| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Trojanisches Pferd TR/Crypt.zpack.gen2 gefunden. Kein Internet!Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
03.03.2012, 23:45
| #16 |
 |  Trojanisches Pferd TR/Crypt.zpack.gen2 gefunden. Kein Internet! Hier ist frst.txt: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST written by farbar) Version: 01-03-2012
Ran by SYSTEM at 03-03-2012 23:33:36
Running from F:\
Windows 7 Starter (X86) OS Language: English(US)
The current controlset is ControlSet001
========================== Registry (Whitelisted) =============
HKLM\...\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation)
HKLM\...\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe [1130504 2009-06-01] (Dritek System Inc.)
HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7600672 2009-07-06] (Realtek Semiconductor)
HKLM\...\Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [707104 2009-08-05] (Acer Incorporated)
HKLM\...\Run: [EgisTecLiveUpdate] "C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe" [199464 2009-08-03] (Egis Technology Inc.)
HKLM\...\Run: [mwlDaemon] C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe [349480 2009-08-06] (Egis Technology Inc.)
HKLM\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [35696 2009-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [NortonOnlineBackupReminder] "C:\Program Files\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED [588648 2009-07-24] (Symantec Corporation)
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [1537320 2009-06-18] (Synaptics Incorporated)
HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [141848 2009-09-23] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [173592 2009-09-23] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [150552 2009-09-23] (Intel Corporation)
HKLM\...\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min [281768 2011-03-29] (Avira GmbH)
HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2011-07-05] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [254696 2011-06-09] (Sun Microsystems, Inc.)
HKLM\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [460872 2012-01-13] (Malwarebytes Corporation)
HKU\Acer\...\Run: [FreeCT] C:\Program Files\FreeCountdownTimer\FreeCountdownTimer.exe -autorun [2033488 2011-05-24] (Comfort Software Group)
HKU\Acer\...\Policies\system: [LogonHoursAction] 2
HKU\Acer\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Gast\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [x]
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Tcpip\Parameters: [DhcpNameServer] 62.2.17.61 62.2.24.158 62.2.17.60 62.2.24.162
================================ Services (Whitelisted) ==================
2 AntiVirSchedulerService; "C:\Program Files\Avira\AntiVir Desktop\sched.exe" [136360 2011-04-30] (Avira GmbH)
2 AntiVirService; "C:\Program Files\Avira\AntiVir Desktop\avguard.exe" [269480 2011-07-24] (Avira GmbH)
2 ePowerSvc; C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [727584 2009-08-05] (Acer Incorporated)
2 Greg_Service; C:\Program Files\Acer\Registration\GregHSRW.exe [1150496 2009-06-04] (Acer Incorporated)
2 MBAMService; "C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe" [652360 2012-01-13] (Malwarebytes Corporation)
2 MWLService; C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe [311592 2009-08-06] (Egis Technology Inc.)
2 RS_Service; C:\Program Files\Acer\Acer VCM\RS_Service.exe [253952 2009-07-10] (Acer Incorporated)
2 Update-Service; C:\Windows\System32\UpdSvc.dll [114000 2011-11-11] (Joosoft.com GmbH)
2 Updater Service; C:\Program Files\Acer\Acer Updater\UpdaterService.exe [240160 2009-07-03] (Acer)
========================== Drivers (Whitelisted) =============
2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [66616 2011-07-24] (Avira GmbH)
1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [138192 2011-07-24] (Avira GmbH)
3 BridgeMP; C:\Windows\System32\DRIVERS\bridge.sys [78336 2009-07-13] (Microsoft Corporation)
3 DKbFltr; C:\Windows\System32\DRIVERS\DKbFltr.sys [21000 2009-03-25] (Dritek System Inc.)
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [20464 2011-12-10] (Malwarebytes Corporation)
1 mwlPSDFilter; C:\Windows\System32\DRIVERS\mwlPSDFilter.sys [18992 2009-06-02] (Egis Technology Inc.)
1 mwlPSDNServ; C:\Windows\System32\DRIVERS\mwlPSDNServ.sys [16432 2009-06-02] (Egis Technology Inc.)
1 mwlPSDVDisk; C:\Windows\System32\DRIVERS\mwlPSDVDisk.sys [60976 2009-06-02] (Egis Technology Inc.)
1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2009-05-11] (Avira GmbH)
3 catchme; \??\C:\Users\Acer\AppData\Local\Temp\catchme.sys [x]
3 RtsUIR; C:\Windows\System32\DRIVERS\Rts516xIR.sys [x]
3 USBCCID; C:\Windows\System32\DRIVERS\RtsUCcid.sys [x]
========================== NetSvcs (Whitelisted) ===========
============ One Month Created Files and Folders ==============
2012-03-02 12:42 - 2012-03-02 12:43 - 0000000 ____D C:\Avenger
2012-03-02 12:42 - 2012-03-02 12:42 - 0001298 ____A C:\avenger.txt
2012-03-02 12:36 - 2012-03-02 12:37 - 0731136 ____A C:\Users\Acer\Desktop\avenger.exe
2012-03-01 07:31 - 2012-03-01 07:31 - 0010851 ____A C:\ComboFix.txt
2012-03-01 07:25 - 2012-03-01 07:25 - 0000000 __SHD C:\$RECYCLE.BIN
2012-03-01 07:03 - 2012-03-01 07:32 - 0000000 ____D C:\ComboFix
2012-03-01 06:58 - 2012-03-01 06:58 - 4423209 ____R (Swearware) C:\Users\Acer\Desktop\ComboFix.exe
2012-02-28 15:07 - 2012-02-28 15:07 - 0302592 ____A C:\Users\Acer\Desktop\r8z3xleh.exe
2012-02-27 16:57 - 2012-02-27 16:57 - 9705472 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-02-27 16:57 - 2012-02-27 16:57 - 3695416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2012-02-27 16:57 - 2012-02-27 16:57 - 2382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-02-27 16:57 - 2012-02-27 16:57 - 1798656 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-02-27 16:57 - 2012-02-27 16:57 - 1792000 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-02-27 16:57 - 2012-02-27 16:57 - 1427456 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-02-27 16:57 - 2012-02-27 16:57 - 12282368 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-02-27 16:57 - 2012-02-27 16:57 - 1127424 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-02-27 16:57 - 2012-02-27 16:57 - 1103360 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-02-27 16:57 - 2012-02-27 16:57 - 0716800 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-02-27 16:57 - 2012-02-27 16:57 - 0580608 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-02-27 16:57 - 2012-02-27 16:57 - 0434176 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2012-02-27 16:57 - 2012-02-27 16:57 - 0420864 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-02-27 16:57 - 2012-02-27 16:57 - 0367104 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2012-02-27 16:57 - 2012-02-27 16:57 - 0353792 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2012-02-27 16:57 - 2012-02-27 16:57 - 0353584 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2012-02-27 16:57 - 2012-02-27 16:57 - 0231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-02-27 16:57 - 2012-02-27 16:57 - 0227840 ____A (Microsoft Corporation) C:\Windows\System32\ieaksie.dll
2012-02-27 16:57 - 2012-02-27 16:57 - 0223232 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2012-02-27 16:57 - 2012-02-27 16:57 - 0203776 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2012-02-27 16:57 - 2012-02-27 16:57 - 0176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-02-27 16:57 - 2012-02-27 16:57 - 0163840 ____A (Microsoft Corporation) C:\Windows\System32\ieakui.dll
2012-02-27 16:57 - 2012-02-27 16:57 - 0162304 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2012-02-27 16:57 - 2012-02-27 16:57 - 0161792 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2012-02-27 16:57 - 2012-02-27 16:57 - 0152064 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2012-02-27 16:57 - 2012-02-27 16:57 - 0150528 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2012-02-27 16:57 - 2012-02-27 16:57 - 0142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-02-27 16:57 - 2012-02-27 16:57 - 0130560 ____A (Microsoft Corporation) C:\Windows\System32\ieakeng.dll
2012-02-27 16:57 - 2012-02-27 16:57 - 0123392 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2012-02-27 16:57 - 2012-02-27 16:57 - 0118784 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2012-02-27 16:57 - 2012-02-27 16:57 - 0110592 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2012-02-27 16:57 - 2012-02-27 16:57 - 0101888 ____A (Microsoft Corporation) C:\Windows\System32\admparse.dll
2012-02-27 16:57 - 2012-02-27 16:57 - 0086528 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2012-02-27 16:57 - 2012-02-27 16:57 - 0078848 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2012-02-27 16:57 - 2012-02-27 16:57 - 0076800 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2012-02-27 16:57 - 2012-02-27 16:57 - 0074752 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2012-02-27 16:57 - 2012-02-27 16:57 - 0074752 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2012-02-27 16:57 - 2012-02-27 16:57 - 0074240 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2012-02-27 16:57 - 2012-02-27 16:57 - 0072822 ____A C:\Windows\System32\ieuinit.inf
2012-02-27 16:57 - 2012-02-27 16:57 - 0072704 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-02-27 16:57 - 2012-02-27 16:57 - 0066048 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2012-02-27 16:57 - 2012-02-27 16:57 - 0065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-02-27 16:57 - 2012-02-27 16:57 - 0063488 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2012-02-27 16:57 - 2012-02-27 16:57 - 0054272 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2012-02-27 16:57 - 2012-02-27 16:57 - 0048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2012-02-27 16:57 - 2012-02-27 16:57 - 0041472 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2012-02-27 16:57 - 2012-02-27 16:57 - 0035840 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2012-02-27 16:57 - 2012-02-27 16:57 - 0031744 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2012-02-27 16:57 - 2012-02-27 16:57 - 0023552 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2012-02-27 16:57 - 2012-02-27 16:57 - 0011776 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2012-02-27 16:57 - 2012-02-27 16:57 - 0010752 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2012-02-27 16:30 - 2012-02-27 16:30 - 0001629 ____A C:\Windows\System32\FSS.txt
2012-02-27 15:59 - 2011-06-25 22:45 - 0256000 ____A C:\Windows\PEV.exe
