Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Live Security Platinum - Malwarebytes meldet Löschung von 3 infizierten Dateien, sind aber wieder da

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 08.06.2012, 23:09   #1
Magnetiseur
 
Live Security Platinum - Malwarebytes meldet Löschung von 3 infizierten Dateien, sind aber wieder da - Unglücklich

Live Security Platinum - Malwarebytes meldet Löschung von 3 infizierten Dateien, sind aber wieder da



Hallo,

ich bitte um eure Hilfe. Heute mittag meldetet sich plötzlich ein Programm namens "Live Security Platinum" auf dem PC meiner Freundin. Nach chaotischer Googlesuche (ich habe leider sehr wenig PC-Kompetenz) bin ich auf dieses Forum gestoßen. Ich hab dann Malwarebytes AntiMalware runtergeladen (bzw. aktualisiert, da es schon auf dem Rechner war. Hab mehrmals den vollständigen Scan durchlaufen lassen, es meldet danach zwar immer, dass die Dateien erfolgreich gelöscht wurden, aber nach dem Neustart tauchen sie beim nächsten Scan wieder auf

Avira Antivir ist auch auf dem Rechner, habe da auch schon mehrmals auf "Entfernen" geklickt - ohne Erfolg...

Der Report von Malwarebytes:

Malwarebytes Anti-Malware (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.06.08.04

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Sarah :: SARAH-PC [Administrator]

Schutz: Aktiviert

08.06.2012 21:16:14
mbam-log-2012-06-08 (21-16-14).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 341960
Laufzeit: 1 Stunde(n), 11 Minute(n), 18 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 3
C:\Windows\Installer\{23ceaf3e-03eb-15df-900f-dffb4f8e63b1}\U\00000001.@ (Trojan.Small) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\Installer\{23ceaf3e-03eb-15df-900f-dffb4f8e63b1}\U\80000000.@ (Trojan.Sirefef) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\Installer\{23ceaf3e-03eb-15df-900f-dffb4f8e63b1}\U\800000cb.@ (Rootkit.0Access) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

Ich hoffe, ich habe das jetzt richtig gemacht mit dem Thema erstellen und mich an die Forumregeln gehalten und hoffe auf eine Antwort...

Magnetiseur

Nachtrag: Ich habs noch so einen OTL-Scan gemacht - hier der Report:OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 6/8/2012 11:20:02 PM - Run 2
OTL by OldTimer - Version 3.2.47.0     Folder = C:\Users\Sarah\Downloads
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2.93 Gb Total Physical Memory | 1.35 Gb Available Physical Memory | 46.01% Memory free
5.86 Gb Paging File | 4.14 Gb Available in Paging File | 70.63% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 141.49 Gb Total Space | 87.26 Gb Free Space | 61.67% Space Free | Partition Type: NTFS
Drive D: | 141.50 Gb Total Space | 133.38 Gb Free Space | 94.27% Space Free | Partition Type: NTFS
 
Computer Name: SARAH-PC | User Name: Sarah | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Sarah\Downloads\OTL(1).exe (OldTimer Tools)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\madagaskar\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\madagaskar\mbam.exe (Malwarebytes Corporation)
PRC - C:\Program Files\madagaskar\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
PRC - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
PRC - C:\Program Files\SMART Technologies\SMART Product Drivers\SMARTSNMPAgent.exe (SMART Technologies ULC)
PRC - C:\Program Files\SMART Technologies\SMART Product Drivers\SMARTBoardTools.exe (SMART Technologies ULC)
PRC - C:\Program Files\SMART Technologies\SMART Product Drivers\Marker.exe (SMART Technologies ULC)
PRC - C:\Program Files\SMART Technologies\SMART Product Drivers\Aware.exe (SMART Technologies ULC)
PRC - C:\Program Files\SMART Technologies\SMART Product Drivers\SMARTBoardService.exe (SMART Technologies)
PRC - C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe (SAMSUNG Electronics)
PRC - C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe ()
PRC - C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe (SEC)
PRC - C:\Program Files\ScanWizard 5\ScannerFinder.exe ()
PRC - C:\Program Files\PostgreSQL\8.3\bin\postgres.exe (PostgreSQL Global Development Group)
PRC - C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe (PostgreSQL Global Development Group)
PRC - C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
PRC - C:\Windows\System32\PSIService.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\System32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files\SMART Technologies\SMART Product Drivers\ZipArchive.dll ()
MOD - C:\Program Files\OpenOffice.org 3\Basis\program\NSLDAP32V50.dll ()
MOD - C:\Program Files\OpenOffice.org 3\program\libxml2.dll ()
MOD - C:\Program Files\ScanWizard 5\SFRes.dll ()
MOD - C:\Program Files\ScanWizard 5\ScannerFinder.exe ()
MOD - C:\Program Files\OpenOffice.org 3\Basis\program\libxslt.dll ()
MOD - C:\Program Files\SMART Technologies\SMART Product Drivers\QtCore4.dll ()
MOD - C:\Program Files\SMART Technologies\SMART Product Drivers\QtNetwork4.dll ()
MOD - C:\Program Files\SMART Technologies\SMART Product Drivers\QtGui4.dll ()
MOD - C:\Program Files\Samsung\Easy Display Manager\HookDllPS2.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (MBAMService) -- C:\Program Files\madagaskar\mbamservice.exe (Malwarebytes Corporation)
SRV - (CVPND) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
SRV - (OberonGameConsoleService) -- C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe ()
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (pgsql-8.3) -- C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe (PostgreSQL Global Development Group)
SRV - (BcmSqlStartupSvc) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
SRV - (ProtexisLicensing) -- C:\Windows\System32\PSIService.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV - (agec7qc3) --  File not found
DRV - (lech) -- C:\Windows\System32\drivers\pfij.sys ()
DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (sptd) -- C:\Windows\System32\drivers\sptd.sys ()
DRV - (CVPNDRVA) -- C:\Windows\System32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.)
DRV - (SMARTVHidMini2000x86) -- C:\Windows\System32\drivers\SMARTVHidMini2000x86.sys (SMART Technologies ULC)
DRV - (SMARTVTabletPCx86) -- C:\Windows\System32\drivers\SMARTVTabletPCx86.sys (SMART Technologies ULC)
DRV - (SMARTMouseFilterx86) -- C:\Windows\System32\drivers\SMARTMouseFilterx86.sys (SMART Technologies ULC)
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (ewusbnet) -- C:\Windows\System32\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.)
DRV - (hwusbdev) -- C:\Windows\System32\drivers\ewusbdev.sys (Huawei Technologies Co., Ltd.)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (Serial) -- C:\Windows\System32\drivers\serial.sys (Brother Industries Ltd.)
DRV - (DNE) -- C:\Windows\System32\drivers\dne2000.sys (Deterministic Networks, Inc.)
DRV - (acedrv10) -- C:\Windows\System32\drivers\ACEDRV10.sys (Protect Software GmbH)
DRV - (acehlp10) -- C:\Windows\System32\drivers\acehlp10.sys (Protect Software GmbH)
DRV - (CVirtA) -- C:\Windows\System32\drivers\CVirtA.sys (Cisco Systems, Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files\Winload\tbWinl.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.ask.com?o=15003&l=dis
IE - HKCU\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files\Winload\tbWinl.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=SPC2&o=15000&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=PV&apn_dtid=YYYYYYYYDE&apn_uid=3F90046A-94C7-4F50-BB58-39C953D61641&apn_sauid=4E6FD525-F3A4-44C5-B053-F0075E8A4470
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN_deDE353
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Wikipedia (de)"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://ecosia.de/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {D6D05E6F-D5C1-4e03-8E33-73F92B05E262}:10.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/05/06 15:49:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/16 21:24:59 | 000,000,000 | ---D | M]
 
[2009/11/14 15:43:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sarah\AppData\Roaming\mozilla\Extensions
[2012/05/02 22:13:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sarah\AppData\Roaming\mozilla\Firefox\Profiles\x6grzyfh.default\extensions
[2011/05/23 00:55:46 | 000,002,396 | ---- | M] () -- C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\x6grzyfh.default\searchplugins\askcom.xml
[2012/05/06 15:49:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2011/09/15 23:59:18 | 000,000,000 | ---D | M] (Click to call with Skype) -- C:\Program Files\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2010/06/19 16:40:21 | 000,000,000 | ---D | M] (SMART Notebook Extension) -- C:\Program Files\mozilla firefox\extensions\{D6D05E6F-D5C1-4e03-8E33-73F92B05E262}
[2012/03/28 14:52:13 | 000,634,964 | ---- | M] () (No name found) -- C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012/05/06 15:49:18 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/03/19 23:22:24 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/03/15 20:36:50 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/03/15 20:36:50 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/03/15 20:36:50 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012/03/15 20:36:50 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/03/15 20:36:50 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/03/15 20:36:49 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009/06/10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files\Winload\tbWinl.dll (Conduit Ltd.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (CIEDownload Object) - {67BCF957-85FC-4036-8DC4-D4D80E00A77B} - C:\Program Files\SMART Technologies\SMART Notebook\NotebookPlugin.dll (SMART Technologies ULC.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files\Winload\tbWinl.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Winload Toolbar) - {40C3CC16-7269-4B32-9531-17F2950FB06F} - C:\Program Files\Winload\tbWinl.dll (Conduit Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\madagaskar\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SMART Board Service] C:\Program Files\SMART Technologies\SMART Product Drivers\SMARTBoardService.exe (SMART Technologies)
O4 - HKLM..\Run: [SMART SNMP Agent] C:\Program Files\SMART Technologies\SMART Product Drivers\SMARTSNMPAgent.exe (SMART Technologies ULC)
O4 - HKCU..\Run: [CPN Notifier] C:\Program Files\Cake Poker 2.0\PokerNotifier.exe File not found
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - Startup: C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: PokerStars.fr - {90EAE591-7E7E-434a-8E28-ECFD00071806} - C:\Program Files\PokerStars.FR\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4F84A043-FD63-43E5-8299-06DDA3ED9C9F}: NameServer = 193.189.244.225 193.189.244.206
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{57D0DCD6-B7E1-4D82-916B-816B68ACA0C5}: NameServer = 193.189.244.225 193.189.244.206
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9539C053-D6E2-4FA1-A6F6-49629EE48D8E}: NameServer = 193.189.244.225 193.189.244.206
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EEEEF2AB-EDE4-4BD2-A76D-15A1B293ADDA}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{9111432d-1e3c-11e1-9063-00245414c382}\Shell - "" = AutoRun
O33 - MountPoints2\{9111432d-1e3c-11e1-9063-00245414c382}\Shell\AutoRun\command - "" = H:\GSLoader.exe
O33 - MountPoints2\{91135f73-0505-11e0-a71b-00245414c382}\Shell - "" = AutoRun
O33 - MountPoints2\{91135f73-0505-11e0-a71b-00245414c382}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{a3a2e23c-0492-11e0-8054-00245414c382}\Shell - "" = AutoRun
O33 - MountPoints2\{a3a2e23c-0492-11e0-8054-00245414c382}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{a3a2e27c-0492-11e0-8054-00245414c382}\Shell - "" = AutoRun
O33 - MountPoints2\{a3a2e27c-0492-11e0-8054-00245414c382}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{c2498641-06e3-11e0-abb4-00245414c382}\Shell - "" = AutoRun
O33 - MountPoints2\{c2498641-06e3-11e0-abb4-00245414c382}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/06/08 21:14:49 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys
[2012/06/08 19:36:14 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2012/06/08 12:37:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\madagaskar
[2012/06/08 12:37:41 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2012/06/08 12:37:41 | 000,000,000 | ---D | C] -- C:\Program Files\madagaskar
[2012/06/08 12:34:18 | 000,000,000 | -HSD | C] -- C:\windows\System32\%APPDATA%
[2012/06/08 11:55:51 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Live Security Platinum
[2012/06/08 11:53:31 | 000,000,000 | ---D | C] -- C:\ProgramData\F4D55F3B00017A63000BC0D3B4EB23C1
[2012/06/03 15:34:59 | 000,419,488 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerApp.exe
 
========== Files - Modified Within 30 Days ==========
 
[2012/06/08 23:21:00 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012/06/08 23:00:00 | 000,001,098 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/08 22:36:52 | 000,054,016 | ---- | M] () -- C:\windows\System32\drivers\pfij.sys
[2012/06/08 21:32:41 | 000,014,832 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/08 21:32:41 | 000,014,832 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/08 21:14:49 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys
[2012/06/08 21:14:08 | 000,001,094 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/08 21:13:57 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/06/08 21:13:49 | 2362,920,960 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/08 12:37:43 | 000,000,955 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012/06/03 15:34:59 | 000,419,488 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerApp.exe
[2012/06/03 15:34:59 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerCPLApp.cpl
[2012/05/10 13:10:34 | 000,438,648 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
 
========== Files Created - No Company Name ==========
 
[2012/06/08 22:39:51 | 000,018,944 | ---- | C] () -- C:\windows\Installer\{23ceaf3e-03eb-15df-900f-dffb4f8e63b1}\U\800000cb.@
[2012/06/08 22:39:51 | 000,012,288 | ---- | C] () -- C:\windows\Installer\{23ceaf3e-03eb-15df-900f-dffb4f8e63b1}\U\80000000.@
[2012/06/08 22:39:50 | 000,001,648 | ---- | C] () -- C:\windows\Installer\{23ceaf3e-03eb-15df-900f-dffb4f8e63b1}\U\00000001.@
[2012/06/08 22:36:52 | 000,054,016 | ---- | C] () -- C:\windows\System32\drivers\pfij.sys
[2012/06/08 12:37:43 | 000,000,955 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012/06/03 15:34:59 | 000,000,884 | ---- | C] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012/01/11 20:28:40 | 000,002,048 | -HS- | C] () -- C:\windows\Installer\{23ceaf3e-03eb-15df-900f-dffb4f8e63b1}\@
[2011/02/11 14:44:11 | 000,293,712 | ---- | C] () -- C:\windows\System32\Tbsql03.dll
[2011/02/11 14:44:11 | 000,246,368 | ---- | C] () -- C:\windows\System32\Tbqry03.dll
[2011/02/11 14:44:11 | 000,145,696 | ---- | C] () -- C:\windows\System32\Tblib.dll
[2011/02/11 14:44:11 | 000,090,688 | ---- | C] () -- C:\windows\System32\Tbutl03.dll
[2011/02/11 14:44:11 | 000,014,512 | ---- | C] () -- C:\windows\System32\Tbgui03.dll
[2011/02/11 14:44:11 | 000,005,488 | ---- | C] () -- C:\windows\System32\Tbmds03.dll
[2010/10/27 20:36:47 | 000,090,112 | ---- | C] () -- C:\windows\System32\nccad432.dll
[2010/08/25 20:30:02 | 000,439,308 | ---- | C] () -- C:\windows\System32\igcompkrng500.bin
[2010/08/25 20:30:00 | 000,982,240 | ---- | C] () -- C:\windows\System32\igkrng500.bin
[2010/08/25 20:30:00 | 000,092,356 | ---- | C] () -- C:\windows\System32\igfcg500m.bin
[2010/08/25 19:59:08 | 000,004,096 | ---- | C] ( ) -- C:\windows\System32\IGFXDEVLib.dll
[2010/08/25 19:57:00 | 000,000,151 | ---- | C] () -- C:\windows\System32\GfxUI.exe.config
[2010/08/25 19:52:00 | 000,208,896 | ---- | C] () -- C:\windows\System32\iglhsip32.dll
[2010/08/25 19:52:00 | 000,143,360 | ---- | C] () -- C:\windows\System32\iglhcp32.dll
 
