Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Spamhaus meldet verschiedenste Botnetze, Zbot, Torpig, etc

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 11.07.2013, 18:34   #1
Seelenwinter
 
Spamhaus meldet verschiedenste Botnetze, Zbot, Torpig, etc - Unglücklich

Spamhaus meldet verschiedenste Botnetze, Zbot, Torpig, etc



Hallo liebes Trojaner-Board. (ich hoffe, das ist das richtige Forum)
Seit Monaten bekomme ich über Outlook eine Fehlermeldung, sobald ich E-Mails über meine Webseite verschicken will "Fehler 550, please see hxxp://www.spamhaus.org/query/bl?ip=95.91.246.144" (Beispiel IP, eine meiner letzten IP-Adressen)
Laut Spamhaus habe ich verschiedenste Viren & Botnetze auf dem Rechner, unter anderem Zbot, Torpig, usw. - mein Virenscanner (avast) findet nichts & ich weiß nun auch nicht mehr weiter. Laut dem Hilfebeitrag hier nun die Logs.
Es handelt sich hierbei um 2 PC's, die vermutlich infiziert sind, daher poste ich immer zwei Logfiles - immer von meinem PC & dem meines Vaters. (Ich nenne sie mal PC Jan & PC Papa, hoffe, das ist okay & verständlich.)

Befindet sich im Anhang.

Geändert von Seelenwinter (11.07.2013 um 18:41 Uhr) Grund: ergänzt

Alt 11.07.2013, 18:44   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Spamhaus meldet verschiedenste Botnetze, Zbot, Torpig, etc - Standard

Spamhaus meldet verschiedenste Botnetze, Zbot, Torpig, etc



Hallo und

Zitat:
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Warum hast du eine Ultimate Edition von Windows, brauchst du das als Heimanwender?
Oder ist das rein zufällig ein Büro-/Firmen-PC bzw. ein Uni-Rechner?

Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die jemals fündig geworden?

Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!


Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________

__________________

Alt 11.07.2013, 19:05   #3
Seelenwinter
 
Spamhaus meldet verschiedenste Botnetze, Zbot, Torpig, etc - Standard

Spamhaus meldet verschiedenste Botnetze, Zbot, Torpig, etc



Erstmal danke für die Antwort.
Mein Vater arbeitet an der Universität & hat die Version von da, soweit ich weiß.
Hatte die mal, weil ich die virtuelle XP-Version zeitweise genutzt habe.
Habe leider auch keine alten Logs, tut mir leid.

[CODE]Extra PapaOTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 11.07.2013 18:58:35 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = E:\Virenscan ab 11.07.2013 BEIDE RECHNER
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,73 Gb Total Physical Memory | 6,27 Gb Available Physical Memory | 81,08% Memory free
15,46 Gb Paging File | 13,69 Gb Available in Paging File | 88,56% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 596,07 Gb Total Space | 528,64 Gb Free Space | 88,69% Space Free | Partition Type: NTFS
Drive E: | 7,45 Gb Total Space | 7,45 Gb Free Space | 99,99% Space Free | Partition Type: FAT32
 
Computer Name: USER-PC | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
"" = 
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05073E78-83A6-4FE8-AA9F-D10949984FB5}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{1B67F702-5AC6-4749-AA66-4F787B6459E7}" = lport=137 | protocol=17 | dir=in | app=system | 
"{2137E3DE-604D-4F0D-9FD4-5F2C524F5B80}" = lport=138 | protocol=17 | dir=in | app=system | 
"{605103F9-497B-42C7-81EF-D025497A92A6}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{9B51A794-6821-4BA5-AA25-FC0156CD84B4}" = lport=445 | protocol=6 | dir=in | app=system | 
"{B7F463F1-FB29-47E8-8B68-C408C834E5DE}" = rport=137 | protocol=17 | dir=out | app=system | 
"{C225A984-3CD8-4525-9001-A9037D542094}" = rport=138 | protocol=17 | dir=out | app=system | 
"{D892DCD8-2776-4D43-ADA1-A01C57A8AFED}" = rport=445 | protocol=6 | dir=out | app=system | 
"{E46B3CFB-5F16-41FB-AADD-305F1B54B2F2}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{F0813CE2-CE9B-4CD1-9051-742FD1E389A4}" = lport=139 | protocol=6 | dir=in | app=system | 
"{F9E58F3A-DB2A-4391-BB5B-E17851764DAD}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{FF155EDA-47DB-4AFE-9891-D31517294743}" = rport=139 | protocol=6 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0D72737B-90E4-4494-A861-19D3C9351782}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{100A7AD9-D4F8-4483-BE88-5E4309A506D9}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{1355C2F1-B942-4791-97DD-7FAF47AF08F6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{17898EFB-C193-4439-976B-9401291998E9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{1A368489-DFF6-4242-9694-03AAE7411FB0}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404 - königsedition\tools\anno4web.exe | 
"{1DB1E9EE-75CA-4EDE-BE1B-ECEAD3886CAE}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404 - königsedition\tools\anno4web.exe | 
"{1E79D0E5-5C31-46C1-8C35-FEB02DAFDC9D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{3933AE47-4425-4A60-B243-A8BC29E9770E}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{3B8CE719-D76F-4913-8D7D-2F9C72B83046}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404 - königsedition\tools\benchmark.exe | 
"{42D3C73F-D663-49E2-8C4D-41D27B025B59}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\die siedler 7\data\base\_dbg\bin\release\settlers7r.exe | 
"{5DF20CAC-1402-491D-A4DA-E626A1D70057}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{69ABB665-ECAD-4C66-9A9E-70E0A4F3B5DE}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404 - königsedition\tools\addonweb.exe | 
"{6B7E7B1B-B9F2-4438-9A84-2887078FF254}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404 - königsedition\tools\addonweb.exe | 
"{70D813B4-9DE8-42BF-8ECF-2E4C3560C93E}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404 - königsedition\addon.exe | 
"{7F464863-5C3C-4E23-B959-39BE4A6C26DE}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404 - königsedition\tools\benchmark.exe | 
"{84103EBD-0A7E-41D6-89B3-1E138A3D50A9}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{91D0DBAE-6C34-49AE-95E0-7A5CBC99D5C1}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404 - königsedition\addon.exe | 
"{95E6FDF4-8565-4721-B030-D499D9DFD551}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404 - königsedition\anno4.exe | 
"{9A45E8DA-345F-4612-8F21-08A5CA1BDAAF}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404 - königsedition\anno4.exe | 
"{A98F5860-C5EA-45AC-849B-1809EDB1D041}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{AA47801D-5BAE-4CDC-A79A-0E1F6A4DACA6}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{C757EA78-8BE6-437A-9625-B7C387DBF6A1}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{C7AEA4AA-8108-4165-A6C4-41B8BD4B12CB}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\die siedler 7\data\base\_dbg\bin\release\settlers7r.exe | 
"{D5075763-3ECD-46CA-BC1F-C1C6842C1B9D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{DF4504CB-17B1-4EE7-A1BC-60806619C2BD}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 | 
"{F277C6AC-FD37-454E-9B81-AB71EE3B3B3F}" = protocol=58 | dir=in | app=system | 
"TCP Query User{D7FDF872-D9E1-4739-BE3A-C5DAD9C0E65B}C:\program files (x86)\anno 1701\anno1701.exe" = protocol=6 | dir=in | app=c:\program files (x86)\anno 1701\anno1701.exe | 
"UDP Query User{EF68ACD1-9608-408E-9917-8195ECD01567}C:\program files (x86)\anno 1701\anno1701.exe" = protocol=17 | dir=in | app=c:\program files (x86)\anno 1701\anno1701.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{230D1595-57DA-4933-8C4E-375797EBB7E1}" = Bluetooth Win7 Suite (64)
"{40B91513-A7B9-94AB-5353-926FB1C07334}" = WMV9/VC-1 Video Playback
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{8A61B820-598D-05B2-5F8D-7388E15AE2DB}" = AMD Drag and Drop Transcoding
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{9AFAAEAF-7256-793D-AE2B-B4B2C5B3A807}" = AMD Catalyst Install Manager
"{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 275.33
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.3.5
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.2.22.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"NVIDIA Drivers" = NVIDIA Drivers
"WinRAR archiver" = WinRAR 4.00 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{15C418EB-7675-42be-B2B3-281952DA014D}" = Sophos AutoUpdate
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404 - Königsedition
"{40580068-9B10-40B5-9548-536CE88AB23C}" = ITE Infrared Transceiver
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{63860309-DA8A-4BAE-9EAE-CE1D6D79340C}" = Die Siedler 7
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{91B1F7B1-9721-D228-F591-2C2A4695302C}" = Catalyst Control Center InstallProxy
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9ACB414D-9347-40B6-A453-5EFB2DB59DFA}" = Sophos Anti-Virus
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2433A63-5F5D-40E5-B529-9123C2B3E734}" = Anno 1701
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.7) - Deutsch
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{CBCF6C86-4738-4A84-9C2C-331804DCEB9B}" = LibreOffice 3.6
"{EBBB1DEF-8878-4CB8-BC0D-1196B30E7527}" = ANNO 1503
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{FED1005D-CBC8-45D5-A288-FFC7BB304121}" = Sophos Remote Management System
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Herrscher des Olymp - Zeus" = Herrscher des Olymp - Zeus
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Mozilla Firefox 22.0 (x86 en-US)" = Mozilla Firefox 22.0 (x86 en-US)
"Mozilla Thunderbird 17.0.7 (x86 de)" = Mozilla Thunderbird 17.0.7 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"Pharao" = Pharao
"SADK" = Die Siedler - Aufbruch der Kulturen
"Security Task Manager" = Security Task Manager 1.8d
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 09.06.2013 10:22:01 | Computer Name = User-PC | Source = Sophos Message Router | ID = 8005
Description = DNS Lookup schlug bei Auflösung folgender Adressen fehl: sophos-sec.%3
 
Error - 09.06.2013 10:23:15 | Computer Name = User-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 10.06.2013 02:56:36 | Computer Name = User-PC | Source = Sophos Message Router | ID = 8005
Description = DNS Lookup schlug bei Auflösung folgender Adressen fehl: sophos-sec.%3
 
Error - 10.06.2013 02:57:42 | Computer Name = User-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 12.06.2013 05:57:58 | Computer Name = User-PC | Source = Sophos Message Router | ID = 8005
Description = DNS Lookup schlug bei Auflösung folgender Adressen fehl: sophos-sec.%3
 