2012-02-27 15:59 - 2010-11-07 09:20 - 0208896 ____A C:\Windows\MBR.exe
2012-02-27 15:59 - 2009-04-19 20:56 - 0060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-02-27 15:59 - 2000-08-30 16:00 - 0518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-02-27 15:59 - 2000-08-30 16:00 - 0406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-02-27 15:59 - 2000-08-30 16:00 - 0098816 ____A C:\Windows\sed.exe
2012-02-27 15:59 - 2000-08-30 16:00 - 0080412 ____A C:\Windows\grep.exe
2012-02-27 15:59 - 2000-08-30 16:00 - 0068096 ____A C:\Windows\zip.exe
2012-02-27 15:55 - 2012-02-27 15:55 - 0337133 ____A C:\Users\Acer\Downloads\FSS.exe
2012-02-27 15:49 - 2012-02-27 15:50 - 4420957 ____A (Swearware) C:\Users\Acer\Downloads\ComboFix.exe
2012-02-27 13:23 - 2012-02-28 15:57 - 0004900 ____A C:\Users\Acer\Desktop\gmer.txt
2012-02-27 09:06 - 2012-02-27 09:06 - 0144960 ____A C:\Windows\Minidump\022712-17643-01.dmp
2012-02-27 09:06 - 2012-02-27 09:06 - 0000000 ____D C:\Windows\Minidump
2012-02-27 09:05 - 2012-02-27 09:05 - 326712483 ____A C:\Windows\MEMORY.DMP
2012-02-27 08:29 - 2012-02-27 08:29 - 0302592 ____A C:\Users\Acer\Downloads\g20q7onb.exe
2012-02-26 16:04 - 2012-02-26 16:04 - 0005885 ____A C:\Users\Acer\Desktop\Attach.txt
2012-02-26 16:00 - 2012-02-26 16:00 - 0012813 ____A C:\Users\Acer\Desktop\DDS.txt
2012-02-26 15:50 - 2012-02-26 15:50 - 0000000 ____A C:\Users\Acer\defogger_reenable
2012-02-26 15:47 - 2012-02-26 15:47 - 0302592 ____A C:\Users\Acer\Downloads\hk4txtc9.exe
2012-02-26 15:43 - 2012-02-26 15:43 - 0607260 ____R (Swearware) C:\Users\Acer\Downloads\dds.com
2012-02-26 15:41 - 2012-02-26 15:41 - 0050477 ____A C:\Users\Acer\Downloads\Defogger.exe
2012-02-26 15:31 - 2012-02-26 15:31 - 0004008 ____A C:\Users\Acer\Desktop\Ereignisse2.txt
2012-02-26 15:30 - 2012-02-26 15:30 - 0008624 ____A C:\Users\Acer\Desktop\Ereignisse.txt
2012-02-19 09:26 - 2012-02-19 09:26 - 0553863 ____A C:\Users\Acer\Downloads\2011_06_29_SkinEdit_alpha3_pre7_fix.zip
2012-02-19 06:39 - 2012-02-19 06:42 - 24554628 ____A C:\Users\Acer\Downloads\GammlerPlay.zip
2012-02-18 16:03 - 2012-02-18 16:05 - 0000022 ____A C:\Users\Acer\Downloads\Star Wars Skin Pack V4.zip
2012-02-18 15:26 - 2012-02-18 15:41 - 14513553 ____A C:\Users\Acer\Downloads\DokuCraft - The Saga Continues 1.2.zip
2012-02-18 15:18 - 2012-02-18 15:18 - 4389435 ____A C:\Users\Acer\Downloads\DokuCraft_218326.zip
2012-02-18 14:20 - 2012-02-21 11:08 - 0000426 ____A C:\Users\Acer\Desktop\settings.xml
2012-02-18 10:53 - 2012-02-18 11:17 - 0000417 ____A C:\Windows\System32\settings.xml
2012-02-18 04:38 - 2012-02-18 04:38 - 0000000 ____D C:\Windows\Sun
2012-02-18 04:02 - 2011-12-29 21:27 - 0478720 ____A (Microsoft Corporation) C:\Windows\System32\timedate.cpl
2012-02-18 04:01 - 2012-02-18 04:01 - 0000681 ____A C:\Users\Acer\Desktop\Minecraft.exe - Verknüpfung.lnk
2012-02-18 04:01 - 2012-01-04 00:59 - 12872704 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-02-18 04:01 - 2012-01-04 00:58 - 0442880 ____A (Microsoft Corporation) C:\Windows\System32\ntshrui.dll
2012-02-18 04:01 - 2011-12-15 23:52 - 0690688 ____A (Microsoft Corporation) C:\Windows\System32\msvcrt.dll
2012-02-18 04:00 - 2012-01-13 19:35 - 2343424 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-02-18 03:39 - 2012-02-18 03:39 - 0510657 ____A C:\Users\Acer\Downloads\MCSkinEdit_a3_pre5.zip
2012-02-11 08:58 - 2012-02-26 12:49 - 0000000 ___RD C:\Users\Acer\Desktop\let's play's svenweisven
2012-02-11 07:10 - 2012-02-11 07:10 - 0000000 ____D C:\Users\Acer\AppData\Local\{E09BE6F8-59E7-489F-B41E-CCB4F4175006}
2012-02-11 07:10 - 2012-02-11 07:10 - 0000000 ____D C:\Users\Acer\AppData\Local\{11BC444D-7AF9-43B6-B0AF-BF4BC8FF9787}
2012-02-11 03:09 - 2012-02-11 03:10 - 0270142 ____A C:\Users\Acer\Downloads\Minecraft.exe
2012-02-07 11:30 - 2012-02-07 11:30 - 0000000 ____D C:\Program Files\AC3Filter
2012-02-07 11:30 - 2009-08-11 12:18 - 0497664 ____A C:\Windows\System32\ac3filter.acm
============ 3 Months Modified Files and Folders ===============
2012-03-03 23:33 - 2012-03-03 23:33 - 0000000 ____D C:\FRST
2012-03-03 14:24 - 2009-07-13 20:34 - 0009696 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-03-03 14:24 - 2009-07-13 20:34 - 0009696 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-03-03 14:21 - 2009-09-16 10:36 - 797396992 __ASH C:\hiberfil.sys
2012-03-03 14:21 - 2009-08-14 01:26 - 0845514 ____A C:\Windows\PFRO.log
2012-03-03 14:21 - 2009-07-13 20:53 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2012-03-03 14:21 - 2009-07-13 20:39 - 0057650 ____A C:\Windows\setupact.log
2012-03-03 14:12 - 2009-09-16 10:39 - 1797165 ____A C:\Windows\WindowsUpdate.log
2012-03-03 14:11 - 2009-08-14 00:37 - 1498506 ____A C:\Windows\System32\PerfStringBackup.INI
2012-03-02 12:43 - 2012-03-02 12:42 - 0000000 ____D C:\Avenger
2012-03-02 12:42 - 2012-03-02 12:42 - 0001298 ____A C:\avenger.txt
2012-03-02 12:37 - 2012-03-02 12:36 - 0731136 ____A C:\Users\Acer\Desktop\avenger.exe
2012-03-01 07:32 - 2012-03-01 07:03 - 0000000 ____D C:\ComboFix
2012-03-01 07:32 - 2012-01-06 11:00 - 0000000 ____D C:\Qoobox
2012-03-01 07:31 - 2012-03-01 07:31 - 0010851 ____A C:\ComboFix.txt
2012-03-01 07:25 - 2012-03-01 07:25 - 0000000 __SHD C:\$RECYCLE.BIN
2012-03-01 07:25 - 2009-07-13 18:04 - 0000215 ____A C:\Windows\system.ini
2012-03-01 07:25 - 2009-07-13 18:04 - 0000027 ____A C:\Windows\System32\Drivers\etc\hosts
2012-03-01 07:23 - 2012-01-06 11:00 - 0000000 ____D C:\Windows\ERDNT
2012-03-01 06:58 - 2012-03-01 06:58 - 4423209 ____R (Swearware) C:\Users\Acer\Desktop\ComboFix.exe
2012-02-28 15:57 - 2012-02-27 13:23 - 0004900 ____A C:\Users\Acer\Desktop\gmer.txt
2012-02-28 15:07 - 2012-02-28 15:07 - 0302592 ____A C:\Users\Acer\Desktop\r8z3xleh.exe
2012-02-28 04:32 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\rescache
2012-02-28 02:18 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\Microsoft.NET
2012-02-28 01:32 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\de-DE
2012-02-27 16:59 - 2011-10-11 06:42 - 0021282 ____A C:\Windows\IE9_main.log
2012-02-27 16:57 - 2012-02-27 16:57 - 9705472 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-02-27 16:57 - 2012-02-27 16:57 - 3695416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2012-02-27 16:57 - 2012-02-27 16:57 - 2382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-02-27 16:57 - 2012-02-27 16:57 - 1798656 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-02-27 16:57 - 2012-02-27 16:57 - 1792000 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-02-27 16:57 - 2012-02-27 16:57 - 1427456 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-02-27 16:57 - 2012-02-27 16:57 - 12282368 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-02-27 16:57 - 2012-02-27 16:57 - 1127424 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-02-27 16:57 - 2012-02-27 16:57 - 1103360 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-02-27 16:57 - 2012-02-27 16:57 - 0716800 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-02-27 16:57 - 2012-02-27 16:57 - 0580608 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-02-27 16:57 - 2012-02-27 16:57 - 0434176 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2012-02-27 16:57 - 2012-02-27 16:57 - 0420864 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-02-27 16:57 - 2012-02-27 16:57 - 0367104 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2012-02-27 16:57 - 2012-02-27 16:57 - 0353792 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2012-02-27 16:57 - 2012-02-27 16:57 - 0353584 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2012-02-27 16:57 - 2012-02-27 16:57 - 0231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-02-27 16:57 - 2012-02-27 16:57 - 0227840 ____A (Microsoft Corporation) C:\Windows\System32\ieaksie.dll
2012-02-27 16:57 - 2012-02-27 16:57 - 0223232 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2012-02-27 16:57 - 2012-02-27 16:57 - 0203776 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2012-02-27 16:57 - 2012-02-27 16:57 - 0176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-02-27 16:57 - 2012-02-27 16:57 - 0163840 ____A (Microsoft Corporation) C:\Windows\System32\ieakui.dll
2012-02-27 16:57 - 2012-02-27 16:57 - 0162304 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2012-02-27 16:57 - 2012-02-27 16:57 - 0161792 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2012-02-27 16:57 - 2012-02-27 16:57 - 0152064 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2012-02-27 16:57 - 2012-02-27 16:57 - 0150528 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2012-02-27 16:57 - 2012-02-27 16:57 - 0142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-02-27 16:57 - 2012-02-27 16:57 - 0130560 ____A (Microsoft Corporation) C:\Windows\System32\ieakeng.dll
2012-02-27 16:57 - 2012-02-27 16:57 - 0123392 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2012-02-27 16:57 - 2012-02-27 16:57 - 0118784 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2012-02-27 16:57 - 2012-02-27 16:57 - 0110592 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2012-02-27 16:57 - 2012-02-27 16:57 - 0101888 ____A (Microsoft Corporation) C:\Windows\System32\admparse.dll
2012-02-27 16:57 - 2012-02-27 16:57 - 0086528 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2012-02-27 16:57 - 2012-02-27 16:57 - 0078848 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2012-02-27 16:57 - 2012-02-27 16:57 - 0076800 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2012-02-27 16:57 - 2012-02-27 16:57 - 0074752 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2012-02-27 16:57 - 2012-02-27 16:57 - 0074752 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2012-02-27 16:57 - 2012-02-27 16:57 - 0074240 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2012-02-27 16:57 - 2012-02-27 16:57 - 0072822 ____A C:\Windows\System32\ieuinit.inf
2012-02-27 16:57 - 2012-02-27 16:57 - 0072704 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-02-27 16:57 - 2012-02-27 16:57 - 0066048 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2012-02-27 16:57 - 2012-02-27 16:57 - 0065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-02-27 16:57 - 2012-02-27 16:57 - 0063488 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2012-02-27 16:57 - 2012-02-27 16:57 - 0054272 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2012-02-27 16:57 - 2012-02-27 16:57 - 0048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2012-02-27 16:57 - 2012-02-27 16:57 - 0041472 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2012-02-27 16:57 - 2012-02-27 16:57 - 0035840 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2012-02-27 16:57 - 2012-02-27 16:57 - 0031744 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2012-02-27 16:57 - 2012-02-27 16:57 - 0023552 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2012-02-27 16:57 - 2012-02-27 16:57 - 0011776 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2012-02-27 16:57 - 2012-02-27 16:57 - 0010752 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2012-02-27 16:30 - 2012-02-27 16:30 - 0001629 ____A C:\Windows\System32\FSS.txt