========== LOP Check ==========
 
[2012/03/26 20:21:07 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Canneverbe Limited
[2010/04/19 11:20:02 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\DAEMON Tools Lite
[2011/12/04 13:30:20 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\FolderSync
[2010/10/27 20:37:25 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\kosy
[2009/11/15 22:22:25 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\OpenOffice.org
[2011/12/04 13:29:36 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\OTi
[2011/12/04 13:52:52 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\OutlookSync
[2010/06/19 17:04:10 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\SMART Technologies
[2010/06/19 16:41:06 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\SMART Technologies Inc
[2012/05/03 10:22:20 | 000,032,632 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 81 bytes -> C:\Program Files\Cake Poker 2.0:MID

< End of report >
         
--- --- ---

Geändert von Magnetiseur (08.06.2012 um 23:36 Uhr)

Alt 10.06.2012, 19:33   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Live Security Platinum - Malwarebytes meldet Löschung von 3 infizierten Dateien, sind aber wieder da - Standard

Live Security Platinum - Malwarebytes meldet Löschung von 3 infizierten Dateien, sind aber wieder da



Malwarebytes erstellt bei jedem Scanvorgang genau ein Log. Hast du in der Vergangenheit schonmal mit Malwarebytes gescannt?
Wenn ja dann stehen auch alle Logs zu jedem Scanvorgang im Reiter Logdateien. Bitte alle posten, die dort sichtbar sind.
__________________

__________________

Alt 10.06.2012, 20:12   #3
Magnetiseur
 
Live Security Platinum - Malwarebytes meldet Löschung von 3 infizierten Dateien, sind aber wieder da - Standard

Älteres Log von malwarebytes und OTL



Hallo Arne,

ok - ich habe noch jeweils ein älteres Log von Malwarebytes und OTL gefunden...
Vielen Dank schonmal für die Hilfe!

Viele Grüße
Magnetiseur

P.S Ein Freund meinte, von McAfee gäbe es ein Tool (missile oder rocket?), das mir vielleicht helfen könnte. Nach den Ratschlägen, die ich hier gelesen habe, möchte ich das aber nicht einfach ausprobieren. Hast du [ist duzen ok im Forum, oder?] Erfahrungen damit bzw. Empfehlungen dazu?

Malwarebytes Anti-Malware (Test) 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.03.19.05

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Sarah :: SARAH-PC [Administrator]

Schutz: Aktiviert

19.03.2012 22:32:35
mbam-log-2012-03-19 (22-32-35).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 349059
Laufzeit: 1 Stunde(n), 16 Minute(n), 34 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 3/19/2012 8:16:06 PM - Run 1
OTL by OldTimer - Version 3.2.39.1     Folder = C:\Users\Sarah\Downloads
 Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2.93 Gb Total Physical Memory | 1.51 Gb Available Physical Memory | 51.34% Memory free
5.86 Gb Paging File | 4.29 Gb Available in Paging File | 73.09% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 141.49 Gb Total Space | 87.55 Gb Free Space | 61.87% Space Free | Partition Type: NTFS
Drive D: | 141.50 Gb Total Space | 133.38 Gb Free Space | 94.27% Space Free | Partition Type: NTFS
 
Computer Name: SARAH-PC | User Name: Sarah | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012/03/19 20:15:14 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Users\Sarah\Downloads\OTL.exe
PRC - [2012/03/19 19:38:48 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/10/19 16:56:15 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011/10/19 16:56:01 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/10/19 16:55:48 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011/10/19 16:55:48 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/07/16 05:31:12 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2010/04/01 10:16:20 | 000,357,696 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe
PRC - [2010/03/23 12:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2010/01/05 12:44:20 | 001,053,992 | ---- | M] (SMART Technologies ULC) -- C:\Program Files\SMART Technologies\SMART Product Drivers\SMARTSNMPAgent.exe
PRC - [2010/01/05 12:43:46 | 011,154,728 | ---- | M] (SMART Technologies ULC) -- C:\Program Files\SMART Technologies\SMART Product Drivers\SMARTBoardTools.exe
PRC - [2010/01/05 12:43:34 | 005,981,480 | ---- | M] (SMART Technologies ULC) -- C:\Program Files\SMART Technologies\SMART Product Drivers\Marker.exe
PRC - [2010/01/05 12:43:26 | 001,811,752 | ---- | M] (SMART Technologies ULC) -- C:\Program Files\SMART Technologies\SMART Product Drivers\Aware.exe
PRC - [2010/01/05 12:43:24 | 003,372,328 | ---- | M] (SMART Technologies) -- C:\Program Files\SMART Technologies\SMART Product Drivers\SMARTBoardService.exe
PRC - [2009/10/31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/09/08 00:47:52 | 000,832,512 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
PRC - [2009/09/07 11:42:04 | 000,093,184 | ---- | M] (SAMSUNG Electronics) -- C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe
PRC - [2009/08/23 05:47:34 | 000,716,800 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
PRC - [2009/08/19 10:32:24 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2009/08/19 10:32:20 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2009/08/13 21:58:10 | 000,044,312 | ---- | M] () -- C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe
PRC - [2009/08/06 08:46:06 | 002,242,048 | ---- | M] (SEC) -- C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
PRC - [2009/07/14 02:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/06/26 15:25:24 | 000,356,352 | ---- | M] () -- C:\Program Files\ScanWizard 5\ScannerFinder.exe
PRC - [2008/09/19 07:30:34 | 003,674,112 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
PRC - [2008/09/19 03:03:58 | 000,065,536 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe
PRC - [2008/01/16 09:51:44 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2007/06/05 13:20:32 | 000,177,704 | ---- | M] () -- C:\Windows\System32\PSIService.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012/03/19 19:38:48 | 001,969,080 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/02/02 23:23:25 | 008,527,008 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll
MOD - [2009/12/15 18:57:38 | 000,425,984 | ---- | M] () -- C:\Program Files\SMART Technologies\SMART Product Drivers\ZipArchive.dll
MOD - [2009/08/18 15:54:22 | 000,970,752 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll
MOD - [2009/07/22 17:22:20 | 000,249,856 | ---- | M] () -- C:\Program Files\ScanWizard 5\SFRes.dll
MOD - [2009/06/26 15:25:24 | 000,356,352 | ---- | M] () -- C:\Program Files\ScanWizard 5\ScannerFinder.exe
MOD - [2009/02/27 16:42:30 | 000,049,152 | ---- | M] () -- C:\Program Files\Adobe\Reader 9.0\Reader\plug_ins\weblink.DEU
MOD - [2009/02/27 16:42:26 | 000,005,120 | ---- | M] () -- C:\Program Files\Adobe\Reader 9.0\Reader\plug_ins\Updater.DEU
MOD - [2009/02/27 16:41:54 | 001,060,864 | ---- | M] () -- C:\Program Files\Adobe\Reader 9.0\Reader\plug_ins\PPKLite.DEU
MOD - [2009/02/27 16:41:50 | 000,008,192 | ---- | M] () -- C:\Program Files\Adobe\Reader 9.0\Reader\plug_ins\reflow.DEU
MOD - [2009/02/27 16:41:26 | 000,011,264 | ---- | M] () -- C:\Program Files\Adobe\Reader 9.0\Reader\plug_ins\PDDom.DEU
MOD - [2009/02/27 16:41:06 | 000,090,112 | ---- | M] () -- C:\Program Files\Adobe\Reader 9.0\Reader\plug_ins\MakeAccessible.DEU
MOD - [2009/02/27 16:40:40 | 000,102,400 | ---- | M] () -- C:\Program Files\Adobe\Reader 9.0\Reader\plug_ins\EScript.DEU
MOD - [2009/02/27 16:40:12 | 001,712,128 | ---- | M] () -- C:\Program Files\Adobe\Reader 9.0\Reader\plug_ins\Annots.DEU
MOD - [2009/02/27 16:40:10 | 000,274,432 | ---- | M] () -- C:\Program Files\Adobe\Reader 9.0\Reader\plug_ins\DigSig.DEU
MOD - [2009/02/27 16:39:46 | 000,999,424 | ---- | M] () -- C:\Program Files\Adobe\Reader 9.0\Reader\plug_ins\AcroForm.DEU
MOD - [2009/02/27 16:39:22 | 000,081,920 | ---- | M] () -- C:\Program Files\Adobe\Reader 9.0\Reader\plug_ins\Accessibility.DEU
MOD - [2009/02/27 12:52:56 | 000,258,048 | ---- | M] () -- C:\Program Files\Adobe\Reader 9.0\Reader\sqlite.dll
MOD - [2008/02/27 07:09:18 | 001,536,000 | ---- | M] () -- C:\Program Files\SMART Technologies\SMART Product Drivers\QtCore4.dll
MOD - [2008/02/19 11:37:32 | 000,561,152 | ---- | M] () -- C:\Program Files\SMART Technologies\SMART Product Drivers\QtNetwork4.dll
MOD - [2008/02/19 11:36:06 | 006,230,016 | ---- | M] () -- C:\Program Files\SMART Technologies\SMART Product Drivers\QtGui4.dll
MOD - [2006/08/12 04:48:40 | 000,049,152 | ---- | M] () -- C:\Program Files\Samsung\Easy Display Manager\HookDllPS2.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011/10/19 16:56:01 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/10/19 16:55:48 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/03/23 12:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2009/08/13 21:58:10 | 000,044,312 | ---- | M] () [Auto | Running] -- C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe -- (OberonGameConsoleService)
SRV - [2009/07/14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2008/09/19 03:03:58 | 000,065,536 | ---- | M] (PostgreSQL Global Development Group) [Auto | Running] -- C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe -- (pgsql-8.3)
SRV - [2008/01/16 09:51:44 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2007/06/05 13:20:32 | 000,177,704 | ---- | M] () [Auto | Start_Pending] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Unknown] --  -- (a6g2p5io)
DRV - [2012/02/15 13:25:09 | 000,137,416 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/10/19 16:56:15 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011/10/19 16:56:15 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2010/06/17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/04/19 09:44:41 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2010/03/23 12:15:36 | 000,308,859 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2009/12/15 19:46:58 | 000,014,120 | ---- | M] (SMART Technologies ULC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SMARTVHidMini2000x86.sys -- (SMARTVHidMini2000x86)
DRV - [2009/12/15 19:46:54 | 000,013,440 | ---- | M] (SMART Technologies ULC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SMARTVTabletPCx86.sys -- (SMARTVTabletPCx86)
DRV - [2009/12/15 19:46:54 | 000,011,048 | ---- | M] (SMART Technologies ULC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SMARTMouseFilterx86.sys -- (SMARTMouseFilterx86)
DRV - [2009/12/07 19:53:18 | 000,103,168 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2009/12/07 19:36:48 | 000,201,168 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbnet.sys -- (ewusbnet)
DRV - [2009/10/12 15:22:56 | 000,101,120 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbdev.sys -- (hwusbdev)
DRV - [2009/09/21 17:58:28 | 001,218,048 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/07/14 00:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/14 00:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2008/11/16 17:39:44 | 000,131,984 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE)
DRV - [2007/10/28 16:35:14 | 000,583,128 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\ACEDRV10.sys -- (acedrv10)
DRV - [2007/10/26 14:53:46 | 000,250,560 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\acehlp10.sys -- (acehlp10)
DRV - [2007/01/18 19:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files\Winload\tbWinl.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.ask.com?o=15003&l=dis
IE - HKCU\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files\Winload\tbWinl.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=SPC2&o=15000&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=PV&apn_dtid=YYYYYYYYDE&apn_uid=3F90046A-94C7-4F50-BB58-39C953D61641&apn_sauid=4E6FD525-F3A4-44C5-B053-F0075E8A4470
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN_deDE353
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Wikipedia (de)"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://ecosia.de/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {D6D05E6F-D5C1-4e03-8E33-73F92B05E262}:10.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/03/19 19:38:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/16 20:24:59 | 000,000,000 | ---D | M]
 