Error - 12.06.2013 05:59:16 | Computer Name = User-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 13.06.2013 06:33:40 | Computer Name = User-PC | Source = Sophos Message Router | ID = 8005
Description = DNS Lookup schlug bei Auflösung folgender Adressen fehl: sophos-sec.%3
 
Error - 13.06.2013 06:34:38 | Computer Name = User-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 15.06.2013 04:59:41 | Computer Name = User-PC | Source = Sophos Message Router | ID = 8005
Description = DNS Lookup schlug bei Auflösung folgender Adressen fehl: sophos-sec.%3
 
Error - 15.06.2013 05:00:32 | Computer Name = User-PC | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 09.07.2013 07:32:39 | Computer Name = User-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Microsoft Antimalware Service" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%2
 
Error - 09.07.2013 17:19:21 | Computer Name = User-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 10.07.2013 06:05:45 | Computer Name = User-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Microsoft Antimalware Service" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%2
 
Error - 10.07.2013 17:40:26 | Computer Name = User-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 11.07.2013 06:05:14 | Computer Name = User-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Microsoft Antimalware Service" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%2
 
Error - 11.07.2013 12:52:49 | Computer Name = User-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 11.07.2013 12:52:52 | Computer Name = User-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 11.07.2013 12:52:52 | Computer Name = User-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 11.07.2013 12:52:53 | Computer Name = User-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 11.07.2013 12:52:53 | Computer Name = User-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
 
< End of report >
         
--- --- ---


OTL Papa
OTL EXTRAS Logfile:
Code:
ATTFilter
OTL logfile created on: 11.07.2013 18:58:35 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = E:\Virenscan ab 11.07.2013 BEIDE RECHNER
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,73 Gb Total Physical Memory | 6,27 Gb Available Physical Memory | 81,08% Memory free
15,46 Gb Paging File | 13,69 Gb Available in Paging File | 88,56% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 596,07 Gb Total Space | 528,64 Gb Free Space | 88,69% Space Free | Partition Type: NTFS
Drive E: | 7,45 Gb Total Space | 7,45 Gb Free Space | 99,99% Space Free | Partition Type: FAT32
 
Computer Name: USER-PC | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.07.11 18:39:26 | 000,602,112 | ---- | M] (OldTimer Tools) -- E:\Virenscan ab 11.07.2013 BEIDE RECHNER\1. Schritt OTL.exe
PRC - [2013.05.14 20:47:35 | 000,237,048 | ---- | M] (Sophos Limited) -- C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe
PRC - [2013.05.14 20:47:33 | 000,929,272 | ---- | M] (Sophos Limited) -- C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe
PRC - [2013.05.14 20:37:59 | 000,818,240 | ---- | M] (Sophos Limited) -- C:\Program Files (x86)\Sophos\Remote Management System\RouterNT.exe
PRC - [2013.05.14 20:37:54 | 000,289,856 | ---- | M] (Sophos Limited) -- C:\Program Files (x86)\Sophos\Remote Management System\ManagementAgentNT.exe
PRC - [2013.05.10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013.03.22 13:23:06 | 002,890,232 | ---- | M] (Sophos Limited) -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
PRC - [2013.02.15 09:31:33 | 000,217,592 | ---- | M] (Sophos Limited) -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe
PRC - [2012.12.05 11:11:44 | 000,357,400 | ---- | M] (Sophos Limited) -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe
PRC - [2012.11.02 17:11:44 | 000,159,296 | ---- | M] (Sophos Limited) -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe
PRC - [2011.10.01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011.10.01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011.05.25 09:25:30 | 002,214,504 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011.05.20 22:35:16 | 000,378,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010.11.17 09:53:16 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - File not found [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - File not found [Auto | Stopped] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2011.04.20 04:04:18 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2013.07.10 12:56:14 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.06.12 17:52:09 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.05.14 20:47:35 | 000,237,048 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe -- (Sophos AutoUpdate Service)
SRV - [2013.05.14 20:37:59 | 000,818,240 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files (x86)\Sophos\Remote Management System\RouterNT.exe -- (Sophos Message Router)
SRV - [2013.05.14 20:37:54 | 000,289,856 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files (x86)\Sophos\Remote Management System\ManagementAgentNT.exe -- (Sophos Agent)
SRV - [2013.05.10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013.03.22 13:23:06 | 002,890,232 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe -- (swi_service)
SRV - [2013.02.15 09:31:33 | 000,217,592 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe -- (SAVAdminService)
SRV - [2012.12.05 11:11:44 | 000,357,400 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe -- (Sophos Web Control Service)
SRV - [2012.12.05 11:11:16 | 002,010,688 | ---- | M] (Sophos Limited) [Auto | Stopped] -- C:\ProgramData\Sophos\Web Intelligence\swi_update_64.exe -- (swi_update_64)
SRV - [2012.11.02 17:11:44 | 000,159,296 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe -- (SAVService)
SRV - [2011.10.01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011.10.01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011.05.25 09:25:30 | 002,214,504 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011.05.20 22:35:16 | 000,378,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.21 01:53:42 | 000,496,232 | ---- | M] () [Auto | Running] -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)
SRV - [2010.01.21 01:53:42 | 000,209,000 | ---- | M] () [Auto | Running] -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe -- (nSvcIp)
SRV - [2010.01.09 22:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.11.02 17:12:39 | 000,154,952 | ---- | M] (Sophos Limited) [File_System | System | Running] -- C:\Windows\SysNative\drivers\savonaccess.sys -- (SAVOnAccess)
DRV:64bit: - [2012.08.17 13:42:16 | 000,088,480 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2012.08.17 13:42:16 | 000,046,400 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2012.08.10 13:59:54 | 000,036,640 | ---- | M] (Sophos Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdcfilter.sys -- (sdcfilter)
DRV:64bit: - [2012.08.10 13:55:43 | 000,025,608 | ---- | M] (Sophos Plc) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\SophosBootDriver.sys -- (SophosBootDriver)
DRV:64bit: - [2012.03.20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012.03.15 03:24:09 | 000,620,544 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.10.01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011.10.01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011.10.01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011.10.01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011.06.10 06:34:52 | 000,539,240 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.04.20 04:44:48 | 009,319,936 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011.04.20 03:22:32 | 000,306,176 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011.03.17 14:04:20 | 000,188,544 | ---- | M] (Advanced Micro Devices, INC.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdxhc.sys -- (amdxhc)
DRV:64bit: - [2011.03.17 14:04:18 | 000,087,168 | ---- | M] (Advanced Micro Devices, INC.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdhub30.sys -- (amdhub30)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.03.03 17:59:18 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011.02.10 14:52:34 | 000,181,760 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2011.02.10 14:52:34 | 000,082,432 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2011.01.27 04:23:38 | 000,385,512 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci)
DRV:64bit: - [2011.01.27 04:23:36 | 000,125,416 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3)
DRV:64bit: - [2010.12.16 11:39:08 | 012,256,512 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 05:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.11.17 14:04:32 | 000,115,216 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2010.10.19 17:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010.09.27 12:13:42 | 000,301,680 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP)
DRV:64bit: - [2010.09.27 12:13:42 | 000,278,640 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)
DRV:64bit: - [2010.09.27 12:13:42 | 000,203,624 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP)
DRV:64bit: - [2010.09.27 12:13:42 | 000,156,520 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP)
DRV:64bit: - [2010.09.27 12:13:42 | 000,058,992 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT)
DRV:64bit: - [2010.09.27 12:13:42 | 000,055,336 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AthDfu.sys -- (ATHDFU)
DRV:64bit: - [2010.09.27 12:13:42 | 000,038,248 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort)
DRV:64bit: - [2010.09.27 12:13:42 | 000,031,080 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS)
DRV:64bit: - [2010.07.13 17:57:08 | 000,069,736 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\itecir.sys -- (itecir)
DRV:64bit: - [2010.05.27 05:50:56 | 002,228,224 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010.05.15 13:11:48 | 001,327,520 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2010.03.04 12:26:58 | 000,349,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET)
DRV:64bit: - [2009.07.16 05:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:35:48 | 000,378,368 | ---- | M] (Realtek) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTL85n64.sys -- (RTL85n64)
DRV:64bit: - [2009.06.10 22:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{438CB363-A94D-4AE3-8F99-E93393D46036}: "URL" = hxxp://www.bing.com/?cc=de
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{50742086-32D3-4D7F-A73C-DDB2FBE0C4B3}: "URL" = hxxp://www.bing.com/?cc=de
 
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:22.0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nielsen/FirefoxTracker: C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter2\FirefoxAddOns\npfirefoxtracker.dll File not found
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\User\AppData\Local\Google\Update\1.3.21.149\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\User\AppData\Local\Google\Update\1.3.21.149\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\netsight@nielsen.com: C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter2\FirefoxAddOns\netsight@nielsen.xpi
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.07.10 12:56:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.7\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.06.27 21:00:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.7\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2013.06.27 21:00:30 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.07.10 12:56:07 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.7\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.06.27 21:00:29 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.7\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2013.06.27 21:00:30 | 000,000,000 | ---D | M]
 
[2012.08.10 10:22:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Extensions
[2012.10.23 10:29:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\mhqpyoqp.default\extensions
[2013.07.10 12:56:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions
[2013.07.10 12:56:15 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: 
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\User\AppData\Local\Google\Chrome\Application\21.0.1180.75\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\User\AppData\Local\Google\Chrome\Application\27.0.1453.116\gcswf32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\User\AppData\Local\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\User\AppData\Local\Google\Chrome\Application\27.0.1453.116\pdf.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Google Update (Enabled) = C:\Users\User\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations)
O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Communications)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey File not found
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [Sophos AutoUpdate Monitor] C:\Program Files (x86)\Sophos\AutoUpdate\almon.exe (Sophos Limited)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{68BC08E5-948F-46C9-A38C-2B5C6470D767}: DhcpNameServer = 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7F2F196E-84B7-45A9-9B19-8450188E69D6}: DhcpNameServer = 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B86D9162-AE10-4260-A533-E38D45BCE928}: DhcpNameServer = 192.168.0.1
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~2.DLL) - C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~2.DLL (Sophos Limited)
O20 - AppInit_DLLs: (C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~1.DLL) - C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Limited)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{9126db2e-db1b-11e1-a041-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{9126db2e-db1b-11e1-a041-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.07.11 17:53:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.07.11 17:53:07 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.07.11 17:53:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.07.10 12:56:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.06.27 21:00:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird
 