2012-02-27 15:55 - 2012-02-27 15:55 - 0337133 ____A C:\Users\Acer\Downloads\FSS.exe
2012-02-27 15:50 - 2012-02-27 15:49 - 4420957 ____A (Swearware) C:\Users\Acer\Downloads\ComboFix.exe
2012-02-27 14:13 - 2012-01-07 02:19 - 0000000 ____D C:\Users\Acer\AppData\Local\ElevatedDiagnostics
2012-02-27 09:06 - 2012-02-27 09:06 - 0144960 ____A C:\Windows\Minidump\022712-17643-01.dmp
2012-02-27 09:06 - 2012-02-27 09:06 - 0000000 ____D C:\Windows\Minidump
2012-02-27 09:05 - 2012-02-27 09:05 - 326712483 ____A C:\Windows\MEMORY.DMP
2012-02-27 08:29 - 2012-02-27 08:29 - 0302592 ____A C:\Users\Acer\Downloads\g20q7onb.exe
2012-02-26 16:04 - 2012-02-26 16:04 - 0005885 ____A C:\Users\Acer\Desktop\Attach.txt
2012-02-26 16:00 - 2012-02-26 16:00 - 0012813 ____A C:\Users\Acer\Desktop\DDS.txt
2012-02-26 15:50 - 2012-02-26 15:50 - 0000000 ____A C:\Users\Acer\defogger_reenable
2012-02-26 15:50 - 2011-02-26 21:18 - 0000000 ____D C:\Program Files\Safari
2012-02-26 15:50 - 2011-02-22 14:44 - 0000000 ____D C:\users\Acer
2012-02-26 15:47 - 2012-02-26 15:47 - 0302592 ____A C:\Users\Acer\Downloads\hk4txtc9.exe
2012-02-26 15:43 - 2012-02-26 15:43 - 0607260 ____R (Swearware) C:\Users\Acer\Downloads\dds.com
2012-02-26 15:41 - 2012-02-26 15:41 - 0050477 ____A C:\Users\Acer\Downloads\Defogger.exe
2012-02-26 15:31 - 2012-02-26 15:31 - 0004008 ____A C:\Users\Acer\Desktop\Ereignisse2.txt
2012-02-26 15:30 - 2012-02-26 15:30 - 0008624 ____A C:\Users\Acer\Desktop\Ereignisse.txt
2012-02-26 15:16 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\config\TxR
2012-02-26 15:14 - 2012-01-21 05:38 - 0000000 ____D C:\Program Files\Freeware.de
2012-02-26 15:14 - 2012-01-10 15:17 - 0000000 ___RD C:\Users\Acer\Desktop\SHL
2012-02-26 15:14 - 2011-09-25 07:17 - 0000000 ____D C:\Users\Acer\AppData\Local\Conduit
2012-02-26 15:14 - 2011-09-25 07:17 - 0000000 ____D C:\Program Files\Yontoo Layers Runtime
2012-02-26 15:14 - 2011-08-16 01:57 - 0000000 ____D C:\users\Gast
2012-02-26 15:14 - 2011-02-22 14:44 - 0000000 ____D C:\Users\Acer\AppData\LocalLow
2012-02-26 15:14 - 2009-08-14 01:28 - 0000000 ____D C:\Users\All Users\Symantec
2012-02-26 15:14 - 2009-08-14 01:28 - 0000000 ____D C:\ProgramData\Symantec
2012-02-26 15:14 - 2009-08-14 01:04 - 0000000 ____D C:\Program Files\Microsoft Silverlight
2012-02-26 15:14 - 2009-07-13 18:37 - 0000000 __RSD C:\Windows\Media
2012-02-26 15:14 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\wfp
2012-02-26 15:14 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\NDF
2012-02-26 15:14 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\DriverStore
2012-02-26 15:14 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\AppCompat
2012-02-26 15:14 - 2009-07-13 18:37 - 0000000 ____D C:\Program Files\Common Files\microsoft shared
2012-02-26 15:13 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\registration
2012-02-26 15:11 - 2011-12-30 02:46 - 0000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2012-02-26 15:11 - 2011-09-23 12:39 - 0000000 ____D C:\Users\Acer\AppData\Roaming\Skype
2012-02-26 15:11 - 2009-08-14 00:56 - 0000000 ____D C:\Program Files\Microsoft Works
2012-02-26 12:49 - 2012-02-11 08:58 - 0000000 ___RD C:\Users\Acer\Desktop\let's play's svenweisven
2012-02-26 12:49 - 2011-12-08 11:56 - 0000000 ___RD C:\Users\Acer\Desktop\Sender
2012-02-26 12:49 - 2011-04-11 21:49 - 0000000 ___RD C:\Users\Acer\Desktop\star wars the clone wars
2012-02-21 11:08 - 2012-02-18 14:20 - 0000426 ____A C:\Users\Acer\Desktop\settings.xml
2012-02-19 09:26 - 2012-02-19 09:26 - 0553863 ____A C:\Users\Acer\Downloads\2011_06_29_SkinEdit_alpha3_pre7_fix.zip
2012-02-19 07:41 - 2011-12-07 07:40 - 0000000 ____D C:\Users\Acer\AppData\Roaming\.minecraft
2012-02-19 06:42 - 2012-02-19 06:39 - 24554628 ____A C:\Users\Acer\Downloads\GammlerPlay.zip
2012-02-19 00:05 - 2011-12-14 10:21 - 0000000 ____D C:\Users\Acer\Documents\FILSHtray
2012-02-19 00:03 - 2011-02-22 14:45 - 0000174 ___SH C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
2012-02-18 18:37 - 2009-07-13 20:33 - 0302320 ____A C:\Windows\System32\FNTCACHE.DAT
2012-02-18 18:15 - 2011-02-22 15:33 - 52550552 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-02-18 16:05 - 2012-02-18 16:03 - 0000022 ____A C:\Users\Acer\Downloads\Star Wars Skin Pack V4.zip
2012-02-18 15:41 - 2012-02-18 15:26 - 14513553 ____A C:\Users\Acer\Downloads\DokuCraft - The Saga Continues 1.2.zip
2012-02-18 15:18 - 2012-02-18 15:18 - 4389435 ____A C:\Users\Acer\Downloads\DokuCraft_218326.zip
2012-02-18 14:19 - 2010-06-03 12:19 - 0155762 ____A C:\Users\Acer\Desktop\MCSkinEdit.jar
2012-02-18 11:17 - 2012-02-18 10:53 - 0000417 ____A C:\Windows\System32\settings.xml
2012-02-18 04:38 - 2012-02-18 04:38 - 0000000 ____D C:\Windows\Sun
2012-02-18 04:01 - 2012-02-18 04:01 - 0000681 ____A C:\Users\Acer\Desktop\Minecraft.exe - Verknüpfung.lnk
2012-02-18 03:39 - 2012-02-18 03:39 - 0510657 ____A C:\Users\Acer\Downloads\MCSkinEdit_a3_pre5.zip
2012-02-11 07:11 - 2011-10-15 01:54 - 0000000 ____D C:\Users\Acer\AppData\Local\Windows Live
2012-02-11 07:10 - 2012-02-11 07:10 - 0000000 ____D C:\Users\Acer\AppData\Local\{E09BE6F8-59E7-489F-B41E-CCB4F4175006}
2012-02-11 07:10 - 2012-02-11 07:10 - 0000000 ____D C:\Users\Acer\AppData\Local\{11BC444D-7AF9-43B6-B0AF-BF4BC8FF9787}
2012-02-11 03:10 - 2012-02-11 03:09 - 0270142 ____A C:\Users\Acer\Downloads\Minecraft.exe
2012-02-07 14:36 - 2009-08-14 00:54 - 0000000 ____D C:\Users\All Users\Microsoft Help
2012-02-07 14:36 - 2009-08-14 00:54 - 0000000 ____D C:\ProgramData\Microsoft Help
2012-02-07 13:38 - 2011-12-30 02:46 - 0001075 ____A C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2012-02-07 11:30 - 2012-02-07 11:30 - 0000000 ____D C:\Program Files\AC3Filter
2012-02-06 11:12 - 2011-09-08 10:45 - 0414368 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2012-02-05 05:46 - 2009-07-13 18:37 - 0000000 ___HD C:\Windows\System32\GroupPolicyUsers
2012-02-04 00:30 - 2012-01-30 05:57 - 0000000 ____D C:\Users\Acer\Documents\Stronghold Legends
2012-01-30 05:57 - 2012-01-30 05:57 - 0000000 ____D C:\Users\All Users\Firefly Studios
2012-01-30 05:57 - 2012-01-30 05:57 - 0000000 ____D C:\ProgramData\Firefly Studios
2012-01-30 05:53 - 2011-08-27 06:10 - 0233989 ____A C:\Windows\DirectX.log
2012-01-30 05:51 - 2012-01-30 05:51 - 0001972 ____A C:\Users\Public\Desktop\Stronghold Legends.lnk
2012-01-30 05:44 - 2012-01-30 05:44 - 0000000 ____D C:\Program Files\Firefly Studios
2012-01-30 05:44 - 2009-08-14 00:34 - 0000000 ___HD C:\Program Files\InstallShield Installation Information
2012-01-24 08:35 - 2012-01-24 08:35 - 0212992 ____A (Works Ltd.) C:\Windows\System32\aptw2s8pj.dll
2012-01-21 05:39 - 2012-01-21 05:39 - 0000941 ____A C:\Users\Public\Desktop\vipstegano.lnk
2012-01-21 05:39 - 2012-01-21 05:39 - 0000000 ____D C:\Program Files\vipstegano
2012-01-21 05:38 - 2012-01-21 05:38 - 0560470 ____A C:\Users\Acer\Documents\vipstegano.zip
2012-01-21 05:38 - 2012-01-21 05:38 - 0000000 ____D C:\Program Files\Conduit
2012-01-21 05:36 - 2012-01-21 05:36 - 0512000 ____A (www.download-sponsor.de) C:\Users\Acer\Downloads\Downloader-fuer-vipstegano.exe
2012-01-21 04:36 - 2011-12-14 10:21 - 0000000 ____D C:\Program Files\FILSHtray
2012-01-13 19:35 - 2012-02-18 04:00 - 2343424 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-01-12 10:25 - 2012-01-12 10:19 - 0001278 ____A C:\Users\Acer\Desktop\easyshare.exe - Verknüpfung.lnk
2012-01-11 05:25 - 2012-01-11 05:25 - 0000000 ____D C:\Users\Acer\Downloads\hosts
2012-01-11 05:25 - 2012-01-11 05:24 - 0149201 ____A C:\Users\Acer\Downloads\hosts.zip
2012-01-10 14:42 - 2012-01-10 14:42 - 0264192 ____A C:\Users\Acer\Documents\Direkte Rede.doc
2012-01-10 14:35 - 2012-01-10 14:35 - 0000000 ____D C:\Program Files\devolo
2012-01-10 12:28 - 2011-02-22 14:45 - 0067856 ____A C:\Users\Acer\AppData\Local\GDIPFONTCACHEV1.DAT
2012-01-10 06:57 - 2011-02-26 21:19 - 0100216 ___AH C:\Windows\System32\mlfcache.dat
2012-01-10 06:51 - 2011-09-23 12:39 - 0000000 ___RD C:\Program Files\Skype
2012-01-10 06:39 - 2011-08-27 06:12 - 0098304 ____A (Sony DADC Austria AG.) C:\Windows\System32\CmdLineExt.dll
2012-01-10 05:35 - 2011-02-22 14:45 - 0000000 ____D C:\Users\Acer\AppData\Roaming\Macromedia
2012-01-09 15:05 - 2012-01-05 14:55 - 0026286 ____A C:\Users\Acer\Downloads\Extras.Txt
2012-01-09 15:04 - 2012-01-05 14:54 - 0104106 ____A C:\Users\Acer\Downloads\OTL.Txt
2012-01-09 14:03 - 2012-01-09 14:03 - 0584192 ____A (OldTimer Tools) C:\Users\Acer\Downloads\OTL-1.exe
2012-01-09 08:52 - 2012-01-09 08:52 - 2322184 ____A (ESET) C:\Users\Acer\Downloads\esetsmartinstaller_deu.exe
2012-01-09 07:41 - 2009-08-14 01:14 - 0000000 ____D C:\Program Files\Google
2012-01-09 07:07 - 2009-08-14 00:54 - 0000000 ____D C:\Program Files\Microsoft Office
2012-01-09 06:58 - 2012-01-09 06:58 - 18690352 ____A (Microsoft Corporation) C:\Users\Acer\Downloads\IE9-Windows7-x86-deu.exe
2012-01-09 06:46 - 2011-02-22 16:43 - 0000000 ____D C:\Users\Acer\AppData\Local\Google
2012-01-09 06:46 - 2009-08-14 01:14 - 0000000 ____D C:\Users\All Users\Google
2012-01-09 06:46 - 2009-08-14 01:14 - 0000000 ____D C:\ProgramData\Google
2012-01-09 06:08 - 2012-01-06 15:03 - 0000000 ____D C:\Program Files\SUPERAntiSpyware
2012-01-09 06:04 - 2009-07-13 18:37 - 0000000 ___RD C:\users\Public
2012-01-08 07:13 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\LogFiles
2012-01-07 13:38 - 2012-01-07 12:26 - 0003917 ____A C:\ipconfig.txt
2012-01-07 01:50 - 2012-01-07 01:49 - 0000000 ____D C:\Users\All Users\SUPERSetup
2012-01-07 01:50 - 2012-01-07 01:49 - 0000000 ____D C:\ProgramData\SUPERSetup
2012-01-06 15:05 - 2012-01-06 15:05 - 0000000 ____D C:\Users\Acer\AppData\Roaming\SUPERAntiSpyware.com
2012-01-06 15:03 - 2012-01-06 15:03 - 0000000 ____D C:\Users\All Users\SUPERAntiSpyware.com
2012-01-06 15:03 - 2012-01-06 15:03 - 0000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2012-01-06 10:50 - 2012-01-06 10:37 - 0064960 ____A C:\TDSSKiller.2.5.5.0_06.01.2012_19.37.46_log.txt
2012-01-06 10:37 - 2012-01-06 10:29 - 0064960 ____A C:\TDSSKiller.2.5.5.0_06.01.2012_19.29.26_log.txt
2012-01-06 05:39 - 2012-01-06 05:39 - 0000000 ____D C:\_OTL
