C:\Program Files\Skype\Updater\Updater.exe
18:19:46.0077 3260        SkypeUpdate - ok
18:19:46.0567 3260        slsvc          (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
18:19:46.0777 3260        slsvc - ok
18:19:46.0934 3260        SLUINotify      (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
18:19:46.0973 3260        SLUINotify - ok
18:19:47.0024 3260        Smb            (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
18:19:47.0063 3260        Smb - ok
18:19:47.0106 3260        SNMPTRAP        (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
18:19:47.0121 3260        SNMPTRAP - ok
18:19:47.0144 3260        spldr          (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
18:19:47.0158 3260        spldr - ok
18:19:47.0208 3260        Spooler        (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
18:19:47.0240 3260        Spooler - ok
18:19:47.0309 3260        srv            (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
18:19:47.0335 3260        srv - ok
18:19:47.0393 3260        srv2            (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
18:19:47.0446 3260        srv2 - ok
18:19:47.0501 3260        srvnet          (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
18:19:47.0537 3260        srvnet - ok
18:19:47.0583 3260        sscebus        (b2063ce662af3ab20045121a5b716df6) C:\Windows\system32\DRIVERS\sscebus.sys
18:19:47.0609 3260        sscebus - ok
18:19:47.0619 3260        sscemdfl        (66799dc0afe3dcaf8368cae17394a762) C:\Windows\system32\DRIVERS\sscemdfl.sys
18:19:47.0629 3260        sscemdfl - ok
18:19:47.0659 3260        sscemdm        (cbf03ffc08f8db547bab2f79aa663d16) C:\Windows\system32\DRIVERS\sscemdm.sys
18:19:47.0680 3260        sscemdm - ok
18:19:47.0742 3260        SSDPSRV        (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
18:19:47.0799 3260        SSDPSRV - ok
18:19:47.0838 3260        ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
18:19:47.0847 3260        ssmdrv - ok
18:19:47.0876 3260        SstpSvc        (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
18:19:47.0892 3260        SstpSvc - ok
18:19:47.0948 3260        Steam Client Service - ok
18:19:48.0025 3260        stisvc          (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
18:19:48.0088 3260        stisvc - ok
18:19:48.0121 3260        swenum          (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
18:19:48.0134 3260        swenum - ok
18:19:48.0206 3260        swprv          (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
18:19:48.0257 3260        swprv - ok
18:19:48.0296 3260        Symc8xx        (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
18:19:48.0308 3260        Symc8xx - ok
18:19:48.0330 3260        Sym_hi          (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
18:19:48.0342 3260        Sym_hi - ok
18:19:48.0358 3260        Sym_u3          (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
18:19:48.0370 3260        Sym_u3 - ok
18:19:48.0438 3260        SysMain        (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
18:19:48.0501 3260        SysMain - ok
18:19:48.0539 3260        TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
18:19:48.0557 3260        TabletInputService - ok
18:19:48.0622 3260        TapiSrv        (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
18:19:48.0668 3260        TapiSrv - ok
18:19:48.0697 3260        TBS            (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
18:19:48.0748 3260        TBS - ok
18:19:48.0925 3260        Tcpip          (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\drivers\tcpip.sys
18:19:48.0976 3260        Tcpip - ok
18:19:48.0991 3260        Tcpip6          (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\DRIVERS\tcpip.sys
18:19:49.0116 3260        Tcpip6 - ok
18:19:49.0174 3260        tcpipreg        (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
18:19:49.0188 3260        tcpipreg - ok
18:19:49.0226 3260        TDPIPE          (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
18:19:49.0266 3260        TDPIPE - ok
18:19:49.0302 3260        TDTCP          (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
18:19:49.0327 3260        TDTCP - ok
18:19:49.0358 3260        tdx            (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
18:19:49.0391 3260        tdx - ok
18:19:49.0782 3260        TeamViewer7    (a4d2ce94b028ef1e437cf4ac3d8ff26c) C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
18:19:49.0927 3260        TeamViewer7 - ok
18:19:50.0130 3260        TermDD          (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
18:19:50.0144 3260        TermDD - ok
18:19:50.0231 3260        TermService    (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
18:19:50.0301 3260        TermService - ok
18:19:50.0436 3260        TestHandler    (250b9120c7c103afdc0c6643f9691055) C:\Program Files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe
18:19:50.0461 3260        TestHandler ( UnsignedFile.Multi.Generic ) - warning
18:19:50.0461 3260        TestHandler - detected UnsignedFile.Multi.Generic (1)
18:19:50.0521 3260        Themes          (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
18:19:50.0539 3260        Themes - ok
18:19:50.0569 3260        THREADORDER    (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
18:19:50.0595 3260        THREADORDER - ok
18:19:50.0624 3260        TrkWks          (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
18:19:50.0653 3260        TrkWks - ok
18:19:50.0721 3260        TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
18:19:50.0742 3260        TrustedInstaller - ok
18:19:50.0779 3260        tssecsrv        (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
18:19:50.0821 3260        tssecsrv - ok
18:19:50.0846 3260        tunmp          (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
18:19:50.0877 3260        tunmp - ok
18:19:50.0914 3260        tunnel          (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
18:19:50.0928 3260        tunnel - ok
18:19:50.0953 3260        uagp35          (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
18:19:50.0967 3260        uagp35 - ok
18:19:51.0029 3260        udfs            (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
18:19:51.0065 3260        udfs - ok
18:19:51.0110 3260        UI0Detect      (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
18:19:51.0164 3260        UI0Detect - ok
18:19:51.0196 3260        uliagpkx        (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
18:19:51.0209 3260        uliagpkx - ok
18:19:51.0244 3260        uliahci        (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
18:19:51.0269 3260        uliahci - ok
18:19:51.0297 3260        UlSata          (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
18:19:51.0309 3260        UlSata - ok
18:19:51.0336 3260        ulsata2        (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
18:19:51.0361 3260        ulsata2 - ok
18:19:51.0383 3260        umbus          (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
18:19:51.0430 3260        umbus - ok
18:19:51.0483 3260        upnphost        (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
18:19:51.0532 3260        upnphost - ok
18:19:51.0554 3260        usbccgp        (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
18:19:51.0589 3260        usbccgp - ok
18:19:51.0615 3260        usbcir          (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
18:19:51.0659 3260        usbcir - ok
18:19:51.0701 3260        usbehci        (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
18:19:51.0721 3260        usbehci - ok
18:19:51.0785 3260        usbhub          (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
18:19:51.0831 3260        usbhub - ok
18:19:51.0853 3260        usbohci        (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
18:19:51.0896 3260        usbohci - ok
18:19:51.0934 3260        usbprint        (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
18:19:51.0977 3260        usbprint - ok
18:19:52.0006 3260        USBSTOR        (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:19:52.0044 3260        USBSTOR - ok
18:19:52.0071 3260        usbuhci        (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
18:19:52.0092 3260        usbuhci - ok
18:19:52.0129 3260        usbvideo        (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
18:19:52.0173 3260        usbvideo - ok
18:19:52.0208 3260        UxSms          (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
18:19:52.0254 3260        UxSms - ok
18:19:52.0326 3260        vds            (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
18:19:52.0392 3260        vds - ok
18:19:52.0418 3260        vga            (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
18:19:52.0459 3260        vga - ok
18:19:52.0484 3260        VgaSave        (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
18:19:52.0527 3260        VgaSave - ok
18:19:52.0566 3260        viaagp          (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
18:19:52.0580 3260        viaagp - ok
18:19:52.0596 3260        ViaC7          (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
18:19:52.0621 3260        ViaC7 - ok
18:19:52.0635 3260        viaide          (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
18:19:52.0649 3260        viaide - ok
18:19:52.0675 3260        volmgr          (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
18:19:52.0688 3260        volmgr - ok
18:19:52.0757 3260        volmgrx        (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
18:19:52.0774 3260        volmgrx - ok
18:19:52.0834 3260        volsnap        (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
18:19:52.0850 3260        volsnap - ok
18:19:52.0878 3260        vsmraid        (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
18:19:52.0903 3260        vsmraid - ok
18:19:53.0057 3260        VSS            (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
18:19:53.0164 3260        VSS - ok
18:19:53.0249 3260        W32Time        (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
18:19:53.0276 3260        W32Time - ok
18:19:53.0323 3260        WacomPen        (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
18:19:53.0365 3260        WacomPen - ok
18:19:53.0380 3260        Wanarp          (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
18:19:53.0426 3260        Wanarp - ok
18:19:53.0430 3260        Wanarpv6        (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
18:19:53.0453 3260        Wanarpv6 - ok
18:19:53.0529 3260        wcncsvc        (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
18:19:53.0553 3260        wcncsvc - ok
18:19:53.0586 3260        WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
18:19:53.0610 3260        WcsPlugInService - ok
18:19:53.0617 3260        Wd              (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
18:19:53.0630 3260        Wd - ok
18:19:53.0694 3260        Wdf01000        (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
18:19:53.0730 3260        Wdf01000 - ok
18:19:53.0789 3260        WdiServiceHost  (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
18:19:53.0855 3260        WdiServiceHost - ok
18:19:53.0859 3260        WdiSystemHost  (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
18:19:53.0888 3260        WdiSystemHost - ok
18:19:53.0997 3260        WebClient      (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
18:19:54.0044 3260        WebClient - ok
18:19:54.0097 3260        Wecsvc          (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
18:19:54.0137 3260        Wecsvc - ok
18:19:54.0170 3260        wercplsupport  (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
18:19:54.0215 3260        wercplsupport - ok
18:19:54.0306 3260        WerSvc          (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
18:19:54.0329 3260        WerSvc - ok
18:19:54.0403 3260        WinDefend      (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
18:19:54.0420 3260        WinDefend - ok
18:19:54.0437 3260        WinHttpAutoProxySvc - ok
18:19:54.0524 3260        Winmgmt        (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
18:19:54.0545 3260        Winmgmt - ok
18:19:54.0701 3260        WinRM          (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
18:19:54.0798 3260        WinRM - ok
18:19:54.0901 3260        Wlansvc        (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
18:19:54.0926 3260        Wlansvc - ok
18:19:55.0186 3260        wlidsvc        (5144ae67d60ec653f97ddf3feed29e77) c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
18:19:55.0261 3260        wlidsvc - ok
18:19:55.0408 3260        WmiAcpi        (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
18:19:55.0450 3260        WmiAcpi - ok
18:19:55.0547 3260        wmiApSrv        (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
18:19:55.0581 3260        wmiApSrv - ok
18:19:55.0747 3260        WMPNetworkSvc  (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
18:19:55.0788 3260        WMPNetworkSvc - ok
18:19:55.0850 3260        WPCSvc          (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
18:19:55.0879 3260        WPCSvc - ok
18:19:55.0925 3260        WPDBusEnum      (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
18:19:55.0964 3260        WPDBusEnum - ok
18:19:56.0036 3260        WpdUsb          (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
18:19:56.0075 3260        WpdUsb - ok
18:19:56.0280 3260        WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
18:19:56.0311 3260        WPFFontCache_v0400 - ok
18:19:56.0338 3260        ws2ifsl        (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
18:19:56.0386 3260        ws2ifsl - ok
18:19:56.0439 3260        wscsvc          (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\System32\wscsvc.dll
18:19:56.0481 3260        wscsvc - ok
18:19:56.0489 3260        WSearch - ok
18:19:56.0710 3260        wuauserv        (fc3ec24fce372c89423e015a2ac1a31e) C:\Windows\system32\wuaueng.dll
18:19:56.0803 3260        wuauserv - ok
18:19:56.0934 3260        WUDFRd          (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
18:19:56.0959 3260        WUDFRd - ok
18:19:56.0989 3260        wudfsvc        (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
18:19:57.0029 3260        wudfsvc - ok
18:19:57.0063 3260        MBR (0x1B8)    (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
18:19:57.0566 3260        \Device\Harddisk0\DR0 - ok
18:19:57.0570 3260        Boot (0x1200)  (99facc3fea4ad7366d9755f936ef2d3b) \Device\Harddisk0\DR0\Partition0
18:19:57.0574 3260        \Device\Harddisk0\DR0\Partition0 - ok
18:19:57.0596 3260        Boot (0x1200)  (67abae8f8fb273417c4436ab0248a925) \Device\Harddisk0\DR0\Partition1
18:19:57.0598 3260        \Device\Harddisk0\DR0\Partition1 - ok
18:19:57.0598 3260        ============================================================
18:19:57.0598 3260        Scan finished
18:19:57.0598 3260        ============================================================
18:19:57.0612 4072        Detected object count: 12
18:19:57.0612 4072        Actual detected object count: 12
18:20:09.0454 4072        ACEDRV07 ( UnsignedFile.Multi.Generic ) - skipped by user
18:20:09.0454 4072        ACEDRV07 ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:20:09.0459 4072        Adobe LM Service ( UnsignedFile.Multi.Generic ) - skipped by user
18:20:09.0459 4072        Adobe LM Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:20:09.0461 4072        atksgt ( UnsignedFile.Multi.Generic ) - skipped by user
18:20:09.0461 4072        atksgt ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:20:09.0464 4072        eLoggerSvc6 ( UnsignedFile.Multi.Generic ) - skipped by user
18:20:09.0464 4072        eLoggerSvc6 ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:20:09.0466 4072        FSCLBaseUpdaterService ( UnsignedFile.Multi.Generic ) - skipped by user
18:20:09.0466 4072        FSCLBaseUpdaterService ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:20:09.0469 4072        FsUsbExDisk ( UnsignedFile.Multi.Generic ) - skipped by user
18:20:09.0469 4072        FsUsbExDisk ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:20:09.0472 4072        IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
18:20:09.0472 4072        IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:20:09.0475 4072        lirsgt ( UnsignedFile.Multi.Generic ) - skipped by user
18:20:09.0475 4072        lirsgt ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:20:09.0478 4072        Norman ZANDA ( UnsignedFile.Multi.Generic ) - skipped by user
18:20:09.0478 4072        Norman ZANDA ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:20:09.0481 4072        NVOY ( UnsignedFile.Multi.Generic ) - skipped by user
18:20:09.0481 4072        NVOY ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:20:09.0484 4072        PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - skipped by user
18:20:09.0484 4072        PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:20:09.0486 4072        TestHandler ( UnsignedFile.Multi.Generic ) - skipped by user
18:20:09.0486 4072        TestHandler ( UnsignedFile.Multi.Generic ) - User select action: Skip

