| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: TR/small.FiWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
19.06.2012, 16:18
| #1 |
 |  TR/small.Fi Auf dem Notebook meiner Tochter kommt ständige die AviraAntivir Meldung das der TR/Smal.FI gefunden wurde. Entfernen durch das Programm funktioniert nicht, und auch hier habe ich keine richtige Anleitung gefunden wie ich den Trojaner wieder los werden kann. Ich habe mal AMB laufen lassen und poste das Ergebnis im Anschluss. Der Rechner hat eine Win7 Starter Version Ich hoffe ihr könnt mir helfen Gruß Ulli Malwarebytes Anti-Malware (Test) 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.06.19.04 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 Sabrina Pech :: SABRINAPECH-PC [Administrator] Schutz: Aktiviert 19.06.2012 15:17:44 mbam-log-2012-06-19 (15-17-44).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 297938 Laufzeit: 1 Stunde(n), 49 Minute(n), 31 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 1 HKCU\SOFTWARE\CLASSES\CLSID\{42AEDC87-2188-41FD-B9A3-0C966FEABEC1}\INPROCSERVER32 (Trojan.Zaccess) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 1 HKCU\SOFTWARE\CLASSES\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InprocServer32| (Trojan.Zaccess) -> Daten: C:\Users\Sabrina Pech\AppData\Local\{7a1f4d6b-74d1-a62f-b0c6-a8eaefe2fe2b}\n. -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 5 C:\Users\Sabrina Pech\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0HBQG7PZ\8[1].exe (Heuristics.Shuriken) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Sabrina Pech\AppData\Local\{7a1f4d6b-74d1-a62f-b0c6-a8eaefe2fe2b}\n (Rootkit.0Access) -> Löschen bei Neustart. C:\Windows\Installer\{7a1f4d6b-74d1-a62f-b0c6-a8eaefe2fe2b}\n (Rootkit.0Access) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Windows\Installer\{7a1f4d6b-74d1-a62f-b0c6-a8eaefe2fe2b}\U\80000000.@ (Trojan.Sirefef) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Windows\Installer\{7a1f4d6b-74d1-a62f-b0c6-a8eaefe2fe2b}\U\800000cb.@ (Rootkit.0Access) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) |
|
20.06.2012, 07:07
| #2 | |
| /// Malwareteam    | TR/small.Fi Mein Name ist Marius und ich werde dir bei deinem Problem helfen. Eines vorneweg: Hinweis: Wir können hier nie dafür garantieren, dass wir sämtliche Reste von Schadsoftware gefunden haben. Eine Formatierung ist meist der schnellste und immer der sicherste Weg. Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass dein Rechner clean ist. Eine Bereinigung ist mitunter mit viel Arbeit für dich verbunden.
Vista und Win7 User Alle Tools mit Rechtsklick --> "als Administrator ausführen" starten. Zitat:
Schritt 1: defogger Downloade Dir bitte defogger von jpshortstuff auf Deinem Desktop.
Klicke den Re-enable Button nicht ohne Anweisung. Schritt 2: OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden)
Schritt 3: Gmer Bitte
Schritt 4: Scan mit TDSS-Killer Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts "fixen" sondern nur einen Scan Report sehen. Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ |
|
20.06.2012, 16:03
| #3 |
| | TR/small.Fi Hallo Marius,
__________________danke schon mal für deine Antwort. Ich werde jetzt mal loslegen und nachher dier ersten log´s posten wie du beschrieben hast. Da ich berufstätig bin und das Netbook nicht an das Firmennetz anschließen möchte kann ich nur nach Feierabend arbeiten, aber wir haben ja Zeit. Gruß Ulli So hier der Logfile von Defogger Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 17:07 on 20/06/2012 (Sabrina Pech)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Und hier die OTL-Logfiles Code:
ATTFilter OTL Extras logfile created on: 6/20/2012 5:33:09 PM - Run 3
OTL by OldTimer - Version 3.2.49.0 Folder = C:\Users\Sabrina Pech\Desktop
Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1015.24 Mb Total Physical Memory | 308.24 Mb Available Physical Memory | 30.36% Memory free
1.99 Gb Paging File | 1.04 Gb Available in Paging File | 52.29% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 80.00 Gb Total Space | 50.57 Gb Free Space | 63.22% Space Free | Partition Type: NTFS
Drive D: | 59.03 Gb Total Space | 58.94 Gb Free Space | 99.85% Space Free | Partition Type: NTFS
Computer Name: SABRINAPECH-PC | User Name: Sabrina Pech | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"AutoUpdateDisableNotify" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
========== Firewall Settings ==========
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{119B7481-0216-40D2-A5CC-C3E1F461ECC1}" = Windows Live Fotogalerie
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{185AFA7A-F63E-450B-94AA-011CAC18090E}" = E-Cam
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216029FF}" = Java(TM) 6 Update 29
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2E741D13-BD2A-45EB-8342-7127233E5DAC}" = LocaleMe
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate for Eee PC
"{6333FC29-BFE5-4024-AC78-958A1A7555D1}" = EeeSplendid
"{71C0E38E-09F2-4386-9977-404D4F6640CD}" = Hotkey Service
"{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37}" = ICQ7.4
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110209593}" = Chicken Invaders 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110413757}" = Smileyville
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115233673}" = Dream Day Wedding Married in Manhattan
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-116864777}" = Piggly
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{88F08F98-12BC-4613-81A2-8F9B88CFC73E}" = Super Hybrid Engine
"{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}" = Ralink RT2860 Wireless LAN Card
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{91E04CA7-0B13-4F8C-AA4D-2A573AC96D19}" = Windows Live Essentials
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A736ED15-FE0B-462F-9EF2-E021F622D232}_is1" = GamePark Console
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.5.1 MUI
"{B7DBF6E8-0D17-4BE4-853B-ACD6EFBD4A1F}" = iTunes
"{C04E7C11-A3DA-480B-9018-F292E04CA26A}" = FontResizer
"{CC4BBCBA-89F6-47C3-9B0F-5CE5BB1C316C}" = WEB.DE Toolbar MSVC100 CRT x86
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{ED636101-1959-4360-8BF7-209436E7DEE4}" = Windows Live Sync
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"1&1 Mail & Media GmbH 1und1InternetExplorerAddon" = WEB.DE Internet Explorer Addon
"1&1 Mail & Media GmbH 1und1Softwareaktualisierung" = WEB.DE Softwareaktualisierung
"1&1 Mail & Media GmbH Toolbar IE8" = WEB.DE Toolbar für Internet Explorer
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"ASUS VIBE" = ASUS VIBE
"Avira AntiVir Desktop" = Avira Free Antivirus
"Eee Docking_is1" = Eee Docking 2.4.0
"Free YouTube Download_is1" = Free YouTube Download 2.9
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"ICQToolbar" = ICQ Toolbar
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Thunderbird (3.1.6)" = Mozilla Thunderbird (3.1.6)
"Picasa 3" = Picasa 3
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TeamViewer 6" = TeamViewer 6
"WinLiveSuite_Wave3" = Windows Live Essentials
"xp-AntiSpy" = xp-AntiSpy 3.97-5
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 9/23/2011 2:24:56 PM | Computer Name = SabrinaPech-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 9/25/2011 3:23:44 PM | Computer Name = SabrinaPech-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 9/26/2011 12:13:24 PM | Computer Name = SabrinaPech-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 9/29/2011 4:03:59 PM | Computer Name = SabrinaPech-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 10/2/2011 1:40:57 AM | Computer Name = SabrinaPech-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 10/5/2011 1:10:50 PM | Computer Name = SabrinaPech-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 10/10/2011 3:32:44 PM | Computer Name = SabrinaPech-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 10/17/2011 1:50:08 AM | Computer Name = SabrinaPech-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 8.0.7600.16869,
Zeitstempel: 0x4e4f21db Name des fehlerhaften Moduls: SkypeIEPlugin.dll_unloaded,
Version: 0.0.0.0, Zeitstempel: 0x4a5c7a42 Ausnahmecode: 0xc0000005 Fehleroffset:
0x04664294 ID des fehlerhaften Prozesses: 0x39c Startzeit der fehlerhaften Anwendung:
0x01cc8c9048a35b9f Pfad der fehlerhaften Anwendung: C:\Program Files\Internet Explorer\iexplore.exe
Pfad
des fehlerhaften Moduls: SkypeIEPlugin.dll Berichtskennung: de437bb3-f883-11e0-a560-90e6ba5ef010
Error - 10/17/2011 2:04:40 AM | Computer Name = SabrinaPech-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 10/21/2011 3:29:07 AM | Computer Name = SabrinaPech-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =
[ System Events ]
Error - 6/19/2012 11:25:47 AM | Computer Name = SabrinaPech-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem
Fehler beendet: %%-2147024891
Error - 6/19/2012 11:25:47 AM | Computer Name = SabrinaPech-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuche-Ressourcenveröffentlichung"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%-2147024891
Error - 6/19/2012 12:49:37 PM | Computer Name = SabrinaPech-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuche-Ressourcenveröffentlichung"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%-2147024891
Error - 6/19/2012 12:49:37 PM | Computer Name = SabrinaPech-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem
Fehler beendet: %%-2147024891
Error - 6/20/2012 10:56:39 AM | Computer Name = SabrinaPech-PC | Source = Service Control Manager | ID = 7003
Description = Der Dienst "IKE- und AuthIP IPsec-Schlüsselerstellungsmodule" ist
von folgendem Dienst abhängig: BFE. Dieser Dienst ist eventuell nicht installiert.
Error - 6/20/2012 10:56:39 AM | Computer Name = SabrinaPech-PC | Source = Service Control Manager | ID = 7003
Description = Der Dienst "IPsec-Richtlinien-Agent" ist von folgendem Dienst abhängig:
BFE. Dieser Dienst ist eventuell nicht installiert.
Error - 6/20/2012 10:56:41 AM | Computer Name = SabrinaPech-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Computerbrowser" wurde mit folgendem Fehler beendet: %%1060
Error - 6/20/2012 10:57:20 AM | Computer Name = SabrinaPech-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
Error - 6/20/2012 10:57:40 AM | Computer Name = SabrinaPech-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem
Fehler beendet: %%-2147024891
Error - 6/20/2012 10:57:40 AM | Computer Name = SabrinaPech-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuche-Ressourcenveröffentlichung"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%-2147024891
< End of report >
Code:
ATTFilter OTL logfile created on: 6/20/2012 5:33:09 PM - Run 3 OTL by OldTimer - Version 3.2.49.0 Folder = C:\Users\Sabrina Pech\Desktop Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1015.24 Mb Total Physical Memory | 308.24 Mb Available Physical Memory | 30.36% Memory free 1.99 Gb Paging File | 1.04 Gb Available in Paging File | 52.29% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files Drive C: | 80.00 Gb Total Space | 50.57 Gb Free Space | 63.22% Space Free | Partition Type: NTFS Drive D: | 59.03 Gb Total Space | 58.94 Gb Free Space | 99.85% Space Free | Partition Type: NTFS Computer Name: SABRINAPECH-PC | User Name: Sabrina Pech | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Sabrina Pech\Desktop\Defogger.exe () PRC - C:\Users\Sabrina Pech\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Windows\System32\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.exe (Adobe Systems Incorporated) PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Program Files\ICQ6Toolbar\ICQ Service.exe () PRC - C:\Program Files\EeePC\HotkeyService\HotkeyService.exe (ASUSTeK Computer Inc.) PRC - C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe (ASUSTeK Computer Inc.) PRC - C:\Windows\System32\AsusService.exe () PRC - C:\Program Files\ASUS\Eee Docking\Eee Docking.exe () PRC - C:\Program Files\EeePC\SHE\SuperHybridEngine.exe (ASUSTeK Computer Inc.) PRC - C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe (Synaptics Incorporated) ========== Modules (No Company Name) ========== MOD - C:\Users\Sabrina Pech\Desktop\Defogger.exe () MOD - C:\Program Files\ASUS\Eee Docking\Eee Docking.exe () ========== Win32 Services (SafeList) ========== SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (TeamViewer6) -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (ICQ Service) -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe () SRV - (AsusService) -- C:\Windows\System32\AsusService.exe () ========== Driver Services (SafeList) ========== DRV - (hwdatacard) -- system32\DRIVERS\ewusbmdm.sys File not found DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH) DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.) DRV - (L1C) NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20) -- C:\Windows\System32\drivers\L1C62x86.sys (Atheros Communications, Inc.) DRV - (kbfiltr) -- C:\Windows\System32\drivers\kbfiltr.sys ( ) DRV - (Serial) -- C:\Windows\System32\drivers\serial.sys (Brother Industries Ltd.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.web.de/br/ie9_startpage IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKCU\..\SearchScopes,DefaultScope = {06869B77-90B0-4EF9-87BD-30ABC74E72B4} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{06869B77-90B0-4EF9-87BD-30ABC74E72B4}: "URL" = hxxp://www.google.de/search?q={searchTerms}&rlz=1I7ADFA_deDE463 IE - HKCU\..\SearchScopes\{09038620-190C-402B-A92F-18864E6AB22F}: "URL" = hxxp://go.1und1.de/br/ie9_search_web/?su={searchTerms} IE - HKCU\..\SearchScopes\{40064957-18EB-412d-9146-3F57E8D92EEC}: "URL" = hxxp://go.web.de/br/ie9_search_pic/?su={searchTerms} IE - HKCU\..\SearchScopes\{5A817CF6-92D5-4DE5-AC38-82DF8A73EF28}: "URL" = hxxp://go.gmx.net/br/ie9_search_web/?su={searchTerms} IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\..\SearchScopes\{6B1D1FB7-7233-4F7C-802C-21A1DDB12754}: "URL" = hxxp://go.web.de/br/ie9_search_web/?su={searchTerms} IE - HKCU\..\SearchScopes\{8B63A8D6-BBED-4341-8867-790E5F524C96}: "URL" = hxxp://mystart.incredimail.com/?search={searchTerms}&loc=search_box IE - HKCU\..\SearchScopes\{8D27B32E-89EE-460e-82D2-5FC354078EAD}: "URL" = hxxp://go.web.de/br/ie9_search_produkte/?su={searchTerms} IE - HKCU\..\SearchScopes\{DCE59F23-A446-45a5-9459-E68FDC0DE38D}: "URL" = hxxp://go.web.de/br/ie9_search_maps/?su={searchTerms} IE - HKCU\..\SearchScopes\{E7F6D5FF-7641-43F6-BD64-C536FAF84857}: "URL" = hxxp://de.wikipedia.org/wiki/Spezial:Search?search={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> ========== FireFox ========== FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8064.0206: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.6\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010/11/19 14:10:30 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.6\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010/11/19 14:10:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sabrina Pech\AppData\Roaming\mozilla\Extensions [2010/11/19 14:10:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sabrina Pech\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} O1 HOSTS File: ([2009/06/10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (WEB.DE Konfiguration) - {17166733-40EA-4432-A85C-AE672FF0E236} - C:\ProgramData\1und1InternetExplorerAddon\BHOXML.dll (1&1 Mail & Media GmbH) O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.) O2 - BHO: (WEB.DE Toolbar BHO) - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Program Files\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH) O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found. O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKLM\..\Toolbar: (WEB.DE Toolbar) - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Program Files\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (WEB.DE Toolbar) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Program Files\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [HotkeyService] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [SuperHybridEngine] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.) O4 - HKLM..