========== Files - Modified Within 30 Days ==========
 
[2013.07.11 18:54:02 | 001,506,782 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.07.11 18:54:02 | 000,656,694 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.07.11 18:54:02 | 000,618,576 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.07.11 18:54:02 | 000,131,208 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.07.11 18:54:02 | 000,107,598 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.07.11 18:53:03 | 000,000,000 | ---- | M] () -- C:\Users\User\defogger_reenable
[2013.07.11 18:52:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.07.11 18:23:00 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2260964575-2753946872-1401531445-1001UA.job
[2013.07.11 17:53:10 | 000,001,121 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.07.11 17:48:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.07.11 16:20:15 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2260964575-2753946872-1401531445-1001Core.job
[2013.07.11 12:13:20 | 000,026,464 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.07.11 12:13:20 | 000,026,464 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.07.11 12:05:54 | 000,000,035 | ---- | M] () -- C:\Users\Public\Documents\AtherosServiceConfig.ini
[2013.07.11 12:05:20 | 000,311,168 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.07.11 12:03:53 | 1932,091,391 | -HS- | M] () -- C:\hiberfil.sys
[2013.06.19 17:20:23 | 000,002,370 | ---- | M] () -- C:\Users\User\Desktop\Google Chrome.lnk
 
========== Files Created - No Company Name ==========
 
[2013.07.11 18:53:03 | 000,000,000 | ---- | C] () -- C:\Users\User\defogger_reenable
[2013.07.11 17:53:10 | 000,001,121 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.05.01 03:32:27 | 000,210,548 | ---- | C] () -- C:\ProgramData\SMRResults322.dat
[2012.11.16 17:48:57 | 000,000,403 | ---- | C] () -- C:\Windows\SIERRA.INI
[2012.09.22 17:42:11 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2012.08.10 10:25:18 | 001,532,588 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013.01.20 21:13:18 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Canneverbe Limited
[2012.08.13 18:00:33 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\InterTrust
[2012.11.17 15:20:21 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\LibreOffice
[2013.05.01 03:30:52 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\SoftGrid Client
[2012.08.10 14:17:57 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Thunderbird
[2013.03.15 21:26:30 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\TP
[2012.08.17 15:19:23 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Ubisoft
 
========== Purity Check ==========
 
 

< End of report >
         
--- --- ---


gmer_Papa
Code:
ATTFilter
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-07-11 19:31:00
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-3 WDC_WD6400BPVT-00HXZT1 rev.01.01A01 596,17GB
Running: 3. Schritt gmer_2.1.19163.exe; Driver: C:\Users\User\AppData\Local\Temp\kwtdapoc.sys


---- Kernel code sections - GMER 2.1 ----

INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 560                                                                     fffff800041bb000 45 bytes [00, 00, 1E, 02, 4D, 6D, 43, ...]
INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 607                                                                     fffff800041bb02f 16 bytes [00, 07, 00, 00, 00, 00, 00, ...]

---- User code sections - GMER 2.1 ----

.text     C:\Windows\Explorer.EXE[3784] C:\Windows\system32\kernel32.dll!CopyFileExW                                                             00000000777a23d0 5 bytes JMP 000000016fff00d8
.text     C:\Windows\Explorer.EXE[3784] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW                                                   000000007781f6c0 8 bytes JMP 000000016fff0110
.text     C:\Windows\Explorer.EXE[3784] C:\Windows\system32\ole32.dll!CoCreateInstance                                                           000007fefdc07490 11 bytes JMP 000007fffdb200d8
.text     C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe[2500] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69           0000000077371465 2 bytes [37, 77]
.text     C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe[2500] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155          00000000773714bb 2 bytes [37, 77]
.text     ...                                                                                                                                    * 2
.text     E:\Virenscan ab 11.07.2013 BEIDE RECHNER\3. Schritt gmer_2.1.19163.exe[2896] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69   0000000077371465 2 bytes [37, 77]
.text     E:\Virenscan ab 11.07.2013 BEIDE RECHNER\3. Schritt gmer_2.1.19163.exe[2896] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155  00000000773714bb 2 bytes [37, 77]
.text     ...                                                                                                                                    * 2

---- Threads - GMER 2.1 ----

Thread    C:\Windows\System32\spoolsv.exe [1592:3828]                                                                                            000007fef67910c8
Thread    C:\Windows\System32\spoolsv.exe [1592:3836]                                                                                            000007fef6316144
Thread    C:\Windows\System32\spoolsv.exe [1592:3840]                                                                                            000007fef9565fd0
Thread    C:\Windows\System32\spoolsv.exe [1592:3852]                                                                                            000007fef62f3438
Thread    C:\Windows\System32\spoolsv.exe [1592:3856]                                                                                            000007fef95663ec
Thread    C:\Windows\System32\spoolsv.exe [1592:3872]                                                                                            000007fef9495e5c
Thread    C:\Windows\system32\svchost.exe [1804:1912]                                                                                            000007fef9565fd0
Thread    C:\Windows\system32\svchost.exe [1804:1916]                                                                                            000007fef95663ec
Thread    C:\Windows\system32\svchost.exe [1804:4136]                                                                                            000007fef3108470
Thread    C:\Windows\system32\svchost.exe [1804:4140]                                                                                            000007fef3112418
Thread    C:\Windows\system32\taskhost.exe [3636:4840]                                                                                           000007fef78e5170
Thread    C:\Program Files\Windows Sidebar\sidebar.exe [2560:1960]                                                                               000007fef46b8c50
Thread    C:\Program Files\Windows Sidebar\sidebar.exe [2560:3908]                                                                               000007fef41a19b0
Thread    C:\Program Files\Windows Sidebar\sidebar.exe [2560:3692]                                                                               000007fef41a19b0
Thread    C:\Program Files\Windows Sidebar\sidebar.exe [2560:4232]                                                                               000007fef41a19b0
Thread    C:\Program Files\Windows Sidebar\sidebar.exe [2560:4244]                                                                               000007fef1452040
Thread    C:\Program Files\Windows Sidebar\sidebar.exe [2560:4248]                                                                               000007fef1452040
Thread    C:\Program Files\Windows Sidebar\sidebar.exe [2560:4252]                                                                               000007fef1452040
Thread    C:\Program Files\Windows Sidebar\sidebar.exe [2560:4256]                                                                               000007fef1452040
Thread    C:\Program Files\Windows Sidebar\sidebar.exe [2560:4260]                                                                               000007fef1452040
Thread    C:\Program Files\Windows Sidebar\sidebar.exe [2560:4264]                                                                               000007fef1452040
Thread    C:\Program Files\Windows Sidebar\sidebar.exe [2560:4268]                                                                               000007fef1452040
Thread    C:\Program Files\Windows Sidebar\sidebar.exe [2560:4272]                                                                               000007fef1452040

---- Registry - GMER 2.1 ----

Reg       HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0026832c1d2e                                                            
Reg       HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0026832c1d2e (not active ControlSet)                                        

---- EOF - GMER 2.1 ----
         
Soll ich die "Jan"-Files auch in Code nun posten?
__________________

Alt 11.07.2013, 19:17   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Spamhaus meldet verschiedenste Botnetze, Zbot, Torpig, etc - Standard

Spamhaus meldet verschiedenste Botnetze, Zbot, Torpig, etc



Was soll denn das jetzt werden, sind das Log von einem anderen Rechner?
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 11.07.2013, 19:28   #5
Seelenwinter
 
Spamhaus meldet verschiedenste Botnetze, Zbot, Torpig, etc - Standard

Spamhaus meldet verschiedenste Botnetze, Zbot, Torpig, etc



Hatte ich doch oben geschrieben, dass ich gern 2 Rechner, die im Heimnetzwerk hängen, gern überprüfen lassen würde.


Alt 11.07.2013, 20:27   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Spamhaus meldet verschiedenste Botnetze, Zbot, Torpig, etc - Standard

Spamhaus meldet verschiedenste Botnetze, Zbot, Torpig, etc



Ja, im ersten Beitrag hast du aber nur Logs eines Rechners gepostet und hinterher dann die des zweiten gepostet....es ist ziemlich sinnfrei und es wird chaotisch wenn Logs von verschiedenen Rechnern in einem Strang behandelt werden! Ist besteht einfach die Gefahr dass man Log und Fix nicht mehr eindeutig einem Rechner zuordnen kann und stell dir vor du verwechselst einen der beiden!

Also bitte entscheide dich erstmal hier nur für einen Rechner. Wenn das fertig ist machst du einen neuen Strang für den anderen Rechner auf.
__________________
--> Spamhaus meldet verschiedenste Botnetze, Zbot, Torpig, etc

Alt 11.07.2013, 20:34   #7
Seelenwinter
 
Spamhaus meldet verschiedenste Botnetze, Zbot, Torpig, etc - Standard

Spamhaus meldet verschiedenste Botnetze, Zbot, Torpig, etc



Dann nehmen wir die in den Codes geschrieben Log - also Papa.

Alt 11.07.2013, 21:03   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Spamhaus meldet verschiedenste Botnetze, Zbot, Torpig, etc - Standard

Spamhaus meldet verschiedenste Botnetze, Zbot, Torpig, etc



Und auf dem Rechner wurden ebenfall noch nie ein Schädling gefunden oder doch? Wenn ja, bitte nachreichen. Außerdem bitte ein Log mit FRST machen:

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________
Logfiles bitte immer in CODE-Tags posten

Alt 11.07.2013, 21:20   #9
Seelenwinter
 
Spamhaus meldet verschiedenste Botnetze, Zbot, Torpig, etc - Standard

Spamhaus meldet verschiedenste Botnetze, Zbot, Torpig, etc



Soweit ich weiß nicht, nein. Wenn ich einen Log finde, poste ich ihn.
[CODE]FRST
FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-07-2013
Ran by User (administrator) on 11-07-2013 22:18:03
Running from E:\Virenscan ab 11.07.2013 BEIDE RECHNER
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AMD) C:\Windows\system32\atiesrxx.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe
(AMD) C:\Windows\system32\atieclxx.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Remote Management System\ManagementAgentNT.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Remote Management System\RouterNT.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
() C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
() C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [IgfxTray] - C:\Windows\system32\igfxtray.exe [167960 2010-12-20] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [391704 2010-12-20] (Intel Corporation)
HKLM\...\Run: [Persistence] - C:\Windows\system32\igfxpers.exe [418328 2010-12-20] (Intel Corporation)
HKLM\...\Run: [AtherosBtStack] - "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe" [613024 2010-09-27] (Atheros Communications)
HKLM\...\Run: [AthBtTray] - "C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe" [379040 2010-09-27] (Atheros Commnucations)
HKLM\...\Run: [MSC] - "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [x]
HKCU\...\Run: [Sidebar] - C:\Program Files\Windows Sidebar\sidebar.exe /autoRun [1475584 2010-11-21] (Microsoft Corporation)
HKCU\...\Run: [Google Update] - "C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe" /c [116648 2012-08-10] (Google Inc.)
MountPoints2: {9126db2e-db1b-11e1-a041-806e6f6e6963} - D:\Autorun.exe
HKLM-x32\...\Run: [HDAudDeck] - C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r [2439072 2010-05-24] (VIA)
HKLM-x32\...\Run: [NUSB3MON] - "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Sophos AutoUpdate Monitor] - C:\Program Files (x86)\Sophos\AutoUpdate\almon.exe [929272 2013-05-14] (Sophos Limited)
HKU\Default\...\RunOnce: [mctadmin] - C:\Windows\System32\mctadmin.exe [97280 2009-07-14] (Microsoft Corporation)
HKU\Default User\...\RunOnce: [mctadmin] - C:\Windows\System32\mctadmin.exe [97280 2009-07-14] (Microsoft Corporation)
AppInit_DLLs: C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~2.DLL [218256 2013-05-14] (Sophos Limited)
AppInit_DLLs-x32: C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~1.DLL [221840 2013-05-14] (Sophos Limited)