Achja der QuickTest von MAM fehlt noch hier isser:

HTML-Code:
Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.10.05

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
TimTobias :: DERCOMPUTER [limited]

03.08.2012 18:24:31
mbam-log-2012-08-03 (18-29-41).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 166038
Time elapsed: 4 minute(s), 56 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 1
C:\Program Files\PermissionResearch (Spyware.PermissionResearch) -> Delete on reboot.

Files Detected: 4
C:\Program Files\PermissionResearch\prls.dll (Spyware.PermissionResearch) -> Delete on reboot.
C:\Program Files\PermissionResearch\prls64.dll (Spyware.PermissionResearch) -> Delete on reboot.
C:\Program Files\PermissionResearch\prmrsr64.exe (Spyware.PermissionResearch) -> Delete on reboot.
C:\Program Files\PermissionResearch\prservice.exe (Spyware.PermissionResearch) -> Delete on reboot.

(end)

Chris4You 03.08.2012 20:48
Hi,

eine neue Variante (oder Reste), keiner erkennt ihn bis auf GMER:
Library c:\windows\system32\n (*** hidden *** ) @ C:\Windows\Explorer.EXE [4088]

Das wird jetzt spannend...

OSAM
Prüft Programme/Treiber die gestartet werden online.
Folge den Anweisungen hier http://www.trojaner-board.de/84180-a...n-manager.html zur Erstellung eines Logs und poste das hier in Deinem Thread.

Combofix
Lade Combo Fix von http://download.bleepingcomputer.com/sUBs/ComboFix.exe und speichert es auf den Desktop.

Rechner in den abgesicherten Modus (F8 beim Booten) hochfahren.

Achtung: In einigen wenigen Fällen kann es vorkommen, das der Rechner nicht mehr booten kann und Neuaufgesetzt werden muß!

Alle Fenster schliessen und combofix.exe starten und bestätige die folgende Abfrage mit 1 und drücke Enter.

Der Scan mit Combofix kann einige Zeit in Anspruch nehmen, also habe etwas Geduld. Während des Scans bitte nichts am Rechner unternehmen
Es kann möglich sein, dass der Rechner zwischendurch neu gestartet wird.
Nach Scanende wird ein Report (ComboFix.txt) angezeigt, den bitte kopieren und in deinem Thread einfuegen. Das Log solltest Du unter C:\ComboFix.txt finden...