\Run: [SynAsusAcpi] C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe (Synaptics Incorporated) O4 - HKCU..\Run: [Eee Docking] C:\Program Files\ASUS\Eee Docking\Eee Docking.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O9 - Extra Button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files\ICQ7.4\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files\ICQ7.4\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{37111A14-3BEA-4D0A-B9AE-49902A8FBA3E}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{62411B94-E832-4471-88F7-CA88E7E51CD1}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\webde {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Program Files\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{80c53cb4-d5f9-11de-8a54-90e6ba5ef010}\Shell - "" = AutoRun O33 - MountPoints2\{80c53cb4-d5f9-11de-8a54-90e6ba5ef010}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{80c53cb8-d5f9-11de-8a54-90e6ba5ef010}\Shell - "" = AutoRun O33 - MountPoints2\{80c53cb8-d5f9-11de-8a54-90e6ba5ef010}\Shell\AutoRun\command - "" = E:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012/06/19 15:06:49 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Sabrina Pech\Desktop\OTL.exe [2012/06/19 15:01:25 | 000,000,000 | ---D | C] -- C:\Users\Sabrina Pech\AppData\Roaming\Malwarebytes [2012/06/19 15:01:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012/06/19 15:01:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012/06/19 15:01:12 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys [2012/06/19 15:01:12 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012/06/17 15:12:00 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mshtml.tlb [2012/06/17 15:11:56 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieui.dll [2012/06/17 15:11:56 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieUnatt.exe [2012/06/17 15:11:56 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jsproxy.dll [2012/06/17 15:11:53 | 001,800,192 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jscript9.dll [2012/06/17 15:11:53 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\url.dll [2012/06/17 15:11:51 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\inetcpl.cpl [2012/06/16 17:50:38 | 002,343,936 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\win32k.sys [2012/06/16 17:50:36 | 000,129,536 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\rdpcorekmts.dll [2012/06/16 17:50:36 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\rdpwsx.dll [2012/06/16 17:50:35 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\rdrmemptylst.exe [1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/06/20 17:07:39 | 000,000,000 | ---- | M] () -- C:\Users\Sabrina Pech\defogger_reenable [2012/06/20 17:05:25 | 000,050,477 | ---- | M] () -- C:\Users\Sabrina Pech\Desktop\Defogger.exe [2012/06/20 17:05:10 | 000,009,696 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/06/20 17:05:10 | 000,009,696 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/06/20 16:59:01 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job [2012/06/20 16:56:47 | 000,001,106 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job [2012/06/20 16:56:27 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2012/06/20 16:56:17 | 798,416,896 | -HS- | M] () -- C:\hiberfil.sys [2012/06/19 20:11:00 | 000,001,110 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job [2012/06/19 15:06:50 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Sabrina Pech\Desktop\OTL.exe [2012/06/19 15:01:15 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012/06/19 09:09:45 | 000,002,610 | ---- | M] () -- C:\Users\Sabrina Pech\AppData\Roaming\wklnhst.dat [2012/06/18 23:55:55 | 000,011,264 | ---- | M] () -- C:\Users\Sabrina Pech\Desktop\Handout.wps [2012/06/17 15:50:09 | 000,354,576 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT [2012/06/17 15:29:50 | 000,654,166 | ---- | M] () -- C:\windows\System32\perfh007.dat [2012/06/17 15:29:50 | 000,616,008 | ---- | M] () -- C:\windows\System32\perfh009.dat [2012/06/17 15:29:50 | 000,130,006 | ---- | M] () -- C:\windows\System32\perfc007.dat [2012/06/17 15:29:50 | 000,106,388 | ---- | M] () -- C:\windows\System32\perfc009.dat [2012/05/30 16:53:48 | 000,009,451 | ---- | M] () -- C:\Users\Sabrina Pech\Desktop\Deckblatt (1).rtf [1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/06/20 17:07:39 | 000,000,000 | ---- | C] () -- C:\Users\Sabrina Pech\defogger_reenable [2012/06/20 17:05:24 | 000,050,477 | ---- | C] () -- C:\Users\Sabrina Pech\Desktop\Defogger.exe [2012/06/19 17:33:47 | 000,018,944 | ---- | C] () -- C:\windows\Installer\{7a1f4d6b-74d1-a62f-b0c6-a8eaefe2fe2b}\U\800000cb.@ [2012/06/19 17:33:47 | 000,012,288 | ---- | C] () -- C:\windows\Installer\{7a1f4d6b-74d1-a62f-b0c6-a8eaefe2fe2b}\U\80000000.@ [2012/06/19 17:24:59 | 000,001,648 | ---- | C] () -- C:\windows\Installer\{7a1f4d6b-74d1-a62f-b0c6-a8eaefe2fe2b}\U\00000001.@ [2012/06/19 15:01:15 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012/06/10 18:42:20 | 000,011,264 | ---- | C] () -- C:\Users\Sabrina Pech\Desktop\Handout.wps [2012/05/30 16:53:46 | 000,009,451 | ---- | C] () -- C:\Users\Sabrina Pech\Desktop\Deckblatt (1).rtf [2012/02/04 19:51:33 | 000,002,048 | -HS- | C] () -- C:\windows\Installer\{7a1f4d6b-74d1-a62f-b0c6-a8eaefe2fe2b}\@ [2012/02/04 19:51:33 | 000,002,048 | -HS- | C] () -- C:\Users\Sabrina Pech\AppData\Local\{7a1f4d6b-74d1-a62f-b0c6-a8eaefe2fe2b}\@ ========== Alternate Data Streams ========== @Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:B88E99C8 @Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:4CF61E54 @Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:AB689DEA @Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:734E442A < End of report > Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-06-20 18:31:23
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 Hitachi_ rev.FB2O
Running: dpwgj9qx.exe; Driver: C:\Users\SABRIN~1\AppData\Local\Temp\kxlirfob.sys
---- System - GMER 1.0.15 ----
SSDT 8A688396 ZwCreateSection
SSDT 8A6883A0 ZwRequestWaitReplyPort
SSDT 8A68839B ZwSetContextThread
SSDT 8A6883A5 ZwSetSecurityObject
SSDT 8A6883AA ZwSystemDebugControl
SSDT 8A688337 ZwTerminateProcess
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 81E413C9 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 81E7AD52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 11F7 81E81EAC 4 Bytes [96, 83, 68, 8A]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1553 81E82208 4 Bytes [A0, 83, 68, 8A]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1597 81E8224C 4 Bytes [9B, 83, 68, 8A]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1613 81E822C8 4 Bytes [A5, 83, 68, 8A]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1667 81E8231C 4 Bytes [AA, 83, 68, 8A]
.text ...
.text peauth.sys A4F5FC9D 28 Bytes [8F, 72, 7A, EA, 94, 3D, 94, ...]
.text peauth.sys A4F5FCC1 28 Bytes [8F, 72, 7A, EA, 94, 3D, 94, ...]
---- User code sections - GMER 1.0.15 ----
? C:\windows\system32\services.exe[532] C:\windows\system32\smss.exe image checksum mismatch; time/date stamp mismatch; unknown module: MSWSOCK.dll
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)
Device \Driver\ACPI_HAL \Device\00000044 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)
---- EOF - GMER 1.0.15 ----
Code:
ATTFilter 18:39:20.0872 3440 TDSS rootkit removing tool 2.7.40.0 Jun 15 2012 15:13:31
18:39:21.0262 3440 ============================================================
18:39:21.0262 3440 Current date / time: 2012/06/20 18:39:21.0262
18:39:21.0262 3440 SystemInfo:
18:39:21.0262 3440
18:39:21.0262 3440 OS Version: 6.1.7601 ServicePack: 1.0
18:39:21.0262 3440 Product type: Workstation
18:39:21.0262 3440 ComputerName: SABRINAPECH-PC
18:39:21.0262 3440 UserName: Sabrina Pech
18:39:21.0262 3440 Windows directory: C:\windows
18:39:21.0262 3440 System windows directory: C:\windows
18:39:21.0262 3440 Processor architecture: Intel x86
18:39:21.0262 3440 Number of processors: 2
18:39:21.0262 3440 Page size: 0x1000
18:39:21.0262 3440 Boot type: Normal boot
18:39:21.0262 3440 ============================================================
18:39:23.0838 3440 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
18:39:23.0854 3440 ============================================================
18:39:23.0854 3440 \Device\Harddisk0\DR0:
18:39:23.0854 3440 MBR partitions:
18:39:23.0854 3440 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xA000000
18:39:23.0854 3440 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xA000800, BlocksNum 0x7610800
18:39:23.0854 3440 ============================================================
18:39:23.0885 3440 C: <-> \Device\Harddisk0\DR0\Partition0
18:39:23.0979 3440 D: <-> \Device\Harddisk0\DR0\Partition1
18:39:23.0979 3440 ============================================================
18:39:23.0979 3440 Initialize success
18:39:23.0979 3440 ============================================================
18:39:52.0767 3260 ============================================================
18:39:52.0767 3260 Scan started
18:39:52.0767 3260 Mode: Manual; TDLFS;
18:39:52.0767 3260 ============================================================
18:39:55.0232 3260 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\windows\system32\drivers\1394ohci.sys
18:39:55.0232 3260 1394ohci - ok
18:39:55.0372 3260 ACPI (cea80c80bed809aa0da6febc04733349) C:\windows\system32\drivers\ACPI.sys
18:39:55.0372 3260 ACPI - ok
18:39:55.0466 3260 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\windows\system32\drivers\acpipmi.sys
18:39:55.0466 3260 AcpiPmi - ok
18:39:55.0700 3260 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
18:39:55.0700 3260 AdobeFlashPlayerUpdateSvc - ok
18:39:55.0871 3260 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\windows\system32\DRIVERS\adp94xx.sys
18:39:55.0887 3260 adp94xx - ok
18:39:55.0980 3260 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\windows\system32\DRIVERS\adpahci.sys
18:39:55.0996 3260 adpahci - ok
18:39:56.0043 3260 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\windows\system32\DRIVERS\adpu320.sys
18:39:56.0058 3260 adpu320 - ok
18:39:56.0105 3260 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\windows\System32\aelupsvc.dll
18:39:56.0105 3260 AeLookupSvc - ok
18:39:56.0261 3260 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\windows\system32\drivers\afd.sys
18:39:56.0277 3260 AFD - ok
18:39:56.0308 3260 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\windows\system32\drivers\agp440.sys
18:39:56.0324 3260 agp440 - ok
18:39:56.0370 3260 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\windows\system32\DRIVERS\djsvs.sys
18:39:56.0386 3260 aic78xx - ok
18:39:56.0448 3260 ALG (18a54e132947cd98fea9accc57f98f13) C:\windows\System32\alg.exe
18:39:56.0464 3260 ALG - ok
18:39:56.0526 3260 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\windows\system32\drivers\aliide.sys
18:39:56.0526 3260 aliide - ok
18:39:56.0589 3260 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\windows\system32\drivers\amdagp.sys
18:39:56.0589 3260 amdagp - ok
18:39:56.0651 3260 amdide (cd5914170297126b6266860198d1d4f0) C:\windows\system32\drivers\amdide.sys
18:39:56.0651 3260 amdide - ok
18:39:56.0714 3260 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\windows\system32\DRIVERS\amdk8.sys
18:39:56.0729 3260 AmdK8 - ok
18:39:56.0760 3260 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\windows\system32\DRIVERS\amdppm.sys
18:39:56.0760 3260 AmdPPM - ok
18:39:56.0838 3260 amdsata (d320bf87125326f996d4904fe24300fc) C:\windows\system32\drivers\amdsata.sys
18:39:56.0854 3260 amdsata - ok
18:39:56.0963 3260 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\windows\system32\DRIVERS\amdsbs.sys
18:39:56.0979 3260 amdsbs - ok
18:39:57.0026 3260 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\windows\system32\drivers\amdxata.sys
18:39:57.0026 3260 amdxata - ok
18:39:57.0447 3260 AntiVirSchedulerService (466a0d95960dad3222c896d2cea99993) C:\Program Files\Avira\AntiVir Desktop\sched.exe
18:39:57.0462 3260 AntiVirSchedulerService - ok
18:39:57.0618 3260 AntiVirService (a489be6bb0aa1ff406b488b60542314b) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
18:39:57.0618 3260 AntiVirService - ok
18:39:57.0712 3260 AppID (aea177f783e20150ace5383ee368da19) C:\windows\system32\drivers\appid.sys
18:39:57.0728 3260 AppID - ok
18:39:57.0821 3260 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\windows\System32\appidsvc.dll
18:39:57.0821 3260 AppIDSvc - ok
18:39:57.0868 3260 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\windows\System32\appinfo.dll
18:39:57.0868 3260 Appinfo - ok
18:39:58.0180 3260 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
18:39:58.0196 3260 Apple Mobile Device - ok
18:39:58.0274 3260 arc (2932004f49677bd84dbc72edb754ffb3) C:\windows\system32\DRIVERS\arc.sys
18:39:58.0289 3260 arc - ok
18:39:58.0367 3260 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\windows\system32\DRIVERS\arcsas.sys
18:39:58.0383 3260 arcsas - ok
18:39:58.0461 3260 AsusService (c4fb2613d3c75364bb159b9c23a00e7a) C:\Windows\System32\AsusService.exe
18:39:58.0461 3260 AsusService - ok
18:39:58.0492 3260 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\windows\system32\DRIVERS\asyncmac.sys
18:39:58.0492 3260 AsyncMac - ok
18:39:58.0554 3260 atapi (338c86357871c167a96ab976519bf59e) C:\windows\system32\drivers\atapi.sys
18:39:58.0570 3260 atapi - ok
18:39:58.0835 3260 athr (b01751cc563aecac09bbe36aaa21fbef) C:\windows\system32\DRIVERS\athr.sys
18:39:58.0882 3260 athr - ok
18:39:59.0022 3260 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\windows\System32\Audiosrv.dll
18:39:59.0038 3260 AudioEndpointBuilder - ok
18:39:59.0069 3260 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\windows\System32\Audiosrv.dll
18:39:59.0085 3260 Audiosrv - ok
18:39:59.0303 3260 avgntflt (d5541f0afb767e85fc412fc609d96a74) C:\windows\system32\DRIVERS\avgntflt.sys
18:39:59.0319 3260 avgntflt - ok
18:39:59.0444 3260 avipbb (7d967a682d4694df7fa57d63a2db01fe) C:\windows\system32\DRIVERS\avipbb.sys
18:39:59.0459 3260 avipbb - ok
18:39:59.0490 3260 avkmgr (53e56450da16a1a7f0d002f511113f67) C:\windows\system32\DRIVERS\avkmgr.sys
18:39:59.0506 3260 avkmgr - ok
18:39:59.0709 3260 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\windows\System32\AxInstSV.dll
18:39:59.0709 3260 AxInstSV - ok
18:39:59.0818 3260 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\windows\system32\DRIVERS\bxvbdx.sys
18:39:59.0834 3260 b06bdrv - ok
18:39:59.0927 3260 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\windows\system32\DRIVERS\b57nd60x.sys
18:39:59.0943 3260 b57nd60x - ok
18:40:00.0036 3260 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\windows\System32\bdesvc.dll
18:40:00.0036 3260 BDESVC - ok
18:40:00.0052 3260 Beep (505506526a9d467307b3c393dedaf858) C:\windows\system32\drivers\Beep.sys
18:40:00.0068 3260 Beep - ok
18:40:00.0270 3260 BITS (e585445d5021971fae10393f0f1c3961) C:\windows\System32\qmgr.dll
18:40:00.0348 3260 BITS - ok
18:40:00.0411 3260 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\windows\system32\DRIVERS\blbdrive.sys
18:40:00.0411 3260 blbdrive - ok
18:40:00.0582 3260 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
18:40:00.0598 3260 Bonjour Service - ok
18:40:00.0676 3260 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\windows\system32\DRIVERS\bowser.sys
18:40:00.0676 3260 bowser - ok
18:40:00.0723 3260 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\windows\system32\DRIVERS\BrFiltLo.sys
18:40:00.0723 3260 BrFiltLo - ok
18:40:00.0754 3260 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\windows\system32\DRIVERS\BrFiltUp.sys
18:40:00.0754 3260 BrFiltUp - ok
18:40:00.0863 3260 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\windows\System32\browser.dll
18:40:00.0863 3260 Browser - ok
18:40:00.0988 3260 Brserid (845b8ce732e67f3b4133164868c666ea) C:\windows\System32\Drivers\Brserid.sys
18:40:01.0004 3260 Brserid - ok
18:40:01.0066 3260 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\windows\System32\Drivers\BrSerWdm.sys
18:40:01.0082 3260 BrSerWdm - ok