[2009/11/14 14:43:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sarah\AppData\Roaming\mozilla\Extensions
[2011/05/23 11:44:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sarah\AppData\Roaming\mozilla\Firefox\Profiles\x6grzyfh.default\extensions
[2011/05/22 23:55:46 | 000,002,396 | ---- | M] () -- C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\x6grzyfh.default\searchplugins\askcom.xml
[2011/11/16 12:46:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2011/09/15 22:59:18 | 000,000,000 | ---D | M] (Click to call with Skype) -- C:\Program Files\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2010/06/19 15:40:21 | 000,000,000 | ---D | M] (SMART Notebook Extension) -- C:\Program Files\mozilla firefox\extensions\{D6D05E6F-D5C1-4e03-8E33-73F92B05E262}
[2012/03/19 19:38:48 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/05/04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/03/15 19:36:50 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/03/15 19:36:50 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/03/15 19:36:50 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012/03/15 19:36:50 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/03/15 19:36:50 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/03/15 19:36:49 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009/06/10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files\Winload\tbWinl.dll (Conduit Ltd.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (CIEDownload Object) - {67BCF957-85FC-4036-8DC4-D4D80E00A77B} - C:\Program Files\SMART Technologies\SMART Notebook\NotebookPlugin.dll (SMART Technologies ULC.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files\Winload\tbWinl.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Winload Toolbar) - {40C3CC16-7269-4B32-9531-17F2950FB06F} - C:\Program Files\Winload\tbWinl.dll (Conduit Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [SMART Board Service] C:\Program Files\SMART Technologies\SMART Product Drivers\SMARTBoardService.exe (SMART Technologies)
O4 - HKLM..\Run: [SMART SNMP Agent] C:\Program Files\SMART Technologies\SMART Product Drivers\SMARTSNMPAgent.exe (SMART Technologies ULC)
O4 - HKCU..\Run: [CPN Notifier] C:\Program Files\Cake Poker 2.0\PokerNotifier.exe File not found
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\windows\System32\Macromed\Flash\FlashUtil11e_Plugin.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: PokerStars.fr - {90EAE591-7E7E-434a-8E28-ECFD00071806} - C:\Program Files\PokerStars.FR\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4F84A043-FD63-43E5-8299-06DDA3ED9C9F}: NameServer = 193.189.244.225 193.189.244.206
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{57D0DCD6-B7E1-4D82-916B-816B68ACA0C5}: NameServer = 193.189.244.225 193.189.244.206
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9539C053-D6E2-4FA1-A6F6-49629EE48D8E}: NameServer = 193.189.244.225 193.189.244.206
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EEEEF2AB-EDE4-4BD2-A76D-15A1B293ADDA}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{9111432d-1e3c-11e1-9063-00245414c382}\Shell - "" = AutoRun
O33 - MountPoints2\{9111432d-1e3c-11e1-9063-00245414c382}\Shell\AutoRun\command - "" = H:\GSLoader.exe
O33 - MountPoints2\{91135f73-0505-11e0-a71b-00245414c382}\Shell - "" = AutoRun
O33 - MountPoints2\{91135f73-0505-11e0-a71b-00245414c382}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{a3a2e23c-0492-11e0-8054-00245414c382}\Shell - "" = AutoRun
O33 - MountPoints2\{a3a2e23c-0492-11e0-8054-00245414c382}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{a3a2e27c-0492-11e0-8054-00245414c382}\Shell - "" = AutoRun
O33 - MountPoints2\{a3a2e27c-0492-11e0-8054-00245414c382}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{c2498641-06e3-11e0-abb4-00245414c382}\Shell - "" = AutoRun
O33 - MountPoints2\{c2498641-06e3-11e0-abb4-00245414c382}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/03/18 18:24:03 | 000,000,000 | ---D | C] -- C:\Users\Sarah\Documents\Dine
[2012/03/15 16:02:03 | 000,000,000 | ---D | C] -- C:\Program Files\ProtectDisc Driver Installer
[2012/03/15 16:01:49 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Terzio
[2012/03/15 16:01:23 | 000,000,000 | ---D | C] -- C:\Terzio
[2012/03/06 21:46:13 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Cake Poker 2.0
 
========== Files - Modified Within 30 Days ==========
 
[2012/03/19 19:55:00 | 000,001,098 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/03/19 17:05:45 | 000,014,832 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/19 17:05:45 | 000,014,832 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/19 16:55:37 | 000,001,094 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/03/19 16:55:23 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/03/19 16:55:14 | 2362,920,960 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/18 13:11:46 | 000,700,836 | ---- | M] () -- C:\windows\System32\perfh007.dat
[2012/03/18 13:11:46 | 000,653,898 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2012/03/18 13:11:46 | 000,149,920 | ---- | M] () -- C:\windows\System32\perfc007.dat
[2012/03/18 13:11:46 | 000,121,090 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2012/03/15 20:57:28 | 000,014,585 | ---- | M] () -- C:\Users\Sarah\Desktop\Kündigung BvB.odt
[2012/03/15 16:02:16 | 000,004,096 | ---- | M] () -- C:\Users\Public\Documents\0000079D.LCS
[2012/03/15 16:01:51 | 000,001,627 | ---- | M] () -- C:\Users\Sarah\Desktop\Ritter Rost - Die Eiserne Burg.lnk
[2012/03/15 02:14:07 | 000,438,648 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2012/03/08 23:46:18 | 000,072,822 | ---- | M] () -- C:\windows\System32\ieuinit.inf
[2012/03/06 21:46:13 | 000,001,014 | ---- | M] () -- C:\Users\Sarah\Desktop\Cake Poker 2.0.lnk
 
========== Files Created - No Company Name ==========
 
[2012/03/15 20:57:27 | 000,014,585 | ---- | C] () -- C:\Users\Sarah\Desktop\Kündigung BvB.odt
[2012/03/15 16:02:04 | 000,004,096 | ---- | C] () -- C:\Users\Public\Documents\0000079D.LCS
[2012/03/15 16:01:51 | 000,001,627 | ---- | C] () -- C:\Users\Sarah\Desktop\Ritter Rost - Die Eiserne Burg.lnk
[2012/03/08 23:46:18 | 000,072,822 | ---- | C] () -- C:\windows\System32\ieuinit.inf
[2011/02/11 13:44:11 | 000,293,712 | ---- | C] () -- C:\windows\System32\Tbsql03.dll
[2011/02/11 13:44:11 | 000,246,368 | ---- | C] () -- C:\windows\System32\Tbqry03.dll
[2011/02/11 13:44:11 | 000,145,696 | ---- | C] () -- C:\windows\System32\Tblib.dll
[2011/02/11 13:44:11 | 000,090,688 | ---- | C] () -- C:\windows\System32\Tbutl03.dll
[2011/02/11 13:44:11 | 000,014,512 | ---- | C] () -- C:\windows\System32\Tbgui03.dll
[2011/02/11 13:44:11 | 000,005,488 | ---- | C] () -- C:\windows\System32\Tbmds03.dll
[2010/10/27 19:36:47 | 000,090,112 | ---- | C] () -- C:\windows\System32\nccad432.dll
[2010/08/25 19:30:02 | 000,439,308 | ---- | C] () -- C:\windows\System32\igcompkrng500.bin
[2010/08/25 19:30:00 | 000,982,240 | ---- | C] () -- C:\windows\System32\igkrng500.bin
[2010/08/25 19:30:00 | 000,092,356 | ---- | C] () -- C:\windows\System32\igfcg500m.bin
[2010/08/25 18:59:08 | 000,004,096 | ---- | C] ( ) -- C:\windows\System32\IGFXDEVLib.dll
[2010/08/25 18:57:00 | 000,000,151 | ---- | C] () -- C:\windows\System32\GfxUI.exe.config
[2010/08/25 18:52:00 | 000,208,896 | ---- | C] () -- C:\windows\System32\iglhsip32.dll
[2010/08/25 18:52:00 | 000,143,360 | ---- | C] () -- C:\windows\System32\iglhcp32.dll
[2010/05/03 22:04:02 | 000,005,077 | ---- | C] () -- C:\ProgramData\bltofzsb.qlf
[2010/03/23 12:26:48 | 000,201,512 | ---- | C] () -- C:\windows\System32\vpnapi.dll
 
========== LOP Check ==========
 
[2010/04/19 10:20:02 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\DAEMON Tools Lite
[2011/12/04 12:30:20 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\FolderSync
[2010/10/27 19:37:25 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\kosy
[2009/11/15 21:22:25 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\OpenOffice.org
[2011/12/04 12:29:36 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\OTi
[2011/12/04 12:52:52 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\OutlookSync
[2010/06/19 16:04:10 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\SMART Technologies
[2010/06/19 15:41:06 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\SMART Technologies Inc
[2012/01/11 19:19:29 | 000,032,640 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 81 bytes -> C:\Program Files\Cake Poker 2.0:MID

< End of report >
         
--- --- ---

Oh ich hab am 8.6. noch mehr Logs:

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.06.08.02

Windows 7 Service Pack 1 x86 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 9.0.8112.16421
Sarah :: SARAH-PC [Administrator]

08.06.2012 12:38:32
mbam-log-2012-06-08 (12-38-32).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 339201
Laufzeit: 37 Minute(n), 8 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Live Security Platinum (Trojan.LameShield) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce|F4D55F3B00017A63000BC0D3B4EB23C1 (Trojan.LameShield) -> Daten: C:\ProgramData\F4D55F3B00017A63000BC0D3B4EB23C1\F4D55F3B00017A63000BC0D3B4EB23C1.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 1
HKCR\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InprocServer32| (Trojan.Zaccess) -> Bösartig: (C:\Users\Sarah\AppData\Local\{23ceaf3e-03eb-15df-900f-dffb4f8e63b1}\n.) Gut: (%SystemRoot%\system32\shdocvw.dll) -> Erfolgreich ersetzt und in Quarantäne gestellt.

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 9
C:\ProgramData\F4D55F3B00017A63000BC0D3B4EB23C1\F4D55F3B00017A63000BC0D3B4EB23C1.exe (Trojan.LameShield) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Sarah\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P3EPAKUI\soft3[1].exe (Rootkit.0Access) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Sarah\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S9AAI38Y\soft4[1].exe (Trojan.LameShield) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Sarah\AppData\Local\{23ceaf3e-03eb-15df-900f-dffb4f8e63b1}\n (Rootkit.0Access) -> Löschen bei Neustart.
C:\Windows\Installer\{23ceaf3e-03eb-15df-900f-dffb4f8e63b1}\n (Rootkit.0Access) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\Installer\{23ceaf3e-03eb-15df-900f-dffb4f8e63b1}\U\00000001.@ (Trojan.Small) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\Installer\{23ceaf3e-03eb-15df-900f-dffb4f8e63b1}\U\80000000.@ (Trojan.Sirefef) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\Installer\{23ceaf3e-03eb-15df-900f-dffb4f8e63b1}\U\800000cb.@ (Rootkit.0Access) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Sarah\Desktop\Live Security Platinum.lnk (Rogue.LiveSecurityPlatinum) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

Malwarebytes Anti-Malware (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.06.08.03

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Sarah :: SARAH-PC [Administrator]

Schutz: Aktiviert

08.06.2012 13:29:02
mbam-log-2012-06-08 (13-29-02).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 342063
Laufzeit: 1 Stunde(n), 6 Minute(n), 5 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 3
C:\Windows\Installer\{23ceaf3e-03eb-15df-900f-dffb4f8e63b1}\U\00000001.@ (Trojan.Small) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\Installer\{23ceaf3e-03eb-15df-900f-dffb4f8e63b1}\U\80000000.@ (Trojan.Sirefef) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\Installer\{23ceaf3e-03eb-15df-900f-dffb4f8e63b1}\U\800000cb.@ (Rootkit.0Access) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)


Malwarebytes Anti-Malware (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.06.08.04

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Sarah :: SARAH-PC [Administrator]

Schutz: Aktiviert

08.06.2012 19:21:49
mbam-log-2012-06-08 (19-21-49).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 342126
Laufzeit: 1 Stunde(n), 17 Minute(n), 8 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 3
C:\Windows\Installer\{23ceaf3e-03eb-15df-900f-dffb4f8e63b1}\U\00000001.@ (Trojan.Small) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\Installer\{23ceaf3e-03eb-15df-900f-dffb4f8e63b1}\U\80000000.@ (Trojan.Sirefef) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\Installer\{23ceaf3e-03eb-15df-900f-dffb4f8e63b1}\U\800000cb.@ (Rootkit.0Access) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
__________________

Geändert von Magnetiseur (10.06.2012 um 20:18 Uhr)

Alt 10.06.2012, 21:22   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Live Security Platinum - Malwarebytes meldet Löschung von 3 infizierten Dateien, sind aber wieder da - Standard

Live Security Platinum - Malwarebytes meldet Löschung von 3 infizierten Dateien, sind aber wieder da



Führ bitte auch ESET aus, danach sehen wir weiter.

Hinweis: ESET zeigt durchaus öfter ein paar Fehlalarme. Deswegen soll auch von ESET immer nur erst das Log gepostet und nichts entfernt werden.

ESET Online Scanner

Bitte während der Online-Scans evtl. vorhandene externe Festplatten einschalten! Bitte während der Scans alle Hintergrundwächter (Anti-Virus-Programm, Firewall, Skriptblocking und ähnliches) abstellen und nicht vergessen, alles hinterher wieder einzuschalten.
  • Anmerkung für Vista und Win7 User: Bitte den Browser unbedingt so öffnen: per Rechtsklick => als Administrator ausführen
  • Dein Anti-Virus-Programm während des Scans deaktivieren.

    Button (<< klick) drücken.
    • Firefox-User:
      Bitte esetsmartinstaller_enu.exe downloaden.Das Firefox-Addon auf dem Desktop speichern und dann installieren.
    • IE-User:
      müssen das Installieren eines ActiveX Elements erlauben.
  • Setze den einen Haken bei Yes, i accept the Terms of Use.
  • Drücke den Button.
  • Warte bis die Komponenten herunter geladen wurden.
  • Setze einen Haken bei "Scan archives".
  • Gehe sicher das bei Remove Found Threats kein Hacken gesetzt ist.
  • drücken.
  • Die Signaturen werden herunter geladen.Der Scan beginnt automatisch.
Wenn der Scan beendet wurde
  • Klicke Finish.
  • Browser schließen.
Drücke bitte die + R Taste und kopiere folgenden Text in das Ausführen Fenster.
Code:
ATTFilter
"%PROGRAMFILES%\Eset\Eset Online Scanner\log.txt"
         
Hinweis: Falls du ein 64-Bit-Windows einsetzt, lautet der Pfad so:

Code:
ATTFilter
"%PROGRAMFILES(X86)%\Eset\Eset Online Scanner\log.txt"
         
Poste nun den Inhalt der log.txt.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 11.06.2012, 00:40   #5
Magnetiseur
 
Live Security Platinum - Malwarebytes meldet Löschung von 3 infizierten Dateien, sind aber wieder da - Standard

Eset Log



Hallo Arne,

ok, hier das Log von Eset und danke...