Erstelle und poste auch ein neues OTL-Log...

chris

TimTobi 04.08.2012 14:24
So ertmal die Osam text datei:

OSAM Logfile:
Code:
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 23:57:43 on 03.08.2012

OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit
Default Browser: Microsoft Corporation Internet Explorer 9.00.8112.16421

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"FacebookUpdateTaskUserS-1-5-21-796801859-272985792-655912762-1001Core.job" - "Facebook Inc." - C:\Users\TimTobias\AppData\Local\Facebook\Update\FacebookUpdate.exe
"FacebookUpdateTaskUserS-1-5-21-796801859-272985792-655912762-1001UA.job" - "Facebook Inc." - C:\Users\TimTobias\AppData\Local\Facebook\Update\FacebookUpdate.exe
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"Adobe Flash Player Updater.job" - "Adobe Systems Incorporated" - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
"DriverEasy Scheduled Scan.job" - "Easeware" - C:\Program Files\Easeware\DriverEasy\DriverEasy.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl
"PhysX.cpl" - ? - C:\Windows\system32\PhysX.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"Adobe Gamma" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma.cpl
"Nero BurnRights" - "Nero AG" - C:\Program Files\Nero\Nero8\Nero Toolkit\NeroBurnRights.cpl
"Pando" - "Pando Networks" - C:\Program Files\Pando Networks\Media Booster\PMB.cpl
"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"ACEDRV07" (ACEDRV07) - "Protect Software GmbH" - C:\Windows\system32\drivers\ACEDRV07.sys
"ACEDRV09" (ACEDRV09) - "Protect Software GmbH" - C:\Windows\system32\drivers\ACEDRV09.sys
"atksgt" (atksgt) - ? - C:\Windows\System32\DRIVERS\atksgt.sys  (File found, but it contains no detailed information)
"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys
"dgderdrv" (dgderdrv) - ? - C:\Windows\System32\drivers\dgderdrv.sys  (File not found)
"FsUsbExDisk" (FsUsbExDisk) - ? - C:\Windows\system32\FsUsbExDisk.SYS  (File found, but it contains no detailed information)
"Gbp KernelMode" (GbpKm) - "GAS Tecnologia" - C:\Windows\System32\drivers\gbpkm.sys
"Hamachi Network Interface" (hamachi) - "LogMeIn, Inc." - C:\Windows\System32\DRIVERS\hamachi.sys
"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys  (File not found)
"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys  (File not found)
"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys  (File not found)
"lirsgt" (lirsgt) - ? - C:\Windows\System32\DRIVERS\lirsgt.sys  (File found, but it contains no detailed information)
"PCCS Mode Change Filter Driver" (pccsmcfd) - ? - C:\Windows\System32\DRIVERS\pccsmcfd.sys  (File not found)
"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\Windows\System32\Drivers\PxHelp20.sys
"SASDIFSV" (SASDIFSV) - "SUPERAdBlocker.com and SUPERAntiSpyware.com" - C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
"SASKUTIL" (SASKUTIL) - "SUPERAdBlocker.com and SUPERAntiSpyware.com" - C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
{91774881-D725-4E58-B298-07617B9B86A8} "Skype IE add-on Pluggable Protocol" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{E37CB5F0-51F5-4395-A808-5FA49E399F83} "GbPluginObj Class" - "Banco do Brasil" - C:\Program Files\GbPlugin\gbieh.dll
{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "SABShellExecuteHook Class" - "SuperAdBlocker.com" - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -  (File not found | COM-object registry key not found)
{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files\7-Zip\7-zip.dll
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -  (File not found | COM-object registry key not found)
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -  (File not found | COM-object registry key not found)
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -  (File not found | COM-object registry key not found)
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -  (File not found | COM-object registry key not found)
{98C11555-BC81-40aa-A053-DAADC5630000} "GbExplorerPersistObj Class" - "Banco do Brasil" - C:\Program Files\GbPlugin\gbieh.dll
{E37CB5F0-51F5-4395-A808-5FA49E399F83} "GbPluginObj Class" - "Banco do Brasil" - C:\Program Files\GbPlugin\gbieh.dll
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -  (File not found | COM-object registry key not found)
{00020d75-0000-0000-c000-000000000046} "lnkfile" - ? -  (File not found | COM-object registry key not found)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2} "NeroCoverEdLiveIcons Class" - "Nero AG" - C:\Program Files\Nero\Nero8\Nero CoverDesigner\CoverEdExtension.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{AE424E85-F6DF-4910-A6A9-438797986431} "OpenOffice.org Property Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\propertyhdl.dll
{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -  (File not found | COM-object registry key not found)
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -  (File not found | COM-object registry key not found)
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -  (File not found | COM-object registry key not found)
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -  (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_32" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} "Java Plug-in 1.6.0_32" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_32" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_32.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\Windows\system32\Macromed\Flash\Flash10l.ocx / hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
{898EA8C8-E7FF-479B-8935-AEC46303B9E5} "Skype Click to Call" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{C41A1C0E-EA6C-11D4-B1B8-444553540000} "GbIehObj Class" - "Banco do Brasil" - C:\Program Files\GbPlugin\gbieh.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\ssv.dll
{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} "Skype Browser Helper" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live ID Sign-in Helper" - "Microsoft Corporation" - c:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"Adobe Gamma.lnk" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe  (Shortcut exists | File exists)
"desktop.ini" - ? - C:\Users\Gabi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"msnmsgr" - "Microsoft Corporation" - "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
"LogMeIn Hamachi Ui" - "LogMeIn Inc." - "C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
"Adobe Flash Player Update Service" (AdobeFlashPlayerUpdateSvc) - "Adobe Systems Incorporated" - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
"Adobe LM Service" (Adobe LM Service) - "Adobe Systems" - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
"ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe
"Fujitsu Siemens Computers Diagnostic Testhandler" (TestHandler) - "Fujitsu Siemens Computers" - C:\Program Files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe
"Gbp Service" (GbpSv) - " " - C:\PROGRA~1\GbPlugin\GbpSv.exe
"Google Software Updater" (gusvc) - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
"Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
"LogMeIn Hamachi Tunneling Engine" (Hamachi2Svc) - "LogMeIn Inc." - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
"Nero BackItUp Scheduler 3" (Nero BackItUp Scheduler 3) - "Nero AG" - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
"NMIndexingService" (NMIndexingService) - "Nero AG" - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
"Norman ZANDA" (Norman ZANDA) - "Norman ASA" - C:\Program Files\Norman\Npm\Bin\Zanda.exe
"Norman's Very Own supplY of resources" (NVOY) - "Norman ASA" - C:\Program Files\Norman\npm\bin\nvoy.exe
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"PLFlash DeviceIoControl Service" (PLFlash DeviceIoControl Service) - "Prolific Technology Inc." - C:\Windows\system32\IoctlSvc.exe
"PnkBstrA" (PnkBstrA) - ? - C:\Windows\system32\PnkBstrA.exe  (File found, but it contains no detailed information)
"SAS Core Service" (!SASCORE) - "SUPERAntiSpyware.com" - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
"Skype C2C Service" (Skype C2C Service) - "Skype Technologies S.A." - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
"Skype Updater" (SkypeUpdate) - "Skype Technologies" - C:\Program Files\Skype\Updater\Updater.exe
"Steam Client Service" (Steam Client Service) - "Valve Corporation" - C:\Program Files\Common Files\Steam\SteamService.exe
"TeamViewer 7" (TeamViewer7) - "TeamViewer GmbH" - C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
"Windows Live ID Sign-in Assistant" (wlidsvc) - "Microsoft Corporation" - c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

[Winlogon]
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----
" GbPluginBb" - "Banco do Brasil" - C:\Program Files\GbPlugin\gbieh.dll
"!SASWinLogon" - "SUPERAntiSpyware.com" - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