18:40:01.0128 3260 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\windows\System32\Drivers\BrUsbMdm.sys
18:40:01.0128 3260 BrUsbMdm - ok
18:40:01.0160 3260 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\windows\System32\Drivers\BrUsbSer.sys
18:40:01.0175 3260 BrUsbSer - ok
18:40:01.0191 3260 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\windows\system32\DRIVERS\bthmodem.sys
18:40:01.0191 3260 BTHMODEM - ok
18:40:01.0269 3260 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\windows\system32\bthserv.dll
18:40:01.0284 3260 bthserv - ok
18:40:01.0331 3260 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\windows\system32\DRIVERS\cdfs.sys
18:40:01.0331 3260 cdfs - ok
18:40:01.0440 3260 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\windows\system32\drivers\cdrom.sys
18:40:01.0472 3260 cdrom - ok
18:40:01.0581 3260 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\windows\System32\certprop.dll
18:40:01.0581 3260 CertPropSvc - ok
18:40:01.0659 3260 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\windows\system32\DRIVERS\circlass.sys
18:40:01.0659 3260 circlass - ok
18:40:01.0737 3260 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\windows\system32\CLFS.sys
18:40:01.0737 3260 CLFS - ok
18:40:02.0018 3260 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:40:02.0080 3260 clr_optimization_v2.0.50727_32 - ok
18:40:02.0252 3260 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:40:02.0298 3260 clr_optimization_v4.0.30319_32 - ok
18:40:02.0330 3260 CmBatt (dea805815e587dad1dd2c502220b5616) C:\windows\system32\DRIVERS\CmBatt.sys
18:40:02.0330 3260 CmBatt - ok
18:40:02.0392 3260 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\windows\system32\drivers\cmdide.sys
18:40:02.0392 3260 cmdide - ok
18:40:02.0501 3260 CNG (6427525d76f61d0c519b008d3680e8e7) C:\windows\system32\Drivers\cng.sys
18:40:02.0517 3260 CNG - ok
18:40:02.0548 3260 Compbatt (a6023d3823c37043986713f118a89bee) C:\windows\system32\DRIVERS\compbatt.sys
18:40:02.0564 3260 Compbatt - ok
18:40:02.0610 3260 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\windows\system32\drivers\CompositeBus.sys
18:40:02.0626 3260 CompositeBus - ok
18:40:02.0642 3260 COMSysApp - ok
18:40:02.0720 3260 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\windows\system32\DRIVERS\crcdisk.sys
18:40:02.0735 3260 crcdisk - ok
18:40:02.0844 3260 CryptSvc (06e771aa596b8761107ab57e99f128d7) C:\windows\system32\cryptsvc.dll
18:40:02.0844 3260 CryptSvc - ok
18:40:02.0969 3260 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\windows\system32\rpcss.dll
18:40:03.0000 3260 DcomLaunch - ok
18:40:03.0125 3260 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\windows\System32\defragsvc.dll
18:40:03.0141 3260 defragsvc - ok
18:40:03.0234 3260 DfsC (f024449c97ec1e464aaffda18593db88) C:\windows\system32\Drivers\dfsc.sys
18:40:03.0234 3260 DfsC - ok
18:40:03.0312 3260 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\windows\system32\dhcpcore.dll
18:40:03.0312 3260 Dhcp - ok
18:40:03.0375 3260 discache (1a050b0274bfb3890703d490f330c0da) C:\windows\system32\drivers\discache.sys
18:40:03.0390 3260 discache - ok
18:40:03.0468 3260 Disk (565003f326f99802e68ca78f2a68e9ff) C:\windows\system32\DRIVERS\disk.sys
18:40:03.0468 3260 Disk - ok
18:40:03.0562 3260 Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\windows\System32\dnsrslvr.dll
18:40:03.0562 3260 Dnscache - ok
18:40:03.0640 3260 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\windows\System32\dot3svc.dll
18:40:03.0640 3260 dot3svc - ok
18:40:03.0734 3260 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\windows\system32\dps.dll
18:40:03.0765 3260 DPS - ok
18:40:03.0858 3260 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\windows\system32\drivers\drmkaud.sys
18:40:03.0858 3260 drmkaud - ok
18:40:04.0077 3260 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\windows\System32\drivers\dxgkrnl.sys
18:40:04.0108 3260 DXGKrnl - ok
18:40:04.0233 3260 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\windows\System32\eapsvc.dll
18:40:04.0233 3260 EapHost - ok
18:40:04.0966 3260 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\windows\system32\DRIVERS\evbdx.sys
18:40:05.0122 3260 ebdrv - ok
18:40:05.0340 3260 EFS (81951f51e318aecc2d68559e47485cc4) C:\windows\System32\lsass.exe
18:40:05.0356 3260 EFS - ok
18:40:05.0543 3260 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\windows\system32\DRIVERS\elxstor.sys
18:40:05.0559 3260 elxstor - ok
18:40:05.0606 3260 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\windows\system32\drivers\errdev.sys
18:40:05.0606 3260 ErrDev - ok
18:40:05.0777 3260 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\windows\system32\es.dll
18:40:05.0793 3260 EventSystem - ok
18:40:05.0855 3260 exfat (2dc9108d74081149cc8b651d3a26207f) C:\windows\system32\drivers\exfat.sys
18:40:05.0855 3260 exfat - ok
18:40:05.0902 3260 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\windows\system32\drivers\fastfat.sys
18:40:05.0902 3260 fastfat - ok
18:40:06.0089 3260 Fax (967ea5b213e9984cbe270205df37755b) C:\windows\system32\fxssvc.exe
18:40:06.0105 3260 Fax - ok
18:40:06.0198 3260 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\windows\system32\DRIVERS\fdc.sys
18:40:06.0198 3260 fdc - ok
18:40:06.0261 3260 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\windows\system32\fdPHost.dll
18:40:06.0261 3260 fdPHost - ok
18:40:06.0276 3260 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\windows\system32\fdrespub.dll
18:40:06.0292 3260 FDResPub - ok
18:40:06.0339 3260 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\windows\system32\drivers\fileinfo.sys
18:40:06.0339 3260 FileInfo - ok
18:40:06.0386 3260 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\windows\system32\drivers\filetrace.sys
18:40:06.0386 3260 Filetrace - ok
18:40:06.0448 3260 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\windows\system32\DRIVERS\flpydisk.sys
18:40:06.0448 3260 flpydisk - ok
18:40:06.0495 3260 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\windows\system32\drivers\fltmgr.sys
18:40:06.0510 3260 FltMgr - ok
18:40:06.0729 3260 FontCache (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\windows\system32\FntCache.dll
18:40:06.0760 3260 FontCache - ok
18:40:06.0947 3260 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
18:40:06.0978 3260 FontCache3.0.0.0 - ok
18:40:07.0041 3260 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\windows\system32\drivers\FsDepends.sys
18:40:07.0041 3260 FsDepends - ok
18:40:07.0103 3260 Fs_Rec (7dae5ebcc80e45d3253f4923dc424d05) C:\windows\system32\drivers\Fs_Rec.sys
18:40:07.0119 3260 Fs_Rec - ok
18:40:07.0181 3260 fvevol (8a73e79089b282100b9393b644cb853b) C:\windows\system32\DRIVERS\fvevol.sys
18:40:07.0197 3260 fvevol - ok
18:40:07.0275 3260 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\windows\system32\DRIVERS\gagp30kx.sys
18:40:07.0290 3260 gagp30kx - ok
18:40:07.0369 3260 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\windows\system32\DRIVERS\GEARAspiWDM.sys
18:40:07.0369 3260 GEARAspiWDM - ok
18:40:07.0493 3260 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\windows\System32\gpsvc.dll
18:40:07.0525 3260 gpsvc - ok
18:40:07.0712 3260 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
18:40:07.0727 3260 gupdate - ok
18:40:07.0759 3260 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
18:40:07.0759 3260 gupdatem - ok
18:40:07.0899 3260 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
18:40:07.0930 3260 gusvc - ok
18:40:08.0039 3260 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\windows\system32\drivers\hcw85cir.sys
18:40:08.0039 3260 hcw85cir - ok
18:40:08.0133 3260 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\windows\system32\drivers\HdAudio.sys
18:40:08.0133 3260 HdAudAddService - ok
18:40:08.0195 3260 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\windows\system32\drivers\HDAudBus.sys
18:40:08.0195 3260 HDAudBus - ok
18:40:08.0211 3260 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\windows\system32\DRIVERS\HidBatt.sys
18:40:08.0227 3260 HidBatt - ok
18:40:08.0242 3260 HidBth (89448f40e6df260c206a193a4683ba78) C:\windows\system32\DRIVERS\hidbth.sys
18:40:08.0258 3260 HidBth - ok
18:40:08.0289 3260 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\windows\system32\DRIVERS\hidir.sys
18:40:08.0289 3260 HidIr - ok
18:40:08.0320 3260 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\windows\system32\hidserv.dll
18:40:08.0336 3260 hidserv - ok
18:40:08.0383 3260 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\windows\system32\drivers\hidusb.sys
18:40:08.0383 3260 HidUsb - ok
18:40:08.0445 3260 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\windows\system32\kmsvc.dll
18:40:08.0445 3260 hkmsvc - ok
18:40:08.0585 3260 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\windows\system32\ListSvc.dll
18:40:08.0601 3260 HomeGroupListener - ok
18:40:08.0632 3260 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\windows\system32\provsvc.dll
18:40:08.0648 3260 HomeGroupProvider - ok
18:40:08.0726 3260 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\windows\system32\drivers\HpSAMD.sys
18:40:08.0757 3260 HpSAMD - ok
18:40:08.0897 3260 HTTP (871917b07a141bff43d76d8844d48106) C:\windows\system32\drivers\HTTP.sys
18:40:08.0929 3260 HTTP - ok
18:40:08.0975 3260 hwdatacard - ok
18:40:09.0022 3260 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\windows\system32\drivers\hwpolicy.sys
18:40:09.0038 3260 hwpolicy - ok
18:40:09.0131 3260 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\windows\system32\drivers\i8042prt.sys
18:40:09.0131 3260 i8042prt - ok
18:40:09.0287 3260 iaStor (d483687eace0c065ee772481a96e05f5) C:\windows\system32\DRIVERS\iaStor.sys
18:40:09.0303 3260 iaStor - ok
18:40:09.0412 3260 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\windows\system32\drivers\iaStorV.sys
18:40:09.0428 3260 iaStorV - ok
18:40:09.0631 3260 ICQ Service (b1a28fa1afde10b95ff9354b15701d70) C:\Program Files\ICQ6Toolbar\ICQ Service.exe
18:40:09.0646 3260 ICQ Service - ok
18:40:10.0021 3260 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
18:40:10.0114 3260 idsvc - ok
18:40:11.0237 3260 igfx (9467514ea189475a6e7fdc5d7bde9d3f) C:\windows\system32\DRIVERS\igdkmd32.sys
18:40:11.0456 3260 igfx - ok
18:40:11.0659 3260 iirsp (4173ff5708f3236cf25195fecd742915) C:\windows\system32\DRIVERS\iirsp.sys
18:40:11.0659 3260 iirsp - ok
18:40:11.0799 3260 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\windows\System32\ikeext.dll
18:40:11.0815 3260 IKEEXT - ok
18:40:12.0158 3260 IntcAzAudAddService (e345ec27c8dff8728f5c6f0413699dc5) C:\windows\system32\drivers\RTKVHDA.sys
18:40:12.0220 3260 IntcAzAudAddService - ok
18:40:12.0361 3260 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\windows\system32\drivers\intelide.sys
18:40:12.0376 3260 intelide - ok
18:40:12.0485 3260 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\windows\system32\DRIVERS\intelppm.sys
18:40:12.0485 3260 intelppm - ok
18:40:12.0532 3260 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\windows\system32\ipbusenum.dll
18:40:12.0548 3260 IPBusEnum - ok
18:40:12.0595 3260 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\windows\system32\DRIVERS\ipfltdrv.sys
18:40:12.0595 3260 IpFilterDriver - ok
18:40:12.0657 3260 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\windows\system32\drivers\IPMIDrv.sys
18:40:12.0673 3260 IPMIDRV - ok
18:40:12.0719 3260 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\windows\system32\drivers\ipnat.sys
18:40:12.0719 3260 IPNAT - ok
18:40:12.0891 3260 iPod Service (178fe38b7740f598391eb2f51ae4ccac) C:\Program Files\iPod\bin\iPodService.exe
18:40:12.0922 3260 iPod Service - ok
18:40:12.0969 3260 IRENUM (42996cff20a3084a56017b7902307e9f) C:\windows\system32\drivers\irenum.sys
18:40:12.0969 3260 IRENUM - ok
18:40:13.0047 3260 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\windows\system32\drivers\isapnp.sys
18:40:13.0047 3260 isapnp - ok
18:40:13.0109 3260 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\windows\system32\drivers\msiscsi.sys
18:40:13.0125 3260 iScsiPrt - ok
18:40:13.0172 3260 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\windows\system32\drivers\kbdclass.sys
18:40:13.0187 3260 kbdclass - ok
18:40:13.0234 3260 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\windows\system32\drivers\kbdhid.sys
18:40:13.0234 3260 kbdhid - ok
18:40:13.0312 3260 kbfiltr (3eb803312987ff44265c87cb960df6ab) C:\windows\system32\DRIVERS\kbfiltr.sys
18:40:13.0328 3260 kbfiltr - ok
18:40:13.0375 3260 KeyIso (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe
18:40:13.0375 3260 KeyIso - ok
18:40:13.0437 3260 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\windows\system32\Drivers\ksecdd.sys
18:40:13.0453 3260 KSecDD - ok
18:40:13.0515 3260 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\windows\system32\Drivers\ksecpkg.sys
18:40:13.0515 3260 KSecPkg - ok
18:40:13.0593 3260 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\windows\system32\msdtckrm.dll
18:40:13.0609 3260 KtmRm - ok
18:40:13.0687 3260 L1C (a158cea8644b8a5c1ec0e9a81b70f65a) C:\windows\system32\DRIVERS\L1C62x86.sys
18:40:13.0702 3260 L1C - ok
18:40:13.0796 3260 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\windows\system32\srvsvc.dll
18:40:13.0811 3260 LanmanServer - ok
18:40:13.0889 3260 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\windows\System32\wkssvc.dll
18:40:13.0905 3260 LanmanWorkstation - ok
18:40:13.0967 3260 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\windows\system32\DRIVERS\lltdio.sys
18:40:13.0983 3260 lltdio - ok
18:40:14.0061 3260 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\windows\System32\lltdsvc.dll
18:40:14.0077 3260 lltdsvc - ok
18:40:14.0108 3260 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\windows\System32\lmhsvc.dll
18:40:14.0123 3260 lmhosts - ok
18:40:14.0170 3260 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\windows\system32\DRIVERS\lsi_fc.sys
18:40:14.0170 3260 LSI_FC - ok
18:40:14.0201 3260 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\windows\system32\DRIVERS\lsi_sas.sys
18:40:14.0217 3260 LSI_SAS - ok
18:40:14.0233 3260 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\windows\system32\DRIVERS\lsi_sas2.sys
18:40:14.0248 3260 LSI_SAS2 - ok
18:40:14.0279 3260 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\windows\system32\DRIVERS\lsi_scsi.sys
18:40:14.0279 3260 LSI_SCSI - ok
18:40:14.0311 3260 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\windows\system32\drivers\luafv.sys
18:40:14.0326 3260 luafv - ok
18:40:14.0373 3260 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\windows\system32\drivers\mbam.sys
18:40:14.0373 3260 MBAMProtector - ok
18:40:14.0513 3260 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
18:40:14.0529 3260 MBAMService - ok
18:40:14.0591 3260 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\windows\system32\DRIVERS\megasas.sys
18:40:14.0607 3260 megasas - ok
18:40:14.0669 3260 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\windows\system32\DRIVERS\MegaSR.sys
18:40:14.0685 3260 MegaSR - ok
18:40:14.0732 3260 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\windows\system32\mmcss.dll
18:40:14.0747 3260 MMCSS - ok
18:40:14.0763 3260 Modem (f001861e5700ee84e2d4e52c712f4964) C:\windows\system32\drivers\modem.sys
18:40:14.0763 3260 Modem - ok
18:40:14.0810 3260 monitor (79d10964de86b292320e9dfe02282a23) C:\windows\system32\DRIVERS\monitor.sys
18:40:14.0825 3260 monitor - ok
18:40:14.0872 3260 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\windows\system32\drivers\mouclass.sys
18:40:14.0888 3260 mouclass - ok
18:40:14.0950 3260 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\windows\system32\DRIVERS\mouhid.sys
18:40:14.0950 3260 mouhid - ok
18:40:15.0013 3260 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\windows\system32\drivers\mountmgr.sys
18:40:15.0013 3260 mountmgr - ok
18:40:15.0059 3260 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\windows\system32\drivers\mpio.sys
18:40:15.0075 3260 mpio - ok
18:40:15.0091 3260 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\windows\system32\drivers\mpsdrv.sys