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=62e5d98496e7b24aa192337d0006b9b8
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-06-10 08:20:15
# local_time=2012-06-10 10:20:15 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 17819599 17819599 0 0
# compatibility_mode=5893 16776574 66 94 209326 90989337 0 0
# compatibility_mode=8192 67108863 100 0 280 280 0 0
# scanned=15724
# found=0
# cleaned=0
# scan_time=1470
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=62e5d98496e7b24aa192337d0006b9b8
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-06-10 09:55:14
# local_time=2012-06-10 11:55:14 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 17821347 17821347 0 0
# compatibility_mode=5893 16776574 66 94 211074 90991085 0 0
# compatibility_mode=8192 67108863 100 0 2028 2028 0 0
# scanned=148450
# found=2
# cleaned=0
# scan_time=5419
C:\Windows\Installer\{23ceaf3e-03eb-15df-900f-dffb4f8e63b1}\U\80000000.@ a variant of Win32/Sirefef.FA trojan (unable to clean) 00000000000000000000000000000000 I
C:\Windows\Installer\{23ceaf3e-03eb-15df-900f-dffb4f8e63b1}\U\800000cb.@ probably a variant of Win32/Agent.TEO trojan (unable to clean) 00000000000000000000000000000000 I

Hallo Arne,

noch ein kleiner Nachtrag, der zumindest mir wichtig vorkommt. Habe auch noch festgestellt, dass Windows Defender angehalten wurde und ich nicht darauf zugreifen kann. Ebensowenig auf Windows Firewall (derselbe Fehlercode: 0x80070424), aber die läuft noch irgendwie bzw. fragt bei Sachen nach, ob sie aufs Internet zugreifen dürfen... Avira Antivir scheint zu funktionieren...

Viele Grüße
Magnetiseur


Alt 11.06.2012, 12:40   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Live Security Platinum - Malwarebytes meldet Löschung von 3 infizierten Dateien, sind aber wieder da - Standard

Live Security Platinum - Malwarebytes meldet Löschung von 3 infizierten Dateien, sind aber wieder da



Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet
Code:
ATTFilter
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Klick auf .
  • Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread
__________________
--> Live Security Platinum - Malwarebytes meldet Löschung von 3 infizierten Dateien, sind aber wieder da

Alt 11.06.2012, 20:46   #7
Magnetiseur
 
Live Security Platinum - Malwarebytes meldet Löschung von 3 infizierten Dateien, sind aber wieder da - Standard

OTL Log



Ok, hier das Log:

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 6/11/2012 8:28:11 PM - Run 3
OTL by OldTimer - Version 3.2.47.0     Folder = C:\Users\Sarah\Downloads
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2.93 Gb Total Physical Memory | 2.01 Gb Available Physical Memory | 68.39% Memory free
5.86 Gb Paging File | 4.65 Gb Available in Paging File | 79.29% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 141.49 Gb Total Space | 86.49 Gb Free Space | 61.13% Space Free | Partition Type: NTFS
Drive D: | 141.50 Gb Total Space | 133.38 Gb Free Space | 94.27% Space Free | Partition Type: NTFS
 
Computer Name: SARAH-PC | User Name: Sarah | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Sarah\Downloads\OTL(1).exe (OldTimer Tools)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\madagaskar\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\madagaskar\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe ()
PRC - C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
PRC - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
PRC - C:\Program Files\SMART Technologies\SMART Product Drivers\SMARTSNMPAgent.exe (SMART Technologies ULC)
PRC - C:\Program Files\SMART Technologies\SMART Product Drivers\SMARTBoardTools.exe (SMART Technologies ULC)
PRC - C:\Program Files\SMART Technologies\SMART Product Drivers\Marker.exe (SMART Technologies ULC)
PRC - C:\Program Files\SMART Technologies\SMART Product Drivers\Aware.exe (SMART Technologies ULC)
PRC - C:\Program Files\SMART Technologies\SMART Product Drivers\SMARTBoardService.exe (SMART Technologies)
PRC - C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe (SAMSUNG Electronics)
PRC - C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe ()
PRC - C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe (SEC)
PRC - C:\Program Files\ScanWizard 5\ScannerFinder.exe ()
PRC - C:\Program Files\PostgreSQL\8.3\bin\postgres.exe (PostgreSQL Global Development Group)
PRC - C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe (PostgreSQL Global Development Group)
PRC - C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
PRC - C:\Windows\System32\PSIService.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe ()
MOD - C:\Program Files\Samsung\Samsung Update Plus\HMXML.dll ()
MOD - C:\Program Files\SMART Technologies\SMART Product Drivers\ZipArchive.dll ()
MOD - C:\Program Files\OpenOffice.org 3\program\libxml2.dll ()
MOD - C:\Program Files\ScanWizard 5\SFRes.dll ()
MOD - C:\Program Files\ScanWizard 5\ScannerFinder.exe ()
MOD - C:\Program Files\SMART Technologies\SMART Product Drivers\QtCore4.dll ()
MOD - C:\Program Files\SMART Technologies\SMART Product Drivers\QtNetwork4.dll ()
MOD - C:\Program Files\SMART Technologies\SMART Product Drivers\QtGui4.dll ()
MOD - C:\Program Files\Samsung\Easy Display Manager\HookDllPS2.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (MBAMService) -- C:\Program Files\madagaskar\mbamservice.exe (Malwarebytes Corporation)
SRV - (WinHttpAutoProxySvc) -- winhttp.dll (Microsoft Corporation)
SRV - (CVPND) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
SRV - (OberonGameConsoleService) -- C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe ()
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (pgsql-8.3) -- C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe (PostgreSQL Global Development Group)
SRV - (BcmSqlStartupSvc) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
SRV - (ProtexisLicensing) -- C:\Windows\System32\PSIService.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV - (amqfou7s) --  File not found
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (sptd) -- C:\Windows\System32\drivers\sptd.sys ()
DRV - (CVPNDRVA) -- C:\Windows\System32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.)
DRV - (SMARTVHidMini2000x86) -- C:\Windows\System32\drivers\SMARTVHidMini2000x86.sys (SMART Technologies ULC)
DRV - (SMARTVTabletPCx86) -- C:\Windows\System32\drivers\SMARTVTabletPCx86.sys (SMART Technologies ULC)
DRV - (SMARTMouseFilterx86) -- C:\Windows\System32\drivers\SMARTMouseFilterx86.sys (SMART Technologies ULC)
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (ewusbnet) -- C:\Windows\System32\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.)
DRV - (hwusbdev) -- C:\Windows\System32\drivers\ewusbdev.sys (Huawei Technologies Co., Ltd.)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (Serial) -- C:\Windows\System32\drivers\serial.sys (Brother Industries Ltd.)
DRV - (DNE) -- C:\Windows\System32\drivers\dne2000.sys (Deterministic Networks, Inc.)
DRV - (acedrv10) -- C:\Windows\System32\drivers\ACEDRV10.sys (Protect Software GmbH)
DRV - (acehlp10) -- C:\Windows\System32\drivers\acehlp10.sys (Protect Software GmbH)
DRV - (CVirtA) -- C:\Windows\System32\drivers\CVirtA.sys (Cisco Systems, Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files\Winload\tbWinl.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1131658597-4005637612-88016806-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
IE - HKU\S-1-5-21-1131658597-4005637612-88016806-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.ask.com?o=15003&l=dis
IE - HKU\S-1-5-21-1131658597-4005637612-88016806-1001\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files\Winload\tbWinl.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-1131658597-4005637612-88016806-1001\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKU\S-1-5-21-1131658597-4005637612-88016806-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1131658597-4005637612-88016806-1001\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=SPC2&o=15000&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=PV&apn_dtid=YYYYYYYYDE&apn_uid=3F90046A-94C7-4F50-BB58-39C953D61641&apn_sauid=4E6FD525-F3A4-44C5-B053-F0075E8A4470
IE - HKU\S-1-5-21-1131658597-4005637612-88016806-1001\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN_deDE353
IE - HKU\S-1-5-21-1131658597-4005637612-88016806-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-1131658597-4005637612-88016806-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-1131658597-4005637612-88016806-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
IE - HKU\S-1-5-21-1131658597-4005637612-88016806-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.ask.com?o=15003&l=dis
IE - HKU\S-1-5-21-1131658597-4005637612-88016806-1006\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files\Winload\tbWinl.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-1131658597-4005637612-88016806-1006\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKU\S-1-5-21-1131658597-4005637612-88016806-1006\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1131658597-4005637612-88016806-1006\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=SPC2&o=15000&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=PV&apn_dtid=YYYYYYYYDE&apn_uid=3F90046A-94C7-4F50-BB58-39C953D61641&apn_sauid=4E6FD525-F3A4-44C5-B053-F0075E8A4470
IE - HKU\S-1-5-21-1131658597-4005637612-88016806-1006\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN_deDE353
IE - HKU\S-1-5-21-1131658597-4005637612-88016806-1006\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-1131658597-4005637612-88016806-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "LEO Eng-Deu"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://ecosia.de/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {D6D05E6F-D5C1-4e03-8E33-73F92B05E262}:10.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/06/09 13:32:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/16 21:24:59 | 000,000,000 | ---D | M]
 
[2009/11/14 15:43:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sarah\AppData\Roaming\mozilla\Extensions
[2012/05/02 22:13:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sarah\AppData\Roaming\mozilla\Firefox\Profiles\x6grzyfh.default\extensions
[2011/05/23 00:55:46 | 000,002,396 | ---- | M] () -- C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\x6grzyfh.default\searchplugins\askcom.xml
[2012/05/06 15:49:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2011/09/15 23:59:18 | 000,000,000 | ---D | M] (Click to call with Skype) -- C:\Program Files\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2010/06/19 16:40:21 | 000,000,000 | ---D | M] (SMART Notebook Extension) -- C:\Program Files\mozilla firefox\extensions\{D6D05E6F-D5C1-4e03-8E33-73F92B05E262}
[2012/03/28 14:52:13 | 000,634,964 | ---- | M] () (No name found) -- C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6GRZYFH.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012/06/09 13:32:22 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/03/19 23:22:24 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/03/15 20:36:50 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/03/15 20:36:50 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/03/15 20:36:50 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012/03/15 20:36:50 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/03/15 20:36:50 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/03/15 20:36:49 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009/06/10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files\Winload\tbWinl.dll (Conduit Ltd.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (CIEDownload Object) - {67BCF957-85FC-4036-8DC4-D4D80E00A77B} - C:\Program Files\SMART Technologies\SMART Notebook\NotebookPlugin.dll (SMART Technologies ULC.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files\Winload\tbWinl.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-1131658597-4005637612-88016806-1001\..\Toolbar\WebBrowser: (Winload Toolbar) - {40C3CC16-7269-4B32-9531-17F2950FB06F} - C:\Program Files\Winload\tbWinl.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-1131658597-4005637612-88016806-1006\..\Toolbar\WebBrowser: (Winload Toolbar) - {40C3CC16-7269-4B32-9531-17F2950FB06F} - C:\Program Files\Winload\tbWinl.dll (Conduit Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\madagaskar\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SMART Board Service] C:\Program Files\SMART Technologies\SMART Product Drivers\SMARTBoardService.exe (SMART Technologies)
O4 - HKLM..\Run: [SMART SNMP Agent] C:\Program Files\SMART Technologies\SMART Product Drivers\SMARTSNMPAgent.exe (SMART Technologies ULC)
O4 - HKU\S-1-5-21-1131658597-4005637612-88016806-1001..\Run: [CPN Notifier] C:\Program Files\Cake Poker 2.0\PokerNotifier.exe File not found
O4 - HKU\S-1-5-21-1131658597-4005637612-88016806-1001..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-1131658597-4005637612-88016806-1006..\Run: [CPN Notifier] C:\Program Files\Cake Poker 2.0\PokerNotifier.exe File not found
O4 - HKU\S-1-5-21-1131658597-4005637612-88016806-1006..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1131658597-4005637612-88016806-1006..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: PokerStars.fr - {90EAE591-7E7E-434a-8E28-ECFD00071806} - C:\Program Files\PokerStars.FR\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4F84A043-FD63-43E5-8299-06DDA3ED9C9F}: NameServer = 193.189.244.225 193.189.244.206
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{57D0DCD6-B7E1-4D82-916B-816B68ACA0C5}: NameServer = 193.189.244.225 193.189.244.206
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9539C053-D6E2-4FA1-A6F6-49629EE48D8E}: NameServer = 193.189.244.225 193.189.244.206
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EEEEF2AB-EDE4-4BD2-A76D-15A1B293ADDA}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - igfxdev.dll (Intel Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{9111432d-1e3c-11e1-9063-00245414c382}\Shell - "" = AutoRun
O33 - MountPoints2\{9111432d-1e3c-11e1-9063-00245414c382}\Shell\AutoRun\command - "" = H:\GSLoader.exe
O33 - MountPoints2\{91135f73-0505-11e0-a71b-00245414c382}\Shell - "" = AutoRun
O33 - MountPoints2\{91135f73-0505-11e0-a71b-00245414c382}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{a3a2e23c-0492-11e0-8054-00245414c382}\Shell - "" = AutoRun
O33 - MountPoints2\{a3a2e23c-0492-11e0-8054-00245414c382}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{a3a2e27c-0492-11e0-8054-00245414c382}\Shell - "" = AutoRun
O33 - MountPoints2\{a3a2e27c-0492-11e0-8054-00245414c382}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{c2498641-06e3-11e0-abb4-00245414c382}\Shell - "" = AutoRun
O33 - MountPoints2\{c2498641-06e3-11e0-abb4-00245414c382}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: Sharedaccess -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: mcmscsvc - Service
SafeBootMin: MCODS - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: BFE - Service
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: hitmanpro36 - Reg Error: Value error.
SafeBootNet: hitmanpro36.sys - Reg Error: Value error.
SafeBootNet: mcmscsvc - Service
SafeBootNet: MCODS - Service
SafeBootNet: Messenger - Service
SafeBootNet: MpfService - Service
SafeBootNet: MPSSvc - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: SharedAccess -  File not found
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\System32\Microsoft
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - C:\Windows\System32\Microsoft
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: aux - wdmaud.drv (Microsoft Corporation)
Drivers32: midi - wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - midimap.dll (Microsoft Corporation)
Drivers32: mixer - wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.imaadpcm - imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - msg711.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.siren - sirenacm.dll (Microsoft Corporation)
Drivers32: MSVideo8 - VfWWDM32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - iccvid.dll (Radius Inc.)
Drivers32: vidc.i420 - iyuv_32.dll (Microsoft Corporation)
Drivers32: VIDC.IYUV - iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.mrle - msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.tscc - tsccvid.dll (TechSmith Corporation)
Drivers32: VIDC.UYVY - msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YUY2 - msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVU9 - tsbyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVYU - msyuv.dll (Microsoft Corporation)
Drivers32: wave - wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - msacm32.drv (Microsoft Corporation)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/06/10 21:51:06 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/06/08 19:36:14 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2012/06/08 12:37:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\madagaskar
[2012/06/08 12:37:41 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2012/06/08 12:37:41 | 000,000,000 | ---D | C] -- C:\Program Files\madagaskar
[2012/06/08 12:34:18 | 000,000,000 | -HSD | C] -- C:\windows\System32\%APPDATA%
[2012/06/08 11:55:51 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Live Security Platinum
[2012/06/08 11:53:31 | 000,000,000 | ---D | C] -- C:\ProgramData\F4D55F3B00017A63000BC0D3B4EB23C1
 