===[ Logfile end ]=========================================[ Logfile end ]===

Das ist der Combo Fix Suchlauf

Combofix Logfile:
Code:
ComboFix 12-08-04.02 - Gabi 04.08.2012  14:59:01.1.2 - x86
Microsoft® Windows Vista™ Home Premium  6.0.6002.2.1252.49.1031.18.2936.1789 [GMT 0:00]
ausgeführt von:: c:\users\TimTobias\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Outdated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Outdated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
ADS - drivers: deleted 208 bytes in 1 streams.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\program files\PermissionResearch
c:\program files\PermissionResearch\prls.dll
c:\program files\PermissionResearch\prls64.dll
c:\program files\PermissionResearch\prmrsr64.exe
c:\program files\PermissionResearch\prservice.exe
c:\users\Gabi\AppData\Roaming\Uninstal.exe
c:\users\Juergen\AppData\Roaming\kikin
c:\users\Juergen\AppData\Roaming\kikin\ff_kkes.xml
c:\users\Juergen\AppData\Roaming\kikin\ie_configuration.xml
c:\users\Juergen\AppData\Roaming\kikin\ie_kkes.xml
c:\users\Juergen\AppData\Roaming\kikin\ie_settings.xml
c:\users\Juergen\AppData\Roaming\Uninstal.exe
c:\users\TimTobias\AppData\Roaming\kikin
c:\users\TimTobias\AppData\Roaming\kikin\ie_configuration.xml
c:\users\TimTobias\AppData\Roaming\kikin\ie_kkes.xml
c:\users\TimTobias\AppData\Roaming\kikin\ie_settings.xml
c:\windows\IsUn0407.exe
c:\windows\security\Database\tmp.edb
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\regtlib.exe
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-07-04 bis 2012-08-04  ))))))))))))))))))))))))))))))
.
.
2012-08-04 14:55 . 2012-08-04 14:55        12568        ----a-w-        c:\windows\system32\drivers\PROCEXP113.SYS
2012-08-04 01:57 . 2012-08-04 01:57        56200        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{6F22D769-1B1D-4EE2-BBED-75EF8CF93924}\offreg.dll
2012-08-03 09:34 . 2012-06-29 08:44        6891424        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{6F22D769-1B1D-4EE2-BBED-75EF8CF93924}\mpengine.dll
2012-08-02 12:59 . 2012-08-02 12:59        --------        d-----w-        c:\users\Gabi\AppData\Roaming\SUPERAntiSpyware.com
2012-07-28 21:41 . 2012-07-28 21:41        --------        d-----w-        c:\program files\THQ
2012-07-22 19:20 . 2012-08-03 18:38        --------        d-----w-        c:\program files\Steam
2012-07-18 23:48 . 2012-07-18 23:48        270240        ----a-w-        c:\windows\system32\PnkBstrB.xtr
2012-07-18 23:47 . 2012-07-18 23:47        --------        d-----w-        c:\users\Gabi\AppData\Local\PunkBuster
2012-07-18 22:53 . 2012-07-18 23:48        139080        ----a-w-        c:\windows\system32\drivers\PnkBstrK.sys
2012-07-18 22:53 . 2012-07-18 22:53        138056        ----a-w-        c:\users\Gabi\AppData\Roaming\PnkBstrK.sys
2012-07-18 22:52 . 2012-07-18 23:48        270240        ----a-w-        c:\windows\system32\PnkBstrB.exe
2012-07-18 22:52 . 2012-07-18 22:52        189248        ----a-w-        c:\windows\system32\PnkBstrB.ex0
2012-07-18 22:52 . 2012-07-18 22:52        75136        ----a-w-        c:\windows\system32\PnkBstrA.exe
2012-07-18 22:03 . 2012-07-18 22:03        --------        d-----w-        c:\program files\EA Games
2012-07-12 09:38 . 2012-06-13 13:40        2047488        ----a-w-        c:\windows\system32\win32k.sys
2012-07-11 19:09 . 2012-06-05 16:47        708608        ----a-w-        c:\program files\Common Files\System\ado\msado15.dll
2012-07-11 19:09 . 2012-06-05 16:47        1401856        ----a-w-        c:\windows\system32\msxml6.dll
2012-07-11 19:09 . 2012-06-05 16:47        1248768        ----a-w-        c:\windows\system32\msxml3.dll
2012-07-11 19:08 . 2012-06-04 15:26        440704        ----a-w-        c:\windows\system32\drivers\ksecdd.sys
2012-07-11 19:08 . 2012-06-02 00:04        278528        ----a-w-        c:\windows\system32\schannel.dll
2012-07-11 19:08 . 2012-06-02 00:03        204288        ----a-w-        c:\windows\system32\ncrypt.dll
2012-07-10 20:16 . 2012-07-10 20:16        --------        d-----w-        c:\program files\LogMeIn Hamachi
2012-07-08 23:47 . 2012-07-12 23:59        --------        d-----w-        c:\users\TimTobias\riotsGamesLogs
2012-07-05 18:45 . 2012-07-05 18:45        5030088        ----a-w-        c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-06 16:56 . 2012-06-06 16:56        476960        ----a-w-        c:\windows\system32\npdeployJava1.dll
2012-06-06 16:56 . 2010-12-28 19:41        472864        ----a-w-        c:\windows\system32\deployJava1.dll
2012-06-02 22:19 . 2012-06-24 13:00        53784        ----a-w-        c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-24 13:00        45080        ----a-w-        c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-24 12:59        35864        ----a-w-        c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-24 12:59        577048        ----a-w-        c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-24 13:00        1933848        ----a-w-        c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-24 13:00        2422272        ----a-w-        c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-24 12:59        88576        ----a-w-        c:\windows\system32\wudriver.dll
2012-06-02 15:19 . 2012-06-24 12:59        171904        ----a-w-        c:\windows\system32\wuwebv.dll
2012-06-02 15:12 . 2012-06-24 12:59        33792        ----a-w-        c:\windows\system32\wuapp.exe
2012-05-31 12:25 . 2010-09-12 01:05        237072        ------w-        c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="oobefldr.dll" [2009-04-10 2153472]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-08-12 150040]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-05 281768]
"Skytel"="Skytel.exe" [2008-07-16 1833504]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-03 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-06-27 1996200]
.
c:\users\Gabi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]
2012-05-09 09:01        1313864        ----a-w-        c:\program files\GbPlugin\gbieh.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54        551296        ----a-w-        c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-01-03 22:51        37296        ----a-w-        c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FSC OSD Utility]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FSCRecovery]
2008-06-18 12:25        268096        ----a-w-        c:\program files\Fujitsu Siemens Computers\Fujitsu Siemens Computers Recovery\FSCRecoveryReminder.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google EULA Launcher]
2008-05-28 11:40        20480        ----a-w-        c:\program files\Google\Google EULA\GoogleEULALauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2008-08-12 08:59        170520        ----a-w-        c:\windows\System32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Launch Manager]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
2012-06-27 12:29        1996200        ----a-w-        c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norman ZANDA]
2007-12-17 12:37        273520        ----a-w-        c:\program files\Norman\Npm\Bin\Zlh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando Media Booster]
2012-07-02 17:41        3093624        ----a-w-        c:\program files\Pando Networks\Media Booster\PMB.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2008-08-12 09:00        145944        ----a-w-        c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
2008-02-26 01:23        443968        ----a-w-        c:\program files\Picasa2\PicasaMediaDetector.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-09-08 09:17        421888        ----a-w-        c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2008-07-16 17:01        6253088        ----a-w-        c:\windows\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2012-02-29 08:55        17148552        ----a-r-        c:\program files\Skype\Phone\Skype.exe
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [x]
S2 ACEDRV09;ACEDRV09;c:\windows\system32\drivers\ACEDRV09.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation        REG_MULTI_SZ          FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2012-08-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 20:01]
.
2011-11-28 c:\windows\Tasks\DriverEasy Scheduled Scan.job
- c:\program files\Easeware\DriverEasy\DriverEasy.exe [2011-11-12 12:38]
.
2012-08-03 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-796801859-272985792-655912762-1001Core.job
- c:\users\TimTobias\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-03-23 23:26]
.
2012-08-04 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-796801859-272985792-655912762-1001UA.job
- c:\users\TimTobias\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-03-23 23:26]
.
2012-08-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-02 21:03]
.
2012-08-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-02 21:03]
.
.
------- Zusätzlicher Suchlauf -------
.
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=FUJD&bmod=FUJD
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
FF - ProfilePath - c:\users\Gabi\AppData\Roaming\Mozilla\Firefox\Profiles\1glfvulm.default\
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - hxxp://www.t-online.de/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Skype Click to Call: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Battlefield Heroes Updater: battlefieldheroespatcher@ea.com - %profile%\extensions\battlefieldheroespatcher@ea.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{c840e246-6b95-475e-9bd7-caa1c7eca9f2} - (no file)
Toolbar-{c840e246-6b95-475e-9bd7-caa1c7eca9f2} - (no file)
HKU-Default-Run-fsc-reg - c:\fsc-reg\fscreg.exe
MSConfigStartUp-facemoods - c:\program files\facemoods.com\facemoods\1.4.17.3\facemoodssrv.exe
MSConfigStartUp-Google Desktop Search - c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
MSConfigStartUp-KiesTrayAgent - c:\program files\Samsung\Kies\/\KiesTrayAgent.exe
MSConfigStartUp-NPCTray - c:\program files\Norman\npc\bin\npc_tray.exe
AddRemove-Minecraft 1.2.0_02 - c:\users\Gabi\AppData\Roaming\Uninstal.exe
AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-15_Symbian_Samsung_PC_DLC_Driver - c:\program files\Samsung\USB Drivers\15_Symbian_Samsung_PC_DLC_Driver\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-08-04 15:07
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-796801859-272985792-655912762-1005\Software\SecuROM\License information*]
"datasecu"=hex:79,dc,a6,16,b4,73,e6,d5,25,ee,79,5e,a1,1f,b2,15,60,ce,9f,fd,f8,
  5b,87,23,e1,69,7a,63,53,11,00,ab,f9,56,cb,03,09,03,ac,11,da,cd,9a,96,fc,8b,\
"rkeysecu"=hex:51,57,33,cb,ac,7d,61,a1,4b,7f,00,15,3d,00,b6,83
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(228)
c:\windows\system32\n
.
Zeit der Fertigstellung: 2012-08-04  15:09:54
ComboFix-quarantined-files.txt  2012-08-04 15:09
.
Vor Suchlauf: 6.341.738.496 Bytes frei
Nach Suchlauf: 22 Verzeichnis(se), 65.036.894.208 Bytes frei
.
- - End Of File - - 693E43DDE12049DBEE14C875B5C24821
--- --- ---


Nebenbei gesagt hatt sich das Antivir lange nicht mehr wegen dem ATRAPS.gen gemeldet.