18:40:15.0091 3260 mpsdrv - ok
18:40:15.0169 3260 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\windows\system32\drivers\mrxdav.sys
18:40:15.0169 3260 MRxDAV - ok
18:40:15.0247 3260 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\windows\system32\DRIVERS\mrxsmb.sys
18:40:15.0262 3260 mrxsmb - ok
18:40:15.0340 3260 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\windows\system32\DRIVERS\mrxsmb10.sys
18:40:15.0356 3260 mrxsmb10 - ok
18:40:15.0387 3260 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\windows\system32\DRIVERS\mrxsmb20.sys
18:40:15.0403 3260 mrxsmb20 - ok
18:40:15.0465 3260 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\windows\system32\drivers\msahci.sys
18:40:15.0481 3260 msahci - ok
18:40:15.0543 3260 msdsm (55055f8ad8be27a64c831322a780a228) C:\windows\system32\drivers\msdsm.sys
18:40:15.0559 3260 msdsm - ok
18:40:15.0621 3260 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\windows\System32\msdtc.exe
18:40:15.0637 3260 MSDTC - ok
18:40:15.0700 3260 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\windows\system32\drivers\Msfs.sys
18:40:15.0700 3260 Msfs - ok
18:40:15.0731 3260 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\windows\System32\drivers\mshidkmdf.sys
18:40:15.0747 3260 mshidkmdf - ok
18:40:15.0778 3260 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\windows\system32\drivers\msisadrv.sys
18:40:15.0778 3260 msisadrv - ok
18:40:15.0856 3260 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\windows\system32\iscsiexe.dll
18:40:15.0872 3260 MSiSCSI - ok
18:40:15.0887 3260 msiserver - ok
18:40:15.0950 3260 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\windows\system32\drivers\MSKSSRV.sys
18:40:15.0950 3260 MSKSSRV - ok
18:40:15.0996 3260 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\windows\system32\drivers\MSPCLOCK.sys
18:40:15.0996 3260 MSPCLOCK - ok
18:40:16.0028 3260 MSPQM (f456e973590d663b1073e9c463b40932) C:\windows\system32\drivers\MSPQM.sys
18:40:16.0028 3260 MSPQM - ok
18:40:16.0090 3260 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\windows\system32\drivers\MsRPC.sys
18:40:16.0106 3260 MsRPC - ok
18:40:16.0152 3260 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\windows\system32\drivers\mssmbios.sys
18:40:16.0152 3260 mssmbios - ok
18:40:16.0184 3260 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\windows\system32\drivers\MSTEE.sys
18:40:16.0184 3260 MSTEE - ok
18:40:16.0215 3260 MTConfig (33599130f44e1f34631cea241de8ac84) C:\windows\system32\DRIVERS\MTConfig.sys
18:40:16.0215 3260 MTConfig - ok
18:40:16.0246 3260 Mup (159fad02f64e6381758c990f753bcc80) C:\windows\system32\Drivers\mup.sys
18:40:16.0246 3260 Mup - ok
18:40:16.0340 3260 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\windows\system32\qagentRT.dll
18:40:16.0355 3260 napagent - ok
18:40:16.0464 3260 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\windows\system32\DRIVERS\nwifi.sys
18:40:16.0480 3260 NativeWifiP - ok
18:40:16.0589 3260 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\windows\system32\drivers\ndis.sys
18:40:16.0605 3260 NDIS - ok
18:40:16.0683 3260 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\windows\system32\DRIVERS\ndiscap.sys
18:40:16.0683 3260 NdisCap - ok
18:40:16.0745 3260 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\windows\system32\DRIVERS\ndistapi.sys
18:40:16.0745 3260 NdisTapi - ok
18:40:16.0808 3260 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\windows\system32\DRIVERS\ndisuio.sys
18:40:16.0808 3260 Ndisuio - ok
18:40:16.0917 3260 NdisWan (38fbe267e7e6983311179230facb1017) C:\windows\system32\DRIVERS\ndiswan.sys
18:40:16.0917 3260 NdisWan - ok
18:40:16.0932 3260 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\windows\system32\drivers\NDProxy.sys
18:40:16.0948 3260 NDProxy - ok
18:40:17.0010 3260 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\windows\system32\DRIVERS\netbios.sys
18:40:17.0010 3260 NetBIOS - ok
18:40:17.0057 3260 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\windows\system32\DRIVERS\netbt.sys
18:40:17.0088 3260 NetBT - ok
18:40:17.0135 3260 Netlogon (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe
18:40:17.0151 3260 Netlogon - ok
18:40:17.0244 3260 Netman (7cccfca7510684768da22092d1fa4db2) C:\windows\System32\netman.dll
18:40:17.0260 3260 Netman - ok
18:40:17.0338 3260 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\windows\System32\netprofm.dll
18:40:17.0385 3260 netprofm - ok
18:40:17.0494 3260 NetTcpPortSharing (f476ec40033cdb91efbe73eb99b8362d) C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:40:17.0494 3260 NetTcpPortSharing - ok
18:40:17.0588 3260 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\windows\system32\DRIVERS\nfrd960.sys
18:40:17.0588 3260 nfrd960 - ok
18:40:17.0666 3260 NlaSvc (912084381d30d8b89ec4e293053f4710) C:\windows\System32\nlasvc.dll
18:40:17.0681 3260 NlaSvc - ok
18:40:17.0712 3260 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\windows\system32\drivers\Npfs.sys
18:40:17.0712 3260 Npfs - ok
18:40:17.0759 3260 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\windows\system32\nsisvc.dll
18:40:17.0775 3260 nsi - ok
18:40:17.0822 3260 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\windows\system32\drivers\nsiproxy.sys
18:40:17.0822 3260 nsiproxy - ok
18:40:18.0024 3260 Ntfs (81189c3d7763838e55c397759d49007a) C:\windows\system32\drivers\Ntfs.sys
18:40:18.0056 3260 Ntfs - ok
18:40:18.0102 3260 Null (f9756a98d69098dca8945d62858a812c) C:\windows\system32\drivers\Null.sys
18:40:18.0102 3260 Null - ok
18:40:18.0165 3260 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\windows\system32\drivers\nvraid.sys
18:40:18.0165 3260 nvraid - ok
18:40:18.0212 3260 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\windows\system32\drivers\nvstor.sys
18:40:18.0212 3260 nvstor - ok
18:40:18.0274 3260 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\windows\system32\drivers\nv_agp.sys
18:40:18.0274 3260 nv_agp - ok
18:40:18.0321 3260 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\windows\system32\drivers\ohci1394.sys
18:40:18.0321 3260 ohci1394 - ok
18:40:18.0414 3260 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\windows\system32\pnrpsvc.dll
18:40:18.0430 3260 p2pimsvc - ok
18:40:18.0492 3260 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\windows\system32\p2psvc.dll
18:40:18.0524 3260 p2psvc - ok
18:40:18.0570 3260 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\windows\system32\DRIVERS\parport.sys
18:40:18.0586 3260 Parport - ok
18:40:18.0648 3260 partmgr (3f34a1b4c5f6475f320c275e63afce9b) C:\windows\system32\drivers\partmgr.sys
18:40:18.0648 3260 partmgr - ok
18:40:18.0664 3260 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\windows\system32\DRIVERS\parvdm.sys
18:40:18.0680 3260 Parvdm - ok
18:40:18.0743 3260 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\windows\System32\pcasvc.dll
18:40:18.0759 3260 PcaSvc - ok
18:40:18.0821 3260 pci (673e55c3498eb970088e812ea820aa8f) C:\windows\system32\drivers\pci.sys
18:40:18.0837 3260 pci - ok
18:40:18.0868 3260 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\windows\system32\drivers\pciide.sys
18:40:18.0868 3260 pciide - ok
18:40:18.0930 3260 pcmcia (f396431b31693e71e8a80687ef523506) C:\windows\system32\DRIVERS\pcmcia.sys
18:40:18.0930 3260 pcmcia - ok
18:40:18.0961 3260 pcw (250f6b43d2b613172035c6747aeeb19f) C:\windows\system32\drivers\pcw.sys
18:40:18.0961 3260 pcw - ok
18:40:19.0039 3260 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\windows\system32\drivers\peauth.sys
18:40:19.0071 3260 PEAUTH - ok
18:40:19.0336 3260 pla (414bba67a3ded1d28437eb66aeb8a720) C:\windows\system32\pla.dll
18:40:19.0383 3260 pla - ok
18:40:19.0632 3260 PlugPlay (ec7bc28d207da09e79b3e9faf8b232ca) C:\windows\system32\umpnpmgr.dll
18:40:19.0648 3260 PlugPlay - ok
18:40:19.0710 3260 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\windows\system32\pnrpauto.dll
18:40:19.0710 3260 PNRPAutoReg - ok
18:40:19.0773 3260 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\windows\system32\pnrpsvc.dll
18:40:19.0788 3260 PNRPsvc - ok
18:40:19.0882 3260 PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\windows\System32\ipsecsvc.dll
18:40:19.0897 3260 PolicyAgent - ok
18:40:19.0960 3260 Power (f87d30e72e03d579a5199ccb3831d6ea) C:\windows\system32\umpo.dll
18:40:19.0975 3260 Power - ok
18:40:20.0085 3260 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\windows\system32\DRIVERS\raspptp.sys
18:40:20.0085 3260 PptpMiniport - ok
18:40:20.0131 3260 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\windows\system32\DRIVERS\processr.sys
18:40:20.0147 3260 Processor - ok
18:40:20.0225 3260 ProfSvc (cadefac453040e370a1bdff3973be00d) C:\windows\system32\profsvc.dll
18:40:20.0241 3260 ProfSvc - ok
18:40:20.0287 3260 ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe
18:40:20.0303 3260 ProtectedStorage - ok
18:40:20.0381 3260 Psched (6270ccae2a86de6d146529fe55b3246a) C:\windows\system32\DRIVERS\pacer.sys
18:40:20.0381 3260 Psched - ok
18:40:20.0599 3260 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\windows\system32\DRIVERS\ql2300.sys
18:40:20.0646 3260 ql2300 - ok
18:40:20.0849 3260 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\windows\system32\DRIVERS\ql40xx.sys
18:40:20.0865 3260 ql40xx - ok
18:40:20.0943 3260 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\windows\system32\qwave.dll
18:40:20.0958 3260 QWAVE - ok
18:40:20.0974 3260 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\windows\system32\drivers\qwavedrv.sys
18:40:20.0989 3260 QWAVEdrv - ok
18:40:21.0005 3260 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\windows\system32\DRIVERS\rasacd.sys
18:40:21.0005 3260 RasAcd - ok
18:40:21.0052 3260 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\windows\system32\DRIVERS\AgileVpn.sys
18:40:21.0067 3260 RasAgileVpn - ok
18:40:21.0099 3260 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\windows\System32\rasauto.dll
18:40:21.0114 3260 RasAuto - ok
18:40:21.0130 3260 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\windows\system32\DRIVERS\rasl2tp.sys
18:40:21.0145 3260 Rasl2tp - ok
18:40:21.0239 3260 RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\windows\System32\rasmans.dll
18:40:21.0270 3260 RasMan - ok
18:40:21.0301 3260 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\windows\system32\DRIVERS\raspppoe.sys
18:40:21.0301 3260 RasPppoe - ok
18:40:21.0348 3260 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\windows\system32\DRIVERS\rassstp.sys
18:40:21.0364 3260 RasSstp - ok
18:40:21.0426 3260 rdbss (d528bc58a489409ba40334ebf96a311b) C:\windows\system32\DRIVERS\rdbss.sys
18:40:21.0442 3260 rdbss - ok
18:40:21.0489 3260 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\windows\system32\DRIVERS\rdpbus.sys
18:40:21.0489 3260 rdpbus - ok
18:40:21.0551 3260 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\windows\system32\DRIVERS\RDPCDD.sys
18:40:21.0551 3260 RDPCDD - ok
18:40:21.0613 3260 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\windows\system32\drivers\rdpencdd.sys
18:40:21.0613 3260 RDPENCDD - ok
18:40:21.0660 3260 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\windows\system32\drivers\rdprefmp.sys
18:40:21.0660 3260 RDPREFMP - ok
18:40:21.0723 3260 RDPWD (f031683e6d1fea157abb2ff260b51e61) C:\windows\system32\drivers\RDPWD.sys
18:40:21.0723 3260 RDPWD - ok
18:40:21.0816 3260 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\windows\system32\drivers\rdyboost.sys
18:40:21.0816 3260 rdyboost - ok
18:40:21.0879 3260 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\windows\System32\mprdim.dll
18:40:21.0894 3260 RemoteAccess - ok
18:40:21.0957 3260 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\windows\system32\regsvc.dll
18:40:21.0972 3260 RemoteRegistry - ok
18:40:22.0003 3260 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\windows\System32\RpcEpMap.dll
18:40:22.0019 3260 RpcEptMapper - ok
18:40:22.0050 3260 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\windows\system32\locator.exe
18:40:22.0050 3260 RpcLocator - ok
18:40:22.0144 3260 RpcSs (7660f01d3b38aca1747e397d21d790af) C:\windows\system32\rpcss.dll
18:40:22.0144 3260 RpcSs - ok
18:40:22.0206 3260 rspndr (032b0d36ad92b582d869879f5af5b928) C:\windows\system32\DRIVERS\rspndr.sys
18:40:22.0206 3260 rspndr - ok
18:40:22.0269 3260 SamSs (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe
18:40:22.0269 3260 SamSs - ok
18:40:22.0315 3260 sbp2port (05d860da1040f111503ac416ccef2bca) C:\windows\system32\drivers\sbp2port.sys
18:40:22.0331 3260 sbp2port - ok
18:40:22.0409 3260 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\windows\System32\SCardSvr.dll
18:40:22.0425 3260 SCardSvr - ok
18:40:22.0471 3260 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\windows\system32\DRIVERS\scfilter.sys
18:40:22.0471 3260 scfilter - ok
18:40:22.0627 3260 Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\windows\system32\schedsvc.dll
18:40:22.0659 3260 Schedule - ok
18:40:22.0721 3260 SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\windows\System32\certprop.dll
18:40:22.0721 3260 SCPolicySvc - ok
18:40:22.0768 3260 SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\windows\System32\SDRSVC.dll
18:40:22.0783 3260 SDRSVC - ok
18:40:22.0939 3260 SeaPort (271077b91d7ad1b616f8afdfe8e3f981) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
18:40:22.0955 3260 SeaPort - ok
18:40:23.0002 3260 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\windows\system32\drivers\secdrv.sys
18:40:23.0017 3260 secdrv - ok
18:40:23.0064 3260 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\windows\system32\seclogon.dll
18:40:23.0080 3260 seclogon - ok
18:40:23.0111 3260 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\windows\System32\sens.dll
18:40:23.0127 3260 SENS - ok
18:40:23.0142 3260 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\windows\system32\DRIVERS\serenum.sys
18:40:23.0142 3260 Serenum - ok
18:40:23.0173 3260 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\windows\system32\DRIVERS\serial.sys
18:40:23.0189 3260 Serial - ok
18:40:23.0236 3260 sermouse (79bffb520327ff916a582dfea17aa813) C:\windows\system32\DRIVERS\sermouse.sys
18:40:23.0236 3260 sermouse - ok
18:40:23.0314 3260 SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\windows\system32\sessenv.dll
18:40:23.0329 3260 SessionEnv - ok
18:40:23.0376 3260 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\windows\system32\drivers\sffdisk.sys
18:40:23.0376 3260 sffdisk - ok
18:40:23.0407 3260 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\windows\system32\drivers\sffp_mmc.sys
18:40:23.0423 3260 sffp_mmc - ok
18:40:23.0454 3260 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\windows\system32\drivers\sffp_sd.sys
18:40:23.0454 3260 sffp_sd - ok
18:40:23.0501 3260 sfloppy (db96666cc8312ebc45032f30b007a547) C:\windows\system32\DRIVERS\sfloppy.sys
18:40:23.0501 3260 sfloppy - ok
18:40:23.0595 3260 ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\windows\System32\shsvcs.dll
18:40:23.0610 3260 ShellHWDetection - ok
18:40:23.0673 3260 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\windows\system32\drivers\sisagp.sys
18:40:23.0673 3260 sisagp - ok
18:40:23.0719 3260 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\windows\system32\DRIVERS\SiSRaid2.sys
18:40:23.0735 3260 SiSRaid2 - ok
18:40:23.0751 3260 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\windows\system32\DRIVERS\sisraid4.sys
18:40:23.0766 3260 SiSRaid4 - ok
18:40:23.0797 3260 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\windows\system32\DRIVERS\smb.sys
18:40:23.0813 3260 Smb - ok
18:40:23.0875 3260 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\windows\System32\snmptrap.exe
18:40:23.0875 3260 SNMPTRAP - ok
18:40:23.0907 3260 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\windows\system32\drivers\spldr.sys
18:40:23.0907 3260 spldr - ok
18:40:23.0985 3260 Spooler (866a43013535dc8587c258e43579c764) C:\windows\System32\spoolsv.exe
18:40:24.0016 3260 Spooler - ok
18:40:24.0468 3260 sppsvc (cf87a1de791347e75b98885214ced2b8) C:\windows\system32\sppsvc.exe
18:40:24.0562 3260 sppsvc - ok