========== Files - Modified Within 30 Days ==========
 
[2012/06/11 20:21:00 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012/06/11 20:19:44 | 000,014,832 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/11 20:19:44 | 000,014,832 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/11 20:13:03 | 000,001,094 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/11 20:12:25 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/06/11 20:12:17 | 2362,920,960 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/11 02:00:01 | 000,001,098 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/08 12:37:43 | 000,000,955 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
 
========== Files Created - No Company Name ==========
 
[2012/06/11 20:25:44 | 000,001,648 | ---- | C] () -- C:\windows\Installer\{23ceaf3e-03eb-15df-900f-dffb4f8e63b1}\U\00000001.@
[2012/06/09 13:38:06 | 000,018,944 | ---- | C] () -- C:\windows\Installer\{23ceaf3e-03eb-15df-900f-dffb4f8e63b1}\U\800000cb.@
[2012/06/08 23:47:46 | 000,012,288 | ---- | C] () -- C:\windows\Installer\{23ceaf3e-03eb-15df-900f-dffb4f8e63b1}\U\80000000.@
[2012/06/08 12:37:43 | 000,000,955 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012/06/03 15:34:59 | 000,000,884 | ---- | C] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012/01/11 20:28:40 | 000,002,048 | -HS- | C] () -- C:\windows\Installer\{23ceaf3e-03eb-15df-900f-dffb4f8e63b1}\@
[2011/02/11 14:44:11 | 000,293,712 | ---- | C] () -- C:\windows\System32\Tbsql03.dll
[2011/02/11 14:44:11 | 000,246,368 | ---- | C] () -- C:\windows\System32\Tbqry03.dll
[2011/02/11 14:44:11 | 000,145,696 | ---- | C] () -- C:\windows\System32\Tblib.dll
[2011/02/11 14:44:11 | 000,090,688 | ---- | C] () -- C:\windows\System32\Tbutl03.dll
[2011/02/11 14:44:11 | 000,014,512 | ---- | C] () -- C:\windows\System32\Tbgui03.dll
[2011/02/11 14:44:11 | 000,005,488 | ---- | C] () -- C:\windows\System32\Tbmds03.dll
[2010/10/27 20:36:47 | 000,090,112 | ---- | C] () -- C:\windows\System32\nccad432.dll
[2010/08/25 20:30:02 | 000,439,308 | ---- | C] () -- C:\windows\System32\igcompkrng500.bin
[2010/08/25 20:30:00 | 000,982,240 | ---- | C] () -- C:\windows\System32\igkrng500.bin
[2010/08/25 20:30:00 | 000,092,356 | ---- | C] () -- C:\windows\System32\igfcg500m.bin
[2010/08/25 19:59:08 | 000,004,096 | ---- | C] ( ) -- C:\windows\System32\IGFXDEVLib.dll
[2010/08/25 19:57:00 | 000,000,151 | ---- | C] () -- C:\windows\System32\GfxUI.exe.config
[2010/08/25 19:52:00 | 000,208,896 | ---- | C] () -- C:\windows\System32\iglhsip32.dll
[2010/08/25 19:52:00 | 000,143,360 | ---- | C] () -- C:\windows\System32\iglhcp32.dll
 
========== LOP Check ==========
 
[2012/03/26 20:21:07 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Canneverbe Limited
[2010/04/19 11:20:02 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\DAEMON Tools Lite
[2011/12/04 13:30:20 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\FolderSync
[2010/10/27 20:37:25 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\kosy
[2009/11/15 22:22:25 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\OpenOffice.org
[2011/12/04 13:29:36 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\OTi
[2011/12/04 13:52:52 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\OutlookSync
[2010/06/19 17:04:10 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\SMART Technologies
[2010/06/19 16:41:06 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\SMART Technologies Inc
[2012/05/03 10:22:20 | 000,032,632 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2009/11/15 21:22:29 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Adobe
[2011/11/17 17:07:58 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Avira
[2012/03/26 20:21:07 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Canneverbe Limited
[2010/01/07 11:06:44 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Corel
[2010/04/19 11:20:02 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\DAEMON Tools Lite
[2011/12/04 13:30:20 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\FolderSync
[2009/11/15 03:30:58 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Google
[2009/11/13 01:47:14 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Identities
[2010/10/27 20:37:25 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\kosy
[2009/11/15 03:32:02 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Macromedia
[2012/03/19 23:31:22 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Malwarebytes
[2009/09/18 01:16:15 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Media Center Programs
[2012/03/15 17:01:49 | 000,000,000 | --SD | M] -- C:\Users\Sarah\AppData\Roaming\Microsoft
[2009/11/14 15:43:51 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Mozilla
[2009/11/15 22:22:25 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\OpenOffice.org
[2011/12/04 13:29:36 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\OTi
[2011/12/04 13:52:52 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\OutlookSync
[2012/06/06 00:23:09 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Skype
[2011/09/13 00:08:30 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\skypePM
[2010/06/19 17:04:10 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\SMART Technologies
[2010/06/19 16:41:06 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\SMART Technologies Inc
[2011/10/20 12:12:32 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\vlc
 
< %APPDATA%\*.exe /s >
[2012/03/15 17:01:49 | 000,021,630 | R--- | M] () -- C:\Users\Sarah\AppData\Roaming\Microsoft\Installer\{9997E665-A18A-11DC-AA67-00E07DDCAF19}\AppName_9997E665A18A11DCAA6700E07DDCAF19.exe
[2012/03/15 17:01:49 | 000,021,630 | R--- | M] () -- C:\Users\Sarah\AppData\Roaming\Microsoft\Installer\{9997E665-A18A-11DC-AA67-00E07DDCAF19}\ARPPRODUCTICON.exe
[2009/05/27 06:08:46 | 000,303,104 | R--- | M] () -- C:\Users\Sarah\AppData\Roaming\OTi\GoExpress\FunctModules\{3736403A-A3EB-477f-AA96-00EEA43C76E6}\FileSync.exe
[2009/02/16 04:26:48 | 000,326,144 | R--- | M] () -- C:\Users\Sarah\AppData\Roaming\OTi\GoExpress\FunctModules\{3736403A-A3EB-477f-AA96-00EEA43C76E6}\GoTip.exe
[2009/02/16 04:26:48 | 000,326,144 | R--- | M] () -- C:\Users\Sarah\AppData\Roaming\OTi\GoExpress\FunctModules\{5E24AB31-F734-48ec-879E-C4B8C30F9ACD}\GoTip.exe
[2009/05/13 05:50:57 | 000,133,632 | R--- | M] () -- C:\Users\Sarah\AppData\Roaming\OTi\GoExpress\FunctModules\{5E24AB31-F734-48ec-879E-C4B8C30F9ACD}\OutlookSyncM.exe
[2009/05/26 08:38:58 | 000,851,968 | R--- | M] () -- C:\Users\Sarah\AppData\Roaming\OTi\GoExpress\FunctModules\{AA58F999-6D97-42c2-A69F-8CC04D18D944}\GO!Bridge.exe
[2009/05/27 12:06:48 | 000,290,816 | R--- | M] () -- C:\Users\Sarah\AppData\Roaming\OTi\GoExpress\FunctModules\{AA58F999-6D97-42c2-A69F-8CC04D18D944}\GO!Net.exe
[2009/05/25 13:01:08 | 000,086,016 | R--- | M] () -- C:\Users\Sarah\AppData\Roaming\OTi\GoExpress\FunctModules\{AA58F999-6D97-42c2-A69F-8CC04D18D944}\GoNetDispatch.exe
[2009/02/16 04:26:48 | 000,326,144 | R--- | M] () -- C:\Users\Sarah\AppData\Roaming\OTi\GoExpress\FunctModules\{AA58F999-6D97-42c2-A69F-8CC04D18D944}\GoTip.exe
[2009/05/20 04:58:22 | 000,298,496 | R--- | M] () -- C:\Users\Sarah\AppData\Roaming\OTi\GoExpress\FunctModules\{AA58F999-6D97-42c2-A69F-8CC04D18D944}\LinkEngine.exe
[2009/05/18 11:50:58 | 000,032,256 | R--- | M] () -- C:\Users\Sarah\AppData\Roaming\OTi\GoExpress\FunctModules\{AA58F999-6D97-42c2-A69F-8CC04D18D944}\ntrights.exe
[2009/02/16 04:26:48 | 000,018,944 | R--- | M] (Ours Technology Inc.) -- C:\Users\Sarah\AppData\Roaming\OTi\GoExpress\FunctModules\{AA58F999-6D97-42c2-A69F-8CC04D18D944}\StopLE.exe
[2009/05/26 07:37:22 | 000,836,608 | R--- | M] () -- C:\Users\Sarah\AppData\Roaming\OTi\GoExpress\MainExe\GSLoader.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys
[2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
[2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: IASTOR.SYS  >
[2009/06/04 11:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
[2009/06/04 11:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver\IaStor.sys
[2009/06/04 11:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Windows\System32\drivers\iaStor.sys
[2009/06/04 11:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_x86_neutral_4f144d6467fc7c22\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2009/07/14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
[2010/11/20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\drivers\iaStorV.sys
[2010/11/20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys
[2010/11/20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010/11/20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll
[2010/11/20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
[2009/07/14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2010/11/20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\drivers\nvstor.sys
[2010/11/20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys
[2010/11/20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
[2009/07/14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2010/11/20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll
[2010/11/20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009/07/14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
[2010/11/20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll
[2010/11/20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010/11/20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010/11/20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009/07/14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009/07/14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\madagaskar\Chameleon\winlogon.exe
[2009/10/28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009/10/28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010/11/20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010/11/20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009/07/14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009/07/14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009/07/14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2010/04/19 10:44:41 | 000,691,696 | ---- | M] () Unable to obtain MD5 -- C:\windows\system32\drivers\sptd.sys
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 81 bytes -> C:\Program Files\Cake Poker 2.0:MID

< End of report >
         
--- --- ---

[/code]

Danke
Magnetiseur

Alt 11.06.2012, 22:13   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Live Security Platinum - Malwarebytes meldet Löschung von 3 infizierten Dateien, sind aber wieder da - Standard

Live Security Platinum - Malwarebytes meldet Löschung von 3 infizierten Dateien, sind aber wieder da



Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
ATTFilter
:OTL
DRV - (amqfou7s) --  File not found
IE - HKLM\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files\Winload\tbWinl.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-1131658597-4005637612-88016806-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://de.ask.com?o=15003&l=dis
IE - HKU\S-1-5-21-1131658597-4005637612-88016806-1001\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files\Winload\tbWinl.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-1131658597-4005637612-88016806-1001\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKU\S-1-5-21-1131658597-4005637612-88016806-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1131658597-4005637612-88016806-1001\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=SPC2&o=15000&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=PV&apn_dtid=YYYYYYYYDE&apn_uid=3F90046A-94C7-4F50-BB58-39C953D61641&apn_sauid=4E6FD525-F3A4-44C5-B053-F0075E8A4470
IE - HKU\S-1-5-21-1131658597-4005637612-88016806-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://de.ask.com?o=15003&l=dis
IE - HKU\S-1-5-21-1131658597-4005637612-88016806-1006\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files\Winload\tbWinl.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-1131658597-4005637612-88016806-1006\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKU\S-1-5-21-1131658597-4005637612-88016806-1006\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1131658597-4005637612-88016806-1006\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=SPC2&o=15000&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=PV&apn_dtid=YYYYYYYYDE&apn_uid=3F90046A-94C7-4F50-BB58-39C953D61641&apn_sauid=4E6FD525-F3A4-44C5-B053-F0075E8A4470
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.startup.homepage: "http://ecosia.de/"
[2011/05/23 00:55:46 | 000,002,396 | ---- | M] () -- C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\x6grzyfh.default\searchplugins\askcom.xml
O2 - BHO: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files\Winload\tbWinl.dll (Conduit Ltd.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files\Winload\tbWinl.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-1131658597-4005637612-88016806-1001\..\Toolbar\WebBrowser: (Winload Toolbar) - {40C3CC16-7269-4B32-9531-17F2950FB06F} - C:\Program Files\Winload\tbWinl.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-1131658597-4005637612-88016806-1006\..\Toolbar\WebBrowser: (Winload Toolbar) - {40C3CC16-7269-4B32-9531-17F2950FB06F} - C:\Program Files\Winload\tbWinl.dll (Conduit Ltd.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{9111432d-1e3c-11e1-9063-00245414c382}\Shell - "" = AutoRun
O33 - MountPoints2\{9111432d-1e3c-11e1-9063-00245414c382}\Shell\AutoRun\command - "" = H:\GSLoader.exe
O33 - MountPoints2\{91135f73-0505-11e0-a71b-00245414c382}\Shell - "" = AutoRun
O33 - MountPoints2\{91135f73-0505-11e0-a71b-00245414c382}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{a3a2e23c-0492-11e0-8054-00245414c382}\Shell - "" = AutoRun
O33 - MountPoints2\{a3a2e23c-0492-11e0-8054-00245414c382}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{a3a2e27c-0492-11e0-8054-00245414c382}\Shell - "" = AutoRun
O33 - MountPoints2\{a3a2e27c-0492-11e0-8054-00245414c382}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{c2498641-06e3-11e0-abb4-00245414c382}\Shell - "" = AutoRun
O33 - MountPoints2\{c2498641-06e3-11e0-abb4-00245414c382}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe
[2012/06/08 11:53:31 | 000,000,000 | ---D | C] -- C:\ProgramData\F4D55F3B00017A63000BC0D3B4EB23C1
@Alternate Data Stream - 81 bytes -> C:\Program Files\Cake Poker 2.0:MID
:Files
C:\windows\Installer\{23ceaf3e-03eb-15df-900f-dffb4f8e63b1}\@
C:\windows\Installer\{23ceaf3e-03eb-15df-900f-dffb4f8e63b1}\U
C:\Program Files\Winload
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 12.06.2012, 08:00   #9
Magnetiseur
 
Live Security Platinum - Malwarebytes meldet Löschung von 3 infizierten Dateien, sind aber wieder da - Standard

Live Security Platinum - Malwarebytes meldet Löschung von 3 infizierten Dateien, sind aber wieder da



Ok, hab es so gemacht, herzlichen Dank für die Erstellung des Skripts!