Gruß Tim

Tschuldigung für den Doppelpost aber der "ATRAPS.gen" und "ATRAPS.gen2" Trojaner wird immer noch gefunden und zudem öffnet sich jetzt oft immer eine Anzeige die sacht "Hostprozesse für Windows-DInste funktionieren nicht mehr".

Chris4You 04.08.2012 18:32
Hi,

nachmal die Frage noch Homebanking-SW, hast Du da was auf dem Rechner?
Ich würde gerne den Treiber der "Banco de Brasil" entfernen...

Auch Combofix findet das Rootkit nicht, ein Versuch noch mit Hitmann...
Wie lautet genau die Anzeige von Avira?

Hitman
Lade Dir die passende Version von Hitman runter (32/64Bit), laufen lassen und Log posten.
ACHTUNG: Firewall muss für Hitman geöffnet sein (Zugriff unbedingt erlauben!)
Downloads - SurfRight
Für die Beseitigung kann eine temp. Lizenz (30 Tage) georderter werden (gibt dazu einen Reiter ;o)... . Nach den 30 Tagen deinstallieren, dann entfernt er nichts mehr (außer Ihr erwerbt eine Lizenz)...

chris

TimTobi 04.08.2012 19:31
Kann gerne gelöscht werden, dass muss wohl ein Freund von mir damals durch die nutzung der Bank Installiert haben.

Und den HitmanPro hab ich durchlaufen lassen allerdings kein Log bekommen. :/

In Quarantäne hatt er die ComboFix.exe gesteckt und entfernt hatt er eine Datei unter AppData\Local\"...." names N.

ALlerdings bekomme ich immer noch die Meldungen von Avira. :/

Chris4You 05.08.2012 19:39
Hi,

poste mal die (genaue) Meldung von Avira.
Die Datei die Hitman gefunden hat sollte die hier sein:
c:\windows\system32\n

OTL:
  • Doppelklick auf die OTL.exe, um das Programm auszuführen.
  • Vista/Win7-User bitte per Rechtsklick und "Ausführen als Administrator" starten.
  • Kopiere den Inhalt der folgenden Codebox komplett in die OTL-Box unter "Custom Scan/Fixes"
http://oldtimer.geekstogo.com/OTL/OTL_Main_Tutorial.gif
Code:
:OTL
O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Programme\GbPlugin\gbieh.dll (Banco do Brasil)
O20 - Winlogon\Notify\ GbPluginBb: DllName - (C:\Program Files\GbPlugin\gbieh.dll) - C:\Programme\GbPlugin\gbieh.dll (Banco do Brasil)
O28 - HKLM ShellExecuteHooks: {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\Programme\GbPlugin\gbieh.dll (Banco do Brasil)

:Commands
[purity]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
  • Den roten Run Fixes! Button anklicken.
  • Bitte alles aus dem Ergebnisfenster (Results) herauskopieren.
  • Eine Kopie eines OTL-Fix-Logs wird in einer Textdatei in folgendem Ordner gespeichert:
  • %systemroot%\_OTL

Combofix neu runterlanden [url]http://download.bleepingcomputer.com/sUBs/ComboFix.exe[/url und wie folgt vorgehen:

ComboFix-Script
Die nachfolgenden Zeilen (ohne Zitat!) abkopieren und in den Windows-Editor(start->Programme->zubehör->edior)
kopieren und auf dem Desktop unter dem Namen "CFScript.txt" speichern (ohne Anführungszeichen!).
Code:

Folder::
c:\windows\system32\n
Danach die CFScript.txt mit der Mause anklicken und gedrückt halten und über dem ComboFix-Symbol fallen lassen
(Maustaste loslassen, nennt man "Drag-and-Drop";o).
Jetzt sollte combofix starten und das script ausführen, poste das combofix-Log!

chris

TimTobi 20.08.2012 07:39
So da binich wieder. Entschuldige das es so lange gedauert hatt ich hätte villeicht sagen sollen das ich in den Urlaub gehe.

Ich habe jetzt seit sehr langem keine Meldung mehr bekommen.
Hier aber erstmal die Logs:


OTL
HTML-Code:
All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C41A1C0E-EA6C-11D4-B1B8-444553540000}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C41A1C0E-EA6C-11D4-B1B8-444553540000}\ deleted successfully.
File move failed. C:\Programme\GbPlugin\gbieh.dll scheduled to be moved on reboot.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ GbPluginBb\ deleted successfully.
File move failed. C:\Programme\GbPlugin\gbieh.dll scheduled to be moved on reboot.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{E37CB5F0-51F5-4395-A808-5FA49E399F83} deleted successfully.
Unable to delete registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E37CB5F0-51F5-4395-A808-5FA49E399F83}\ .
File move failed. C:\Programme\GbPlugin\gbieh.dll scheduled to be moved on reboot.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56478 bytes
 
User: Default User
 
User: Gabi
->Temp folder emptied: 26192765 bytes
->Temporary Internet Files folder emptied: 9831521 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 343 bytes
 
User: Juergen
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
User: TimTobias
->Temp folder emptied: 5063808 bytes
->Temporary Internet Files folder emptied: 38511378 bytes
->Java cache emptied: 2450390 bytes
->FireFox cache emptied: 120115216 bytes
->Flash cache emptied: 84165 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1310728193 bytes
RecycleBin emptied: 2064248 bytes
 
Total Files Cleaned = 1.445,00 mb
 

 
OTL by OldTimer - Version 3.2.31.0 log created on 08202012_005649

Files\Folders moved on Reboot...
File move failed. C:\Programme\GbPlugin\gbieh.dll scheduled to be moved on reboot.