18:40:24.0733 3260 sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\windows\system32\sppuinotify.dll
18:40:24.0765 3260 sppuinotify - ok
18:40:24.0874 3260 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\windows\system32\DRIVERS\srv.sys
18:40:24.0889 3260 srv - ok
18:40:24.0967 3260 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\windows\system32\DRIVERS\srv2.sys
18:40:24.0983 3260 srv2 - ok
18:40:25.0014 3260 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\windows\system32\DRIVERS\srvnet.sys
18:40:25.0030 3260 srvnet - ok
18:40:25.0092 3260 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\windows\System32\ssdpsrv.dll
18:40:25.0108 3260 SSDPSRV - ok
18:40:25.0155 3260 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\windows\system32\DRIVERS\ssmdrv.sys
18:40:25.0155 3260 ssmdrv - ok
18:40:25.0201 3260 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\windows\system32\sstpsvc.dll
18:40:25.0217 3260 SstpSvc - ok
18:40:25.0264 3260 stexstor (db32d325c192b801df274bfd12a7e72b) C:\windows\system32\DRIVERS\stexstor.sys
18:40:25.0264 3260 stexstor - ok
18:40:25.0373 3260 StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\windows\System32\wiaservc.dll
18:40:25.0404 3260 StiSvc - ok
18:40:25.0451 3260 swenum (e58c78a848add9610a4db6d214af5224) C:\windows\system32\drivers\swenum.sys
18:40:25.0451 3260 swenum - ok
18:40:25.0529 3260 swprv (a28bd92df340e57b024ba433165d34d7) C:\windows\System32\swprv.dll
18:40:25.0545 3260 swprv - ok
18:40:25.0638 3260 SynTP (8bd10dc8809dc69a1c5a795cb10add76) C:\windows\system32\DRIVERS\SynTP.sys
18:40:25.0638 3260 SynTP - ok
18:40:25.0841 3260 SysMain (36650d618ca34c9d357dfd3d89b2c56f) C:\windows\system32\sysmain.dll
18:40:25.0888 3260 SysMain - ok
18:40:25.0966 3260 TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\windows\System32\TabSvc.dll
18:40:25.0981 3260 TabletInputService - ok
18:40:26.0044 3260 TapiSrv (613bf4820361543956909043a265c6ac) C:\windows\System32\tapisrv.dll
18:40:26.0059 3260 TapiSrv - ok
18:40:26.0122 3260 TBS (b799d9fdb26111737f58288d8dc172d9) C:\windows\System32\tbssvc.dll
18:40:26.0137 3260 TBS - ok
18:40:26.0387 3260 Tcpip (7fa2e0f8b072bd04b77b421480b6cc22) C:\windows\system32\drivers\tcpip.sys
18:40:26.0434 3260 Tcpip - ok
18:40:26.0496 3260 TCPIP6 (7fa2e0f8b072bd04b77b421480b6cc22) C:\windows\system32\DRIVERS\tcpip.sys
18:40:26.0512 3260 TCPIP6 - ok
18:40:26.0590 3260 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\windows\system32\drivers\tcpipreg.sys
18:40:26.0590 3260 tcpipreg - ok
18:40:26.0652 3260 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\windows\system32\drivers\tdpipe.sys
18:40:26.0652 3260 TDPIPE - ok
18:40:26.0683 3260 TDTCP (2c2c5afe7ee4f620d69c23c0617651a8) C:\windows\system32\drivers\tdtcp.sys
18:40:26.0683 3260 TDTCP - ok
18:40:26.0761 3260 tdx (b459575348c20e8121d6039da063c704) C:\windows\system32\DRIVERS\tdx.sys
18:40:26.0761 3260 tdx - ok
18:40:27.0198 3260 TeamViewer6 (fe559178000347d2ca1b7847f0379749) C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
18:40:27.0276 3260 TeamViewer6 - ok
18:40:27.0463 3260 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\windows\system32\drivers\termdd.sys
18:40:27.0463 3260 TermDD - ok
18:40:27.0588 3260 TermService (382c804c92811be57829d8e550a900e2) C:\windows\System32\termsrv.dll
18:40:27.0604 3260 TermService - ok
18:40:27.0651 3260 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\windows\system32\themeservice.dll
18:40:27.0666 3260 Themes - ok
18:40:27.0729 3260 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\windows\system32\mmcss.dll
18:40:27.0744 3260 THREADORDER - ok
18:40:27.0807 3260 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\windows\System32\trkwks.dll
18:40:27.0807 3260 TrkWks - ok
18:40:27.0900 3260 TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\windows\servicing\TrustedInstaller.exe
18:40:27.0900 3260 TrustedInstaller - ok
18:40:27.0994 3260 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\windows\system32\DRIVERS\tssecsrv.sys
18:40:27.0994 3260 tssecsrv - ok
18:40:28.0087 3260 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\windows\system32\drivers\tsusbflt.sys
18:40:28.0103 3260 TsUsbFlt - ok
18:40:28.0197 3260 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\windows\system32\DRIVERS\tunnel.sys
18:40:28.0212 3260 tunnel - ok
18:40:28.0259 3260 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\windows\system32\DRIVERS\uagp35.sys
18:40:28.0275 3260 uagp35 - ok
18:40:28.0353 3260 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\windows\system32\DRIVERS\udfs.sys
18:40:28.0368 3260 udfs - ok
18:40:28.0446 3260 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\windows\system32\UI0Detect.exe
18:40:28.0462 3260 UI0Detect - ok
18:40:28.0509 3260 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\windows\system32\drivers\uliagpkx.sys
18:40:28.0524 3260 uliagpkx - ok
18:40:28.0587 3260 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\windows\system32\drivers\umbus.sys
18:40:28.0587 3260 umbus - ok
18:40:28.0633 3260 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\windows\system32\DRIVERS\umpass.sys
18:40:28.0649 3260 UmPass - ok
18:40:28.0711 3260 upnphost (833fbb672460efce8011d262175fad33) C:\windows\System32\upnphost.dll
18:40:28.0727 3260 upnphost - ok
18:40:28.0789 3260 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\windows\system32\Drivers\usbaapl.sys
18:40:28.0789 3260 USBAAPL - ok
18:40:28.0836 3260 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\windows\system32\DRIVERS\usbccgp.sys
18:40:28.0852 3260 usbccgp - ok
18:40:28.0914 3260 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\windows\system32\drivers\usbcir.sys
18:40:28.0930 3260 usbcir - ok
18:40:28.0961 3260 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\windows\system32\drivers\usbehci.sys
18:40:28.0977 3260 usbehci - ok
18:40:29.0039 3260 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\windows\system32\DRIVERS\usbhub.sys
18:40:29.0055 3260 usbhub - ok
18:40:29.0086 3260 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\windows\system32\drivers\usbohci.sys
18:40:29.0086 3260 usbohci - ok
18:40:29.0164 3260 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\windows\system32\DRIVERS\usbprint.sys
18:40:29.0164 3260 usbprint - ok
18:40:29.0211 3260 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\windows\system32\DRIVERS\usbscan.sys
18:40:29.0211 3260 usbscan - ok
18:40:29.0289 3260 USBSTOR (f991ab9cc6b908db552166768176896a) C:\windows\system32\DRIVERS\USBSTOR.SYS
18:40:29.0289 3260 USBSTOR - ok
18:40:29.0335 3260 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\windows\system32\drivers\usbuhci.sys
18:40:29.0335 3260 usbuhci - ok
18:40:29.0413 3260 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\windows\System32\Drivers\usbvideo.sys
18:40:29.0413 3260 usbvideo - ok
18:40:29.0476 3260 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\windows\System32\uxsms.dll
18:40:29.0476 3260 UxSms - ok
18:40:29.0538 3260 VaultSvc (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe
18:40:29.0554 3260 VaultSvc - ok
18:40:29.0647 3260 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\windows\system32\drivers\vdrvroot.sys
18:40:29.0647 3260 vdrvroot - ok
18:40:29.0772 3260 vds (c3cd30495687c2a2f66a65ca6fd89be9) C:\windows\System32\vds.exe
18:40:29.0803 3260 vds - ok
18:40:29.0866 3260 vga (17c408214ea61696cec9c66e388b14f3) C:\windows\system32\DRIVERS\vgapnp.sys
18:40:29.0881 3260 vga - ok
18:40:29.0913 3260 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\windows\System32\drivers\vga.sys
18:40:29.0928 3260 VgaSave - ok
18:40:29.0991 3260 vhdmp (5461686cca2fda57b024547733ab42e3) C:\windows\system32\drivers\vhdmp.sys
18:40:29.0991 3260 vhdmp - ok
18:40:30.0053 3260 viaagp (c829317a37b4bea8f39735d4b076e923) C:\windows\system32\drivers\viaagp.sys
18:40:30.0053 3260 viaagp - ok
18:40:30.0100 3260 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\windows\system32\DRIVERS\viac7.sys
18:40:30.0100 3260 ViaC7 - ok
18:40:30.0147 3260 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\windows\system32\drivers\viaide.sys
18:40:30.0147 3260 viaide - ok
18:40:30.0178 3260 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\windows\system32\drivers\volmgr.sys
18:40:30.0193 3260 volmgr - ok
18:40:30.0240 3260 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\windows\system32\drivers\volmgrx.sys
18:40:30.0256 3260 volmgrx - ok
18:40:30.0334 3260 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\windows\system32\drivers\volsnap.sys
18:40:30.0349 3260 volsnap - ok
18:40:30.0412 3260 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\windows\system32\DRIVERS\vsmraid.sys
18:40:30.0443 3260 vsmraid - ok
18:40:30.0615 3260 VSS (209a3b1901b83aeb8527ed211cce9e4c) C:\windows\system32\vssvc.exe
18:40:30.0646 3260 VSS - ok
18:40:30.0693 3260 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\windows\system32\DRIVERS\vwifibus.sys
18:40:30.0693 3260 vwifibus - ok
18:40:30.0724 3260 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\windows\system32\DRIVERS\vwififlt.sys
18:40:30.0739 3260 vwififlt - ok
18:40:30.0786 3260 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\windows\system32\w32time.dll
18:40:30.0802 3260 W32Time - ok
18:40:30.0864 3260 WacomPen (de3721e89c653aa281428c8a69745d90) C:\windows\system32\DRIVERS\wacompen.sys
18:40:30.0880 3260 WacomPen - ok
18:40:30.0973 3260 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\windows\system32\DRIVERS\wanarp.sys
18:40:30.0973 3260 WANARP - ok
18:40:30.0989 3260 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\windows\system32\DRIVERS\wanarp.sys
18:40:31.0005 3260 Wanarpv6 - ok
18:40:31.0223 3260 wbengine (691e3285e53dca558e1a84667f13e15a) C:\windows\system32\wbengine.exe
18:40:31.0285 3260 wbengine - ok
18:40:31.0363 3260 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\windows\System32\wbiosrvc.dll
18:40:31.0379 3260 WbioSrvc - ok
18:40:31.0441 3260 wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) C:\windows\System32\wcncsvc.dll
18:40:31.0473 3260 wcncsvc - ok
18:40:31.0504 3260 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\windows\System32\WcsPlugInService.dll
18:40:31.0519 3260 WcsPlugInService - ok
18:40:31.0597 3260 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\windows\system32\DRIVERS\wd.sys
18:40:31.0597 3260 Wd - ok
18:40:31.0675 3260 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\windows\system32\drivers\Wdf01000.sys
18:40:31.0691 3260 Wdf01000 - ok
18:40:31.0738 3260 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\windows\system32\wdi.dll
18:40:31.0753 3260 WdiServiceHost - ok
18:40:31.0769 3260 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\windows\system32\wdi.dll
18:40:31.0785 3260 WdiSystemHost - ok
18:40:31.0863 3260 WebClient (a9d880f97530d5b8fee278923349929d) C:\windows\System32\webclnt.dll
18:40:31.0878 3260 WebClient - ok
18:40:31.0925 3260 Wecsvc (760f0afe937a77cff27153206534f275) C:\windows\system32\wecsvc.dll
18:40:31.0941 3260 Wecsvc - ok
18:40:31.0987 3260 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\windows\System32\wercplsupport.dll
18:40:32.0003 3260 wercplsupport - ok
18:40:32.0050 3260 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\windows\System32\WerSvc.dll
18:40:32.0065 3260 WerSvc - ok
18:40:32.0097 3260 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\windows\system32\DRIVERS\wfplwf.sys
18:40:32.0112 3260 WfpLwf - ok
18:40:32.0143 3260 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\windows\system32\drivers\wimmount.sys
18:40:32.0143 3260 WIMMount - ok
18:40:32.0175 3260 WinHttpAutoProxySvc - ok
18:40:32.0268 3260 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\windows\system32\wbem\WMIsvc.dll
18:40:32.0268 3260 Winmgmt - ok
18:40:32.0455 3260 WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\windows\system32\WsmSvc.dll
18:40:32.0487 3260 WinRM - ok
18:40:32.0627 3260 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\windows\system32\DRIVERS\WinUsb.sys
18:40:32.0627 3260 WinUsb - ok
18:40:32.0814 3260 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\windows\System32\wlansvc.dll
18:40:32.0861 3260 Wlansvc - ok
18:40:32.0923 3260 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\windows\system32\drivers\wmiacpi.sys
18:40:32.0923 3260 WmiAcpi - ok
18:40:33.0033 3260 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\windows\system32\wbem\WmiApSrv.exe
18:40:33.0048 3260 wmiApSrv - ok
18:40:33.0313 3260 WMPNetworkSvc (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
18:40:33.0360 3260 WMPNetworkSvc - ok
18:40:33.0423 3260 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\windows\System32\wpcsvc.dll
18:40:33.0438 3260 WPCSvc - ok
18:40:33.0501 3260 WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) C:\windows\system32\wpdbusenum.dll
18:40:33.0516 3260 WPDBusEnum - ok
18:40:33.0610 3260 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\windows\system32\drivers\ws2ifsl.sys
18:40:33.0625 3260 ws2ifsl - ok
18:40:33.0641 3260 WSearch - ok
18:40:33.0969 3260 wuauserv (3026418a50c5b4761befa632cedb7406) C:\windows\system32\wuaueng.dll
18:40:34.0031 3260 wuauserv - ok
18:40:34.0234 3260 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\windows\system32\drivers\WudfPf.sys
18:40:34.0249 3260 WudfPf - ok
18:40:34.0281 3260 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\windows\system32\DRIVERS\WUDFRd.sys
18:40:34.0281 3260 WUDFRd - ok
18:40:34.0327 3260 wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) C:\windows\System32\WUDFSvc.dll
18:40:34.0343 3260 wudfsvc - ok
18:40:34.0405 3260 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\windows\System32\wwansvc.dll
18:40:34.0421 3260 WwanSvc - ok
18:40:34.0515 3260 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
18:40:35.0139 3260 \Device\Harddisk0\DR0 - ok
18:40:35.0154 3260 Boot (0x1200) (addb55ff48a27a376ad782f149fdcb64) \Device\Harddisk0\DR0\Partition0
18:40:35.0170 3260 \Device\Harddisk0\DR0\Partition0 - ok
18:40:35.0217 3260 Boot (0x1200) (17fe38cd94c8eaa9433fe11042454fbd) \Device\Harddisk0\DR0\Partition1
18:40:35.0217 3260 \Device\Harddisk0\DR0\Partition1 - ok
18:40:35.0217 3260 ============================================================
18:40:35.0217 3260 Scan finished
18:40:35.0217 3260 ============================================================
18:40:35.0310 2672 Detected object count: 0
18:40:35.0310 2672 Actual detected object count: 0
|
|
21.06.2012, 06:56
| #4 | |
| /// Malwareteam | TR/small.Fi Den Rechner an ein Firmennetzwerk zu hängen würde ich derzeit tunlichst bleibenlassen! Combofix Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!Downloade dir bitte Combofix von einem dieser Downloadspiegel Link 1 Link 2 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ Kein Asylrecht für Trojaner!  Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
|
21.06.2012, 18:54
| #5 |
| | TR/small.Fi Hallo´Psychotic, ich habe mir Combofix vom 1, link geladen und ausgeführt. leider konnte ich keine txt finden und habe versucht das programm zu öffnen um ggf. dort eine einstellung zu finden, dabei wurde ein zweiter scann ausgeführt. eine txt habe ich noch immer nicht gefunden obwohl ich den ganzen pc durchsucht habe. gruß ulli |
|
21.06.2012, 21:47
| #6 |
| /// Malwareteam | TR/small.Fi Auweh - mir schwant Übles! Schritt 1: FRST Downloade dir bitte Farbar's Recovery Scan Tool und speichere diese auf einen USB Stick. Schließe den USB Stick an das infizierte System an Du musst das System nun in die System Reparatur Option booten. Über den Boot Manager
Mit Windows CD/DVD
Wähle in den Reparaturoptionen Eingabeaufforderung
__________________ --> TR/small.Fi |
|
22.06.2012, 06:19
| #7 |
| | TR/small.Fi Hallo Psychotic, wie gesagt es handelt sich um ein Netbook ohne Laufwerk. Soweit mir bekannt liegen die Installationsdateien von WIN 7 direkt auf dem Rechner. Ich werde mal versuchen mir ein externens Laufwerk und ne WIN7 CD zu besorgen, oder kann ich den Vorgang trotzdem so starten? Gruß Ulli |
|
22.06.2012, 09:08
| #8 | |
| /// Malwareteam | TR/small.FiZitat:
Mit dieser Option kannst du die Recovery Optionen starten, ohne dass du die CD benötigst! 