2012-01-05 14:56 - 2012-01-05 14:56 - 0103440 ____A C:\Users\Acer\Downloads\OTL2012-01-05.Txt
2012-01-05 14:00 - 2012-01-05 14:00 - 0584192 ____A (OldTimer Tools) C:\Users\Acer\Downloads\OTL.exe
2012-01-05 05:21 - 2012-01-05 05:21 - 0000000 ____D C:\Program Files\ESET
2012-01-05 05:21 - 2009-07-13 20:52 - 0000000 ____D C:\Windows\Downloaded Program Files
2012-01-04 00:59 - 2012-02-18 04:01 - 12872704 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-01-04 00:58 - 2012-02-18 04:01 - 0442880 ____A (Microsoft Corporation) C:\Windows\System32\ntshrui.dll
2011-12-30 04:19 - 2011-12-30 04:19 - 0000000 ____D C:\Users\Acer\AppData\Roaming\Avira
2011-12-30 02:47 - 2011-12-30 02:47 - 0000000 ____D C:\Users\Acer\AppData\Roaming\Malwarebytes
2011-12-30 02:46 - 2011-12-30 02:46 - 0000000 ____D C:\Users\All Users\Malwarebytes
2011-12-30 02:46 - 2011-12-30 02:46 - 0000000 ____D C:\ProgramData\Malwarebytes
2011-12-29 21:27 - 2012-02-18 04:02 - 0478720 ____A (Microsoft Corporation) C:\Windows\System32\timedate.cpl
2011-12-27 09:14 - 2011-12-27 09:14 - 0000000 ____D C:\Users\Acer\AppData\Local\{115E1736-518B-4589-B5B5-F709AA32BC06}
2011-12-27 09:14 - 2011-12-27 09:14 - 0000000 ____D C:\Users\Acer\AppData\Local\{0F565D71-DE68-4225-83FB-B4D36303A680}
2011-12-24 05:02 - 2011-12-24 05:02 - 0000000 ____D C:\Users\Acer\AppData\Local\{FAA63628-9185-4ACE-A674-E50A3E857458}
2011-12-24 05:02 - 2011-12-24 05:01 - 0000000 ____D C:\Users\Acer\AppData\Local\{72DE4261-EA77-42B3-87C2-8DF7F7D32AD8}
2011-12-24 05:00 - 2011-12-24 05:00 - 0001045 ____A C:\Users\Acer\Desktop\Bilder.lnk
2011-12-21 08:31 - 2011-12-21 08:31 - 0000680 _RASH C:\Users\Acer\ntuser.pol
2011-12-21 08:31 - 2009-07-13 18:37 - 0000000 ___HD C:\Windows\System32\GroupPolicy
2011-12-21 08:15 - 2011-12-21 08:15 - 0000000 ____D C:\Users\Gast\Documents\FILSHtray
2011-12-21 08:15 - 2011-12-21 08:15 - 0000000 ____D C:\Users\Gast\AppData\Local\FILSH_Media_GmbH
2011-12-21 08:15 - 2011-08-16 01:57 - 0000000 ____D C:\Users\Gast\AppData\Local\VirtualStore
2011-12-21 08:14 - 2011-08-16 01:58 - 0068352 ____A C:\Users\Gast\AppData\Local\GDIPFONTCACHEV1.DAT
2011-12-21 08:05 - 2011-09-08 10:43 - 0000000 ____D C:\Users\Acer\AppData\Roaming\Sony
2011-12-21 08:04 - 2011-09-08 10:46 - 0001859 ____A C:\Users\Public\Desktop\Media Go.lnk
2011-12-21 08:03 - 2011-09-08 10:46 - 0000000 ____D C:\Program Files\Common Files\Sony Shared
2011-12-21 08:01 - 2011-09-08 10:46 - 0000000 ____D C:\Users\Acer\AppData\Local\Downloaded Installations
2011-12-21 08:00 - 2011-12-21 07:52 - 0000000 ____D C:\Program Files\Sony Media Go Install
2011-12-21 08:00 - 2011-09-08 10:45 - 0000000 ____D C:\Program Files\Sony
2011-12-21 07:50 - 2011-12-21 07:44 - 94445720 ____A (Sony Creative Software Inc.) C:\Users\Acer\Downloads\mediago_setup.exe
2011-12-21 07:41 - 2011-09-08 10:50 - 0000000 ____D C:\Users\Acer\AppData\Local\Sony
2011-12-21 07:41 - 2011-09-08 10:45 - 0000000 ____D C:\Users\All Users\Sony Corporation
2011-12-21 07:41 - 2011-09-08 10:45 - 0000000 ____D C:\ProgramData\Sony Corporation
2011-12-18 10:40 - 2011-12-18 10:30 - 0000000 ____D C:\Users\Acer\Documents\Invizimals startvideo
2011-12-18 10:32 - 2011-12-18 10:32 - 0000000 ____D C:\Users\Acer\AppData\Local\{09BDA3BB-AABA-4CBB-9FBE-DC3733D68621}
2011-12-18 10:32 - 2011-12-18 10:31 - 0000000 ____D C:\Users\Acer\AppData\Local\{5CF51BF5-D3A5-42EA-B2AE-B664282FE9F6}
2011-12-15 23:52 - 2012-02-18 04:01 - 0690688 ____A (Microsoft Corporation) C:\Windows\System32\msvcrt.dll
2011-12-14 12:45 - 2011-12-14 12:45 - 0000000 ____D C:\Users\Acer\AppData\Local\{38E3FD9E-18AC-4BD7-AD71-F06A21880B91}
2011-12-14 12:45 - 2011-12-14 12:44 - 0000000 ____D C:\Users\Acer\AppData\Local\{602FBEA2-3F58-4E66-9A09-EFBA9F9B7134}
2011-12-14 10:21 - 2011-12-14 10:21 - 0000000 ____D C:\Users\Acer\AppData\Local\FILSH_Media_GmbH
2011-12-14 10:19 - 2011-12-14 10:19 - 5135327 ____A (FILSH Media GmbH ) C:\Users\Acer\Documents\filsh-setup-0.7.exe
2011-12-14 04:41 - 2011-12-14 04:41 - 0000000 ____D C:\Users\Acer\AppData\Local\{EDFEB785-2DCC-4FA7-A040-80E1145A37B1}
2011-12-10 13:55 - 2011-12-10 13:55 - 0706899 ____A C:\Users\Acer\Downloads\Invizimals_Wallpaper_1024_768_de_CH.zip
2011-12-10 06:24 - 2011-12-30 02:46 - 0020464 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2011-12-07 07:40 - 2011-12-07 07:40 - 0000000 ____D C:\Users\All Users\Sun
2011-12-07 07:40 - 2011-12-07 07:40 - 0000000 ____D C:\ProgramData\Sun
2011-12-07 07:40 - 2011-12-07 07:40 - 0000000 ____D C:\Program Files\Common Files\Java
2011-12-07 07:39 - 2011-12-07 07:39 - 0472808 ____A (Sun Microsystems, Inc.) C:\Windows\System32\deployJava1.dll
2011-12-07 07:39 - 2011-12-07 07:39 - 0157472 ____A (Sun Microsystems, Inc.) C:\Windows\System32\javaws.exe
2011-12-07 07:39 - 2011-12-07 07:39 - 0145184 ____A (Sun Microsystems, Inc.) C:\Windows\System32\javaw.exe
2011-12-07 07:39 - 2011-12-07 07:39 - 0145184 ____A (Sun Microsystems, Inc.) C:\Windows\System32\java.exe
2011-12-07 07:39 - 2011-12-07 07:39 - 0000000 ____D C:\Program Files\Java
========================= Known DLLs (Whitelisted) ============
========================= Bamital & volsnap Check ============
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
========================= Memory info ======================
Percentage of memory in use: 37%
Total physical RAM: 1013.95 MB
Available physical RAM: 637.18 MB
Total Pagefile: 1013.95 MB
Available Pagefile: 640.69 MB
Total Virtual: 2047.88 MB
Available Virtual: 1970.31 MB
======================= Partitions =========================
1 Drive c: (Acer) (Fixed) (Total:135.05 GB) (Free:66.33 GB) NTFS
2 Drive e: (PQSERVICE) (Fixed) (Total:12 GB) (Free:6.01 GB) NTFS ==>[System with boot components (obtained from reading drive)]
3 Drive f: (USB FILME) (Removable) (Total:14.91 GB) (Free:4.34 GB) NTFS
4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
5 Drive y: (SYSTEM RESERVED) (Fixed) (Total:1.99 GB) (Free:1.96 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 149 GB 0 B
Disk 1 Online 14 GB 0 B
Partitions of Disk 0:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Recovery 12 GB 31 KB
Partition 2 Primary 2039 MB 12 GB
Partition 3 Primary 135 GB 13 GB
======================================================================================================
Disk: 0
Partition 1
Type : 27
Hidden: Yes
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 E PQSERVICE NTFS Partition 12 GB Healthy Hidden
======================================================================================================
Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 0 Y SYSTEM RESE NTFS Partition 2039 MB Healthy
======================================================================================================
Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C Acer NTFS Partition 135 GB Healthy
======================================================================================================
Partitions of Disk 1:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 14 GB 4032 KB
======================================================================================================
Disk: 1
Partition 1
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F USB FILME NTFS Removable 14 GB Healthy
======================================================================================================
==========================================================
Last Boot: 2012-02-18 19:07
======================= End Of Log ==========================
|
|
04.03.2012, 12:02
| #17 |
| /// Malwareteam    | Trojanisches Pferd TR/Crypt.zpack.gen2 gefunden. Kein Internet! Schritt 1: aswMBR
__________________Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
Schritt 2: Scsn mit TDSS-Killer Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts "fixen" sondern nur einen Scan Report sehen. Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ |
|
04.03.2012, 15:48
| #18 |
| | Trojanisches Pferd TR/Crypt.zpack.gen2 gefunden. Kein Internet! Hallo Hier aswmbr.txt:
__________________Code:
ATTFilter aswMBR version 0.9.9.1649 Copyright(c) 2011 AVAST Software
Run date: 2012-03-04 15:10:35
-----------------------------
15:10:35.509 OS Version: Windows 6.1.7601 Service Pack 1
15:10:35.509 Number of processors: 2 586 0x1C02
15:10:35.524 ComputerName: ACER-PC UserName: Acer
15:11:24.768 Initialize success
15:13:03.766 AVAST engine defs: 12030400
15:17:33.633 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
15:17:33.648 Disk 0 Vendor: WDC_WD16 11.0 Size: 152627MB BusType: 3
15:17:33.695 Disk 0 MBR read successfully
15:17:33.711 Disk 0 MBR scan
15:17:33.742 Disk 0 Windows 7 default MBR code
15:17:33.742 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 12291 MB offset 63
15:17:33.773 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 2039 MB offset 25173855
15:17:33.789 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 138293 MB offset 29350755
15:17:33.804 Disk 0 scanning sectors +312576705
15:17:33.913 Disk 0 scanning C:\Windows\system32\drivers
15:17:53.602 Service scanning
15:18:31.293 Modules scanning
15:18:44.368 Disk 0 trace - called modules:
15:18:44.415 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll iaStor.sys
15:18:44.431 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85152030]
15:18:44.446 3 CLASSPNP.SYS[87b7f59e] -> nt!IofCallDriver -> [0x8476c8e0]
15:18:44.462 5 ACPI.sys[872363d4] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x84713028]
15:18:45.975 AVAST engine scan C:\Windows
15:18:51.747 AVAST engine scan C:\Windows\system32
15:23:59.042 AVAST engine scan C:\Windows\system32\drivers
15:24:22.208 AVAST engine scan C:\Users\Acer
15:35:15.811 AVAST engine scan C:\ProgramData
15:35:48.087 Scan finished successfully
15:40:49.511 Disk 0 MBR has been saved successfully to "C:\Users\Acer\Desktop\MBR.dat"
15:40:49.620 The log file has been saved successfully to "C:\Users\Acer\Desktop\aswMBR.txt"
Code:
ATTFilter 15:42:06.0415 2280 TDSS rootkit removing tool 2.7.18.0 Mar 2 2012 09:40:07
15:42:06.0914 2280 ============================================================
15:42:06.0914 2280 Current date / time: 2012/03/04 15:42:06.0914
15:42:06.0914 2280 SystemInfo:
15:42:06.0914 2280
15:42:06.0914 2280 OS Version: 6.1.7601 ServicePack: 1.0
15:42:06.0914 2280 Product type: Workstation
15:42:06.0930 2280 ComputerName: ACER-PC
15:42:06.0930 2280 UserName: Acer
15:42:06.0930 2280 Windows directory: C:\Windows
15:42:06.0930 2280 System windows directory: C:\Windows
15:42:06.0930 2280 Processor architecture: Intel x86
15:42:06.0930 2280 Number of processors: 2
15:42:06.0930 2280 Page size: 0x1000
15:42:06.0930 2280 Boot type: Normal boot