Code:
ATTFilter
All processes killed
========== OTL ==========
Error: No service named amqfou7s was found to stop!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\amqfou7s deleted successfully.
File   File not found not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{40c3cc16-7269-4b32-9531-17f2950fb06f} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40c3cc16-7269-4b32-9531-17f2950fb06f}\ deleted successfully.
C:\Program Files\Winload\tbWinl.dll moved successfully.
HKU\S-1-5-21-1131658597-4005637612-88016806-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-1131658597-4005637612-88016806-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\{40c3cc16-7269-4b32-9531-17f2950fb06f} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40c3cc16-7269-4b32-9531-17f2950fb06f}\ not found.
File C:\Program Files\Winload\tbWinl.dll not found.
HKEY_USERS\S-1-5-21-1131658597-4005637612-88016806-1001\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-1131658597-4005637612-88016806-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-1131658597-4005637612-88016806-1001\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ not found.
HKU\S-1-5-21-1131658597-4005637612-88016806-1006\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-1131658597-4005637612-88016806-1006\Software\Microsoft\Internet Explorer\URLSearchHooks\\{40c3cc16-7269-4b32-9531-17f2950fb06f} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40c3cc16-7269-4b32-9531-17f2950fb06f}\ not found.
File C:\Program Files\Winload\tbWinl.dll not found.
HKEY_USERS\S-1-5-21-1131658597-4005637612-88016806-1006\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-1131658597-4005637612-88016806-1006\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-1131658597-4005637612-88016806-1006\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ not found.
Prefs.js: "Ask.com" removed from browser.search.defaultengine
Prefs.js: "Ask.com" removed from browser.search.defaultenginename
Prefs.js: "Ask.com" removed from browser.search.order.1
Prefs.js: "hxxp://ecosia.de/" removed from browser.startup.homepage
C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\x6grzyfh.default\searchplugins\askcom.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{40c3cc16-7269-4b32-9531-17f2950fb06f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40c3cc16-7269-4b32-9531-17f2950fb06f}\ not found.
File C:\Program Files\Winload\tbWinl.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{40c3cc16-7269-4b32-9531-17f2950fb06f} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40c3cc16-7269-4b32-9531-17f2950fb06f}\ not found.
File C:\Program Files\Winload\tbWinl.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1131658597-4005637612-88016806-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{40C3CC16-7269-4B32-9531-17F2950FB06F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40C3CC16-7269-4B32-9531-17F2950FB06F}\ not found.
File C:\Program Files\Winload\tbWinl.dll not found.
Registry value HKEY_USERS\S-1-5-21-1131658597-4005637612-88016806-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{40C3CC16-7269-4B32-9531-17F2950FB06F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40C3CC16-7269-4B32-9531-17F2950FB06F}\ not found.
File C:\Program Files\Winload\tbWinl.dll not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9111432d-1e3c-11e1-9063-00245414c382}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9111432d-1e3c-11e1-9063-00245414c382}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9111432d-1e3c-11e1-9063-00245414c382}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9111432d-1e3c-11e1-9063-00245414c382}\ not found.
File H:\GSLoader.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{91135f73-0505-11e0-a71b-00245414c382}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{91135f73-0505-11e0-a71b-00245414c382}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{91135f73-0505-11e0-a71b-00245414c382}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{91135f73-0505-11e0-a71b-00245414c382}\ not found.
File H:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a3a2e23c-0492-11e0-8054-00245414c382}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a3a2e23c-0492-11e0-8054-00245414c382}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a3a2e23c-0492-11e0-8054-00245414c382}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a3a2e23c-0492-11e0-8054-00245414c382}\ not found.
File H:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a3a2e27c-0492-11e0-8054-00245414c382}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a3a2e27c-0492-11e0-8054-00245414c382}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a3a2e27c-0492-11e0-8054-00245414c382}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a3a2e27c-0492-11e0-8054-00245414c382}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c2498641-06e3-11e0-abb4-00245414c382}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c2498641-06e3-11e0-abb4-00245414c382}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c2498641-06e3-11e0-abb4-00245414c382}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c2498641-06e3-11e0-abb4-00245414c382}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ not found.
File F:\AutoRun.exe not found.
Folder C:\ProgramData\F4D55F3B00017A63000BC0D3B4EB23C1\ not found.
ADS C:\Program Files\Cake Poker 2.0:MID deleted successfully.
========== FILES ==========
C:\windows\Installer\{23ceaf3e-03eb-15df-900f-dffb4f8e63b1}\@ moved successfully.
C:\windows\Installer\{23ceaf3e-03eb-15df-900f-dffb4f8e63b1}\U folder moved successfully.
C:\Program Files\Winload folder moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: postgres
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Public
 
User: Sarah
->Temp folder emptied: 623280781 bytes
->Temporary Internet Files folder emptied: 709230681 bytes
->Java cache emptied: 9337454 bytes
->FireFox cache emptied: 100609457 bytes
->Flash cache emptied: 102856 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 18155160 bytes
RecycleBin emptied: 3057363527 bytes
 
Total Files Cleaned = 4,309.00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
 
User: Default User
 
User: postgres
 
User: Public
 
User: Sarah
->Flash cache emptied: 0 bytes
 
Total Flash Files Cleaned = 0.00 mb
 
C:\windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.47.0 log created on 06122012_075340

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
         
Gruß,
Magnetiseur

Hallo,

ich habe noch eine andere Frage. Ein USB-Stick ist ziemlich sicher auch infiziert (ist seit einigen Tagen nicht mehr lesbar) und bei zwei anderen ist das auch möglich. Habe versucht, hier im Forum Tipps zu finden, wie ich da vorgehe, bin aber nach wie vor unsicher: Kann/darf ich die jetzt in diesen PC stecken und kann ich sie dann mit Antivir (geht das damit?) überprüfen (oder gibts bessere Programme?). Und kann/darf ich den nicht mehr lesbaren an diesem Rechner gefahrlos formatieren? Wenns dafür schon das genau passende Thema hier im Forum gibt, hab ich es nicht gefunden und wäre sehr dankbar für den Link.

Und natürlich - wie gehts jetzt mit dem Rechner weiter?

Vielen Dank und viele Grüße,
Magnetiseur

Alt 12.06.2012, 14:42   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Live Security Platinum - Malwarebytes meldet Löschung von 3 infizierten Dateien, sind aber wieder da - Standard

Live Security Platinum - Malwarebytes meldet Löschung von 3 infizierten Dateien, sind aber wieder da



Automatische Wiedergabe deaktivieren

Windows XP: Zur Vereinfachung hab ich mal die noautoplay.reg hochgeladen. Lad das auf dem Desktop herunter, führ die Datei aus und bestätige mit ja. Nach einem Neustart des Rechners ist die automatische Wiedergabe (von Datenträgern) auf allen Laufwerken deaktiviert, d.h. keine CD, kein Stick oder sonstwas startet nach dem Einstecken mehr automatisch.

Windows Vista/7: In der Systemsteuerung unter automatische Wiedergabe von CDs und anderen Medien alles deaktivieren. => siehe auch Einstellungen für automatische Wiedergabe ändern


Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 13.06.2012, 08:50   #11
Magnetiseur
 
Live Security Platinum - Malwarebytes meldet Löschung von 3 infizierten Dateien, sind aber wieder da - Standard

Live Security Platinum - Malwarebytes meldet Löschung von 3 infizierten Dateien, sind aber wieder da



Ok, hier das LOG von TDSS - davor nochmal eine Frage zu den USB-Sticks. Hab die autom. Wiedergabe deaktiviert, kann ich sie nun mit einem von den Tools checken? (ich möcht nicht nerven, aber meine Freundin muss relativ dringend einen der Sticks benutzen und ich habe Angst vor weiteren Infizierungen...)