__________________ Kein Asylrecht für Trojaner! Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
|
22.06.2012, 13:21
| #9 |
| | TR/small.Fi Hat gefunst hier der log Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 20-06-2012 01 Ran by SYSTEM at 22-06-2012 14:14:27 Running from E:\ Windows 7 Starter (X86) OS Language: English(US) The current controlset is ControlSet001 ========================== Registry (Whitelisted) ============= HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [1545512 2009-07-20] (Synaptics Incorporated) HKLM\...\Run: [SynAsusAcpi] %ProgramFiles%\Synaptics\SynTP\SynAsusAcpi.exe [83240 2009-07-20] (Synaptics Incorporated) HKLM\...\Run: [SuperHybridEngine] AsusSender.exe C:\Program Files\EeePC\SHE\SuperHybridEngine.exe [407040 2009-08-11] (ASUSTeK Computer Inc.) HKLM\...\Run: [HotkeyService] AsusSender.exe C:\Program Files\EeePC\HotkeyService\HotkeyService.exe [750008 2009-09-11] (ASUSTeK Computer Inc.) HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7625248 2009-07-20] (Realtek Semiconductor) HKLM\...\Run: [IgfxTray] C:\windows\system32\igfxtray.exe [141848 2009-09-23] (Intel Corporation) HKLM\...\Run: [HotKeysCmds] C:\windows\system32\hkcmd.exe [173592 2009-09-23] (Intel Corporation) HKLM\...\Run: [Persistence] C:\windows\system32\igfxpers.exe [150552 2009-09-23] (Intel Corporation) HKLM\...\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min [348624 2012-05-01] (Avira Operations GmbH & Co. KG) HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [254696 2011-06-09] (Sun Microsystems, Inc.) HKLM\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [462408 2012-04-04] (Malwarebytes Corporation) HKU\Default\...\Run: [Eee Docking] C:\Program Files\ASUS\Eee Docking\Eee Docking.exe [402608 2009-08-17] () HKU\Default User\...\Run: [Eee Docking] C:\Program Files\ASUS\Eee Docking\Eee Docking.exe [402608 2009-08-17] () HKU\Sabrina Pech\...\Run: [Eee Docking] C:\Program Files\ASUS\Eee Docking\Eee Docking.exe [402608 2009-08-17] () Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 Startup: C:\Users\All Users\Start Menu\Programs\Startup\HotKeyMon.lnk ShortcutTarget: HotKeyMon.lnk -> C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe (ASUSTeK Computer Inc.) ================================ Services (Whitelisted) ================== 2 AntiVirSchedulerService; "C:\Program Files\Avira\AntiVir Desktop\sched.exe" [86224 2012-05-01] (Avira Operations GmbH & Co. KG) 2 AntiVirService; "C:\Program Files\Avira\AntiVir Desktop\avguard.exe" [110032 2012-05-01] (Avira Operations GmbH & Co. KG) 2 AsusService; C:\Windows\System32\AsusService.exe [219136 2009-08-18] () 2 eventlog; C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [20992 2009-07-13] (Microsoft Corporation) 2 ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [247096 2010-09-06] () 2 MBAMService; "C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe" [654408 2012-04-04] (Malwarebytes Corporation) 3 wbengine; "C:\Windows\system32\wbengine.exe" [1203200 2010-11-20] (Microsoft Corporation) ========================== Drivers (Whitelisted) ============= 2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [83392 2012-04-24] (Avira GmbH) 1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [137928 2012-04-27] (Avira GmbH) 1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [36000 2012-04-16] (Avira GmbH) 3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [13880 2009-07-20] ( ) 3 MBAMProtector; \??\C:\windows\system32\drivers\mbam.sys [22344 2012-04-04] (Malwarebytes Corporation) 1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2010-06-17] (Avira GmbH) 3 hwdatacard; C:\Windows\System32\DRIVERS\ewusbmdm.sys [x] ========================== NetSvcs (Whitelisted) =========== ============ One Month Created Files and Folders ============== 2012-06-22 14:14 - 2012-06-22 14:14 - 00000000 ____D C:\FRST 2012-06-21 09:33 - 2012-06-21 09:33 - 00000000 ____D C:\ComboFix 2012-06-21 09:29 - 2012-06-21 09:33 - 00000331 ____A C:\Start_.cmd 2012-06-21 09:28 - 2012-06-21 09:46 - 00000000 ____D C:\Qoobox 2012-06-21 09:28 - 2012-06-02 14:19 - 01933848 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll 2012-06-21 09:28 - 2012-06-02 14:19 - 00053784 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe 2012-06-21 09:28 - 2012-06-02 14:19 - 00045080 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll 2012-06-21 09:28 - 2012-06-02 14:12 - 02422272 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll 2012-06-21 09:27 - 2012-06-21 09:46 - 00000000 ___SD C:\32788R22FWJFW 2012-06-21 09:27 - 2012-06-02 14:19 - 00577048 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll 2012-06-21 09:27 - 2012-06-02 14:19 - 00035864 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll 2012-06-21 09:27 - 2012-06-02 14:12 - 00088576 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll 2012-06-21 09:27 - 2012-06-02 05:19 - 00171904 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll 2012-06-21 09:27 - 2012-06-02 05:12 - 00033792 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe 2012-06-21 09:26 - 2012-06-21 09:26 - 04563474 ____R (Swearware) C:\Users\Sabrina Pech\Desktop\ComboFix.exe 2012-06-20 08:38 - 2012-06-20 08:38 - 02127960 ____A (Kaspersky Lab ZAO) C:\Users\Sabrina Pech\Desktop\tdsskiller.exe 2012-06-20 08:31 - 2012-06-20 08:31 - 00004519 ____A C:\Users\Sabrina Pech\Desktop\Gmer.txt 2012-06-20 07:50 - 2012-06-20 07:50 - 00302592 ____A C:\Users\Sabrina Pech\Desktop\dpwgj9qx.exe 2012-06-20 07:45 - 2012-06-20 07:45 - 00027866 ____A C:\Users\Sabrina Pech\Desktop\Extras.Txt 2012-06-20 07:40 - 2012-06-20 07:40 - 00042332 ____A C:\Users\Sabrina Pech\Desktop\OTL.Txt 2012-06-20 07:36 - 2012-06-20 07:36 - 00000000 __SHD C:\Windows\System32\%APPDATA% 2012-06-20 07:07 - 2012-06-20 07:08 - 00000486 ____A C:\Users\Sabrina Pech\Desktop\defogger_disable.log 2012-06-20 07:07 - 2012-06-20 07:07 - 00000000 ____A C:\Users\Sabrina Pech\defogger_reenable 2012-06-20 07:05 - 2012-06-20 07:05 - 00050477 ____A C:\Users\Sabrina Pech\Desktop\Defogger.exe 2012-06-19 05:06 - 2012-06-19 05:06 - 00595968 ____A (OldTimer Tools) C:\Users\Sabrina Pech\Desktop\OTL.exe 2012-06-19 05:01 - 2012-06-19 05:01 - 00001071 ____A C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2012-06-19 05:01 - 2012-06-19 05:01 - 00000000 ____D C:\Users\Sabrina Pech\AppData\Roaming\Malwarebytes 2012-06-19 05:01 - 2012-06-19 05:01 - 00000000 ____D C:\Users\All Users\Malwarebytes 2012-06-19 05:01 - 2012-06-19 05:01 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware 2012-06-19 05:01 - 2012-04-04 05:56 - 00022344 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys 2012-06-17 05:12 - 2012-05-17 14:24 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2012-06-17 05:11 - 2012-05-17 15:11 - 12314624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2012-06-17 05:11 - 2012-05-17 14:48 - 09737728 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2012-06-17 05:11 - 2012-05-17 14:45 - 01800192 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2012-06-17 05:11 - 2012-05-17 14:36 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2012-06-17 05:11 - 2012-05-17 14:35 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2012-06-17 05:11 - 2012-05-17 14:35 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2012-06-17 05:11 - 2012-05-17 14:33 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll 2012-06-17 05:11 - 2012-05-17 14:31 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2012-06-17 05:11 - 2012-05-17 14:29 - 00716800 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2012-06-17 05:11 - 2012-05-17 14:29 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe 2012-06-17 05:11 - 2012-05-17 14:27 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2012-06-17 05:11 - 2012-05-17 14:25 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll 2012-06-17 05:11 - 2012-05-17 14:20 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2012-06-16 07:50 - 2012-05-14 17:05 - 02343936 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys 2012-06-16 07:50 - 2012-04-30 20:44 - 00164352 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll 2012-06-16 07:50 - 2012-04-27 19:17 - 00183808 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys 2012-06-16 07:50 - 2012-04-25 20:45 - 00129536 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll 2012-06-16 07:50 - 2012-04-25 20:45 - 00058880 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll 2012-06-16 07:50 - 2012-04-25 20:41 - 00008192 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe 2012-06-16 07:50 - 2012-04-23 20:36 - 01158656 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll 2012-06-16 07:50 - 2012-04-23 20:36 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll 2012-06-16 07:50 - 2012-04-23 20:36 - 00103936 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll 2012-06-16 07:50 - 2012-04-07 03:26 - 02342400 ____A (Microsoft Corporation) C:\Windows\System32\msi.dll 2012-06-10 08:42 - 2012-06-18 13:55 - 00011264 ____A C:\Users\Sabrina Pech\Desktop\Handout.wps 2012-05-30 06:53 - 2012-05-30 06:53 - 00009451 ____A C:\Users\Sabrina Pech\Desktop\Deckblatt (1).rtf ============ 3 Months Modified Files and Folders =============== 2012-06-22 14:14 - 2012-06-22 14:14 - 00000000 ____D C:\FRST 2012-06-22 04:07 - 2009-07-13 20:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2012-06-22 04:07 - 2009-07-13 20:39 - 00168965 ____A C:\Windows\setupact.log 2012-06-21 09:58 - 2009-11-21 00:18 - 01499470 ____A C:\Windows\WindowsUpdate.log 2012-06-21 09:51 - 2009-07-13 20:34 - 00009696 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2012-06-21 09:51 - 2009-07-13 20:34 - 00009696 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2012-06-21 09:49 - 2011-12-25 03:29 - 00001110 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2012-06-21 09:46 - 2012-06-21 09:28 - 00000000 ____D C:\Qoobox 2012-06-21 09:46 - 2012-06-21 09:27 - 00000000 ___SD C:\32788R22FWJFW 2012-06-21 09:42 - 2011-12-25 03:29 - 00001106 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2012-06-21 09:33 - 2012-06-21 09:33 - 00000000 ____D C:\ComboFix 2012-06-21 09:33 - 2012-06-21 09:29 - 00000331 ____A C:\Start_.cmd 2012-06-21 09:29 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\de-DE 2012-06-21 09:26 - 2012-06-21 09:26 - 04563474 ____R (Swearware) C:\Users\Sabrina Pech\Desktop\ComboFix.exe 2012-06-20 08:38 - 2012-06-20 08:38 - 02127960 ____A (Kaspersky Lab ZAO) C:\Users\Sabrina Pech\Desktop\tdsskiller.exe 2012-06-20 08:31 - 2012-06-20 08:31 - 00004519 ____A C:\Users\Sabrina Pech\Desktop\Gmer.txt 2012-06-20 07:59 - 2012-05-20 03:53 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2012-06-20 07:50 - 2012-06-20 07:50 - 00302592 ____A C:\Users\Sabrina Pech\Desktop\dpwgj9qx.exe 2012-06-20 07:45 - 2012-06-20 07:45 - 00027866 ____A C:\Users\Sabrina Pech\Desktop\Extras.Txt 2012-06-20 07:40 - 2012-06-20 07:40 - 00042332 ____A C:\Users\Sabrina Pech\Desktop\OTL.Txt 2012-06-20 07:36 - 2012-06-20 07:36 - 00000000 __SHD C:\Windows\System32\%APPDATA% 2012-06-20 07:08 - 2012-06-20 07:07 - 00000486 ____A C:\Users\Sabrina Pech\Desktop\defogger_disable.log 2012-06-20 07:07 - 2012-06-20 07:07 - 00000000 ____A C:\Users\Sabrina Pech\defogger_reenable 2012-06-20 07:07 - 2009-11-20 09:24 - 00000000 ____D C:\users\Sabrina Pech 2012-06-20 07:05 - 2012-06-20 07:05 - 00050477 ____A C:\Users\Sabrina Pech\Desktop\Defogger.exe 2012-06-19 08:26 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\rescache 2012-06-19 07:24 - 2012-02-04 09:51 - 00000000 __SHD C:\Users\Sabrina Pech\AppData\Local\{7a1f4d6b-74d1-a62f-b0c6-a8eaefe2fe2b} 2012-06-19 07:24 - 2009-08-19 08:59 - 00048740 ____A C:\Windows\PFRO.log 2012-06-19 06:20 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\Microsoft.NET 2012-06-19 05:06 - 2012-06-19 05:06 - 00595968 ____A (OldTimer Tools) C:\Users\Sabrina Pech\Desktop\OTL.exe 2012-06-19 05:01 - 2012-06-19 05:01 - 00001071 ____A C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2012-06-19 05:01 - 2012-06-19 05:01 - 00000000 ____D C:\Users\Sabrina Pech\AppData\Roaming\Malwarebytes 2012-06-19 05:01 - 2012-06-19 05:01 - 00000000 ____D C:\Users\All Users\Malwarebytes 2012-06-19 05:01 - 2012-06-19 05:01 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware 2012-06-18 23:20 - 2009-07-13 20:52 - 00000000 ____D C:\Windows\System32\FxsTmp 2012-06-18 23:09 - 2009-11-20 09:37 - 00002610 ____A C:\Users\Sabrina Pech\AppData\Roaming\wklnhst.dat 2012-06-18 13:55 - 2012-06-10 08:42 - 00011264 ____A C:\Users\Sabrina Pech\Desktop\Handout.wps 2012-06-17 05:50 - 2009-07-13 20:33 - 00354576 ____A C:\Windows\System32\FNTCACHE.DAT 2012-06-17 05:29 - 2009-07-24 23:50 - 01519874 ____A C:\Windows\System32\PerfStringBackup.INI 2012-06-17 05:19 - 2010-03-04 09:28 - 56731752 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe 2012-06-11 12:59 - 2009-11-22 08:05 - 00000000 ____D C:\Users\Sabrina Pech\AppData\Roaming\Skype 2012-06-11 11:59 - 2009-11-22 08:10 - 00000000 ____D C:\Users\Sabrina Pech\AppData\Roaming\skypePM 2012-06-02 14:19 - 2012-06-21 09:28 - 01933848 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll 2012-06-02 14:19 - 2012-06-21 09:28 - 00053784 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe 2012-06-02 14:19 - 2012-06-21 09:28 - 00045080 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll 2012-06-02 14:19 - 2012-06-21 09:27 - 00577048 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll 2012-06-02 14:19 - 2012-06-21 09:27 - 00035864 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll 2012-06-02 14:12 - 2012-06-21 09:28 - 02422272 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll 2012-06-02 14:12 - 2012-06-21 09:27 - 00088576 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll 2012-06-02 05:19 - 2012-06-21 09:27 - 00171904 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll 2012-06-02 05:12 - 2012-06-21 09:27 - 00033792 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe 2012-05-30 06:53 - 2012-05-30 06:53 - 00009451 ____A C:\Users\Sabrina Pech\Desktop\Deckblatt (1).rtf 2012-05-20 07:25 - 2012-05-20 07:22 - 00000000 ____D C:\Users\Sabrina Pech\.tfo4 2012-05-20 07:22 - 2012-05-20 07:22 - 00000000 ____D C:\Users\Sabrina Pech\4.0 2012-05-20 07:21 - 2012-05-20 