Registry entries deleted on Reboot...
ComboFix
Combofix Logfile:
Code:
ComboFix 12-08-18.03 - Gabi 20.08.2012  1:27.1.2 - x86
Microsoft® Windows Vista™ Home Premium  6.0.6002.2.1252.49.1031.18.2936.1887 [GMT 0:00]
ausgeführt von:: c:\users\TimTobias\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\TimTobias\Desktop\CFScript.txt
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
ADS - drivers: deleted 208 bytes in 1 streams.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-07-20 bis 2012-08-20  ))))))))))))))))))))))))))))))
.
.
2012-08-20 01:36 . 2012-08-20 01:37        --------        d-----w-        c:\users\Gabi\AppData\Local\temp
2012-08-20 01:36 . 2012-08-20 01:36        --------        d-----w-        c:\users\TimTobias\AppData\Local\temp
2012-08-20 01:36 . 2012-08-20 01:36        --------        d-----w-        c:\users\Juergen\AppData\Local\temp
2012-08-20 01:36 . 2012-08-20 01:36        --------        d-----w-        c:\users\Default\AppData\Local\temp
2012-08-18 15:02 . 2012-08-18 15:02        --------        d-----w-        c:\users\TimTobias\AppData\Roaming\MAGIX
2012-08-18 15:01 . 2012-08-18 15:01        --------        d-----w-        c:\users\Gabi\AppData\Roaming\MAGIX
2012-08-18 14:55 . 2012-08-18 16:44        --------        d-----w-        c:\programdata\MAGIX
2012-08-18 14:54 . 2012-08-18 14:54        --------        d-----w-        c:\program files\MSXML 4.0
2012-08-18 14:30 . 2012-08-18 14:30        --------        d-----w-        c:\program files\Common Files\Adobe AIR
2012-08-18 14:23 . 2012-08-18 14:23        --------        d-----w-        c:\users\TimTobias\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
2012-08-17 12:04 . 2012-08-18 13:27        --------        d-----w-        c:\programdata\ScreenVCR
2012-08-17 12:04 . 2012-08-17 12:04        --------        d-----w-        c:\program files\TotalScreenRecorder_Gold
2012-08-17 12:04 . 2003-08-27 15:43        499712        ----a-w-        c:\windows\system32\msvcp71.dll
2012-08-17 12:04 . 2003-03-19 13:19        1060864        ----a-w-        c:\windows\system32\MFC71.dll
2012-08-17 12:04 . 2003-02-21 20:42        348160        ----a-w-        c:\windows\system32\msvcr71.dll
2012-08-17 11:50 . 2012-06-29 08:44        6891424        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{7BFCD025-3CDF-441C-95DB-ED17A7E4D126}\mpengine.dll
2012-08-15 12:30 . 2012-05-11 15:57        623616        ----a-w-        c:\windows\system32\localspl.dll
2012-08-04 20:52 . 2012-08-04 20:52        --------        d-----w-        c:\programdata\RoboForm
2012-08-04 20:21 . 2012-08-04 20:21        --------        d-----w-        c:\program files\HitmanPro
2012-08-04 20:14 . 2012-08-04 20:14        27424        ----a-w-        c:\windows\system32\drivers\hitmanpro36.sys
2012-08-04 20:06 . 2012-08-04 20:12        --------        d-----w-        c:\programdata\HitmanPro
2012-08-04 14:55 . 2012-08-20 01:21        12568        ----a-w-        c:\windows\system32\drivers\PROCEXP113.SYS
2012-08-02 12:59 . 2012-08-02 12:59        --------        d-----w-        c:\users\Gabi\AppData\Roaming\SUPERAntiSpyware.com
2012-07-28 21:41 . 2012-07-28 21:41        --------        d-----w-        c:\program files\THQ
2012-07-22 19:20 . 2012-08-20 01:00        --------        d-----w-        c:\program files\Steam
2012-07-21 07:11 . 2012-07-21 07:11        65536        ----a-w-        c:\windows\system32\frapsvid.dll
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-18 23:48 . 2012-07-18 22:53        139080        ----a-w-        c:\windows\system32\drivers\PnkBstrK.sys
2012-07-18 23:48 . 2012-07-18 23:48        270240        ----a-w-        c:\windows\system32\PnkBstrB.xtr
2012-07-18 23:48 . 2012-07-18 22:52        270240        ----a-w-        c:\windows\system32\PnkBstrB.exe
2012-07-18 22:53 . 2012-07-18 22:53        138056        ----a-w-        c:\users\Gabi\AppData\Roaming\PnkBstrK.sys
2012-07-18 22:52 . 2012-07-18 22:52        189248        ----a-w-        c:\windows\system32\PnkBstrB.ex0
2012-07-18 22:52 . 2012-07-18 22:52        75136        ----a-w-        c:\windows\system32\PnkBstrA.exe
2012-06-06 20:59 . 2012-06-06 20:59        1070152        ----a-w-        c:\windows\system32\MSCOMCTL.OCX
2012-06-06 16:56 . 2012-06-06 16:56        476960        ----a-w-        c:\windows\system32\npdeployJava1.dll
2012-06-06 16:56 . 2010-12-28 19:41        472864        ----a-w-        c:\windows\system32\deployJava1.dll
2012-06-05 16:47 . 2012-07-11 19:09        1401856        ----a-w-        c:\windows\system32\msxml6.dll
2012-06-05 16:47 . 2012-07-11 19:09        1248768        ----a-w-        c:\windows\system32\msxml3.dll
2012-06-04 15:26 . 2012-07-11 19:08        440704        ----a-w-        c:\windows\system32\drivers\ksecdd.sys
2012-06-02 22:19 . 2012-06-24 13:00        53784        ----a-w-        c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-24 13:00        45080        ----a-w-        c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-24 12:59        35864        ----a-w-        c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-24 12:59        577048        ----a-w-        c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-24 13:00        1933848        ----a-w-        c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-24 13:00        2422272        ----a-w-        c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-24 12:59        88576        ----a-w-        c:\windows\system32\wudriver.dll
2012-06-02 15:19 . 2012-06-24 12:59        171904        ----a-w-        c:\windows\system32\wuwebv.dll
2012-06-02 15:12 . 2012-06-24 12:59        33792        ----a-w-        c:\windows\system32\wuapp.exe
2012-06-02 00:04 . 2012-07-11 19:08        278528        ----a-w-        c:\windows\system32\schannel.dll
2012-06-02 00:03 . 2012-07-11 19:08        204288        ----a-w-        c:\windows\system32\ncrypt.dll
2012-05-31 12:25 . 2010-09-12 01:05        237072        ------w-        c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="oobefldr.dll" [2009-04-10 2153472]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-08-12 150040]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-05 281768]
"Skytel"="Skytel.exe" [2008-07-16 1833504]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-03 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\users\Gabi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]
2012-05-09 09:01        1313864        ----a-w-        c:\program files\GbPlugin\gbieh.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54        551296        ----a-w-        c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-01-03 22:51        37296        ----a-w-        c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FSC OSD Utility]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FSCRecovery]
2008-06-18 12:25        268096        ----a-w-        c:\program files\Fujitsu Siemens Computers\Fujitsu Siemens Computers Recovery\FSCRecoveryReminder.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google EULA Launcher]
2008-05-28 11:40        20480        ----a-w-        c:\program files\Google\Google EULA\GoogleEULALauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2008-08-12 08:59        170520        ----a-w-        c:\windows\System32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Launch Manager]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
2012-06-27 12:29        1996200        ----a-w-        c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norman ZANDA]
2007-12-17 12:37        273520        ----a-w-        c:\program files\Norman\Npm\Bin\Zlh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando Media Booster]
2012-07-02 17:41        3093624        ----a-w-        c:\program files\Pando Networks\Media Booster\PMB.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2008-08-12 09:00        145944        ----a-w-        c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
2008-02-26 01:23        443968        ----a-w-        c:\program files\Picasa2\PicasaMediaDetector.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-09-08 09:17        421888        ----a-w-        c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2008-07-16 17:01        6253088        ----a-w-        c:\windows\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2012-02-29 08:55        17148552        ----a-r-        c:\program files\Skype\Phone\Skype.exe
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [x]
S2 ACEDRV09;ACEDRV09;c:\windows\system32\drivers\ACEDRV09.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation        REG_MULTI_SZ          FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2012-08-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 20:01]
.
2011-11-28 c:\windows\Tasks\DriverEasy Scheduled Scan.job
- c:\program files\Easeware\DriverEasy\DriverEasy.exe [2011-11-12 12:38]
.
2012-08-19 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-796801859-272985792-655912762-1001Core.job
- c:\users\TimTobias\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-03-23 23:26]
.
2012-08-19 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-796801859-272985792-655912762-1001UA.job
- c:\users\TimTobias\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-03-23 23:26]
.
2012-08-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-02 21:03]
.
2012-08-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-02 21:03]
.
.
------- Zusätzlicher Suchlauf -------
.
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=FUJD&bmod=FUJD
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
FF - ProfilePath - c:\users\Gabi\AppData\Roaming\Mozilla\Firefox\Profiles\1glfvulm.default\
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - hxxp://www.t-online.de/
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{c840e246-6b95-475e-9bd7-caa1c7eca9f2} - (no file)
Toolbar-{c840e246-6b95-475e-9bd7-caa1c7eca9f2} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-08-20 01:36
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-796801859-272985792-655912762-1005\Software\SecuROM\License information*]
"datasecu"=hex:79,dc,a6,16,b4,73,e6,d5,25,ee,79,5e,a1,1f,b2,15,60,ce,9f,fd,f8,
  5b,87,23,e1,69,7a,63,53,11,00,ab,f9,56,cb,03,09,03,ac,11,da,cd,9a,96,fc,8b,\
"rkeysecu"=hex:51,57,33,cb,ac,7d,61,a1,4b,7f,00,15,3d,00,b6,83
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2012-08-20  01:42:35
ComboFix-quarantined-files.txt  2012-08-20 01:42
ComboFix2.txt  2012-08-04 15:09
.
Vor Suchlauf: 21 Verzeichnis(se), 32.421.163.008 Bytes frei
Nach Suchlauf: 23 Verzeichnis(se), 48.373.886.976 Bytes frei
.
- - End Of File - - 9599920AF29709FBC0891EBB2DAF53B6
--- --- ---



Zudem hab ich allerdings nu das Problem das ich meinen Desktop nicht mehr bearbeiten kann. Immer wenn ich ein Desktop-Item verschiebe und darauf hin den Desktop aktuallisiere, springt das Item zurück zum Linken Rand.
Bei google konnte ich keine Passende Lösung finden und\oder sie hatt nichts genützt. Mit dem ausrichten und Desktop-Einstellungen hab ich auch schon rumprobiert.