==================== Internet (Whitelisted) ====================

HKLM SearchScopes: DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
HKLM-x32 SearchScopes: DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO-x32: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO-x32: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\mhqpyoqp.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nielsen/FirefoxTracker - C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter2\FirefoxAddOns\npfirefoxtracker.dll No File
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\User\AppData\Local\Google\Update\1.3.21.149\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\User\AppData\Local\Google\Update\1.3.21.149\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM-x32\...\Firefox\Extensions: [netsight@nielsen.com] C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter2\FirefoxAddOns\netsight@nielsen.xpi

Chrome: 
=======
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Users\User\AppData\Local\Google\Chrome\Application\21.0.1180.75\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Shockwave Flash) - C:\Users\User\AppData\Local\Google\Chrome\Application\27.0.1453.116\gcswf32.dll No File
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\User\AppData\Local\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\User\AppData\Local\Google\Chrome\Application\27.0.1453.116\pdf.dll ()
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (Google Update) - C:\Users\User\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File

==================== Services (Whitelisted) =================

R2 ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe [496232 2010-01-21] ()
R2 nSvcIp; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe [209000 2010-01-21] ()
R2 SAVAdminService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe [217592 2013-02-15] (Sophos Limited)
R2 SAVService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe [159296 2012-11-02] (Sophos Limited)
R2 Sophos Agent; C:\Program Files (x86)\Sophos\Remote Management System\ManagementAgentNT.exe [289856 2013-05-14] (Sophos Limited)
R2 Sophos AutoUpdate Service; C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe [237048 2013-05-14] (Sophos Limited)
R2 Sophos Message Router; C:\Program Files (x86)\Sophos\Remote Management System\RouterNT.exe [818240 2013-05-14] (Sophos Limited)
R2 Sophos Web Control Service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe [357400 2012-12-05] (Sophos Limited)
R2 swi_service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [2890232 2013-03-22] (Sophos Limited)
S2 swi_update_64; C:\ProgramData\Sophos\Web Intelligence\swi_update_64.exe [2010688 2012-12-05] (Sophos Limited)
S2 MsMpSvc; "c:\Program Files\Microsoft Security Client\MsMpEng.exe" [x]
S3 NisSrv; "c:\Program Files\Microsoft Security Client\NisSrv.exe" [x]

==================== Drivers (Whitelisted) ====================

R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [88480 2012-08-17] ()
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [46400 2012-08-17] ()
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [203888 2012-03-20] (Microsoft Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-16] ()
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [98688 2012-03-20] (Microsoft Corporation)
S3 RTL85n64; C:\Windows\System32\DRIVERS\RTL85n64.sys [378368 2009-06-10] (Realtek)
R1 SAVOnAccess; C:\Windows\System32\DRIVERS\savonaccess.sys [154952 2012-11-02] (Sophos Limited)
S3 sdcfilter; C:\Windows\System32\DRIVERS\sdcfilter.sys [36640 2012-08-10] (Sophos Limited)
S4 SophosBootDriver; C:\Windows\System32\DRIVERS\SophosBootDriver.sys [25608 2012-08-10] (Sophos Plc)
S3 NTIOLib_1_0_C; \??\D:\NTIOLib_X64.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-11 22:14 - 2013-07-11 22:14 - 00000000 ____D C:\FRST
2013-07-11 18:53 - 2013-07-11 18:53 - 00000000 ____A C:\Users\User\defogger_reenable
2013-07-11 17:54 - 2013-07-11 17:54 - 36271144 ____A (Safer-Networking Ltd.                                       ) C:\Users\User\Downloads\spybot-2.1.exe
2013-07-11 17:53 - 2013-07-11 17:53 - 00001121 ____A C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-07-11 17:53 - 2013-07-11 17:53 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-11 17:53 - 2013-04-04 14:50 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-07-11 17:50 - 2013-07-11 17:50 - 10285040 ____A (Malwarebytes Corporation                                    ) C:\Users\User\Downloads\mbam-setup-1.75.0.1300.exe
2013-07-10 23:47 - 2013-06-12 01:43 - 14329856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-10 23:47 - 2013-06-12 01:43 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-10 23:47 - 2013-06-12 01:43 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-10 23:47 - 2013-06-12 01:43 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-10 23:47 - 2013-06-12 01:43 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-10 23:47 - 2013-06-12 01:43 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-10 23:47 - 2013-06-12 01:43 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-10 23:47 - 2013-06-12 01:42 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-10 23:47 - 2013-06-12 01:42 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-10 23:47 - 2013-06-12 01:42 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-10 23:47 - 2013-06-12 01:42 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-10 23:47 - 2013-06-12 01:42 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-10 23:47 - 2013-06-12 01:42 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-10 23:47 - 2013-06-12 01:26 - 02241024 ____A (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-10 23:47 - 2013-06-12 01:26 - 01365504 ____A (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-10 23:47 - 2013-06-12 01:26 - 00051712 ____A (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-10 23:47 - 2013-06-12 01:25 - 19238912 ____A (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-10 23:47 - 2013-06-12 01:25 - 15404032 ____A (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-10 23:47 - 2013-06-12 01:25 - 03958784 ____A (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-10 23:47 - 2013-06-12 01:25 - 02648576 ____A (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-10 23:47 - 2013-06-12 01:25 - 00855552 ____A (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-10 23:47 - 2013-06-12 01:25 - 00603136 ____A (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-10 23:47 - 2013-06-12 01:25 - 00526336 ____A (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-10 23:47 - 2013-06-12 01:25 - 00136704 ____A (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-10 23:47 - 2013-06-12 01:25 - 00067072 ____A (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-10 23:47 - 2013-06-12 01:25 - 00053248 ____A (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-10 23:47 - 2013-06-12 01:25 - 00039936 ____A (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-10 23:47 - 2013-06-12 00:51 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-10 23:47 - 2013-06-12 00:50 - 00089600 ____A (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-07-10 23:47 - 2013-06-07 05:22 - 02706432 ____A (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-10 23:47 - 2013-06-07 04:37 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-10 14:22 - 2013-06-05 05:34 - 03153920 ____A (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-07-10 14:22 - 2013-06-04 08:00 - 00624128 ____A (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-07-10 14:22 - 2013-06-04 06:53 - 00509440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-07-10 14:22 - 2013-05-06 08:03 - 01887744 ____A (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-10 14:22 - 2013-05-06 06:56 - 01620480 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-10 14:21 - 2013-04-10 01:34 - 01247744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-07-10 14:21 - 2013-04-03 00:51 - 01643520 ____A (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-07-10 12:56 - 2013-07-10 12:56 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-06-27 21:00 - 2013-06-28 12:56 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2013-06-12 16:56 - 2013-05-10 07:49 - 00030720 ____A (Microsoft Corporation) C:\Windows\system32\cryptdlg.dll
2013-06-12 16:56 - 2013-05-10 05:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2013-06-12 16:56 - 2013-05-08 08:39 - 01910632 ____A (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-06-12 16:56 - 2013-04-26 07:51 - 00751104 ____A (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2013-06-12 16:56 - 2013-04-26 06:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-06-12 16:55 - 2013-05-13 07:51 - 01464320 ____A (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-06-12 16:55 - 2013-05-13 07:51 - 00184320 ____A (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-06-12 16:55 - 2013-05-13 07:51 - 00139776 ____A (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-06-12 16:55 - 2013-05-13 07:50 - 00052224 ____A (Microsoft Corporation) C:\Windows\system32\certenc.dll
2013-06-12 16:55 - 2013-05-13 06:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-06-12 16:55 - 2013-05-13 06:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-06-12 16:55 - 2013-05-13 06:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-06-12 16:55 - 2013-05-13 05:43 - 01192448 ____A (Microsoft Corporation) C:\Windows\system32\certutil.exe
2013-06-12 16:55 - 2013-05-13 05:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2013-06-12 16:55 - 2013-05-13 05:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2013-06-12 16:55 - 2013-04-26 01:30 - 01505280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-06-12 16:55 - 2013-04-17 09:02 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-06-12 16:55 - 2013-04-17 08:24 - 01424384 ____A (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2013-06-12 16:55 - 2013-04-01 00:52 - 01887232 ____A (Microsoft Corporation) C:\Windows\system32\d3d11.dll