07:21 - 00000000 ____D C:\Users\All Users\Sun 2012-05-20 07:21 - 2012-05-20 07:21 - 00000000 ____D C:\Program Files\Common Files\Java 2012-05-20 07:20 - 2012-05-20 07:20 - 00472808 ____A (Sun Microsystems, Inc.) C:\Windows\System32\deployJava1.dll 2012-05-20 07:20 - 2012-05-20 07:20 - 00157472 ____A (Sun Microsystems, Inc.) C:\Windows\System32\javaws.exe 2012-05-20 07:20 - 2012-05-20 07:20 - 00145184 ____A (Sun Microsystems, Inc.) C:\Windows\System32\javaw.exe 2012-05-20 07:20 - 2012-05-20 07:20 - 00145184 ____A (Sun Microsystems, Inc.) C:\Windows\System32\java.exe 2012-05-20 07:20 - 2012-05-20 07:20 - 00000000 ____D C:\Program Files\Java 2012-05-20 07:09 - 2012-05-20 07:09 - 00000000 ___HD C:\Windows\msdownld.tmp 2012-05-20 07:09 - 2011-08-13 23:54 - 00010960 ____A C:\Windows\IE9_main.log 2012-05-20 07:07 - 2012-05-20 07:07 - 03695416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat 2012-05-20 07:07 - 2012-05-20 07:07 - 00580608 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2012-05-20 07:07 - 2012-05-20 07:07 - 00434176 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll 2012-05-20 07:07 - 2012-05-20 07:07 - 00420864 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll 2012-05-20 07:07 - 2012-05-20 07:07 - 00367104 ____A (Microsoft Corporation) C:\Windows\System32\html.iec 2012-05-20 07:07 - 2012-05-20 07:07 - 00353792 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll 2012-05-20 07:07 - 2012-05-20 07:07 - 00353584 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll 2012-05-20 07:07 - 2012-05-20 07:07 - 00227840 ____A (Microsoft Corporation) C:\Windows\System32\ieaksie.dll 2012-05-20 07:07 - 2012-05-20 07:07 - 00223232 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll 2012-05-20 07:07 - 2012-05-20 07:07 - 00203776 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll 2012-05-20 07:07 - 2012-05-20 07:07 - 00163840 ____A (Microsoft Corporation) C:\Windows\System32\ieakui.dll 2012-05-20 07:07 - 2012-05-20 07:07 - 00162304 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll 2012-05-20 07:07 - 2012-05-20 07:07 - 00161792 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll 2012-05-20 07:07 - 2012-05-20 07:07 - 00152064 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe 2012-05-20 07:07 - 2012-05-20 07:07 - 00150528 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe 2012-05-20 07:07 - 2012-05-20 07:07 - 00130560 ____A (Microsoft Corporation) C:\Windows\System32\ieakeng.dll 2012-05-20 07:07 - 2012-05-20 07:07 - 00123392 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll 2012-05-20 07:07 - 2012-05-20 07:07 - 00118784 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll 2012-05-20 07:07 - 2012-05-20 07:07 - 00110592 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll 2012-05-20 07:07 - 2012-05-20 07:07 - 00101888 ____A (Microsoft Corporation) C:\Windows\System32\admparse.dll 2012-05-20 07:07 - 2012-05-20 07:07 - 00086528 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll 2012-05-20 07:07 - 2012-05-20 07:07 - 00078848 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll 2012-05-20 07:07 - 2012-05-20 07:07 - 00076800 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe 2012-05-20 07:07 - 2012-05-20 07:07 - 00074752 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe 2012-05-20 07:07 - 2012-05-20 07:07 - 00074752 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll 2012-05-20 07:07 - 2012-05-20 07:07 - 00074240 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe 2012-05-20 07:07 - 2012-05-20 07:07 - 00066048 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll 2012-05-20 07:07 - 2012-05-20 07:07 - 00063488 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx 2012-05-20 07:07 - 2012-05-20 07:07 - 00054272 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll 2012-05-20 07:07 - 2012-05-20 07:07 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll 2012-05-20 07:07 - 2012-05-20 07:07 - 00041472 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll 2012-05-20 07:07 - 2012-05-20 07:07 - 00035840 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll 2012-05-20 07:07 - 2012-05-20 07:07 - 00031744 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll 2012-05-20 07:07 - 2012-05-20 07:07 - 00023552 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll 2012-05-20 07:07 - 2012-05-20 07:07 - 00011776 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe 2012-05-20 07:07 - 2012-05-20 07:07 - 00010752 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe 2012-05-20 07:04 - 2012-05-20 07:04 - 00000000 ____D C:\Users\All Users\UUdb 2012-05-20 07:04 - 2012-05-20 07:04 - 00000000 ____D C:\Users\All Users\DesktopIcons 2012-05-20 07:04 - 2012-05-20 07:04 - 00000000 ____D C:\Users\All Users\1und1InternetExplorerAddon 2012-05-20 07:04 - 2012-05-20 07:04 - 00000000 ____D C:\Program Files\WEB.DE Toolbar 2012-05-20 07:04 - 2012-05-20 07:04 - 00000000 ____D C:\Program Files\1und1Softwareaktualisierung 2012-05-20 04:00 - 2012-05-20 04:00 - 00000000 ____D C:\Users\Sabrina Pech\AppData\Roaming\Avira 2012-05-20 03:54 - 2012-05-20 03:54 - 00001940 ____A C:\Users\Public\Desktop\Avira Control Center.lnk 2012-05-20 03:54 - 2012-05-20 03:54 - 00000000 ____D C:\Users\All Users\Avira 2012-05-20 03:54 - 2012-05-20 03:54 - 00000000 ____D C:\Program Files\Avira 2012-05-20 03:53 - 2012-05-20 03:53 - 00419488 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe 2012-05-20 03:53 - 2011-12-25 03:29 - 00070304 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl 2012-05-20 03:25 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\DriverStore 2012-05-20 03:19 - 2009-07-25 17:27 - 00000000 ____D C:\Windows\System32\Drivers\de-DE 2012-05-20 03:19 - 2009-07-25 17:27 - 00000000 ____D C:\Windows\de-DE 2012-05-20 03:19 - 2009-07-13 20:52 - 00000000 ____D C:\Program Files\Windows Sidebar 2012-05-20 03:19 - 2009-07-13 20:52 - 00000000 ____D C:\Program Files\Windows Portable Devices 2012-05-20 03:19 - 2009-07-13 20:52 - 00000000 ____D C:\Program Files\Windows Photo Viewer 2012-05-20 03:19 - 2009-07-13 20:52 - 00000000 ____D C:\Program Files\Windows Defender 2012-05-20 03:19 - 2009-07-13 20:52 - 00000000 ____D C:\Program Files\DVD Maker 2012-05-20 03:19 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\AdvancedInstallers 2012-05-20 03:19 - 2009-07-13 18:37 - 00000000 ____D C:\Program Files\Common Files\System 2012-05-20 03:09 - 2009-07-13 18:05 - 00152576 ____A (Microsoft Corporation) C:\Windows\System32\msclmd.dll 2012-05-20 02:52 - 2012-05-20 02:52 - 00000000 ____D C:\Windows\System32\SPReview 2012-05-20 01:12 - 2012-05-18 05:36 - 00018353 ____A C:\Users\Sabrina Pech\Desktop\Lebenslauf.Sabrina.aktuell.Mai2012.odt 2012-05-20 00:52 - 2011-01-20 00:17 - 00001984 ____A C:\Users\Public\Desktop\Adobe Reader 9.lnk 2012-05-17 15:11 - 2012-06-17 05:11 - 12314624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2012-05-17 14:48 - 2012-06-17 05:11 - 09737728 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2012-05-17 14:45 - 2012-06-17 05:11 - 01800192 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2012-05-17 14:36 - 2012-06-17 05:11 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2012-05-17 14:35 - 2012-06-17 05:11 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2012-05-17 14:35 - 2012-06-17 05:11 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2012-05-17 14:33 - 2012-06-17 05:11 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll 2012-05-17 14:31 - 2012-06-17 05:11 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2012-05-17 14:29 - 2012-06-17 05:11 - 00716800 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2012-05-17 14:29 - 2012-06-17 05:11 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe 2012-05-17 14:27 - 2012-06-17 05:11 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2012-05-17 14:25 - 2012-06-17 05:11 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll 2012-05-17 14:24 - 2012-06-17 05:12 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2012-05-17 14:20 - 2012-06-17 05:11 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2012-05-14 17:05 - 2012-06-16 07:50 - 02343936 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys 2012-05-06 23:35 - 2009-07-13 20:53 - 00032640 ____A C:\Windows\Tasks\SCHEDLGU.TXT 2012-05-04 01:11 - 2012-04-28 08:05 - 00000000 ____D C:\Users\Sabrina Pech\Diplomarbeit 2012-05-03 03:17 - 2012-05-03 03:17 - 00001068 ____A C:\Users\Public\Desktop\Picasa 3.lnk 2012-05-03 03:17 - 2011-12-25 03:29 - 00000000 ____D C:\Users\Sabrina Pech\AppData\Local\Google 2012-05-03 03:16 - 2011-12-25 03:29 - 00000000 ____D C:\Program Files\Google 2012-05-02 06:40 - 2012-05-02 06:40 - 00002044 ____A C:\Users\Sabrina Pech\Desktop\Zugang Kinderhaus.RDP 2012-05-02 06:38 - 2012-05-02 06:38 - 00000000 ___AH C:\Users\Sabrina Pech\Documents\Default.rdp 2012-05-01 16:46 - 2012-05-01 16:46 - 04472832 ____A (Google Inc.) C:\Windows\System32\GPhotos.scr 2012-04-30 20:44 - 2012-06-16 07:50 - 00164352 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll 2012-04-27 19:17 - 2012-06-16 07:50 - 00183808 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys 2012-04-27 00:20 - 2012-05-20 03:54 - 00137928 ____A (Avira GmbH) C:\Windows\System32\Drivers\avipbb.sys 2012-04-25 20:45 - 2012-06-16 07:50 - 00129536 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll 2012-04-25 20:45 - 2012-06-16 07:50 - 00058880 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll 2012-04-25 20:41 - 2012-06-16 07:50 - 00008192 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe 2012-04-24 14:32 - 2012-05-20 03:54 - 00083392 ____A (Avira GmbH) C:\Windows\System32\Drivers\avgntflt.sys 2012-04-23 20:36 - 2012-06-16 07:50 - 01158656 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll 2012-04-23 20:36 - 2012-06-16 07:50 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll 2012-04-23 20:36 - 2012-06-16 07:50 - 00103936 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll 2012-04-16 11:17 - 2012-05-20 03:54 - 00036000 ____A (Avira GmbH) C:\Windows\System32\Drivers\avkmgr.sys 2012-04-07 03:26 - 2012-06-16 07:50 - 02342400 ____A (Microsoft Corporation) C:\Windows\System32\msi.dll 2012-04-04 05:56 - 2012-06-19 05:01 - 00022344 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys 2012-03-30 20:39 - 2012-05-09 08:36 - 03968368 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe 2012-03-30 20:39 - 2012-05-09 08:36 - 03913072 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe 2012-03-30 02:23 - 2012-05-09 08:36 - 01291632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys ZeroAccess: C:\Windows\Installer\{7a1f4d6b-74d1-a62f-b0c6-a8eaefe2fe2b} C:\Windows\Installer\{7a1f4d6b-74d1-a62f-b0c6-a8eaefe2fe2b}\L C:\Windows\Installer\{7a1f4d6b-74d1-a62f-b0c6-a8eaefe2fe2b}\U C:\Windows\Installer\{7a1f4d6b-74d1-a62f-b0c6-a8eaefe2fe2b}\U\00000001.@ C:\Windows\Installer\{7a1f4d6b-74d1-a62f-b0c6-a8eaefe2fe2b}\U\80000000.@ C:\Windows\Installer\{7a1f4d6b-74d1-a62f-b0c6-a8eaefe2fe2b}\U\800000cb.@ ZeroAccess: C:\Users\Sabrina Pech\AppData\Local\{7a1f4d6b-74d1-a62f-b0c6-a8eaefe2fe2b} C:\Users\Sabrina Pech\AppData\Local\{7a1f4d6b-74d1-a62f-b0c6-a8eaefe2fe2b}\@ C:\Users\Sabrina Pech\AppData\Local\{7a1f4d6b-74d1-a62f-b0c6-a8eaefe2fe2b}\L C:\Users\Sabrina Pech\AppData\Local\{7a1f4d6b-74d1-a62f-b0c6-a8eaefe2fe2b}\U ========================= Known DLLs (Whitelisted) ============ ========================= Bamital & volsnap Check ============ C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe A302BBFF2A7278C0E239EE5D471D86A9 ZeroAccess <==== ATTENTION!. C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ========================= Memory info ====================== Percentage of memory in use: 34% Total physical RAM: 1015.24 MB Available physical RAM: 663.39 MB Total Pagefile: 1015.24 MB Available Pagefile: 664.38 MB Total Virtual: 2047.88 MB Available Virtual: 1968.7 MB ======================= Partitions ========================= 1 Drive c: () (Fixed) (Total:80 GB) (Free:50.61 GB) NTFS ==>[Drive with boot components (obtained from BCD)] 2 Drive d: () (Fixed) (Total:59.03 GB) (Free:58.94 GB) NTFS 3 Drive e: () (Removable) (Total:14.83 GB) (Free:14.83 GB) FAT32 4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS Disk ### Status Size Free Dyn Gpt -------- ------------- ------- ------- --- --- Disk 0 Online 149 GB 0 B Disk 1 Online 14 GB 0 B Partitions of Disk 0: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 80 GB 1024 KB Partition 2 Primary 59 GB 80 GB Partition 3 Primary 10 GB 139 GB Partition 4 Primary 15 MB 149 GB ====================================================================================================== Disk: 0 Partition 1 Type : 07 Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 0 C NTFS Partition 80 GB Healthy ====================================================================================================== Disk: 0 Partition 2 Type : 07 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 1 D NTFS Partition 59 GB Healthy ====================================================================================================== Disk: 0 Partition 3 Type : 1B Hidden: Yes Active: No There is no volume associated with this partition. ====================================================================================================== Disk: 0 Partition 4 Type : EF Hidden: Yes Active: No There is no volume associated with this partition. ====================================================================================================== Partitions of Disk 1: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 14 GB 4096 KB ====================================================================================================== Disk: 1 Partition 1 Type : 0C Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 2 E FAT32 Removable 14 GB Healthy ====================================================================================================== ========================================================== Last Boot: 2012-06-19 08:16 ======================= End Of Log ========================== |
|
26.06.2012, 07:48
| #10 |
| /// Malwareteam | TR/small.Fi Suche mit FRST
Klicke auf search - das Tool erstellt eine search.txt auf deinem Stick. Poste den Inhalt bitte hier.