15:42:06.0930 2280 ============================================================
15:42:08.0053 2280 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
15:42:08.0069 2280 \Device\Harddisk0\DR0:
15:42:08.0069 2280 MBR used
15:42:08.0069 2280 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1801F5F, BlocksNum 0x3FBC04
15:42:08.0069 2280 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1BFDB63, BlocksNum 0x10E1AF5E
15:42:08.0194 2280 Initialize success
15:42:08.0194 2280 ============================================================
15:42:13.0030 3192 ============================================================
15:42:13.0030 3192 Scan started
15:42:13.0030 3192 Mode: Manual;
15:42:13.0030 3192 ============================================================
15:42:13.0404 3192 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
15:42:13.0420 3192 1394ohci - ok
15:42:13.0513 3192 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
15:42:13.0529 3192 ACPI - ok
15:42:13.0576 3192 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
15:42:13.0591 3192 AcpiPmi - ok
15:42:13.0654 3192 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
15:42:13.0654 3192 adp94xx - ok
15:42:13.0700 3192 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
15:42:13.0716 3192 adpahci - ok
15:42:13.0763 3192 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
15:42:13.0778 3192 adpu320 - ok
15:42:13.0872 3192 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
15:42:13.0888 3192 AFD - ok
15:42:13.0934 3192 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
15:42:13.0934 3192 agp440 - ok
15:42:14.0012 3192 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
15:42:14.0012 3192 aic78xx - ok
15:42:14.0090 3192 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
15:42:14.0090 3192 aliide - ok
15:42:14.0153 3192 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
15:42:14.0153 3192 amdagp - ok
15:42:14.0184 3192 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
15:42:14.0200 3192 amdide - ok
15:42:14.0246 3192 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
15:42:14.0262 3192 AmdK8 - ok
15:42:14.0293 3192 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
15:42:14.0293 3192 AmdPPM - ok
15:42:14.0356 3192 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
15:42:14.0356 3192 amdsata - ok
15:42:14.0418 3192 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
15:42:14.0418 3192 amdsbs - ok
15:42:14.0449 3192 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
15:42:14.0449 3192 amdxata - ok
15:42:14.0543 3192 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
15:42:14.0543 3192 AppID - ok
15:42:14.0668 3192 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
15:42:14.0668 3192 arc - ok
15:42:14.0714 3192 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
15:42:14.0730 3192 arcsas - ok
15:42:14.0777 3192 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
15:42:14.0792 3192 AsyncMac - ok
15:42:14.0839 3192 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
15:42:14.0839 3192 atapi - ok
15:42:14.0980 3192 athr (2eb96571fe865f07ed1fd6017575026f) C:\Windows\system32\DRIVERS\athr.sys
15:42:15.0026 3192 athr - ok
15:42:15.0089 3192 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\Windows\system32\DRIVERS\avgntflt.sys
15:42:15.0104 3192 avgntflt - ok
15:42:15.0136 3192 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\Windows\system32\DRIVERS\avipbb.sys
15:42:15.0136 3192 avipbb - ok
15:42:15.0214 3192 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
15:42:15.0214 3192 b06bdrv - ok
15:42:15.0260 3192 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
15:42:15.0260 3192 b57nd60x - ok
15:42:15.0432 3192 BCM43XX (f9ce9b5e049efc66b8e6c73c18ee8438) C:\Windows\system32\DRIVERS\bcmwl6.sys
15:42:15.0541 3192 BCM43XX - ok
15:42:15.0619 3192 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
15:42:15.0635 3192 Beep - ok
15:42:15.0682 3192 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
15:42:15.0682 3192 blbdrive - ok
15:42:15.0744 3192 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
15:42:15.0744 3192 bowser - ok
15:42:15.0791 3192 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
15:42:15.0791 3192 BrFiltLo - ok
15:42:15.0806 3192 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
15:42:15.0822 3192 BrFiltUp - ok
15:42:15.0900 3192 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys
15:42:15.0900 3192 BridgeMP - ok
15:42:15.0962 3192 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
15:42:15.0978 3192 Brserid - ok
15:42:15.0994 3192 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
15:42:15.0994 3192 BrSerWdm - ok
15:42:16.0040 3192 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
15:42:16.0040 3192 BrUsbMdm - ok
15:42:16.0072 3192 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
15:42:16.0072 3192 BrUsbSer - ok
15:42:16.0103 3192 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
15:42:16.0103 3192 BTHMODEM - ok
15:42:16.0243 3192 catchme - ok
15:42:16.0337 3192 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
15:42:16.0337 3192 cdfs - ok
15:42:16.0430 3192 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys
15:42:16.0430 3192 cdrom - ok
15:42:16.0493 3192 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
15:42:16.0493 3192 circlass - ok
15:42:16.0555 3192 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
15:42:16.0571 3192 CLFS - ok
15:42:16.0633 3192 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
15:42:16.0633 3192 CmBatt - ok
15:42:16.0711 3192 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
15:42:16.0711 3192 cmdide - ok
15:42:16.0789 3192 CNG (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys
15:42:16.0805 3192 CNG - ok
15:42:16.0852 3192 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
15:42:16.0852 3192 Compbatt - ok
15:42:16.0930 3192 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
15:42:16.0945 3192 CompositeBus - ok
15:42:16.0976 3192 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
15:42:16.0976 3192 crcdisk - ok
15:42:17.0101 3192 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
15:42:17.0101 3192 DfsC - ok
15:42:17.0148 3192 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
15:42:17.0148 3192 discache - ok
15:42:17.0210 3192 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
15:42:17.0226 3192 Disk - ok
15:42:17.0304 3192 DKbFltr (c701324c9e0c25dd9d60311bd87fbc84) C:\Windows\system32\DRIVERS\DKbFltr.sys
15:42:17.0304 3192 DKbFltr - ok
15:42:17.0382 3192 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
15:42:17.0382 3192 drmkaud - ok
15:42:17.0444 3192 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
15:42:17.0476 3192 DXGKrnl - ok
15:42:17.0647 3192 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
15:42:17.0756 3192 ebdrv - ok
15:42:17.0819 3192 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
15:42:17.0834 3192 elxstor - ok
15:42:17.0897 3192 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
15:42:17.0912 3192 ErrDev - ok
15:42:17.0975 3192 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
15:42:17.0990 3192 exfat - ok
15:42:18.0022 3192 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
15:42:18.0068 3192 fastfat - ok
15:42:18.0178 3192 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
15:42:18.0178 3192 fdc - ok
15:42:18.0224 3192 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
15:42:18.0224 3192 FileInfo - ok
15:42:18.0256 3192 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
15:42:18.0256 3192 Filetrace - ok
15:42:18.0302 3192 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
15:42:18.0302 3192 flpydisk - ok
15:42:18.0349 3192 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
15:42:18.0365 3192 FltMgr - ok
15:42:18.0412 3192 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
15:42:18.0412 3192 FsDepends - ok
15:42:18.0427 3192 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
15:42:18.0427 3192 Fs_Rec - ok
15:42:18.0505 3192 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
15:42:18.0505 3192 fvevol - ok
15:42:18.0568 3192 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
15:42:18.0568 3192 gagp30kx - ok
15:42:18.0630 3192 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
15:42:18.0630 3192 GEARAspiWDM - ok
15:42:18.0708 3192 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
15:42:18.0708 3192 hcw85cir - ok
15:42:18.0786 3192 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
15:42:18.0802 3192 HdAudAddService - ok
15:42:18.0848 3192 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
15:42:18.0848 3192 HDAudBus - ok
15:42:18.0895 3192 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
15:42:18.0895 3192 HidBatt - ok
15:42:18.0926 3192 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
15:42:18.0926 3192 HidBth - ok
15:42:18.0958 3192 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
15:42:18.0958 3192 HidIr - ok
15:42:19.0004 3192 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\drivers\hidusb.sys
15:42:19.0004 3192 HidUsb - ok
15:42:19.0082 3192 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
15:42:19.0082 3192 HpSAMD - ok
15:42:19.0160 3192 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
15:42:19.0192 3192 HTTP - ok
15:42:19.0207 3192 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
15:42:19.0207 3192 hwpolicy - ok
15:42:19.0285 3192 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
15:42:19.0285 3192 i8042prt - ok
15:42:19.0363 3192 iaStor (d483687eace0c065ee772481a96e05f5) C:\Windows\system32\DRIVERS\iaStor.sys
15:42:19.0379 3192 iaStor - ok
15:42:19.0441 3192 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
15:42:19.0457 3192 iaStorV - ok
15:42:19.0675 3192 igfx (9467514ea189475a6e7fdc5d7bde9d3f) C:\Windows\system32\DRIVERS\igdkmd32.sys
15:42:19.0831 3192 igfx - ok
15:42:19.0894 3192 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
15:42:19.0894 3192 iirsp - ok
15:42:20.0050 3192 IntcAzAudAddService (f2baa4ff548f7f0317f7638951c1cd9c) C:\Windows\system32\drivers\RTKVHDA.sys
15:42:20.0159 3192 IntcAzAudAddService - ok
15:42:20.0206 3192 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
15:42:20.0206 3192 intelide - ok
15:42:20.0252 3192 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
15:42:20.0252 3192 intelppm - ok
15:42:20.0299 3192 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:42:20.0299 3192 IpFilterDriver - ok
15:42:20.0377 3192 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
15:42:20.0377 3192 IPMIDRV - ok
15:42:20.0408 3192 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
15:42:20.0408 3192 IPNAT - ok