Vielen Dank für die Hilfe,
Magnetiseur

Code:
ATTFilter
08:44:14.0541 5208	TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
08:44:14.0791 5208	============================================================
08:44:14.0791 5208	Current date / time: 2012/06/13 08:44:14.0791
08:44:14.0791 5208	SystemInfo:
08:44:14.0791 5208	
08:44:14.0791 5208	OS Version: 6.1.7601 ServicePack: 1.0
08:44:14.0791 5208	Product type: Workstation
08:44:14.0791 5208	ComputerName: SARAH-PC
08:44:14.0791 5208	UserName: Sarah
08:44:14.0791 5208	Windows directory: C:\windows
08:44:14.0791 5208	System windows directory: C:\windows
08:44:14.0791 5208	Processor architecture: Intel x86
08:44:14.0791 5208	Number of processors: 2
08:44:14.0791 5208	Page size: 0x1000
08:44:14.0791 5208	Boot type: Normal boot
08:44:14.0791 5208	============================================================
08:44:15.0259 5208	Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
08:44:15.0274 5208	============================================================
08:44:15.0274 5208	\Device\Harddisk0\DR0:
08:44:15.0274 5208	MBR partitions:
08:44:15.0274 5208	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1E00800, BlocksNum 0x32000
08:44:15.0274 5208	\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1E32800, BlocksNum 0x11AFD000
08:44:15.0274 5208	\Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1392F800, BlocksNum 0x11AFE800
08:44:15.0274 5208	============================================================
08:44:15.0305 5208	C: <-> \Device\Harddisk0\DR0\Partition1
08:44:15.0337 5208	D: <-> \Device\Harddisk0\DR0\Partition2
08:44:15.0337 5208	============================================================
08:44:15.0337 5208	Initialize success
08:44:15.0337 5208	============================================================
08:44:46.0552 5952	============================================================
08:44:46.0552 5952	Scan started
08:44:46.0552 5952	Mode: Manual; SigCheck; TDLFS; 
08:44:46.0552 5952	============================================================
08:44:47.0629 5952	1394ohci        (1b133875b8aa8ac48969bd3458afe9f5) C:\windows\system32\drivers\1394ohci.sys
08:44:47.0785 5952	1394ohci - ok
08:44:47.0894 5952	acedrv10        (0059ff74927a27395c5e190f9aa392df) C:\windows\system32\drivers\acedrv10.sys
08:44:47.0972 5952	acedrv10 - ok
08:44:48.0019 5952	acehlp10        (6625a32ad17a3fa6c7f405aeac945aa7) C:\windows\system32\drivers\acehlp10.sys
08:44:48.0034 5952	acehlp10 - ok
08:44:48.0097 5952	ACPI            (cea80c80bed809aa0da6febc04733349) C:\windows\system32\drivers\ACPI.sys
08:44:48.0128 5952	ACPI - ok
08:44:48.0175 5952	AcpiPmi         (1efbc664abff416d1d07db115dcb264f) C:\windows\system32\drivers\acpipmi.sys
08:44:48.0253 5952	AcpiPmi - ok
08:44:48.0378 5952	AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
08:44:48.0409 5952	AdobeFlashPlayerUpdateSvc - ok
08:44:48.0487 5952	adp94xx         (21e785ebd7dc90a06391141aac7892fb) C:\windows\system32\DRIVERS\adp94xx.sys
08:44:48.0518 5952	adp94xx - ok
08:44:48.0549 5952	adpahci         (0c676bc278d5b59ff5abd57bbe9123f2) C:\windows\system32\DRIVERS\adpahci.sys
08:44:48.0580 5952	adpahci - ok
08:44:48.0596 5952	adpu320         (7c7b5ee4b7b822ec85321fe23a27db33) C:\windows\system32\DRIVERS\adpu320.sys
08:44:48.0627 5952	adpu320 - ok
08:44:48.0658 5952	AeLookupSvc     (8b5eefeec1e6d1a72a06c526628ad161) C:\windows\System32\aelupsvc.dll
08:44:48.0736 5952	AeLookupSvc - ok
08:44:48.0799 5952	AFD             (9ebbba55060f786f0fcaa3893bfa2806) C:\windows\system32\drivers\afd.sys
08:44:48.0877 5952	AFD - ok
08:44:48.0924 5952	agp440          (507812c3054c21cef746b6ee3d04dd6e) C:\windows\system32\drivers\agp440.sys
08:44:48.0955 5952	agp440 - ok
08:44:49.0002 5952	aic78xx         (8b30250d573a8f6b4bd23195160d8707) C:\windows\system32\DRIVERS\djsvs.sys
08:44:49.0017 5952	aic78xx - ok
08:44:49.0033 5952	ALG             (18a54e132947cd98fea9accc57f98f13) C:\windows\System32\alg.exe
08:44:49.0080 5952	ALG - ok
08:44:49.0095 5952	aliide          (0d40bcf52ea90fc7df2aeab6503dea44) C:\windows\system32\drivers\aliide.sys
08:44:49.0111 5952	aliide - ok
08:44:49.0158 5952	amdagp          (3c6600a0696e90a463771c7422e23ab5) C:\windows\system32\drivers\amdagp.sys
08:44:49.0173 5952	amdagp - ok
08:44:49.0204 5952	amdide          (cd5914170297126b6266860198d1d4f0) C:\windows\system32\drivers\amdide.sys
08:44:49.0220 5952	amdide - ok
08:44:49.0236 5952	AmdK8           (00dda200d71bac534bf56a9db5dfd666) C:\windows\system32\DRIVERS\amdk8.sys
08:44:49.0282 5952	AmdK8 - ok
08:44:49.0298 5952	AmdPPM          (3cbf30f5370fda40dd3e87df38ea53b6) C:\windows\system32\DRIVERS\amdppm.sys
08:44:49.0314 5952	AmdPPM - ok
08:44:49.0360 5952	amdsata         (e7f4d42d8076ec60e21715cd11743a0d) C:\windows\system32\drivers\amdsata.sys
08:44:49.0376 5952	amdsata - ok
08:44:49.0407 5952	amdsbs          (ea43af0c423ff267355f74e7a53bdaba) C:\windows\system32\DRIVERS\amdsbs.sys
08:44:49.0423 5952	amdsbs - ok
08:44:49.0454 5952	amdxata         (146459d2b08bfdcbfa856d9947043c81) C:\windows\system32\drivers\amdxata.sys
08:44:49.0454 5952	amdxata - ok
08:44:49.0594 5952	AntiVirSchedulerService (466a0d95960dad3222c896d2cea99993) C:\Program Files\Avira\AntiVir Desktop\sched.exe
08:44:49.0626 5952	AntiVirSchedulerService - ok
08:44:49.0688 5952	AntiVirService  (a489be6bb0aa1ff406b488b60542314b) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
08:44:49.0704 5952	AntiVirService - ok
08:44:49.0750 5952	AppID           (aea177f783e20150ace5383ee368da19) C:\windows\system32\drivers\appid.sys
08:44:49.0906 5952	AppID - ok
08:44:49.0969 5952	AppIDSvc        (62a9c86cb6085e20db4823e4e97826f5) C:\windows\System32\appidsvc.dll
08:44:50.0016 5952	AppIDSvc - ok
08:44:50.0047 5952	Appinfo         (fb1959012294d6ad43e5304df65e3c26) C:\windows\System32\appinfo.dll
08:44:50.0094 5952	Appinfo - ok
08:44:50.0156 5952	arc             (2932004f49677bd84dbc72edb754ffb3) C:\windows\system32\DRIVERS\arc.sys
08:44:50.0172 5952	arc - ok
08:44:50.0218 5952	arcsas          (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\windows\system32\DRIVERS\arcsas.sys
08:44:50.0234 5952	arcsas - ok
08:44:50.0281 5952	AsyncMac        (add2ade1c2b285ab8378d2daaf991481) C:\windows\system32\DRIVERS\asyncmac.sys
08:44:50.0406 5952	AsyncMac - ok
08:44:50.0468 5952	atapi           (338c86357871c167a96ab976519bf59e) C:\windows\system32\drivers\atapi.sys
08:44:50.0499 5952	atapi - ok
08:44:50.0608 5952	athr            (ac4adac154563ab41cc79b0257bc685a) C:\windows\system32\DRIVERS\athr.sys
08:44:50.0718 5952	athr - ok
08:44:50.0796 5952	AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\windows\System32\Audiosrv.dll
08:44:50.0874 5952	AudioEndpointBuilder - ok
08:44:50.0874 5952	Audiosrv        (ce3b4e731638d2ef62fcb419be0d39f0) C:\windows\System32\Audiosrv.dll
08:44:50.0920 5952	Audiosrv - ok
08:44:50.0998 5952	avgntflt        (d5541f0afb767e85fc412fc609d96a74) C:\windows\system32\DRIVERS\avgntflt.sys
08:44:51.0014 5952	avgntflt - ok
08:44:51.0061 5952	avipbb          (7d967a682d4694df7fa57d63a2db01fe) C:\windows\system32\DRIVERS\avipbb.sys
08:44:51.0092 5952	avipbb - ok
08:44:51.0123 5952	avkmgr          (271cfd1a989209b1964e24d969552bf7) C:\windows\system32\DRIVERS\avkmgr.sys
08:44:51.0139 5952	avkmgr - ok
08:44:51.0186 5952	AxInstSV        (6e30d02aac9cac84f421622e3a2f6178) C:\windows\System32\AxInstSV.dll
08:44:51.0248 5952	AxInstSV - ok
08:44:51.0326 5952	b06bdrv         (1a231abec60fd316ec54c66715543cec) C:\windows\system32\DRIVERS\bxvbdx.sys
08:44:51.0404 5952	b06bdrv - ok
08:44:51.0466 5952	b57nd60x        (bd8869eb9cde6bbe4508d869929869ee) C:\windows\system32\DRIVERS\b57nd60x.sys
08:44:51.0529 5952	b57nd60x - ok
08:44:51.0654 5952	BcmSqlStartupSvc (6163664c7e9cd110af70180c126c3fdc) C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
08:44:51.0685 5952	BcmSqlStartupSvc - ok
08:44:51.0747 5952	BDESVC          (ee1e9c3bb8228ae423dd38db69128e71) C:\windows\System32\bdesvc.dll
08:44:51.0794 5952	BDESVC - ok
08:44:51.0856 5952	Beep            (505506526a9d467307b3c393dedaf858) C:\windows\system32\drivers\Beep.sys
08:44:51.0919 5952	Beep - ok
08:44:51.0981 5952	BITS            (e585445d5021971fae10393f0f1c3961) C:\windows\System32\qmgr.dll
08:44:52.0044 5952	BITS - ok
08:44:52.0059 5952	blbdrive        (2287078ed48fcfc477b05b20cf38f36f) C:\windows\system32\DRIVERS\blbdrive.sys
08:44:52.0106 5952	blbdrive - ok
08:44:52.0168 5952	bowser          (8f2da3028d5fcbd1a060a3de64cd6506) C:\windows\system32\DRIVERS\bowser.sys
08:44:52.0200 5952	bowser - ok
08:44:52.0246 5952	BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\windows\system32\DRIVERS\BrFiltLo.sys
08:44:52.0324 5952	BrFiltLo - ok
08:44:52.0356 5952	BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\windows\system32\DRIVERS\BrFiltUp.sys
08:44:52.0371 5952	BrFiltUp - ok
08:44:52.0434 5952	Browser         (6e11f33d14d020f58d5e02e4d67dfa19) C:\windows\System32\browser.dll
08:44:52.0480 5952	Browser - ok
08:44:52.0527 5952	Brserid         (845b8ce732e67f3b4133164868c666ea) C:\windows\System32\Drivers\Brserid.sys
08:44:52.0605 5952	Brserid - ok
08:44:52.0621 5952	BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\windows\System32\Drivers\BrSerWdm.sys
08:44:52.0652 5952	BrSerWdm - ok
08:44:52.0668 5952	BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\windows\System32\Drivers\BrUsbMdm.sys
08:44:52.0683 5952	BrUsbMdm - ok
08:44:52.0699 5952	BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\windows\System32\Drivers\BrUsbSer.sys
08:44:52.0761 5952	BrUsbSer - ok
08:44:52.0792 5952	BTHMODEM        (ed3df7c56ce0084eb2034432fc56565a) C:\windows\system32\DRIVERS\bthmodem.sys
08:44:52.0870 5952	BTHMODEM - ok
08:44:52.0933 5952	bthserv         (1df19c96eef6c29d1c3e1a8678e07190) C:\windows\system32\bthserv.dll
08:44:52.0964 5952	bthserv - ok
08:44:52.0980 5952	cdfs            (77ea11b065e0a8ab902d78145ca51e10) C:\windows\system32\DRIVERS\cdfs.sys
08:44:53.0026 5952	cdfs - ok
08:44:53.0089 5952	cdrom           (be167ed0fdb9c1fa1133953c18d5a6c9) C:\windows\system32\drivers\cdrom.sys
08:44:53.0104 5952	cdrom - ok
08:44:53.0182 5952	CertPropSvc     (319c6b309773d063541d01df8ac6f55f) C:\windows\System32\certprop.dll
08:44:53.0260 5952	CertPropSvc - ok
08:44:53.0292 5952	circlass        (3fe3fe94a34df6fb06e6418d0f6a0060) C:\windows\system32\DRIVERS\circlass.sys
08:44:53.0307 5952	circlass - ok
08:44:53.0370 5952	CLFS            (635181e0e9bbf16871bf5380d71db02d) C:\windows\system32\CLFS.sys
08:44:53.0401 5952	CLFS - ok
08:44:53.0479 5952	clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
08:44:53.0494 5952	clr_optimization_v2.0.50727_32 - ok
08:44:53.0510 5952	CmBatt          (dea805815e587dad1dd2c502220b5616) C:\windows\system32\DRIVERS\CmBatt.sys
08:44:53.0526 5952	CmBatt - ok
08:44:53.0572 5952	cmdide          (c537b1db64d495b9b4717b4d6d9edbf2) C:\windows\system32\drivers\cmdide.sys
08:44:53.0588 5952	cmdide - ok
08:44:53.0650 5952	CNG             (6427525d76f61d0c519b008d3680e8e7) C:\windows\system32\Drivers\cng.sys
08:44:53.0697 5952	CNG - ok
08:44:53.0728 5952	Compbatt        (a6023d3823c37043986713f118a89bee) C:\windows\system32\DRIVERS\compbatt.sys
08:44:53.0744 5952	Compbatt - ok
08:44:53.0791 5952	CompositeBus    (cbe8c58a8579cfe5fccf809e6f114e89) C:\windows\system32\drivers\CompositeBus.sys
08:44:53.0838 5952	CompositeBus - ok
08:44:53.0853 5952	COMSysApp - ok
08:44:53.0869 5952	crcdisk         (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\windows\system32\DRIVERS\crcdisk.sys
08:44:53.0884 5952	crcdisk - ok
08:44:53.0931 5952	CryptSvc        (a585bebf7d054bd9618eda0922d5484a) C:\windows\system32\cryptsvc.dll
08:44:53.0978 5952	CryptSvc - ok
08:44:54.0025 5952	CVirtA          (b5ecadf7708960f1818c7fa015f4c239) C:\windows\system32\DRIVERS\CVirtA.sys
08:44:54.0072 5952	CVirtA - ok
08:44:54.0274 5952	CVPND           (66257cb4e4fb69887cddc71663741435) C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
08:44:54.0321 5952	CVPND - ok
08:44:54.0462 5952	CVPNDRVA        (18994842386fd3039279d7865740abbd) C:\windows\system32\Drivers\CVPNDRVA.sys
08:44:54.0508 5952	CVPNDRVA ( UnsignedFile.Multi.Generic ) - warning
08:44:54.0508 5952	CVPNDRVA - detected UnsignedFile.Multi.Generic (1)
08:44:54.0571 5952	DcomLaunch      (7660f01d3b38aca1747e397d21d790af) C:\windows\system32\rpcss.dll
08:44:54.0602 5952	DcomLaunch - ok
08:44:54.0649 5952	defragsvc       (8d6e10a2d9a5eed59562d9b82cf804e1) C:\windows\System32\defragsvc.dll
08:44:54.0696 5952	defragsvc - ok
08:44:54.0742 5952	DfsC            (f024449c97ec1e464aaffda18593db88) C:\windows\system32\Drivers\dfsc.sys