__________________ Kein Asylrecht für Trojaner! Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
|
26.06.2012, 19:40
| #11 |
| | TR/small.Fi hier der neue log Code:
ATTFilter Farbar Recovery Scan Tool Version: 20-06-2012 01
Ran by SYSTEM at 2012-06-26 20:29:46
Running from E:\
================== Search: "services.exe" ===================
C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe
[2009-07-13 15:11] - [2009-07-13 17:14] - 0259072 ____A (Microsoft Corporation) 5F1B6A9C35D3D5CA72D6D6FDEF9747D6
C:\Windows\System32\services.exe
[2009-07-13 15:11] - [2009-07-13 17:14] - 0259072 ____A (Microsoft Corporation) A302BBFF2A7278C0E239EE5D471D86A9
=== End Of Search ===
|
|
27.06.2012, 12:43
| #12 | |
| /// Malwareteam | TR/small.Fi AHA! Schritt 1: Fix mit FRST Drücke bitte die  + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter C:\Windows\Installer\{7a1f4d6b-74d1-a62f-b0c6-a8eaefe2fe2b}
C:\Users\Sabrina Pech\AppData\Local\{7a1f4d6b-74d1-a62f-b0c6-a8eaefe2fe2b}
replace: C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe C:\Windows\System32\services.exe
Schritt 2: Combofix Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!Downloade dir bitte Combofix von einem dieser Downloadspiegel Link 1 Link 2 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
Schritt 3: FSS Downloade dir bitte Farbar's Service Scanner
__________________ Kein Asylrecht für Trojaner! Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
|
28.06.2012, 18:05
| #13 |
| | TR/small.Fi Hallo Marius, hier die 3 log files Fixlog Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 20-06-2012 01
Ran by SYSTEM at 2012-06-28 18:12:26 Run:1
Running from E:\
==============================================
C:\Windows\Installer\{7a1f4d6b-74d1-a62f-b0c6-a8eaefe2fe2b} moved successfully.
C:\Users\Sabrina Pech\AppData\Local\{7a1f4d6b-74d1-a62f-b0c6-a8eaefe2fe2b} moved successfully.
C:\Windows\System32\services.exe moved successfully.
C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe copied successfully to C:\Windows\System32\services.exe
==== End of Fixlog ====
Code:
ATTFilter ComboFix 12-06-28.01 - Sabrina Pech 28.06.2012 18:25:00.1.2 - x86
Microsoft Windows 7 Starter 6.1.7601.1.1252.49.1031.18.1015.342 [GMT 2:00]
ausgeführt von:: c:\users\Sabrina Pech\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Outdated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Outdated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\xp-AntiSpy
c:\program files\xp-AntiSpy\Uninstall.exe
c:\program files\xp-AntiSpy\xp-AntiSpy.chm
c:\program files\xp-AntiSpy\xp-AntiSpy.exe
c:\program files\xp-AntiSpy\xp-AntiSpy.url
c:\users\Sabrina Pech\4.0
c:\windows\Installer\{7a1f4d6b-74d1-a62f-b0c6-a8eaefe2fe2b}\@
c:\windows\Installer\{7a1f4d6b-74d1-a62f-b0c6-a8eaefe2fe2b}\U\00000001.@
c:\windows\Installer\{7a1f4d6b-74d1-a62f-b0c6-a8eaefe2fe2b}\U\80000000.@
c:\windows\Installer\{7a1f4d6b-74d1-a62f-b0c6-a8eaefe2fe2b}\U\800000cb.@
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-05-28 bis 2012-06-28 ))))))))))))))))))))))))))))))
.
.
2012-06-22 22:14 . 2012-06-22 22:16 -------- d-----w- C:\FRST
2012-06-21 17:28 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-21 17:28 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-21 17:28 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-21 17:28 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-21 17:27 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-21 17:27 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-21 17:27 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-21 17:27 . 2012-06-02 13:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-21 17:27 . 2012-06-02 13:12 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-20 15:36 . 2012-06-20 15:36 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-06-19 13:01 . 2012-06-19 13:01 -------- d-----w- c:\users\Sabrina Pech\AppData\Roaming\Malwarebytes
2012-06-19 13:01 . 2012-06-19 13:01 -------- d-----w- c:\programdata\Malwarebytes
2012-06-19 13:01 . 2012-06-19 13:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-06-19 13:01 . 2012-04-04 13:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-17 13:12 . 2012-05-17 22:24 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-06-16 15:50 . 2012-04-28 03:17 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-16 15:50 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\system32\msi.dll
2012-06-16 15:50 . 2012-05-15 01:05 2343936 ----a-w- c:\windows\system32\win32k.sys
2012-06-16 15:50 . 2012-04-26 04:45 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-16 15:50 . 2012-04-26 04:45 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-16 15:50 . 2012-04-26 04:41 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-16 15:50 . 2012-05-01 04:44 164352 ----a-w- c:\windows\system32\profsvc.dll
2012-06-16 15:50 . 2012-04-24 04:36 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-16 15:50 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\system32\crypt32.dll
2012-06-16 15:50 . 2012-04-24 04:36 103936 ----a-w- c:\windows\system32\cryptnet.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-20 15:20 . 2012-05-20 15:20 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-05-20 15:07 . 2012-05-20 15:07 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-05-20 15:07 . 2012-05-20 15:07 161792 ----a-w- c:\windows\system32\msls31.dll
2012-05-20 15:07 . 2012-05-20 15:07 86528 ----a-w- c:\windows\system32\iesysprep.dll
2012-05-20 15:07 . 2012-05-20 15:07 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-05-20 15:07 . 2012-05-20 15:07 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-05-20 15:07 . 2012-05-20 15:07 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-05-20 15:07 . 2012-05-20 15:07 74752 ----a-w- c:\windows\system32\iesetup.dll
2012-05-20 15:07 . 2012-05-20 15:07 63488 ----a-w- c:\windows\system32\tdc.ocx
2012-05-20 15:07 . 2012-05-20 15:07 367104 ----a-w- c:\windows\system32\html.iec
2012-05-20 15:07 . 2012-05-20 15:07 23552 ----a-w- c:\windows\system32\licmgr10.dll
2012-05-20 15:07 . 2012-05-20 15:07 152064 ----a-w- c:\windows\system32\wextract.exe
2012-05-20 15:07 . 2012-05-20 15:07 150528 ----a-w- c:\windows\system32\iexpress.exe
2012-05-20 15:07 . 2012-05-20 15:07 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-05-20 15:07 . 2012-05-20 15:07 35840 ----a-w- c:\windows\system32\imgutil.dll
2012-05-20 15:07 . 2012-05-20 15:07 11776 ----a-w- c:\windows\system32\mshta.exe
2012-05-20 15:07 . 2012-05-20 15:07 101888 ----a-w- c:\windows\system32\admparse.dll
2012-05-20 11:53 . 2012-05-20 11:53 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-20 11:53 . 2011-12-25 11:29 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-20 11:09 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2012-05-18 13:38 . 2012-05-18 13:38 163048 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10141.bin
2012-05-14 23:43 . 2012-05-20 10:55 6737808 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5B4FFB64-9DF5-44E2-AA2D-01FD80856C6B}\mpengine.dll
2012-05-02 00:46 . 2012-05-02 00:46 4472832 ----a-w- c:\windows\system32\GPhotos.scr
2012-04-27 08:20 . 2012-05-20 11:54 137928 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-04-24 22:32 . 2012-05-20 11:54 83392 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-04-16 19:17 . 2012-05-20 11:54 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-03-31 04:39 . 2012-05-09 16:36 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-03-31 04:39 . 2012-05-09 16:36 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{17166733-40EA-4432-A85C-AE672FF0E236}]
2011-05-11 15:38 154216 ----a-w- c:\programdata\1und1InternetExplorerAddon\BHOXML.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BF42D4A8-016E-4fcd-B1EB-837659FD77C6}]
2012-02-02 18:11 1602664 ----a-w- c:\program files\WEB.DE Toolbar\IE\uitb.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{C424171E-592A-415a-9EB1-DFD6D95D3530}"= "c:\program files\WEB.DE Toolbar\IE\uitb.dll" [2012-02-02 1602664]
.
[HKEY_CLASSES_ROOT\clsid\{c424171e-592a-415a-9eb1-dfd6d95d3530}]
[HKEY_CLASSES_ROOT\uitb.Toolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{99F77431-0658-476F-99CE-A05F35CDC7BA}]
[HKEY_CLASSES_ROOT\uitb.Toolbar]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{C424171E-592A-415A-9EB1-DFD6D95D3530}"= "c:\program files\WEB.DE Toolbar\IE\uitb.dll" [2012-02-02 1602664]
.
[HKEY_CLASSES_ROOT\clsid\{c424171e-592a-415a-9eb1-dfd6d95d3530}]
[HKEY_CLASSES_ROOT\uitb.Toolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{99F77431-0658-476F-99CE-A05F35CDC7BA}]
[HKEY_CLASSES_ROOT\uitb.Toolbar]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Eee Docking"="c:\program files\ASUS\Eee Docking\Eee Docking.exe" [2009-08-17 402608]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-07-20 1545512]
"SynAsusAcpi"="c:\program files\Synaptics\SynTP\SynAsusAcpi.exe" [2009-07-20 83240]
"SuperHybridEngine"="AsusSender.exe" [2009-08-18 27648]
"HotkeyService"="AsusSender.exe" [2009-08-18 27648]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-07-20 7625248]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-05-01 348624]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HotKeyMon.lnk - c:\program files\EeePC\HotkeyService\HotKeyMon.exe [2009-9-12 100328]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-03-27 12:41 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2011-11-01 22:25 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
2011-03-01 13:28 119608 ----a-w- c:\program files\ICQ7.4\ICQ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-12-08 00:36 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2011-12-25 11:30 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [x]
S2 AsusService;Asus Launcher Service;c:\windows\System32\AsusService.exe [x]
S2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [x]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [x]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x86.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc
.
Inhalt des "geplante Tasks" Ordners
.
2012-06-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-20 11:53]
.
2012-06-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-12-25 11:29]
.
2012-06-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-12-25 11:29]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - c:\program files\ICQ7.4\ICQ.exe
TCP: DhcpNameServer = 192.168.178.1
Handler: webde - {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - c:\program files\WEB.DE Toolbar\IE\uitb.dll
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
MSConfigStartUp-msnmsgr - c:\program files\Windows Live\Messenger\msnmsgr.exe
AddRemove-Free YouTube Download_is1 - c:\program files\DVDVideoSoft\Free YouTube Download\unins000.exe
AddRemove-xp-AntiSpy - c:\program files\xp-AntiSpy\Uninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\taskhost.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\conhost.exe
c:\windows\system32\WUDFHost.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\conhost.exe
c:\program files\EeePC\HotkeyService\HotkeyService.exe
c:\program files\EeePC\SHE\SuperHybridEngine.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-06-28 18:50:26 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-06-28 16:50
.
Vor Suchlauf: 9 Verzeichnis(se), 54.501.289.984 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 54.583.021.568 Bytes frei
.
- - End Of File - - 896F9D5E4FBFB49478CE182AFB3D22C8
Code:
ATTFilter Farbar Service Scanner Version: 25-06-2012 01
Ran by Sabrina Pech (administrator) on 28-06-2012 at 19:01:26
Running from "C:\Users\Sabrina Pech\Desktop"
Microsoft Windows 7 Starter Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.
Windows Firewall:
=============
Firewall Disabled Policy:
==================
System Restore:
============
System Restore Disabled Policy:
========================
File Check:
========
C:\windows\system32\nsisvc.dll => MD5 is legit
C:\windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\windows\system32\dhcpcore.dll => MD5 is legit
C:\windows\system32\Drivers\afd.sys => MD5 is legit
C:\windows\system32\Drivers\tdx.sys => MD5 is legit
C:\windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\windows\system32\dnsrslvr.dll => MD5 is legit
C:\windows\system32\mpssvc.dll => MD5 is legit
C:\windows\system32\bfe.dll => MD5 is legit
C:\windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\windows\system32\SDRSVC.dll => MD5 is legit
C:\windows\system32\vssvc.exe => MD5 is legit
C:\windows\system32\svchost.exe => MD5 is legit
C:\windows\system32\rpcss.dll => MD5 is legit
**** End of log ****
|
|
29.06.2012, 07:54
| #14 |
| /// Malwareteam | TR/small.Fi Sieht ganz gut aus - kontrollieren wir alles nochmal! Schritt 1: MBAM vollständig Downloade Dir bitte Malwarebytes
Schritt 2: ESET ESET Online Scanner
__________________ Kein Asylrecht für Trojaner! Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
|
29.06.2012, 15:50
| #15 |
| | TR/small.Fi Und hier diebeiden logfiles mwbm Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.06.29.05 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 Sabrina Pech :: SABRINAPECH-PC [Administrator] Schutz: Deaktiviert 29.06.2012 10:23:22 mbam-log-2012-06-29 (10-23-22).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 296231 Laufzeit: 1 Stunde(n), 43 Minute(n), 25 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 5 C:\Qoobox\Quarantine\C\Windows\Installer\{7a1f4d6b-74d1-a62f-b0c6-a8eaefe2fe2b}\U\80000000.@.vir (Trojan.Sirefef) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Qoobox\Quarantine\C\Windows\Installer\{7a1f4d6b-74d1-a62f-b0c6-a8eaefe2fe2b}\U\800000cb.@.vir (Rootkit.0Access) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\FRST\Quarantine\{7a1f4d6b-74d1-a62f-b0c6-a8eaefe2fe2b}\U\00000001.@ (Trojan.Small) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\FRST\Quarantine\{7a1f4d6b-74d1-a62f-b0c6-a8eaefe2fe2b}\U\80000000.@ (Trojan.Sirefef) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\FRST\Quarantine\{7a1f4d6b-74d1-a62f-b0c6-a8eaefe2fe2b}\U\800000cb.@ (Rootkit.0Access) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Code:
ATTFilter C:\Users\Sabrina Pech\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\46bd016e-170d97e2 probably a variant of Java/Exploit.CVE-2012-0507.CD trojan
|
|
| Themen zu TR/small.Fi |
| 80000000.@, 800000cb.@, administrator, anleitung, anti-malware, appdata, autostart, dateien, dateisystem, entfernen, ergebnis, explorer, funktioniert, funktioniert nicht, gelöscht, gen, heuristiks/extra, heuristiks/shuriken, inprocserver32, löschen, meldung, microsoft, notebook, programm, rechner, software, speicher, trojaner, win, win7 |
Linear-Darstellung