15:42:20.0471 3192 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
15:42:20.0471 3192 IRENUM - ok
15:42:20.0518 3192 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
15:42:20.0518 3192 isapnp - ok
15:42:20.0580 3192 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
15:42:20.0580 3192 iScsiPrt - ok
15:42:20.0627 3192 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys
15:42:20.0627 3192 kbdclass - ok
15:42:20.0689 3192 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
15:42:20.0689 3192 kbdhid - ok
15:42:20.0752 3192 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys
15:42:20.0752 3192 KSecDD - ok
15:42:20.0783 3192 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys
15:42:20.0783 3192 KSecPkg - ok
15:42:20.0845 3192 L1C (a158cea8644b8a5c1ec0e9a81b70f65a) C:\Windows\system32\DRIVERS\L1C62x86.sys
15:42:20.0845 3192 L1C - ok
15:42:20.0923 3192 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
15:42:20.0939 3192 lltdio - ok
15:42:21.0017 3192 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
15:42:21.0017 3192 LSI_FC - ok
15:42:21.0064 3192 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
15:42:21.0064 3192 LSI_SAS - ok
15:42:21.0079 3192 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
15:42:21.0079 3192 LSI_SAS2 - ok
15:42:21.0110 3192 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
15:42:21.0110 3192 LSI_SCSI - ok
15:42:21.0157 3192 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
15:42:21.0157 3192 luafv - ok
15:42:21.0220 3192 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\Windows\system32\drivers\mbam.sys
15:42:21.0220 3192 MBAMProtector - ok
15:42:21.0282 3192 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
15:42:21.0282 3192 megasas - ok
15:42:21.0329 3192 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
15:42:21.0329 3192 MegaSR - ok
15:42:21.0376 3192 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
15:42:21.0376 3192 Modem - ok
15:42:21.0407 3192 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
15:42:21.0407 3192 monitor - ok
15:42:21.0469 3192 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\drivers\mouclass.sys
15:42:21.0469 3192 mouclass - ok
15:42:21.0500 3192 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
15:42:21.0500 3192 mouhid - ok
15:42:21.0563 3192 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
15:42:21.0563 3192 mountmgr - ok
15:42:21.0610 3192 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
15:42:21.0610 3192 mpio - ok
15:42:21.0641 3192 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
15:42:21.0641 3192 mpsdrv - ok
15:42:21.0719 3192 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
15:42:21.0719 3192 MRxDAV - ok
15:42:21.0766 3192 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
15:42:21.0781 3192 mrxsmb - ok
15:42:21.0828 3192 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:42:21.0844 3192 mrxsmb10 - ok
15:42:21.0890 3192 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:42:21.0890 3192 mrxsmb20 - ok
15:42:21.0937 3192 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
15:42:21.0937 3192 msahci - ok
15:42:21.0984 3192 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
15:42:21.0984 3192 msdsm - ok
15:42:22.0062 3192 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
15:42:22.0078 3192 Msfs - ok
15:42:22.0093 3192 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
15:42:22.0093 3192 mshidkmdf - ok
15:42:22.0156 3192 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
15:42:22.0156 3192 msisadrv - ok
15:42:22.0218 3192 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
15:42:22.0218 3192 MSKSSRV - ok
15:42:22.0234 3192 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
15:42:22.0249 3192 MSPCLOCK - ok
15:42:22.0265 3192 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
15:42:22.0265 3192 MSPQM - ok
15:42:22.0312 3192 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
15:42:22.0312 3192 MsRPC - ok
15:42:22.0343 3192 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
15:42:22.0343 3192 mssmbios - ok
15:42:22.0374 3192 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
15:42:22.0374 3192 MSTEE - ok
15:42:22.0421 3192 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
15:42:22.0421 3192 MTConfig - ok
15:42:22.0452 3192 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
15:42:22.0452 3192 Mup - ok
15:42:22.0499 3192 mwlPSDFilter (cb47c414e083ca6e50e634b148f28f64) C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
15:42:22.0514 3192 mwlPSDFilter - ok
15:42:22.0546 3192 mwlPSDNServ (647b953019559bff07536f5c6121f333) C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
15:42:22.0546 3192 mwlPSDNServ - ok
15:42:22.0577 3192 mwlPSDVDisk (5a236a36db8687d1e64dc81c03eaabe1) C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
15:42:22.0577 3192 mwlPSDVDisk - ok
15:42:22.0686 3192 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
15:42:22.0686 3192 NativeWifiP - ok
15:42:22.0780 3192 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
15:42:22.0811 3192 NDIS - ok
15:42:22.0873 3192 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
15:42:22.0873 3192 NdisCap - ok
15:42:22.0920 3192 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
15:42:22.0920 3192 NdisTapi - ok
15:42:22.0998 3192 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
15:42:22.0998 3192 Ndisuio - ok
15:42:23.0045 3192 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
15:42:23.0045 3192 NdisWan - ok
15:42:23.0107 3192 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
15:42:23.0107 3192 NDProxy - ok
15:42:23.0154 3192 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
15:42:23.0154 3192 NetBIOS - ok
15:42:23.0216 3192 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
15:42:23.0232 3192 NetBT - ok
15:42:23.0294 3192 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
15:42:23.0294 3192 nfrd960 - ok
15:42:23.0341 3192 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
15:42:23.0341 3192 Npfs - ok
15:42:23.0372 3192 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
15:42:23.0388 3192 nsiproxy - ok
15:42:23.0466 3192 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
15:42:23.0497 3192 Ntfs - ok
15:42:23.0528 3192 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
15:42:23.0528 3192 Null - ok
15:42:23.0591 3192 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
15:42:23.0591 3192 nvraid - ok
15:42:23.0638 3192 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
15:42:23.0638 3192 nvstor - ok
15:42:23.0700 3192 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
15:42:23.0700 3192 nv_agp - ok
15:42:23.0747 3192 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
15:42:23.0762 3192 ohci1394 - ok
15:42:23.0840 3192 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
15:42:23.0840 3192 Parport - ok
15:42:23.0903 3192 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
15:42:23.0903 3192 partmgr - ok
15:42:23.0934 3192 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
15:42:23.0934 3192 Parvdm - ok
15:42:24.0012 3192 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
15:42:24.0012 3192 pci - ok
15:42:24.0043 3192 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
15:42:24.0059 3192 pciide - ok
15:42:24.0090 3192 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
15:42:24.0090 3192 pcmcia - ok
15:42:24.0137 3192 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
15:42:24.0137 3192 pcw - ok
15:42:24.0184 3192 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
15:42:24.0199 3192 PEAUTH - ok
15:42:24.0324 3192 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
15:42:24.0324 3192 PptpMiniport - ok
15:42:24.0371 3192 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
15:42:24.0371 3192 Processor - ok
15:42:24.0433 3192 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
15:42:24.0433 3192 Psched - ok
15:42:24.0511 3192 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
15:42:24.0589 3192 ql2300 - ok
15:42:24.0636 3192 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
15:42:24.0636 3192 ql40xx - ok
15:42:24.0683 3192 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
15:42:24.0683 3192 QWAVEdrv - ok
15:42:24.0714 3192 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
15:42:24.0714 3192 RasAcd - ok
15:42:24.0776 3192 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
15:42:24.0776 3192 RasAgileVpn - ok
15:42:24.0808 3192 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
15:42:24.0823 3192 Rasl2tp - ok
15:42:24.0854 3192 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
15:42:24.0854 3192 RasPppoe - ok
15:42:24.0901 3192 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
15:42:24.0901 3192 RasSstp - ok
15:42:24.0964 3192 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
15:42:24.0964 3192 rdbss - ok
15:42:25.0010 3192 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
15:42:25.0010 3192 rdpbus - ok
15:42:25.0057 3192 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
15:42:25.0057 3192 RDPCDD - ok
15:42:25.0104 3192 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
15:42:25.0104 3192 RDPENCDD - ok
15:42:25.0151 3192 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
15:42:25.0151 3192 RDPREFMP - ok
15:42:25.0198 3192 RDPWD (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys
15:42:25.0198 3192 RDPWD - ok
15:42:25.0276 3192 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
15:42:25.0276 3192 rdyboost - ok
15:42:25.0354 3192 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
15:42:25.0354 3192 rspndr - ok
15:42:25.0416 3192 RSUSBSTOR (96f8dd546677aa5102150acc140377b3) C:\Windows\system32\Drivers\RtsUStor.sys
15:42:25.0432 3192 RSUSBSTOR - ok
15:42:25.0478 3192 RtsUIR - ok
15:42:25.0572 3192 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
15:42:25.0572 3192 sbp2port - ok
15:42:25.0634 3192 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
15:42:25.0634 3192 scfilter - ok
15:42:25.0712 3192 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
15:42:25.0712 3192 secdrv - ok
15:42:25.0775 3192 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
15:42:25.0775 3192 Serenum - ok
15:42:25.0822 3192 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
15:42:25.0822 3192 Serial - ok
15:42:25.0884 3192 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
15:42:25.0884 3192 sermouse - ok
15:42:25.0978 3192 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
15:42:25.0978 3192 sffdisk - ok
15:42:26.0009 3192 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
15:42:26.0009 3192 sffp_mmc - ok
15:42:26.0056 3192 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