==================== One Month Modified Files and Folders =======

2013-07-11 22:16 - 2011-05-07 01:46 - 01059225 ____A C:\Windows\WindowsUpdate.log
2013-07-11 22:14 - 2013-07-11 22:14 - 00000000 ____D C:\FRST
2013-07-11 22:13 - 2012-08-10 13:32 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-07-11 22:13 - 2011-06-25 22:53 - 00000035 ____A C:\Users\Public\Documents\AtherosServiceConfig.ini
2013-07-11 22:13 - 2011-05-16 01:38 - 00000000 ____D C:\ProgramData\NVIDIA
2013-07-11 22:13 - 2009-07-14 07:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-07-11 22:13 - 2009-07-14 06:51 - 00061138 ____A C:\Windows\setupact.log
2013-07-11 21:52 - 2012-08-25 20:23 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-11 21:23 - 2012-08-10 14:00 - 00001116 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2260964575-2753946872-1401531445-1001UA.job
2013-07-11 18:54 - 2010-11-21 08:50 - 00656694 ____A C:\Windows\system32\perfh007.dat
2013-07-11 18:54 - 2010-11-21 08:50 - 00131208 ____A C:\Windows\system32\perfc007.dat
2013-07-11 18:54 - 2009-07-14 07:13 - 01506782 ____A C:\Windows\system32\PerfStringBackup.INI
2013-07-11 18:53 - 2013-07-11 18:53 - 00000000 ____A C:\Users\User\defogger_reenable
2013-07-11 17:59 - 2013-04-28 23:16 - 00000000 ____D C:\ProgramData\SecTaskMan
2013-07-11 17:58 - 2013-04-28 23:16 - 00000000 ____D C:\Program Files (x86)\Security Task Manager
2013-07-11 17:54 - 2013-07-11 17:54 - 36271144 ____A (Safer-Networking Ltd.                                       ) C:\Users\User\Downloads\spybot-2.1.exe
2013-07-11 17:53 - 2013-07-11 17:53 - 00001121 ____A C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-07-11 17:53 - 2013-07-11 17:53 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-11 17:50 - 2013-07-11 17:50 - 10285040 ____A (Malwarebytes Corporation                                    ) C:\Users\User\Downloads\mbam-setup-1.75.0.1300.exe
2013-07-11 16:20 - 2012-08-10 14:00 - 00001064 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2260964575-2753946872-1401531445-1001Core.job
2013-07-11 12:13 - 2009-07-14 06:45 - 00026464 ___AH C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-11 12:13 - 2009-07-14 06:45 - 00026464 ___AH C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-11 12:05 - 2009-07-14 06:45 - 00311168 ____A C:\Windows\system32\FNTCACHE.DAT
2013-07-11 12:04 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-11 12:04 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-07-11 12:03 - 2010-11-21 09:00 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-10 23:48 - 2012-08-10 10:46 - 78185248 ____A (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-07-10 12:56 - 2013-07-10 12:56 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-07-09 14:18 - 2012-08-10 14:00 - 00004084 ____A C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2260964575-2753946872-1401531445-1001UA
2013-07-09 14:18 - 2012-08-10 14:00 - 00003688 ____A C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2260964575-2753946872-1401531445-1001Core
2013-06-28 12:56 - 2013-06-27 21:00 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2013-06-26 15:10 - 2013-04-29 19:53 - 00000000 ____D C:\Users\User\AppData\Local\CrashDumps
2013-06-19 17:20 - 2012-08-10 14:00 - 00002370 ____A C:\Users\User\Desktop\Google Chrome.lnk
2013-06-13 15:25 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-06-12 17:52 - 2012-08-25 20:23 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-06-12 17:52 - 2012-08-25 20:23 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-06-12 17:52 - 2012-08-25 20:23 - 00003822 ____A C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-06-12 01:43 - 2013-07-10 23:47 - 14329856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-12 01:43 - 2013-07-10 23:47 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-06-12 01:43 - 2013-07-10 23:47 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-06-12 01:43 - 2013-07-10 23:47 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-12 01:43 - 2013-07-10 23:47 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-06-12 01:43 - 2013-07-10 23:47 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-06-12 01:43 - 2013-07-10 23:47 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-06-12 01:42 - 2013-07-10 23:47 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-12 01:42 - 2013-07-10 23:47 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-12 01:42 - 2013-07-10 23:47 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-12 01:42 - 2013-07-10 23:47 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-06-12 01:42 - 2013-07-10 23:47 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-06-12 01:42 - 2013-07-10 23:47 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-06-12 01:26 - 2013-07-10 23:47 - 02241024 ____A (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-06-12 01:26 - 2013-07-10 23:47 - 01365504 ____A (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-06-12 01:26 - 2013-07-10 23:47 - 00051712 ____A (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-06-12 01:25 - 2013-07-10 23:47 - 19238912 ____A (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-06-12 01:25 - 2013-07-10 23:47 - 15404032 ____A (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-06-12 01:25 - 2013-07-10 23:47 - 03958784 ____A (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-06-12 01:25 - 2013-07-10 23:47 - 02648576 ____A (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-06-12 01:25 - 2013-07-10 23:47 - 00855552 ____A (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-06-12 01:25 - 2013-07-10 23:47 - 00603136 ____A (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-06-12 01:25 - 2013-07-10 23:47 - 00526336 ____A (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-06-12 01:25 - 2013-07-10 23:47 - 00136704 ____A (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-06-12 01:25 - 2013-07-10 23:47 - 00067072 ____A (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-06-12 01:25 - 2013-07-10 23:47 - 00053248 ____A (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-06-12 01:25 - 2013-07-10 23:47 - 00039936 ____A (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-06-12 00:51 - 2013-07-10 23:47 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-06-12 00:50 - 2013-07-10 23:47 - 00089600 ____A (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe

Files to move or delete:
====================
C:\ProgramData\ntuser.dat
C:\ProgramData\SMRResults322.dat

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-07-03 14:07

==================== End Of Log ============================
         
--- --- ---


Code:
ATTFilter
Addition
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-07-2013
Ran by User at 2013-07-11 22:18:25
Running from E:\Virenscan ab 11.07.2013 BEIDE RECHNER
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

   
Adobe Acrobat 5.0 (x32 Version: 5.0)
Adobe Flash Player 11 ActiveX (x32 Version: 11.7.700.224)
Adobe Flash Player 11 Plugin (x32 Version: 11.7.700.224)
Adobe Reader X (10.1.7) - Deutsch (x32 Version: 10.1.7)
AMD Catalyst Install Manager (Version: 3.0.838.0)
AMD Drag and Drop Transcoding (Version: 2.00.0000)
ANNO 1404 - Königsedition (x32 Version: 1.02.0000)
ANNO 1503 (x32 Version: 1.05.00)
Anno 1701 (x32 Version: 1.00)
Bluetooth Win7 Suite (64) (Version: 7.2.0.34)
Catalyst Control Center InstallProxy (x32 Version: 2011.0728.1756.30366)
CDBurnerXP (Version: 4.3.8.2523)
Die Siedler - Aufbruch der Kulturen (x32)
Die Siedler 7 (x32 Version: 1.12.1396)
Google Chrome (HKCU Version: 27.0.1453.116)
Herrscher des Olymp - Zeus (x32)
Intel(R) Processor Graphics (x32 Version: 8.15.10.2266)
ITE Infrared Transceiver (x32 Version: 1.00.0000)
LibreOffice 3.6 (x32 Version: 3.6.3.2)
Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft Office 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Klick-und-Los 2010 (Version: 14.0.4763.1000)
Microsoft Office Klick-und-Los 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Starter 2010 - Deutsch (x32 Version: 14.0.4763.1000)
Microsoft Security Client (Version: 4.0.1526.0)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Mozilla Firefox 22.0 (x86 en-US) (x32 Version: 22.0)
Mozilla Maintenance Service (x32 Version: 22.0)
Mozilla Thunderbird 17.0.7 (x86 de) (x32 Version: 17.0.7)
NVIDIA 3D Vision Treiber 275.33 (Version: 275.33)
NVIDIA Drivers (Version: 1.10.57.35)
NVIDIA ForceWare Network Access Manager (x32 Version: 1.00.7325.0)
NVIDIA Grafiktreiber 275.33 (Version: 275.33)
NVIDIA HD-Audiotreiber 1.2.22.1 (Version: 1.2.22.1)
NVIDIA Install Application (Version: 2.275.80.0)
NVIDIA PhysX (x32 Version: 9.10.0514)
NVIDIA PhysX-Systemsoftware 9.10.0514 (Version: 9.10.0514)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.12.7533)
NVIDIA Systemsteuerung 275.33 (Version: 275.33)
NVIDIA Update 1.3.5 (Version: 1.3.5)
NVIDIA Update Components (Version: 1.3.5)
Pharao (x32)
Platform (x32 Version: 1.34)
Realtek Ethernet Controller Driver (x32 Version: 7.37.1229.2010)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.34.0)
rosoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Security Task Manager 1.8d (x32 Version: 1.8d)
Sophos Anti-Virus (x32 Version: 10.2.8)
Sophos AutoUpdate (x32 Version: 2.9.0.344)
Sophos Remote Management System (x32 Version: 3.4.1)
Ubisoft Game Launcher (x32 Version: 1.0.0.0)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
VIA Plattform-Geräte-Manager (x32 Version: 1.34)
WinRAR 4.00 (64-Bit) (Version: 4.00.0)
WMV9/VC-1 Video Playback (Version: 1.00.0000)

==================== Restore Points  =========================

07-06-2013 12:36:15 Geplanter Prüfpunkt
12-06-2013 18:48:02 Windows Update
16-06-2013 01:00:30 Windows Update
18-06-2013 21:10:13 Windows Update
26-06-2013 17:18:54 Geplanter Prüfpunkt
04-07-2013 09:50:05 Geplanter Prüfpunkt
10-07-2013 21:40:34 Windows Update

==================== Hosts content: ==========================

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {38DD3574-6899-41AC-8A84-4848A2C1991C} - System32\Tasks\Microsoft\Windows\MUI\Lpksetup => C:\Windows\System32\lpksetup.exe [2010-11-21] (Microsoft Corporation)
Task: {75424128-44D6-4F0B-A79E-5CB844042362} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2260964575-2753946872-1401531445-1001UA => C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-10] (Google Inc.)
Task: {7C3D97B2-FBEB-4D61-86E1-85266134A6E7} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => C:\Program Files\Microsoft Security Client\MpCmdRun.exe No File
Task: {93B16227-76F0-4799-8214-749AED26E0D4} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2260964575-2753946872-1401531445-1001Core => C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-10] (Google Inc.)
Task: {C8C5C4EB-F75D-4808-93F8-BC6F2AE5CDF6} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-12] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2260964575-2753946872-1401531445-1001Core.job => C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2260964575-2753946872-1401531445-1001UA.job => C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/11/2013 10:14:52 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/11/2013 10:13:42 PM) (Source: Sophos Message Router) (User: NT-AUTORITÄT)
Description: DNS Lookup schlug bei Auflösung folgender Adressen fehl: sophos-sec.%%3

Error: (07/11/2013 00:05:56 PM) (Source: Sophos Message Router) (User: NT-AUTORITÄT)
Description: DNS Lookup schlug bei Auflösung folgender Adressen fehl: sophos-sec.%%3

Error: (07/11/2013 00:05:43 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/10/2013 00:07:29 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/10/2013 00:06:45 PM) (Source: Sophos Message Router) (User: NT-AUTORITÄT)
Description: DNS Lookup schlug bei Auflösung folgender Adressen fehl: sophos-sec.%%3

Error: (07/09/2013 01:34:23 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/09/2013 01:33:32 PM) (Source: Sophos Message Router) (User: NT-AUTORITÄT)
Description: DNS Lookup schlug bei Auflösung folgender Adressen fehl: sophos-sec.%%3

Error: (07/08/2013 11:17:18 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/08/2013 11:16:24 AM) (Source: Sophos Message Router) (User: NT-AUTORITÄT)
Description: DNS Lookup schlug bei Auflösung folgender Adressen fehl: sophos-sec.%%3


System errors:
=============
Error: (07/11/2013 10:14:21 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.