Nunja, nochmals entschuldigung das ich mich so lange nicht meldete. Ich hoffe du hast nicht vergebens auf mich gewartet. Hahaha :D

Gruß Tim

Chris4You 20.08.2012 08:05
Hi,

heute bin ich allerdings den letzten Tag hier, dann bin ich in Urlaub...

Erstelle und poste ein neues OTL-log...

chris

TimTobi 20.08.2012 12:21
Hehe, tja dann muss ich wohl auch einmal warten. :) Wohin gehts denn ?

Naja hier ist der OTL-Log ersteinmal.

OTL Logfile:
Code:
OTL logfile created on: 20.08.2012 13:04:18 - Run 4
OTL by OldTimer - Version 3.2.31.0    Folder = C:\Users\TimTobias\Desktop\Nette Progs
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,87 Gb Total Physical Memory | 1,98 Gb Available Physical Memory | 69,23% Memory free
5,96 Gb Paging File | 4,92 Gb Available in Paging File | 82,59% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 303,84 Gb Total Space | 26,89 Gb Free Space | 8,85% Space Free | Partition Type: NTFS
Drive D: | 152,92 Gb Total Space | 148,62 Gb Free Space | 97,19% Space Free | Partition Type: NTFS
 
Computer Name: DERCOMPUTER | User Name: Gabi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Programme\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
PRC - C:\Programme\GbPlugin\gbpsv.exe ( )
PRC - C:\Users\TimTobias\Desktop\Nette Progs\OTL.exe (OldTimer Tools)
PRC - C:\Programme\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - c:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
PRC - c:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe (Fujitsu Siemens Computers)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Norman\Npm\Bin\Zanda.exe (Norman ASA)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Programme\WinRAR\RarExt.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
SRV - (Hamachi2Svc) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SRV - (GbpSv) -- C:\Programme\GbPlugin\gbpsv.exe ( )
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (TeamViewer7) -- C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (TestHandler) -- C:\Program Files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe (Fujitsu Siemens Computers)
SRV - (NVOY) -- C:\Program Files\Norman\npm\bin\nvoy.exe (Norman ASA)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (Norman ZANDA) -- C:\Program Files\Norman\Npm\Bin\Zanda.exe (Norman ASA)
SRV - (eLoggerSvc6) -- C:\Program Files\Norman\Npm\Bin\Elogsvc.exe (Norman ASA)
SRV - (FSCLBaseUpdaterService) -- C:\Program Files\Fujitsu Siemens Computers\FSCLounge\FSCWBaseUpdaterService\2\FSCWBaseUpdaterService.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV - (catchme) --  File not found
DRV - (hitmanpro36) -- C:\Windows\System32\drivers\hitmanpro36.sys ()
DRV - (GbpKm) -- C:\Windows\system32\drivers\gbpkm.sys (GAS Tecnologia)
DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys ()
DRV - (SASDIFSV) -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (ACEDRV09) -- C:\Windows\System32\drivers\ACEDRV09.sys (Protect Software GmbH)
DRV - (dtsoftbus01) -- C:\Windows\System32\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV - (ACEDRV07) -- C:\Windows\System32\drivers\ACEDRV07.sys (Protect Software GmbH)
DRV - (FsUsbExDisk) -- C:\Windows\System32\FsUsbExDisk.Sys ()
DRV - (sscemdm) -- C:\Windows\System32\drivers\sscemdm.sys (MCCI Corporation)
DRV - (sscebus) SAMSUNG USB Composite Device V2 driver (WDM) -- C:\Windows\System32\drivers\sscebus.sys (MCCI Corporation)
DRV - (sscemdfl) -- C:\Windows\System32\drivers\sscemdfl.sys (MCCI Corporation)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (RTL8187B) -- C:\Windows\System32\drivers\RTL8187B.sys (Realtek Semiconductor Corporation                          )
DRV - (ahcix86s) -- C:\Windows\system32\drivers\ahcix86s.sys (AMD Technologies Inc.)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation                                            )
DRV - (JRAID) -- C:\Windows\system32\drivers\jraid.sys (JMicron Technology Corp.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=FUJD&bmod=FUJD
 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: "hxxp://www.t-online.de/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:6.1.0.10441
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}:6.0.32
FF - prefs.js..extensions.enabledItems: battlefieldheroespatcher@ea.com:5.0.145.0
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_228.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.12.11 19:45:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.06.06 16:56:36 | 000,000,000 | ---D | M]
 
[2011.01.23 20:08:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gabi\AppData\Roaming\mozilla\Extensions
[2012.07.18 23:46:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gabi\AppData\Roaming\mozilla\Firefox\Profiles\1glfvulm.default\extensions
[2011.01.23 20:09:39 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Gabi\AppData\Roaming\mozilla\Firefox\Profiles\1glfvulm.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012.07.18 22:02:49 | 000,000,000 | ---D | M] (Battlefield Heroes Updater) -- C:\Users\Gabi\AppData\Roaming\mozilla\Firefox\Profiles\1glfvulm.default\extensions\battlefieldheroespatcher@ea.com
[2012.07.18 23:46:51 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.07.18 21:59:48 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2010.12.28 19:41:59 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2012.06.06 16:57:04 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}
[2010.11.12 12:45:19 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.11.12 12:45:19 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010.11.12 12:45:19 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.11.12 12:45:20 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
 
========== Chrome  ==========
 
 
O1 HOSTS File: ([2012.08.04 15:07:08 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Programme\GbPlugin\gbieh.dll (Banco do Brasil)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - Startup: C:\Users\Gabi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Programme\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0169DC82-20BB-43D7-9C30-B0DA25C3A568}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AFA7E0B6-A087-4954-92D6-2FA645EC1AF7}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D0E9E3E0-3468-44F4-8735-70FF3931833B}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\ GbPluginBb: DllName - (C:\Program Files\GbPlugin\gbieh.dll) - C:\Programme\GbPlugin\gbieh.dll (Banco do Brasil)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Programme\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programme\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\Programme\GbPlugin\gbieh.dll (Banco do Brasil)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 21:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.08.20 01:42:50 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012.08.20 01:42:44 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012.08.20 01:42:44 | 000,000,000 | ---D | C] -- C:\Users\Gabi\AppData\Local\temp
[2012.08.18 15:01:48 | 000,000,000 | ---D | C] -- C:\Users\Gabi\AppData\Roaming\MAGIX
[2012.08.18 14:55:10 | 000,000,000 | ---D | C] -- C:\ProgramData\MAGIX
[2012.08.18 14:54:44 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2012.08.18 14:30:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2012.08.17 12:04:29 | 000,000,000 | ---D | C] -- C:\ProgramData\ScreenVCR
[2012.08.17 12:04:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Total Screen Recorder Gold
[2012.08.17 12:04:22 | 000,000,000 | ---D | C] -- C:\Program Files\TotalScreenRecorder_Gold
[2012.08.04 20:52:37 | 000,000,000 | ---D | C] -- C:\ProgramData\RoboForm
[2012.08.04 20:52:10 | 000,000,000 | ---D | C] -- C:\Users\Gabi\Documents\My RoboForm Data
[2012.08.04 20:21:55 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
[2012.08.04 20:06:04 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2012.08.04 14:56:52 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012.08.04 14:56:52 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012.08.04 14:56:52 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012.08.04 14:55:55 | 000,012,568 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Windows\System32\drivers\PROCEXP113.SYS
[2012.08.04 14:55:54 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.08.04 14:55:26 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012.08.02 12:59:07 | 000,000,000 | ---D | C] -- C:\Users\Gabi\AppData\Roaming\SUPERAntiSpyware.com
[2012.07.28 21:41:31 | 000,000,000 | ---D | C] -- C:\Program Files\THQ
[2012.07.22 19:20:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
[2012.07.22 19:20:08 | 000,000,000 | ---D | C] -- C:\Program Files\Steam
[2010.11.03 10:33:35 | 000,695,296 | ---- | C] (AnjoCaido) -- C:\Users\Gabi\AppData\Roaming\MinecraftSP.exe
 