15:42:26.0056 3192 sffp_sd - ok
15:42:26.0087 3192 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
15:42:26.0087 3192 sfloppy - ok
15:42:26.0180 3192 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
15:42:26.0180 3192 sisagp - ok
15:42:26.0227 3192 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
15:42:26.0227 3192 SiSRaid2 - ok
15:42:26.0258 3192 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
15:42:26.0258 3192 SiSRaid4 - ok
15:42:26.0321 3192 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
15:42:26.0321 3192 Smb - ok
15:42:26.0368 3192 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
15:42:26.0383 3192 spldr - ok
15:42:26.0461 3192 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
15:42:26.0461 3192 srv - ok
15:42:26.0508 3192 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
15:42:26.0524 3192 srv2 - ok
15:42:26.0555 3192 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
15:42:26.0555 3192 srvnet - ok
15:42:26.0602 3192 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
15:42:26.0602 3192 ssmdrv - ok
15:42:26.0664 3192 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
15:42:26.0664 3192 stexstor - ok
15:42:26.0726 3192 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
15:42:26.0726 3192 swenum - ok
15:42:26.0820 3192 SynTP (47183e3520c88fadd5b0c87d57040da5) C:\Windows\system32\DRIVERS\SynTP.sys
15:42:26.0820 3192 SynTP - ok
15:42:26.0945 3192 Tcpip (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys
15:42:26.0992 3192 Tcpip - ok
15:42:27.0070 3192 TCPIP6 (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys
15:42:27.0085 3192 TCPIP6 - ok
15:42:27.0163 3192 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
15:42:27.0163 3192 tcpipreg - ok
15:42:27.0226 3192 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
15:42:27.0226 3192 TDPIPE - ok
15:42:27.0241 3192 TDTCP (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys
15:42:27.0257 3192 TDTCP - ok
15:42:27.0319 3192 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
15:42:27.0319 3192 tdx - ok
15:42:27.0382 3192 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
15:42:27.0382 3192 TermDD - ok
15:42:27.0475 3192 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
15:42:27.0491 3192 tssecsrv - ok
15:42:27.0553 3192 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
15:42:27.0553 3192 TsUsbFlt - ok
15:42:27.0631 3192 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
15:42:27.0647 3192 tunnel - ok
15:42:27.0678 3192 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
15:42:27.0678 3192 uagp35 - ok
15:42:27.0740 3192 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
15:42:27.0740 3192 udfs - ok
15:42:27.0818 3192 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
15:42:27.0818 3192 uliagpkx - ok
15:42:27.0896 3192 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
15:42:27.0896 3192 umbus - ok
15:42:27.0928 3192 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
15:42:27.0928 3192 UmPass - ok
15:42:28.0006 3192 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
15:42:28.0006 3192 USBAAPL - ok
15:42:28.0084 3192 usbaudio (1d9f2bd026e8e2d45033a4df3f16b78c) C:\Windows\system32\drivers\usbaudio.sys
15:42:28.0084 3192 usbaudio - ok
15:42:28.0146 3192 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
15:42:28.0146 3192 usbccgp - ok
15:42:28.0193 3192 USBCCID - ok
15:42:28.0255 3192 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
15:42:28.0255 3192 usbcir - ok
15:42:28.0286 3192 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
15:42:28.0302 3192 usbehci - ok
15:42:28.0364 3192 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
15:42:28.0364 3192 usbhub - ok
15:42:28.0442 3192 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys
15:42:28.0442 3192 usbohci - ok
15:42:28.0489 3192 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
15:42:28.0489 3192 usbprint - ok
15:42:28.0536 3192 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:42:28.0536 3192 USBSTOR - ok
15:42:28.0567 3192 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\DRIVERS\usbuhci.sys
15:42:28.0567 3192 usbuhci - ok
15:42:28.0614 3192 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\Windows\system32\Drivers\usbvideo.sys
15:42:28.0630 3192 usbvideo - ok
15:42:28.0708 3192 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
15:42:28.0708 3192 vdrvroot - ok
15:42:28.0770 3192 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
15:42:28.0770 3192 vga - ok
15:42:28.0801 3192 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
15:42:28.0801 3192 VgaSave - ok
15:42:28.0848 3192 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
15:42:28.0848 3192 vhdmp - ok
15:42:28.0879 3192 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
15:42:28.0879 3192 viaagp - ok
15:42:28.0926 3192 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
15:42:28.0926 3192 ViaC7 - ok
15:42:28.0957 3192 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
15:42:28.0957 3192 viaide - ok
15:42:29.0004 3192 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
15:42:29.0020 3192 volmgr - ok
15:42:29.0051 3192 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
15:42:29.0066 3192 volmgrx - ok
15:42:29.0113 3192 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
15:42:29.0129 3192 volsnap - ok
15:42:29.0176 3192 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
15:42:29.0176 3192 vsmraid - ok
15:42:29.0222 3192 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
15:42:29.0238 3192 vwifibus - ok
15:42:29.0285 3192 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
15:42:29.0285 3192 vwififlt - ok
15:42:29.0332 3192 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
15:42:29.0332 3192 WacomPen - ok
15:42:29.0378 3192 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
15:42:29.0378 3192 WANARP - ok
15:42:29.0394 3192 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
15:42:29.0394 3192 Wanarpv6 - ok
15:42:29.0456 3192 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
15:42:29.0456 3192 Wd - ok
15:42:29.0503 3192 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
15:42:29.0519 3192 Wdf01000 - ok
15:42:29.0612 3192 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
15:42:29.0628 3192 WfpLwf - ok
15:42:29.0659 3192 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
15:42:29.0659 3192 WIMMount - ok
15:42:29.0815 3192 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
15:42:29.0815 3192 WinUsb - ok
15:42:29.0924 3192 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
15:42:29.0924 3192 WmiAcpi - ok
15:42:30.0018 3192 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
15:42:30.0018 3192 ws2ifsl - ok
15:42:30.0127 3192 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
15:42:30.0127 3192 WudfPf - ok
15:42:30.0190 3192 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
15:42:30.0190 3192 WUDFRd - ok
15:42:30.0268 3192 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
15:42:30.0330 3192 \Device\Harddisk0\DR0 - ok
15:42:30.0346 3192 Boot (0x1200) (6005e54591185526d6606abffed89502) \Device\Harddisk0\DR0\Partition0
15:42:30.0361 3192 \Device\Harddisk0\DR0\Partition0 - ok
15:42:30.0377 3192 Boot (0x1200) (267810886754289918c0711d7e9c623b) \Device\Harddisk0\DR0\Partition1
15:42:30.0377 3192 \Device\Harddisk0\DR0\Partition1 - ok
15:42:30.0377 3192 ============================================================
15:42:30.0377 3192 Scan finished
15:42:30.0377 3192 ============================================================
15:42:30.0408 1524 Detected object count: 0
15:42:30.0408 1524 Actual detected object count: 0
15:43:20.0205 1556 Deinitialize success
|
|
04.03.2012, 16:12
| #19 |
| /// Malwareteam | Trojanisches Pferd TR/Crypt.zpack.gen2 gefunden. Kein Internet! CF-Script Hinweis für Mitleser: Folgendes ComboFix Skript ist ausschließlich für diesen User in dieser Situtation erstellt worden. Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen! Lösche die vorhandene Combofix.exe von deinem Desktop und lade das Programm von einem der folgenden Download-Spiegel neu herunter: BleepingComputer.com - ForoSpyware.comund speichere es erneut auf dem Desktop (nicht woanders hin, das ist wichtig)! Drücke die Windows + R Taste --> Notepad (hinein schreiben) --> OK Kopiere nun den Text aus der folgenden Codebox komplett in das leere Textdokument. Code:
ATTFilter DirLook::
C:\qoobox\quarantine
Wichtig:
__________________ Kein Asylrecht für Trojaner!  Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
|
04.03.2012, 18:54
| #20 |
| | Trojanisches Pferd TR/Crypt.zpack.gen2 gefunden. Kein Internet! Combofix Logfile: Code:
ATTFilter ComboFix 12-03-04.01 - Acer 04.03.2012 18:27:10.4.2 - x86
Microsoft Windows 7 Starter 6.1.7601.1.1252.41.1031.18.1014.373 [GMT 1:00]
ausgeführt von:: c:\users\Acer\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Acer\Desktop\CFScript.txt
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-02-04 bis 2012-03-04 ))))))))))))))))))))))))))))))
.
.
2012-03-04 17:42 . 2012-03-04 17:42 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-03-04 17:42 . 2012-03-04 17:42 -------- d-----w- c:\users\Gast\AppData\Local\temp
2012-03-04 17:42 . 2012-03-04 17:42 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-04 07:33 . 2012-03-04 07:35 -------- d-----w- C:\FRST
2012-02-28 09:32 . 2012-02-28 09:32 -------- d-----w- c:\windows\system32\wbem\en-US
2012-02-28 00:22 . 2012-03-04 17:42 -------- d-----w- c:\users\Acer\AppData\Local\temp
2012-02-18 12:38 . 2012-02-18 12:38 -------- d-----w- c:\windows\Sun
2012-02-18 12:02 . 2011-12-30 05:27 478720 ----a-w- c:\windows\system32\timedate.cpl
2012-02-18 12:01 . 2011-12-16 07:52 690688 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-18 12:01 . 2012-01-04 08:58 442880 ----a-w- c:\windows\system32\ntshrui.dll
2012-02-18 12:00 . 2012-01-14 03:35 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-02-07 19:30 . 2009-08-11 20:18 497664 ----a-w- c:\windows\system32\ac3filter.acm
2012-02-07 19:30 . 2012-02-07 19:30 -------- d-----w- c:\program files\AC3Filter
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-06 19:12 . 2011-09-08 18:45 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-24 16:35 . 2012-01-24 16:35 212992 ----a-w- c:\windows\system32\aptw2s8pj.dll
2012-01-10 14:39 . 2011-08-27 14:12 98304 ----a-w- c:\windows\system32\CmdLineExt.dll
2011-12-10 14:24 . 2011-12-30 10:46 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-07 15:39 . 2011-12-07 15:39 472808 ----a-w- c:\windows\system32\deployJava1.dll
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\qoobox\quarantine ----
.