Error: (07/11/2013 10:14:21 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.

Error: (07/11/2013 10:14:19 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.

Error: (07/11/2013 10:13:19 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Microsoft Antimalware Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (07/11/2013 10:11:15 PM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (07/11/2013 06:52:53 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.

Error: (07/11/2013 06:52:53 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.

Error: (07/11/2013 06:52:52 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.

Error: (07/11/2013 06:52:52 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.

Error: (07/11/2013 06:52:49 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.


Microsoft Office Sessions:
=========================
Error: (07/11/2013 10:14:52 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/11/2013 10:13:42 PM) (Source: Sophos Message Router)(User: NT-AUTORITÄT)
Description: sophos-sec

Error: (07/11/2013 00:05:56 PM) (Source: Sophos Message Router)(User: NT-AUTORITÄT)
Description: sophos-sec

Error: (07/11/2013 00:05:43 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/10/2013 00:07:29 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/10/2013 00:06:45 PM) (Source: Sophos Message Router)(User: NT-AUTORITÄT)
Description: sophos-sec

Error: (07/09/2013 01:34:23 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/09/2013 01:33:32 PM) (Source: Sophos Message Router)(User: NT-AUTORITÄT)
Description: sophos-sec

Error: (07/08/2013 11:17:18 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/08/2013 11:16:24 AM) (Source: Sophos Message Router)(User: NT-AUTORITÄT)
Description: sophos-sec


CodeIntegrity Errors:
===================================
  Date: 2013-05-11 15:50:32.859
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-05-11 15:50:32.859
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-05-11 15:50:32.859
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-05-11 15:50:32.843
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-05-11 15:50:32.843
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-05-11 15:50:32.828
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-05-10 13:27:36.636
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-05-10 13:27:36.621
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-05-10 13:27:36.621
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-05-10 13:27:36.605
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Percentage of memory in use: 19%
Total physical RAM: 7918.12 MB
Available physical RAM: 6381.56 MB
Total Pagefile: 15834.42 MB
Available Pagefile: 14248.71 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (Windows7) (Fixed) (Total:596.07 GB) (Free:528.52 GB) NTFS (Disk=0 Partition=2)
Drive e: (LEXAR) (Removable) (Total:7.45 GB) (Free:7.45 GB) FAT32 (Disk=1 Partition=1)

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596 GB) (Disk ID: 3EAE5DE7)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=596 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 7 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=7 GB) - (Type=0B)

==================== End Of Log ============================
         

Alt 11.07.2013, 21:35   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Spamhaus meldet verschiedenste Botnetze, Zbot, Torpig, etc - Standard

Spamhaus meldet verschiedenste Botnetze, Zbot, Torpig, etc



Bitte die drei Tools MBAR / aswMBR / TDSSkiller nun ausführen und die Logs in CODE-Tags posten


MBAR (Malwarebytes Anti-Rootkit)

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers


aswMBR

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).



TDSS-Killer

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 11.07.2013, 22:30   #11
Seelenwinter
 
Spamhaus meldet verschiedenste Botnetze, Zbot, Torpig, etc - Standard

Spamhaus meldet verschiedenste Botnetze, Zbot, Torpig, etc



Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.06.0.1004
www.malwarebytes.org

Database version: v2013.07.11.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16635
User :: USER-PC [administrator]

11.07.2013 22:49:16
mbar-log-2013-07-11 (22-49-16).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P
Scan options disabled: PUP
Objects scanned: 247875
Time elapsed: 9 minute(s), 

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
         
Code:
ATTFilter
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-07-11 22:58:40
-----------------------------
22:58:40.022    OS Version: Windows x64 6.1.7601 Service Pack 1
22:58:40.022    Number of processors: 4 586 0x102
22:58:40.022    ComputerName: USER-PC  UserName: User
22:58:41.332    Initialize success
22:59:01.316    AVAST engine defs: 13071101
22:59:29.148    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-3
22:59:29.148    Disk 0 Vendor: WDC_WD6400BPVT-00HXZT1 01.01A01 Size: 610480MB BusType: 3
22:59:29.273    Disk 0 MBR read successfully
22:59:29.273    Disk 0 MBR scan
22:59:29.289    Disk 0 Windows 7 default MBR code
22:59:29.304    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
22:59:29.320    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       610378 MB offset 206848
22:59:29.569    Disk 0 scanning C:\Windows\system32\drivers
22:59:39.803    Service scanning
22:59:52.642    Service NTIOLib_1_0_C D:\NTIOLib_X64.sys **LOCKED** 21
23:00:07.353    Modules scanning
23:00:07.353    Disk 0 trace - called modules:
23:00:07.399    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys 
23:00:07.415    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007822060]
23:00:07.431    3 CLASSPNP.SYS[fffff8800145143f] -> nt!IofCallDriver -> [0xfffffa80067f6520]
23:00:07.431    5 ACPI.sys[fffff88000ef37a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP3T0L0-3[0xfffffa80067f3060]
23:00:08.772    AVAST engine scan C:\Windows
23:00:11.284    AVAST engine scan C:\Windows\system32
23:03:27.766    AVAST engine scan C:\Windows\system32\drivers
23:03:40.745    AVAST engine scan C:\Users\User
23:12:11.631    AVAST engine scan C:\ProgramData
23:18:49.728    Disk 0 MBR has been saved successfully to "E:\Virenscan ab 11.07.2013 papa\MBR.dat"
23:18:49.759    The log file has been saved successfully to "E:\Virenscan ab 11.07.2013 papa\aswMBR.txt"
         
TDSSKillerLogFile musste ich als .rar anhängen, ist zu groß zum posten als CODE oder .txt

Alt 11.07.2013, 23:23   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Spamhaus meldet verschiedenste Botnetze, Zbot, Torpig, etc - Standard

Spamhaus meldet verschiedenste Botnetze, Zbot, Torpig, etc



Der Rechner ist sauber, alle Logs sind bislang unauffällig - aber lass nochmal adware und toolbars entfernen:

JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




Im Anschluss:

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).


Danach eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles in CODE-Tags hier in den Thread.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 12.07.2013, 00:01   #13
Seelenwinter
 
Spamhaus meldet verschiedenste Botnetze, Zbot, Torpig, etc - Standard

Spamhaus meldet verschiedenste Botnetze, Zbot, Torpig, etc



Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.0.7 (07.11.2013:1)
OS: Windows 7 Home Premium x64
Ran by User on 12.07.2013 at  0:30:48,31
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\mhqpyoqp.default\minidumps [283 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 12.07.2013 at  0:35:46,97
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
Code:
ATTFilter
# AdwCleaner v2.305 - Datei am 12/07/2013 um 00:36:20 erstellt
# Aktualisiert am 11/07/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : User - USER-PC
# Bootmodus : Normal
# Ausgeführt unter : E:\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****


***** [Registrierungsdatenbank] *****


***** [Internet Browser] *****

-\\ Internet Explorer v10.0.9200.16635

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v22.0 (en-US)

-\\ Google Chrome v27.0.1453.116

*************************

AdwCleaner[R1].txt - [616 octets] - [12/07/2013 00:36:20]

########## EOF - C:\AdwCleaner[R1].txt - [675 octets] ##########
         
Code:
ATTFilter
OTL logfile created on: 12.07.2013 00:41:27 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = E:\
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,73 Gb Total Physical Memory | 6,34 Gb Available Physical Memory | 81,97% Memory free
15,46 Gb Paging File | 14,02 Gb Available in Paging File | 90,64% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 596,07 Gb Total Space | 528,48 Gb Free Space | 88,66% Space Free | Partition Type: NTFS
Drive E: | 7,45 Gb Total Space | 7,45 Gb Free Space | 99,98% Space Free | Partition Type: FAT32
 
Computer Name: USER-PC | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - E:\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe (Sophos Limited)
PRC - C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe (Sophos Limited)
PRC - C:\Program Files (x86)\Sophos\Remote Management System\RouterNT.exe (Sophos Limited)
PRC - C:\Program Files (x86)\Sophos\Remote Management System\ManagementAgentNT.exe (Sophos Limited)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe (Sophos Limited)
PRC - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe (Sophos Limited)
PRC - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe (Sophos Limited)
PRC - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe (Sophos Limited)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
 