========== Files - Modified Within 30 Days ==========
 
[2012.08.20 12:59:51 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.08.20 12:59:51 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.08.20 12:58:39 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.08.20 12:58:38 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.08.20 11:31:01 | 000,001,154 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-796801859-272985792-655912762-1001UA.job
[2012.08.20 08:22:47 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.08.20 01:21:35 | 000,012,568 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Windows\System32\drivers\PROCEXP113.SYS
[2012.08.20 00:59:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.08.20 00:59:45 | 3079,262,208 | -HS- | M] () -- C:\hiberfil.sys
[2012.08.19 23:31:00 | 000,001,132 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-796801859-272985792-655912762-1001Core.job
[2012.08.19 21:38:45 | 000,436,800 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.08.17 12:04:25 | 000,001,743 | ---- | M] () -- C:\Users\Gabi\Desktop\Total Screen Recorder Gold.lnk
[2012.08.15 00:13:34 | 000,001,822 | ---- | M] () -- C:\Users\Gabi\Desktop\Continue SweetIM Installation.lnk
[2012.08.04 20:14:47 | 000,027,424 | ---- | M] () -- C:\Windows\System32\drivers\hitmanpro36.sys
[2012.08.04 20:12:37 | 000,000,788 | ---- | M] () -- C:\Windows\System32\.crusader
[2012.08.04 15:07:08 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012.07.22 19:20:28 | 000,000,792 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk
 
========== Files Created - No Company Name ==========
 
[2012.08.17 12:04:25 | 000,001,743 | ---- | C] () -- C:\Users\Gabi\Desktop\Total Screen Recorder Gold.lnk
[2012.08.15 00:13:18 | 000,001,822 | ---- | C] () -- C:\Users\Gabi\Desktop\Continue SweetIM Installation.lnk
[2012.08.04 20:14:47 | 000,027,424 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro36.sys
[2012.08.04 20:12:37 | 000,000,788 | ---- | C] () -- C:\Windows\System32\.crusader
[2012.08.04 14:56:52 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.08.04 14:56:52 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.08.04 14:56:52 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.08.04 14:56:52 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.08.04 14:56:52 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.07.22 19:20:28 | 000,000,792 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk
[2012.07.18 22:53:05 | 000,139,080 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2012.07.18 22:53:04 | 000,138,056 | ---- | C] () -- C:\Users\Gabi\AppData\Roaming\PnkBstrK.sys
[2012.07.18 22:52:49 | 000,270,240 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2012.07.18 22:52:45 | 000,075,136 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2011.11.13 21:48:09 | 000,271,360 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2011.11.13 21:47:37 | 000,018,048 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2011.10.27 22:01:45 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll
[2011.09.26 21:53:01 | 000,000,639 | ---- | C] () -- C:\Windows\eReg.dat
[2011.06.18 15:53:25 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011.06.18 15:52:22 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011.04.09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2011.03.06 20:52:38 | 000,000,000 | ---- | C] () -- C:\Windows\System32\Access.dat
[2011.01.24 13:25:09 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2011.01.24 12:57:10 | 000,069,632 | R--- | C] () -- C:\Windows\System32\xmltok.dll
[2011.01.24 12:57:10 | 000,036,864 | R--- | C] () -- C:\Windows\System32\xmlparse.dll
[2010.10.31 07:20:08 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010.09.17 18:51:57 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.09.13 18:53:41 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2010.09.13 18:53:41 | 000,036,640 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2010.09.11 10:41:05 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010.09.11 08:51:24 | 000,000,342 | ---- | C] () -- C:\Windows\{9A3BC157-B94F-4EFD-ABA9-1E56DEB00655}_WiseFW.ini
[2008.10.20 13:37:54 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1527.dll
[2008.10.20 13:37:53 | 002,192,024 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2008.10.20 13:37:52 | 000,495,376 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2008.10.20 13:37:52 | 000,147,172 | ---- | C] () -- C:\Windows\System32\igfcg550.bin
[2008.10.20 12:58:30 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008.04.25 12:23:38 | 000,012,288 | ---- | C] () -- C:\Windows\System32\EvOnlDiag.dll
[2008.01.21 07:15:58 | 000,699,828 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008.01.21 07:15:58 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008.01.21 07:15:58 | 000,157,120 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008.01.21 07:15:58 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2007.07.23 08:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2007.07.23 08:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2007.07.23 08:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2007.07.23 08:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2007.07.23 08:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2007.07.23 08:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2007.07.23 08:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2007.07.23 08:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2007.07.23 08:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2007.04.27 10:43:58 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2006.11.02 12:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 12:47:37 | 000,436,800 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 12:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 10:33:01 | 000,655,950 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 10:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 10:33:01 | 000,128,964 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 10:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 10:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 08:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 08:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 07:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 07:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2002.08.01 15:35:04 | 000,002,831 | ---- | C] () -- C:\Windows\wavemix.ini
 
========== LOP Check ==========
 
[2011.12.15 18:55:55 | 000,000,000 | ---D | M] -- C:\Users\Gabi\AppData\Roaming\.minecraft
[2012.01.11 21:51:03 | 000,000,000 | ---D | M] -- C:\Users\Gabi\AppData\Roaming\DAEMON Tools Lite
[2011.11.12 20:22:32 | 000,000,000 | ---D | M] -- C:\Users\Gabi\AppData\Roaming\Easeware
[2011.11.12 20:12:53 | 000,000,000 | ---D | M] -- C:\Users\Gabi\AppData\Roaming\fltk.org
[2011.09.29 13:49:51 | 000,000,000 | ---D | M] -- C:\Users\Gabi\AppData\Roaming\Leadertech
[2012.07.03 10:21:30 | 000,000,000 | ---D | M] -- C:\Users\Gabi\AppData\Roaming\LolClient
[2012.08.18 15:01:48 | 000,000,000 | ---D | M] -- C:\Users\Gabi\AppData\Roaming\MAGIX
[2012.05.04 06:51:51 | 000,000,000 | ---D | M] -- C:\Users\Gabi\AppData\Roaming\Propellerhead Software
[2012.06.17 15:13:03 | 000,000,000 | ---D | M] -- C:\Users\Gabi\AppData\Roaming\uTorrent
[2011.01.18 23:30:31 | 000,000,000 | ---D | M] -- C:\Users\Gabi\AppData\Roaming\wxMozBrowserLib
[2012.05.10 23:22:14 | 000,000,000 | ---D | M] -- C:\Users\Gabi\AppData\Roaming\YoudaGames
[2011.11.28 10:21:52 | 000,000,404 | ---- | M] () -- C:\Windows\Tasks\DriverEasy Scheduled Scan.job
[2012.08.19 23:31:00 | 000,001,132 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-796801859-272985792-655912762-1001Core.job
[2012.08.20 11:31:01 | 000,001,154 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-796801859-272985792-655912762-1001UA.job
[2012.08.20 00:58:47 | 000,032,606 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 208 bytes -> C:\Windows\System32\drivers:GbpKmAp.lst

< End of report >
--- --- ---

TimTobi 22.08.2012 11:53
Ich habe grade auch wieder Virenmeldungen bekommen hier einmal ganz genau was mir AntiVir gibt:

Meldung 1
HTML-Code:
C:\Users\TimTobias\AppData\Local\{ea168947-5v96-9785-e72d-62407ddcd2a4}\U\80000000.@ 
Ist das Trojanische Pferd TR/ATRAPS.Gen  Aktion: In Quarantäne verschieben
Meldung 2
HTML-Code:
C:\Users\TimTobias\AppData\Local\{ea168947-5v96-9785-e72d-62407ddcd2a4}\U\800000cb.@
Ist das Trojanische Pferd TR/ATRAPS.Gen2  Aktion: In Quarantäne verschieben
Zudem hatte ich gestern den berühmten "Live Security Platinium"-Virus.
Ich hab den dann beim zweiten Hochfahren mit den Anti maleware und allem andren löschen können seit dem funktioniert mein Desktop wieder und seit dem meldet sich auch Antivirus wieder wegen den ATRAPS.

TimTobi 06.09.2012 16:03
So ich konnte jetzt echt nicht mehr warten. Ich hab mein Computer jetzt wieder neu aufgespielt "amilo recovery vorgang", so in der Art hieß das.

Ich denke das war, dass beste was ich machen konnte. Zu letzt kahm noch ein Virus, wo ich doch wegen Kinderpornografie meinen Rechner für 100 € wieder freischalten könnte, da er vom BKA gesperrt sei. :stirn:

Naja jetzt leuft alles glatt. Vielen Dank für die Hilfe, sollte jetzt troztdem noch was kommen melde ich mich wieder sofort.

Vielen Dank !!!!! :daumenhoc

Chris4You 11.09.2012 14:45
Hi,

sorry, war im Urlaub... Hab zwar mal versucht per Palm Pre hier reinzukommen bin aber immer nach der Anmeldung wieder rausgeflogen ("Sie haben keine Berechtigung etc.")...

Das war ein Rootkit das gerne in Verbindung mit "Liver Security" auftritt...

chris

TimTobi 12.09.2012 21:31
Keine Benachrichtungen mehr und auch sonst nichts ungewöhnliches :)

Macht nichts ;)


Alle Zeitangaben in WEZ +1. Es ist jetzt 09:01 Uhr.

Copyright ©2000-2024, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129