2012-02-28 22:21 . 2012-03-04 17:27 0 ----a-w- c:\qoobox\quarantine\catchme.txt
2012-02-28 00:19 . 2012-02-28 00:19 92 ----a-w- c:\qoobox\quarantine\Registry_backups\Toolbar-Locked.reg.dat
2012-02-28 00:12 . 2012-03-04 17:37 10680 ----a-w- c:\qoobox\quarantine\Registry_backups\tcpip.reg
2012-01-06 19:20 . 2012-01-06 19:20 2052 ----a-w- c:\qoobox\quarantine\Registry_backups\AddRemove-{889DF117-14D1-44EE-9F31-C5FB5D47F68B}.reg.dat
2012-01-06 19:18 . 2012-02-28 00:19 118 ----a-w- c:\qoobox\quarantine\Registry_backups\URLSearchHooks-{37483b40-c254-4a72-bda4-22ee90182c1e}.reg.dat
2012-01-06 19:00 . 2012-03-04 17:27 410 ----a-w- c:\qoobox\quarantine\catchme.log
2011-09-25 15:17 . 2011-09-25 15:17 97614 ----a-w- c:\qoobox\quarantine\C\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.dat.vir
2011-09-25 15:17 . 2011-07-22 23:53 471040 ----a-w- c:\qoobox\quarantine\C\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll.vir
2011-09-25 15:17 . 2009-11-19 06:12 4846 ----a-w- c:\qoobox\quarantine\C\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.ico.vir
2011-09-25 15:17 . 2011-07-22 23:55 847872 ----a-w- c:\qoobox\quarantine\C\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setup.dll.vir
2011-09-25 15:17 . 2011-03-11 03:29 227984 ----a-w- c:\qoobox\quarantine\C\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.exe.vir
2009-09-16 18:58 . 2009-09-16 18:58 22 ----a-w- c:\qoobox\quarantine\C\Windows\System32\1.cmd.vir
2009-08-14 08:46 . 2009-02-10 19:23 192484 ----a-w- c:\qoobox\quarantine\C\Program Files\Common Files\Acer GameZone online.ico.vir
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{7e111a5c-3d11-4f56-9463-5310c3c69025}"= "c:\program files\Freeware.de\prxtbFree.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{7e111a5c-3d11-4f56-9463-5310c3c69025}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7e111a5c-3d11-4f56-9463-5310c3c69025}]
2011-05-09 08:49 176936 ----a-w- c:\program files\Freeware.de\prxtbFree.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
2011-07-22 23:53 787744 ----a-w- c:\program files\Yontoo Layers Runtime\YontooIEClient.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{7e111a5c-3d11-4f56-9463-5310c3c69025}"= "c:\program files\Freeware.de\prxtbFree.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{7e111a5c-3d11-4f56-9463-5310c3c69025}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{7E111A5C-3D11-4F56-9463-5310C3C69025}"= "c:\program files\Freeware.de\prxtbFree.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{7e111a5c-3d11-4f56-9463-5310c3c69025}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-08-06 17:18 120104 ----a-w- c:\program files\EgisTec\MyWinLocker 3\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FreeCT"="c:\program files\FreeCountdownTimer\FreeCountdownTimer.exe" [2011-05-24 2033488]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"LManager"="c:\program files\Launch Manager\LManager.exe" [2009-06-02 1130504]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-07-06 7600672]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2009-08-06 707104]
"EgisTecLiveUpdate"="c:\program files\EgisTec Egis Software Update\EgisUpdate.exe" [2009-08-04 199464]
"mwlDaemon"="c:\program files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe" [2009-08-06 349480]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"NortonOnlineBackupReminder"="c:\program files\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-07-24 588648]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-06-18 1537320]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-24 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-24 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-24 150552]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-03-29 281768]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Acer VCM.lnk - c:\program files\Acer\Acer VCM\AcerVCM.exe [2009-8-14 708608]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FILSHtray]
2012-01-10 12:08 596992 ----a-w- c:\program files\FILSHtray\FILSHtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-08-18 23:07 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-06-24 167424]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [2009-06-02 18992]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [2009-06-02 16432]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [2009-06-02 60976]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-05-01 136360]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2009-08-06 727584]
S2 Greg_Service;GRegService;c:\program files\Acer\Registration\GregHSRW.exe [2009-06-04 1150496]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 MWLService;MyWinLocker Service;c:\program files\EgisTec\MyWinLocker 3\x86\\MWLService.exe [2009-08-06 311592]
S2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [2009-07-10 253952]
S2 Update-Service;Update-Service;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2009-07-04 240160]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x86.sys [2009-07-27 51712]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-10 20464]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc
Update-Service-Installer-Service REG_MULTI_SZ Update-Service-Installer-Service
Update-Service REG_MULTI_SZ Update-Service
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2736476
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_one&r=07b511093115l03e4ww85w47323005
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 62.2.17.61 62.2.24.158 62.2.17.60 62.2.24.162
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(984)
c:\program files\EgisTec\MyWinLocker 3\x86\psdprotect.dll
c:\program files\EgisTec\MyWinLocker 3\x86\sysenv.dll
c:\program files\Acer\Acer ePower Management\SysHook.dll
.
Zeit der Fertigstellung: 2012-03-04 18:47:20
ComboFix-quarantined-files.txt 2012-03-04 17:47
ComboFix2.txt 2012-03-01 15:31
ComboFix3.txt 2012-02-28 22:43
ComboFix4.txt 2012-02-28 00:22
ComboFix5.txt 2012-03-04 17:22
.
Vor Suchlauf: 18 Verzeichnis(se), 70'772'531'200 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 71'257'128'960 Bytes frei
.
- - End Of File - - 09627C2F0ECCD9AD2F6C52299EEC7E29
|
|
05.03.2012, 07:13
| #21 |
| /// Malwareteam | Trojanisches Pferd TR/Crypt.zpack.gen2 gefunden. Kein Internet! Suche mit FRST Schließe den USB Stick, der FRST enthält, an das infizierte System an Du musst das System nun in die System Reparatur Option booten. Über den Boot Manager
Klicke auf search - das Tool erstellt eine search.txt auf deinem Stick. Poste den Inhalt bitte hier.
__________________ --> Trojanisches Pferd TR/Crypt.zpack.gen2 gefunden. Kein Internet! |
|
05.03.2012, 18:20
| #22 |
| | Trojanisches Pferd TR/Crypt.zpack.gen2 gefunden. Kein Internet! Hier ist search.txt. Code:
ATTFilter Farbar Recovery Scan Tool Version: 01-03-2012
Ran by SYSTEM at 2012-03-05 18:10:14
Running from F:\
================== Search: "6340a.dll" ===================
=== End Of Search ===
|
|
05.03.2012, 18:27
| #23 |
| /// Malwareteam | Trojanisches Pferd TR/Crypt.zpack.gen2 gefunden. Kein Internet! Sehr seltsam!  Erstelle mir bitte nochmal ein Gmer-Log, ich muss da noch Erkundigungen einholen. Die Datei wird NUR von GMER gefunden und kann demzufolge auch nicht gekillt werden. Bitte hab etwas Geduld!  GMER Bitte
__________________ Kein Asylrecht für Trojaner! Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
|
05.03.2012, 19:19
| #24 |
| | Trojanisches Pferd TR/Crypt.zpack.gen2 gefunden. Kein Internet!Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-03-05 19:15:27
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 WDC_WD16 rev.11.0
Running: 8kn8rjxd.exe; Driver: C:\Users\Acer\AppData\Local\Temp\kwldrpob.sys
---- System - GMER 1.0.15 ----
SSDT 806B2076 ZwCreateSection
SSDT 806B207B ZwSetContextThread
SSDT 806B2017 ZwTerminateProcess
---- Kernel code sections - GMER 1.0.15 ----
.text ntoskrnl.exe!ZwSaveKey + 13CD 8204F9A9 1 Byte [06]
.text ntoskrnl.exe!KiDispatchInterrupt + 5A2 8206F4E2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntoskrnl.exe!KeRemoveQueueEx + 14BF 8207687C 4 Bytes [76, 20, 6B, 80]
.text ntoskrnl.exe!KeRemoveQueueEx + 185F 82076C1C 4 Bytes [7B, 20, 6B, 80]
.text ntoskrnl.exe!KeRemoveQueueEx + 1937 82076CF4 4 Bytes [17, 20, 6B, 80] {POP SS; AND [EBX-0x80], CH}
---- User code sections - GMER 1.0.15 ----
.text C:\Windows\system32\svchost.exe[984] ntdll.dll!NtClose 770C54C8 5 Bytes JMP 01101B91
.text C:\Windows\system32\svchost.exe[984] ntdll.dll!NtCreateSection 770C56E8 5 Bytes JMP 011008F8
.text C:\Windows\system32\svchost.exe[984] ntdll.dll!NtMapViewOfSection 770C5C28 5 Bytes JMP 01100BD4
.text C:\Windows\system32\svchost.exe[984] ntdll.dll!NtOpenFile 770C5CD8 5 Bytes JMP 011018B4
.text C:\Windows\system32\svchost.exe[984] ntdll.dll!NtOpenSection 770C5DC8 5 Bytes JMP 01100683
.text C:\Windows\system32\svchost.exe[984] ntdll.dll!NtQueryAttributesFile 770C5F38 5 Bytes JMP 011015E1
.text C:\Windows\system32\svchost.exe[984] ntdll.dll!NtQuerySection 770C6188 5 Bytes JMP 0110116D
.text C:\Windows\system32\svchost.exe[984] ntdll.dll!NtQueryVirtualMemory 770C6258 5 Bytes JMP 01101D66
.text C:\Windows\system32\svchost.exe[984] ntdll.dll!NtUnmapViewOfSection 770C69B8 5 Bytes JMP 01100F2E
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
Device \Driver\ACPI_HAL \Device\0000004a halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
---- Processes - GMER 1.0.15 ----
Library C:\Windows\system32\6340a.dll (*** hidden *** ) @ C:\Windows\system32\svchost.exe [984] 0x03CD0000
---- EOF - GMER 1.0.15 ----
|
|
05.03.2012, 22:54
| #25 |
| /// Malwareteam | Trojanisches Pferd TR/Crypt.zpack.gen2 gefunden. Kein Internet! Nun bitte ich dich, ein paar Stunden Geduld mitzubringen. 
__________________ Kein Asylrecht für Trojaner! Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
|
06.03.2012, 01:09
| #26 |
| |  Trojanisches Pferd TR/Crypt.zpack.gen2 gefunden. Kein Internet! Ok. Ich hoffe, es gibt eine Lösung. Danke erstmal. |
|
06.03.2012, 11:14
| #27 | |
| /// Malwareteam | Trojanisches Pferd TR/Crypt.zpack.gen2 gefunden. Kein Internet! RKU Downloade Dir bitte RKUnhookerLE und speichere die Datei auf deinem Desktop.
Zitat:
__________________ Kein Asylrecht für Trojaner! Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
|
06.03.2012, 16:44
| #28 |
| | Trojanisches Pferd TR/Crypt.zpack.gen2 gefunden. Kein Internet! Die Datei ist zu lang. ich versuche, sie als Anhang in 3 Teile zu senden. Hoffe, es klappt. Musste 4 Teile machen. |
|
07.03.2012, 07:14
| #29 |
| /// Malwareteam | Trojanisches Pferd TR/Crypt.zpack.gen2 gefunden. Kein Internet! Hallo snowly1, nach Rücksprache mit den Experten machen wir jetzt mal folgendes! CF-Script Hinweis für Mitleser: Folgendes ComboFix Skript ist ausschließlich für diesen User in dieser Situtation erstellt worden. Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen! Lösche die vorhandene Combofix.exe von deinem Desktop und lade das Programm von einem der folgenden Download-Spiegel neu herunter: BleepingComputer.com - ForoSpyware.comund speichere es erneut auf dem Desktop (nicht woanders hin, das ist wichtig)! Drücke die Windows + R Taste --> Notepad (hinein schreiben) --> OK Kopiere nun den Text aus der folgenden Codebox komplett in das leere Textdokument. Code:
ATTFilter c:\windows\system32\aptw2s8pj.dll
Wichtig:
__________________ Kein Asylrecht für Trojaner! Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
|
07.03.2012, 14:16
| #30 |
| | Trojanisches Pferd TR/Crypt.zpack.gen2 gefunden. Kein Internet! Hier das CF: Ich konnte danach nicht mehr ins Internet, irgendeine Fehlermeldung von einer gelöschten Datei. Nachdem ich PC neu gestartet habe, gings wieder. Code:
ATTFilter Combofix Logfile: |
|
| Themen zu Trojanisches Pferd TR/Crypt.zpack.gen2 gefunden. Kein Internet! |
| .com, antivir, antivir guard, avira, bonjour, browser, cpu, desktop, down, error, excel, flash player, internet, kein internet, locker, malware, mywinlocker, office 2007, plug-in, programm, realtek, scan, software, svchost.exe, symantec, trojan, trojanisches pferd, usb 2.0, virus, windows, windows 7 starter, yontoo |
Linear-Darstellung