 
========== Modules (No Company Name) ==========
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (NisSrv) -- c:\Program Files\Microsoft Security Client\NisSrv.exe File not found
SRV:64bit: - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe File not found
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (Sophos AutoUpdate Service) -- C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe (Sophos Limited)
SRV - (Sophos Message Router) -- C:\Program Files (x86)\Sophos\Remote Management System\RouterNT.exe (Sophos Limited)
SRV - (Sophos Agent) -- C:\Program Files (x86)\Sophos\Remote Management System\ManagementAgentNT.exe (Sophos Limited)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (swi_service) -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe (Sophos Limited)
SRV - (SAVAdminService) -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe (Sophos Limited)
SRV - (Sophos Web Control Service) -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe (Sophos Limited)
SRV - (swi_update_64) -- C:\ProgramData\Sophos\Web Intelligence\swi_update_64.exe (Sophos Limited)
SRV - (SAVService) -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe (Sophos Limited)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (ForceWare Intelligent Application Manager (IAM) -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe ()
SRV - (nSvcIp) -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe ()
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (SAVOnAccess) -- C:\Windows\SysNative\drivers\savonaccess.sys (Sophos Limited)
DRV:64bit: - (atksgt) -- C:\Windows\SysNative\drivers\atksgt.sys ()
DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\drivers\lirsgt.sys ()
DRV:64bit: - (sdcfilter) -- C:\Windows\SysNative\drivers\sdcfilter.sys (Sophos Limited)
DRV:64bit: - (SophosBootDriver) -- C:\Windows\SysNative\drivers\SophosBootDriver.sys (Sophos Plc)
DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (netr28x) -- C:\Windows\SysNative\drivers\netr28x.sys (Ralink Technology, Corp.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdxhc) -- C:\Windows\SysNative\drivers\amdxhc.sys (Advanced Micro Devices, INC.)
DRV:64bit: - (amdhub30) -- C:\Windows\SysNative\drivers\amdhub30.sys (Advanced Micro Devices, INC.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation)
DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation)
DRV:64bit: - (asmtxhci) -- C:\Windows\SysNative\drivers\asmtxhci.sys (ASMedia Technology Inc)
DRV:64bit: - (asmthub3) -- C:\Windows\SysNative\drivers\asmthub3.sys (ASMedia Technology Inc)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (BTATH_A2DP) -- C:\Windows\SysNative\drivers\btath_a2dp.sys (Atheros)
DRV:64bit: - (BtFilter) -- C:\Windows\SysNative\drivers\btfilter.sys (Atheros)
DRV:64bit: - (BTATH_HCRP) -- C:\Windows\SysNative\drivers\btath_hcrp.sys (Atheros)
DRV:64bit: - (BTATH_RCP) -- C:\Windows\SysNative\drivers\btath_rcp.sys (Atheros)
DRV:64bit: - (BTATH_LWFLT) -- C:\Windows\SysNative\drivers\btath_lwflt.sys (Atheros)
DRV:64bit: - (ATHDFU) -- C:\Windows\SysNative\drivers\AthDfu.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (AthBTPort) -- C:\Windows\SysNative\drivers\btath_flt.sys (Atheros)
DRV:64bit: - (BTATH_BUS) -- C:\Windows\SysNative\drivers\btath_bus.sys (Atheros)
DRV:64bit: - (itecir) -- C:\Windows\SysNative\drivers\itecir.sys (ITE Tech. Inc. )
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (VIAHdAudAddService) -- C:\Windows\SysNative\drivers\viahduaa.sys (VIA Technologies, Inc.)
DRV:64bit: - (NVNET) -- C:\Windows\SysNative\drivers\nvmf6264.sys (NVIDIA Corporation)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys ()
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (RTL85n64) -- C:\Windows\SysNative\drivers\RTL85n64.sys (Realtek)
DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\drivers\nvm62x64.sys (NVIDIA Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{438CB363-A94D-4AE3-8F99-E93393D46036}: "URL" = hxxp://www.bing.com/?cc=de
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{50742086-32D3-4D7F-A73C-DDB2FBE0C4B3}: "URL" = hxxp://www.bing.com/?cc=de
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-2260964575-2753946872-1401531445-1000\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-2260964575-2753946872-1401531445-1001\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-2260964575-2753946872-1401531445-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKU\S-1-5-21-2260964575-2753946872-1401531445-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:22.0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nielsen/FirefoxTracker: C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter2\FirefoxAddOns\npfirefoxtracker.dll File not found
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\User\AppData\Local\Google\Update\1.3.21.149\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\User\AppData\Local\Google\Update\1.3.21.149\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\netsight@nielsen.com: C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter2\FirefoxAddOns\netsight@nielsen.xpi
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.07.10 12:56:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.7\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.06.27 21:00:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.7\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2013.06.27 21:00:30 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.07.10 12:56:07 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.7\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.06.27 21:00:29 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.7\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2013.06.27 21:00:30 | 000,000,000 | ---D | M]
 
[2012.08.10 10:22:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Extensions
[2012.10.23 10:29:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\mhqpyoqp.default\extensions
[2013.07.10 12:56:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions
[2013.07.10 12:56:15 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: 
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\User\AppData\Local\Google\Chrome\Application\21.0.1180.75\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\User\AppData\Local\Google\Chrome\Application\27.0.1453.116\gcswf32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\User\AppData\Local\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\User\AppData\Local\Google\Chrome\Application\27.0.1453.116\pdf.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Google Update (Enabled) = C:\Users\User\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations)
O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Communications)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey File not found
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [Sophos AutoUpdate Monitor] C:\Program Files (x86)\Sophos\AutoUpdate\almon.exe (Sophos Limited)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2260964575-2753946872-1401531445-1000..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-2260964575-2753946872-1401531445-1000..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{68BC08E5-948F-46C9-A38C-2B5C6470D767}: DhcpNameServer = 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7F2F196E-84B7-45A9-9B19-8450188E69D6}: DhcpNameServer = 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B86D9162-AE10-4260-A533-E38D45BCE928}: DhcpNameServer = 192.168.0.1
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~2.DLL) - C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~2.DLL (Sophos Limited)
O20 - AppInit_DLLs: (C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~1.DLL) - C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Limited)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{9126db2e-db1b-11e1-a041-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{9126db2e-db1b-11e1-a041-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.07.12 00:30:45 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.07.11 22:49:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
[2013.07.11 17:53:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.07.11 17:53:07 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.07.11 17:53:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.07.10 23:47:31 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.07.10 23:47:30 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.07.10 23:47:29 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013.07.10 23:47:29 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013.07.10 23:47:29 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013.07.10 23:47:29 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013.07.10 23:47:29 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013.07.10 23:47:29 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013.07.10 23:47:29 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013.07.10 23:47:29 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013.07.10 23:47:28 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013.07.10 23:47:27 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.07.10 23:47:27 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.07.10 23:47:27 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.07.10 23:47:26 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.07.10 14:22:39 | 000,624,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qedit.dll
[2013.07.10 14:22:39 | 000,509,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qedit.dll
[2013.07.10 14:22:38 | 001,887,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL
[2013.07.10 14:22:38 | 001,620,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL
[2013.07.10 14:21:48 | 001,643,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2013.07.10 12:56:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.06.27 21:00:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird
[2013.06.12 16:56:07 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2013.06.12 16:56:07 | 000,492,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2013.06.12 16:56:00 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptdlg.dll
[2013.06.12 16:56:00 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cryptdlg.dll
[2013.06.12 16:55:56 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
[2013.06.12 16:55:51 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2013.06.12 16:55:51 | 001,192,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certutil.exe
[2013.06.12 16:55:51 | 000,903,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certutil.exe
[2013.06.12 16:55:51 | 000,139,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2013.06.12 16:55:51 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certenc.dll
[2013.06.12 16:55:51 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certenc.dll
[2013.06.12 16:55:42 | 001,887,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll
[2013.06.12 16:55:42 | 001,505,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll
 
========== Files - Modified Within 30 Days ==========
 
[2013.07.12 00:39:03 | 000,000,035 | ---- | M] () -- C:\Users\Public\Documents\AtherosServiceConfig.ini
[2013.07.12 00:38:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.07.12 00:38:39 | 1932,091,391 | -HS- | M] () -- C:\hiberfil.sys
[2013.07.12 00:30:02 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2260964575-2753946872-1401531445-1001UA.job
[2013.07.11 23:52:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.07.11 23:28:18 | 000,026,464 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.07.11 23:28:18 | 000,026,464 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.07.11 18:54:02 | 001,506,782 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.07.11 18:54:02 | 000,656,694 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.07.11 18:54:02 | 000,618,576 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.07.11 18:54:02 | 000,131,208 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.07.11 18:54:02 | 000,107,598 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.07.11 18:53:03 | 000,000,000 | ---- | M] () -- C:\Users\User\defogger_reenable
[2013.07.11 17:53:10 | 000,001,121 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.07.11 16:20:15 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2260964575-2753946872-1401531445-1001Core.job
[2013.07.11 12:05:20 | 000,311,168 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.06.19 17:20:23 | 000,002,370 | ---- | M] () -- C:\Users\User\Desktop\Google Chrome.lnk
[2013.06.12 17:52:09 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.06.12 17:52:09 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.06.12 01:43:00 | 000,690,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.06.12 01:42:58 | 000,391,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.06.12 01:42:58 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013.06.12 01:42:58 | 000,061,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013.06.12 01:42:58 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013.06.12 01:26:36 | 000,051,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013.06.12 01:25:29 | 000,603,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.06.12 01:25:16 | 003,958,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.06.12 01:25:16 | 000,855,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.06.12 01:25:13 | 000,526,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.06.12 01:25:13 | 000,136,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013.06.12 01:25:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013.06.12 01:25:13 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013.06.12 00:51:45 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013.06.12 00:50:58 | 000,089,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
 
========== Files Created - No Company Name ==========
 
[2013.07.11 18:53:03 | 000,000,000 | ---- | C] () -- C:\Users\User\defogger_reenable
[2013.07.11 17:53:10 | 000,001,121 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.05.01 03:32:27 | 000,210,548 | ---- | C] () -- C:\ProgramData\SMRResults322.dat
[2012.11.16 17:48:57 | 000,000,403 | ---- | C] () -- C:\Windows\SIERRA.INI
[2012.09.22 17:42:11 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2012.08.10 10:25:18 | 001,532,588 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >
         
Code:
ATTFilter
OTL Extras logfile created on: 12.07.2013 00:41:27 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = E:\
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,73 Gb Total Physical Memory | 6,34 Gb Available Physical Memory | 81,97% Memory free
15,46 Gb Paging File | 14,02 Gb Available in Paging File | 90,64% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 596,07 Gb Total Space | 528,48 Gb Free Space | 88,66% Space Free | Partition Type: NTFS
Drive E: | 7,45 Gb Total Space | 7,45 Gb Free Space | 99,98% Space Free | Partition Type: FAT32
 
Computer Name: USER-PC | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-2260964575-2753946872-1401531445-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
"" = 
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05073E78-83A6-4FE8-AA9F-D10949984FB5}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{1B67F702-5AC6-4749-AA66-4F787B6459E7}" = lport=137 | protocol=17 | dir=in | app=system | 
"{2137E3DE-604D-4F0D-9FD4-5F2C524F5B80}" = lport=138 | protocol=17 | dir=in | app=system | 
"{605103F9-497B-42C7-81EF-D025497A92A6}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{9B51A794-6821-4BA5-AA25-FC0156CD84B4}" = lport=445 | protocol=6 | dir=in | app=system | 
"{B7F463F1-FB29-47E8-8B68-C408C834E5DE}" = rport=137 | protocol=17 | dir=out | app=system | 
"{C225A984-3CD8-4525-9001-A9037D542094}" = rport=138 | protocol=17 | dir=out | app=system | 
"{D892DCD8-2776-4D43-ADA1-A01C57A8AFED}" = rport=445 | protocol=6 | dir=out | app=system | 
"{E46B3CFB-5F16-41FB-AADD-305F1B54B2F2}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{F0813CE2-CE9B-4CD1-9051-742FD1E389A4}" = lport=139 | protocol=6 | dir=in | app=system | 
"{F9E58F3A-DB2A-4391-BB5B-E17851764DAD}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{FF155EDA-47DB-4AFE-9891-D31517294743}" = rport=139 | protocol=6 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0D72737B-90E4-4494-A861-19D3C9351782}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{100A7AD9-D4F8-4483-BE88-5E4309A506D9}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{1355C2F1-B942-4791-97DD-7FAF47AF08F6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{17898EFB-C193-4439-976B-9401291998E9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{1A368489-DFF6-4242-9694-03AAE7411FB0}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404 - königsedition\tools\anno4web.exe | 
"{1DB1E9EE-75CA-4EDE-BE1B-ECEAD3886CAE}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404 - königsedition\tools\anno4web.exe | 
"{1E79D0E5-5C31-46C1-8C35-FEB02DAFDC9D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{3933AE47-4425-4A60-B243-A8BC29E9770E}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{3B8CE719-D76F-4913-8D7D-2F9C72B83046}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404 - königsedition\tools\benchmark.exe | 
"{42D3C73F-D663-49E2-8C4D-41D27B025B59}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\die siedler 7\data\base\_dbg\bin\release\settlers7r.exe | 
"{5DF20CAC-1402-491D-A4DA-E626A1D70057}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{69ABB665-ECAD-4C66-9A9E-70E0A4F3B5DE}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404 - königsedition\tools\addonweb.exe | 
"{6B7E7B1B-B9F2-4438-9A84-2887078FF254}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404 - königsedition\tools\addonweb.exe | 
"{70D813B4-9DE8-42BF-8ECF-2E4C3560C93E}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404 - königsedition\addon.exe | 
"{7F464863-5C3C-4E23-B959-39BE4A6C26DE}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404 - königsedition\tools\benchmark.exe | 
"{84103EBD-0A7E-41D6-89B3-1E138A3D50A9}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{91D0DBAE-6C34-49AE-95E0-7A5CBC99D5C1}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404 - königsedition\addon.exe | 
"{95E6FDF4-8565-4721-B030-D499D9DFD551}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404 - königsedition\anno4.exe | 
"{9A45E8DA-345F-4612-8F21-08A5CA1BDAAF}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404 - königsedition\anno4.exe | 
"{A98F5860-C5EA-45AC-849B-1809EDB1D041}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{AA47801D-5BAE-4CDC-A79A-0E1F6A4DACA6}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{C757EA78-8BE6-437A-9625-B7C387DBF6A1}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{C7AEA4AA-8108-4165-A6C4-41B8BD4B12CB}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\die siedler 7\data\base\_dbg\bin\release\settlers7r.exe | 
"{D5075763-3ECD-46CA-BC1F-C1C6842C1B9D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{DF4504CB-17B1-4EE7-A1BC-60806619C2BD}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 | 
"{F277C6AC-FD37-454E-9B81-AB71EE3B3B3F}" = protocol=58 | dir=in | app=system | 
"TCP Query User{D7FDF872-D9E1-4739-BE3A-C5DAD9C0E65B}C:\program files (x86)\anno 1701\anno1701.exe" = protocol=6 | dir=in | app=c:\program files (x86)\anno 1701\anno1701.exe | 
"UDP Query User{EF68ACD1-9608-408E-9917-8195ECD01567}C:\program files (x86)\anno 1701\anno1701.exe" = protocol=17 | dir=in | app=c:\program files (x86)\anno 1701\anno1701.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{230D1595-57DA-4933-8C4E-375797EBB7E1}" = Bluetooth Win7 Suite (64)
"{40B91513-A7B9-94AB-5353-926FB1C07334}" = WMV9/VC-1 Video Playback
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{8A61B820-598D-05B2-5F8D-7388E15AE2DB}" = AMD Drag and Drop Transcoding
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{9AFAAEAF-7256-793D-AE2B-B4B2C5B3A807}" = AMD Catalyst Install Manager
"{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 275.33
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.3.5
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.2.22.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"NVIDIA Drivers" = NVIDIA Drivers
"WinRAR archiver" = WinRAR 4.00 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{15C418EB-7675-42be-B2B3-281952DA014D}" = Sophos AutoUpdate
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404 - Königsedition
"{40580068-9B10-40B5-9548-536CE88AB23C}" = ITE Infrared Transceiver
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{63860309-DA8A-4BAE-9EAE-CE1D6D79340C}" = Die Siedler 7
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{91B1F7B1-9721-D228-F591-2C2A4695302C}" = Catalyst Control Center InstallProxy
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9ACB414D-9347-40B6-A453-5EFB2DB59DFA}" = Sophos Anti-Virus
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2433A63-5F5D-40E5-B529-9123C2B3E734}" = Anno 1701
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.7) - Deutsch
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{CBCF6C86-4738-4A84-9C2C-331804DCEB9B}" = LibreOffice 3.6
"{EBBB1DEF-8878-4CB8-BC0D-1196B30E7527}" = ANNO 1503
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{FED1005D-CBC8-45D5-A288-FFC7BB304121}" = Sophos Remote Management System
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Herrscher des Olymp - Zeus" = Herrscher des Olymp - Zeus
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Mozilla Firefox 22.0 (x86 en-US)" = Mozilla Firefox 22.0 (x86 en-US)
"Mozilla Thunderbird 17.0.7 (x86 de)" = Mozilla Thunderbird 17.0.7 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"Pharao" = Pharao
"SADK" = Die Siedler - Aufbruch der Kulturen
"Security Task Manager" = Security Task Manager 1.8d
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-2260964575-2753946872-1401531445-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 11.07.2013 18:39:31 | Computer Name = User-PC | Source = Sophos Message Router | ID = 8005
Description = DNS Lookup schlug bei Auflösung folgender Adressen fehl: sophos-sec.%3
 
Error - 11.07.2013 18:40:27 | Computer Name = User-PC | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 11.07.2013 18:37:49 | Computer Name = User-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 11.07.2013 18:38:44 | Computer Name = User-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Microsoft Antimalware Service" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%2
 
 
< End of report >
         
Danke für die Hilfe.
Wollen wir dann morgen mit dem anderen Rechner weitermachen?

Alt 12.07.2013, 11:00   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Spamhaus meldet verschiedenste Botnetze, Zbot, Torpig, etc - Standard

Spamhaus meldet verschiedenste Botnetze, Zbot, Torpig, etc



Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Vollscan mit Malwarebytes Anti-Malware (MBAM) (falls du vor kurzem erst einen Vollscan gemacht hast, reicht auch ein Quickscan (spart Zeit), das dann mir bitte auch mitteilen)

Hinweis: Denk bitte vorher daran, Malwarebytes Anti-Malware über den Updatebutton zu aktualisieren!

Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

__________________
Logfiles bitte immer in CODE-Tags posten

Alt 13.07.2013, 16:48   #15
Seelenwinter
 
Spamhaus meldet verschiedenste Botnetze, Zbot, Torpig, etc - Standard

Spamhaus meldet verschiedenste Botnetze, Zbot, Torpig, etc



Entschuldige, dass ich heute erst antworten kann, ich kam leider nicht eher dazu.

Code:
ATTFilter
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.07.13.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16635
User :: USER-PC [Administrator]

13.07.2013 15:13:44
mbam-log-2013-07-13 (15-13-44).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|Q:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 372938
Laufzeit: 52 Minute(n), 53 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         
ESET war ebenfalls ohne Funde.

Antwort

Themen zu Spamhaus meldet verschiedenste Botnetze, Zbot, Torpig, etc
antivirus, bho, browser, desktop, error, fehler 5, firefox, flash player, google, helper, hijack, hijackthis, homepage, popup, realtek, registry, scan, security, server, software, spamhaus, svchost.exe, teamspeak, viren, windows, windows xp




Ähnliche Themen: Spamhaus meldet verschiedenste Botnetze, Zbot, Torpig, etc


  1. Windows 7: Avira meldet TR/Spy.zbot
    Log-Analyse und Auswertung - 29.06.2015 (9)
  2. Virenscanner meldet Textdatei als Trojanische Pferd TR/Spy.ZBot.akt
    Plagegeister aller Art und deren Bekämpfung - 24.07.2014 (6)
  3. Windows 7: Avira PC Cleaner meldet TR/Spy.ZBot.alw und TR/Small.EB.38
    Log-Analyse und Auswertung - 10.03.2014 (15)
  4. ESET meldet spy.zbot.aao trojaner
    Plagegeister aller Art und deren Bekämpfung - 05.12.2013 (9)
  5. Spamhaus meldet verschiedenste Botnetze, Zbot, Torpig, etc (2. PC)
    Log-Analyse und Auswertung - 03.10.2013 (14)
  6. Win 7: Essential will neustarten, meldet PWS:WIN32/Zbot.gen!AM
    Log-Analyse und Auswertung - 03.09.2013 (9)
  7. 2x | ZeuS/ZBot-Trojaner - MBAM meldet IP-Angriffe
    Mülltonne - 17.04.2013 (1)
  8. T-Online meldet Infektion mit Torpig/Sinowal und Mebroot - 3 PCs, welcher hats?
    Plagegeister aller Art und deren Bekämpfung - 28.10.2012 (34)
  9. Avira meldet Infizierung mit TR/Spy.zbot
    Plagegeister aller Art und deren Bekämpfung - 12.10.2012 (47)
  10. Antivir meldet Fund : TR/Spy.Zbot.edsd
    Plagegeister aller Art und deren Bekämpfung - 25.07.2012 (31)
  11. T-Online meldet Torpig und Mebroot
    Log-Analyse und Auswertung - 09.08.2011 (12)
  12. T-Online meldet Torpig und Mebroot
    Log-Analyse und Auswertung - 03.08.2011 (18)
  13. Avira meldet Malware gefunden (TR/Spy.ZBot.29.8)
    Plagegeister aller Art und deren Bekämpfung - 26.12.2010 (3)
  14. AntiVir meldet: TR/Spy.ZBot.apcm
    Plagegeister aller Art und deren Bekämpfung - 23.10.2010 (1)
  15. Antivir meldet folgenden Trojaner TR/PSW.Zbot.144378.Y
    Log-Analyse und Auswertung - 05.08.2010 (16)
  16. Antivir meldet alle 10min. TR/PSW.Zbot.133169.Y
    Plagegeister aller Art und deren Bekämpfung - 14.07.2010 (29)
  17. AntiVir meldet verschiedenste Trojaner bei öffnen von Browsern.
    Log-Analyse und Auswertung - 29.03.2010 (31)

Zum Thema Spamhaus meldet verschiedenste Botnetze, Zbot, Torpig, etc - Hallo liebes Trojaner-Board. (ich hoffe, das ist das richtige Forum) Seit Monaten bekomme ich über Outlook eine Fehlermeldung, sobald ich E-Mails über meine Webseite verschicken will "Fehler 550, please see - Spamhaus meldet verschiedenste Botnetze, Zbot, Torpig, etc...
Archiv
Du betrachtest: Spamhaus meldet verschiedenste Botnetze, Zbot, Torpig, etc auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.