08:44:54.0789 5952	DfsC - ok
08:44:54.0852 5952	Dhcp            (e9e01eb683c132f7fa27cd607b8a2b63) C:\windows\system32\dhcpcore.dll
08:44:54.0914 5952	Dhcp - ok
08:44:54.0945 5952	discache        (1a050b0274bfb3890703d490f330c0da) C:\windows\system32\drivers\discache.sys
08:44:54.0992 5952	discache - ok
08:44:55.0023 5952	Disk            (565003f326f99802e68ca78f2a68e9ff) C:\windows\system32\DRIVERS\disk.sys
08:44:55.0039 5952	Disk - ok
08:44:55.0101 5952	DNE             (b5aa5aa5ac327bd7c1aec0c58f0c1144) C:\windows\system32\DRIVERS\dne2000.sys
08:44:55.0117 5952	DNE - ok
08:44:55.0164 5952	Dnscache        (33ef4861f19a0736b11314aad9ae28d0) C:\windows\System32\dnsrslvr.dll
08:44:55.0273 5952	Dnscache - ok
08:44:55.0351 5952	dot3svc         (366ba8fb4b7bb7435e3b9eacb3843f67) C:\windows\System32\dot3svc.dll
08:44:55.0413 5952	dot3svc - ok
08:44:55.0491 5952	DPS             (8ec04ca86f1d68da9e11952eb85973d6) C:\windows\system32\dps.dll
08:44:55.0538 5952	DPS - ok
08:44:55.0569 5952	drmkaud         (b918e7c5f9bf77202f89e1a9539f2eb4) C:\windows\system32\drivers\drmkaud.sys
08:44:55.0585 5952	drmkaud - ok
08:44:55.0663 5952	DXGKrnl         (23f5d28378a160352ba8f817bd8c71cb) C:\windows\System32\drivers\dxgkrnl.sys
08:44:55.0710 5952	DXGKrnl - ok
08:44:55.0741 5952	EapHost         (8600142fa91c1b96367d3300ad0f3f3a) C:\windows\System32\eapsvc.dll
08:44:55.0788 5952	EapHost - ok
08:44:56.0037 5952	ebdrv           (024e1b5cac09731e4d868e64dbfb4ab0) C:\windows\system32\DRIVERS\evbdx.sys
08:44:56.0084 5952	ebdrv - ok
08:44:56.0193 5952	EFS             (81951f51e318aecc2d68559e47485cc4) C:\windows\System32\lsass.exe
08:44:56.0256 5952	EFS - ok
08:44:56.0349 5952	ehRecvr         (a8c362018efc87beb013ee28f29c0863) C:\windows\ehome\ehRecvr.exe
08:44:56.0412 5952	ehRecvr - ok
08:44:56.0443 5952	ehSched         (d389bff34f80caede417bf9d1507996a) C:\windows\ehome\ehsched.exe
08:44:56.0474 5952	ehSched - ok
08:44:56.0568 5952	elxstor         (0ed67910c8c326796faa00b2bf6d9d3c) C:\windows\system32\DRIVERS\elxstor.sys
08:44:56.0614 5952	elxstor - ok
08:44:56.0646 5952	ErrDev          (8fc3208352dd3912c94367a206ab3f11) C:\windows\system32\drivers\errdev.sys
08:44:56.0661 5952	ErrDev - ok
08:44:56.0724 5952	EventSystem     (f6916efc29d9953d5d0df06882ae8e16) C:\windows\system32\es.dll
08:44:56.0755 5952	EventSystem - ok
08:44:56.0802 5952	ewusbnet        (dafc7e1b2ffa35ccbddf95ae3e31bfae) C:\windows\system32\DRIVERS\ewusbnet.sys
08:44:56.0848 5952	ewusbnet - ok
08:44:56.0880 5952	exfat           (2dc9108d74081149cc8b651d3a26207f) C:\windows\system32\drivers\exfat.sys
08:44:56.0926 5952	exfat - ok
08:44:56.0958 5952	fastfat         (7e0ab74553476622fb6ae36f73d97d35) C:\windows\system32\drivers\fastfat.sys
08:44:57.0004 5952	fastfat - ok
08:44:57.0082 5952	Fax             (967ea5b213e9984cbe270205df37755b) C:\windows\system32\fxssvc.exe
08:44:57.0129 5952	Fax - ok
08:44:57.0145 5952	fdc             (e817a017f82df2a1f8cfdbda29388b29) C:\windows\system32\DRIVERS\fdc.sys
08:44:57.0160 5952	fdc - ok
08:44:57.0192 5952	fdPHost         (f3222c893bd2f5821a0179e5c71e88fb) C:\windows\system32\fdPHost.dll
08:44:57.0238 5952	fdPHost - ok
08:44:57.0254 5952	FDResPub        (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\windows\system32\fdrespub.dll
08:44:57.0285 5952	FDResPub - ok
08:44:57.0301 5952	FileInfo        (6cf00369c97f3cf563be99be983d13d8) C:\windows\system32\drivers\fileinfo.sys
08:44:57.0316 5952	FileInfo - ok
08:44:57.0332 5952	Filetrace       (42c51dc94c91da21cb9196eb64c45db9) C:\windows\system32\drivers\filetrace.sys
08:44:57.0379 5952	Filetrace - ok
08:44:57.0379 5952	flpydisk        (87907aa70cb3c56600f1c2fb8841579b) C:\windows\system32\DRIVERS\flpydisk.sys
08:44:57.0410 5952	flpydisk - ok
08:44:57.0441 5952	FltMgr          (7520ec808e0c35e0ee6f841294316653) C:\windows\system32\drivers\fltmgr.sys
08:44:57.0472 5952	FltMgr - ok
08:44:57.0550 5952	FontCache       (fa6c66e4364d7da57aade5dcc03bb999) C:\windows\system32\FntCache.dll
08:44:57.0613 5952	FontCache - ok
08:44:57.0675 5952	FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
08:44:57.0691 5952	FontCache3.0.0.0 - ok
08:44:57.0722 5952	FsDepends       (1a16b57943853e598cff37fe2b8cbf1d) C:\windows\system32\drivers\FsDepends.sys
08:44:57.0738 5952	FsDepends - ok
08:44:57.0784 5952	fssfltr         (b74b0578fd1d3f897e95f2a2b69ea051) C:\windows\system32\DRIVERS\fssfltr.sys
08:44:57.0784 5952	fssfltr - ok
08:44:57.0925 5952	fsssvc          (206ad9a89bf05dfa1621f1fc7b82592d) C:\Program Files\Windows Live\Family Safety\fsssvc.exe
08:44:57.0956 5952	fsssvc - ok
08:44:57.0987 5952	Fs_Rec          (7dae5ebcc80e45d3253f4923dc424d05) C:\windows\system32\drivers\Fs_Rec.sys
08:44:58.0003 5952	Fs_Rec - ok
08:44:58.0065 5952	fvevol          (8a73e79089b282100b9393b644cb853b) C:\windows\system32\DRIVERS\fvevol.sys
08:44:58.0096 5952	fvevol - ok
08:44:58.0128 5952	gagp30kx        (65ee0c7a58b65e74ae05637418153938) C:\windows\system32\DRIVERS\gagp30kx.sys
08:44:58.0143 5952	gagp30kx - ok
08:44:58.0221 5952	gpsvc           (e897eaf5ed6ba41e081060c9b447a673) C:\windows\System32\gpsvc.dll
08:44:58.0268 5952	gpsvc - ok
08:44:58.0362 5952	gupdate         (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
08:44:58.0377 5952	gupdate - ok
08:44:58.0393 5952	gupdatem        (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
08:44:58.0408 5952	gupdatem - ok
08:44:58.0455 5952	gusvc           (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
08:44:58.0486 5952	gusvc - ok
08:44:58.0502 5952	hcw85cir        (c44e3c2bab6837db337ddee7544736db) C:\windows\system32\drivers\hcw85cir.sys
08:44:58.0549 5952	hcw85cir - ok
08:44:58.0627 5952	HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\windows\system32\drivers\HdAudio.sys
08:44:58.0674 5952	HdAudAddService - ok
08:44:58.0705 5952	HDAudBus        (9036377b8a6c15dc2eec53e489d159b5) C:\windows\system32\drivers\HDAudBus.sys
08:44:58.0736 5952	HDAudBus - ok
08:44:58.0752 5952	HidBatt         (1d58a7f3e11a9731d0eaaaa8405acc36) C:\windows\system32\DRIVERS\HidBatt.sys
08:44:58.0767 5952	HidBatt - ok
08:44:58.0798 5952	HidBth          (89448f40e6df260c206a193a4683ba78) C:\windows\system32\DRIVERS\hidbth.sys
08:44:58.0814 5952	HidBth - ok
08:44:58.0845 5952	HidIr           (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\windows\system32\DRIVERS\hidir.sys
08:44:58.0876 5952	HidIr - ok
08:44:58.0908 5952	hidserv         (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\windows\system32\hidserv.dll
08:44:58.0954 5952	hidserv - ok
08:44:59.0001 5952	HidUsb          (10c19f8290891af023eaec0832e1eb4d) C:\windows\system32\drivers\hidusb.sys
08:44:59.0017 5952	HidUsb - ok
08:44:59.0048 5952	hkmsvc          (196b4e3f4cccc24af836ce58facbb699) C:\windows\system32\kmsvc.dll
08:44:59.0095 5952	hkmsvc - ok
08:44:59.0126 5952	HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\windows\system32\ListSvc.dll
08:44:59.0142 5952	HomeGroupListener - ok
08:44:59.0188 5952	HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\windows\system32\provsvc.dll
08:44:59.0220 5952	HomeGroupProvider - ok
08:44:59.0251 5952	HpSAMD          (295fdc419039090eb8b49ffdbb374549) C:\windows\system32\drivers\HpSAMD.sys
08:44:59.0266 5952	HpSAMD - ok
08:44:59.0360 5952	HTTP            (871917b07a141bff43d76d8844d48106) C:\windows\system32\drivers\HTTP.sys
08:44:59.0407 5952	HTTP - ok
08:44:59.0469 5952	hwdatacard      (1fc7a63148e4f2bd831dab0dc732026d) C:\windows\system32\DRIVERS\ewusbmdm.sys
08:44:59.0500 5952	hwdatacard - ok
08:44:59.0547 5952	hwpolicy        (0c4e035c7f105f1299258c90886c64c5) C:\windows\system32\drivers\hwpolicy.sys
08:44:59.0563 5952	hwpolicy - ok
08:44:59.0594 5952	hwusbdev        (a259d3619aa23d4562581067f85e2006) C:\windows\system32\DRIVERS\ewusbdev.sys
08:44:59.0625 5952	hwusbdev - ok
08:44:59.0703 5952	i8042prt        (f151f0bdc47f4a28b1b20a0818ea36d6) C:\windows\system32\drivers\i8042prt.sys
08:44:59.0719 5952	i8042prt - ok
08:44:59.0781 5952	iaStor          (d483687eace0c065ee772481a96e05f5) C:\windows\system32\DRIVERS\iaStor.sys
08:44:59.0797 5952	iaStor - ok
08:44:59.0875 5952	iaStorV         (a3cae5d281db4cff7cff8233507ee5ad) C:\windows\system32\drivers\iaStorV.sys
08:44:59.0922 5952	iaStorV - ok
08:45:00.0046 5952	idsvc           (c521d7eb6497bb1af6afa89e322fb43c) C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
08:45:00.0093 5952	idsvc - ok
08:45:00.0764 5952	igfx            (8266ae06df974e5ba047b3e9e9e70b3f) C:\windows\system32\DRIVERS\igdkmd32.sys
08:45:01.0138 5952	igfx - ok
08:45:01.0263 5952	iirsp           (4173ff5708f3236cf25195fecd742915) C:\windows\system32\DRIVERS\iirsp.sys
08:45:01.0279 5952	iirsp - ok
08:45:01.0372 5952	IKEEXT          (f95622f161474511b8d80d6b093aa610) C:\windows\System32\ikeext.dll
08:45:01.0419 5952	IKEEXT - ok
08:45:01.0700 5952	IntcAzAudAddService (db96b8bd676bb24bd4f1dc53ca1f182c) C:\windows\system32\drivers\RTKVHDA.sys
08:45:01.0794 5952	IntcAzAudAddService - ok
08:45:01.0903 5952	intelide        (a0f12f2c9ba6c72f3987ce780e77c130) C:\windows\system32\drivers\intelide.sys
08:45:01.0934 5952	intelide - ok
08:45:01.0981 5952	intelppm        (3b514d27bfc4accb4037bc6685f766e0) C:\windows\system32\DRIVERS\intelppm.sys
08:45:01.0996 5952	intelppm - ok
08:45:02.0028 5952	IPBusEnum       (acb364b9075a45c0736e5c47be5cae19) C:\windows\system32\ipbusenum.dll
08:45:02.0059 5952	IPBusEnum - ok
08:45:02.0090 5952	IpFilterDriver  (709d1761d3b19a932ff0238ea6d50200) C:\windows\system32\DRIVERS\ipfltdrv.sys
08:45:02.0137 5952	IpFilterDriver - ok
08:45:02.0184 5952	IPMIDRV         (4bd7134618c1d2a27466a099062547bf) C:\windows\system32\drivers\IPMIDrv.sys
08:45:02.0199 5952	IPMIDRV - ok
08:45:02.0230 5952	IPNAT           (a5fa468d67abcdaa36264e463a7bb0cd) C:\windows\system32\drivers\ipnat.sys
08:45:02.0262 5952	IPNAT - ok
08:45:02.0277 5952	IRENUM          (42996cff20a3084a56017b7902307e9f) C:\windows\system32\drivers\irenum.sys
08:45:02.0324 5952	IRENUM - ok
08:45:02.0340 5952	isapnp          (1f32bb6b38f62f7df1a7ab7292638a35) C:\windows\system32\drivers\isapnp.sys
08:45:02.0355 5952	isapnp - ok
08:45:02.0402 5952	iScsiPrt        (cb7a9abb12b8415bce5d74994c7ba3ae) C:\windows\system32\drivers\msiscsi.sys
08:45:02.0433 5952	iScsiPrt - ok
08:45:02.0464 5952	kbdclass        (adef52ca1aeae82b50df86b56413107e) C:\windows\system32\drivers\kbdclass.sys
08:45:02.0480 5952	kbdclass - ok
08:45:02.0511 5952	kbdhid          (9e3ced91863e6ee98c24794d05e27a71) C:\windows\system32\drivers\kbdhid.sys
08:45:02.0527 5952	kbdhid - ok
08:45:02.0574 5952	KeyIso          (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe
08:45:02.0574 5952	KeyIso - ok
08:45:02.0620 5952	KSecDD          (f4647bb23db9038a7536cf6b68f4207f) C:\windows\system32\Drivers\ksecdd.sys
08:45:02.0636 5952	KSecDD - ok
08:45:02.0652 5952	KSecPkg         (e73cae53bbb72ba26918492c6b4c229d) C:\windows\system32\Drivers\ksecpkg.sys
08:45:02.0683 5952	KSecPkg - ok
08:45:02.0714 5952	KtmRm           (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\windows\system32\msdtckrm.dll
08:45:02.0776 5952	KtmRm - ok
08:45:02.0808 5952	LanmanServer    (d64af876d53eca3668bb97b51b4e70ab) C:\windows\system32\srvsvc.dll
08:45:02.0839 5952	LanmanServer - ok
08:45:02.0870 5952	LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\windows\System32\wkssvc.dll
08:45:02.0917 5952	LanmanWorkstation - ok
08:45:02.0964 5952	lltdio          (f7611ec07349979da9b0ae1f18ccc7a6) C:\windows\system32\DRIVERS\lltdio.sys
08:45:03.0010 5952	lltdio - ok
08:45:03.0057 5952	lltdsvc         (5700673e13a2117fa3b9020c852c01e2) C:\windows\System32\lltdsvc.dll
08:45:03.0088 5952	lltdsvc - ok
08:45:03.0104 5952	lmhosts         (55ca01ba19d0006c8f2639b6c045e08b) C:\windows\System32\lmhsvc.dll
08:45:03.0135 5952	lmhosts - ok
08:45:03.0166 5952	LSI_FC          (eb119a53ccf2acc000ac71b065b78fef) C:\windows\system32\DRIVERS\lsi_fc.sys
08:45:03.0182 5952	LSI_FC - ok
08:45:03.0198 5952	LSI_SAS         (8ade1c877256a22e49b75d1cc9161f9c) C:\windows\system32\DRIVERS\lsi_sas.sys
08:45:03.0213 5952	LSI_SAS - ok
08:45:03.0213 5952	LSI_SAS2        (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\windows\system32\DRIVERS\lsi_sas2.sys
08:45:03.0229 5952	LSI_SAS2 - ok
08:45:03.0260 5952	LSI_SCSI        (0a036c7d7cab643a7f07135ac47e0524) C:\windows\system32\DRIVERS\lsi_scsi.sys
08:45:03.0291 5952	LSI_SCSI - ok
08:45:03.0322 5952	luafv           (6703e366cc18d3b6e534f5cf7df39cee) C:\windows\system32\drivers\luafv.sys
08:45:03.0369 5952	luafv - ok
08:45:03.0385 5952	MBAMProtector   (fb097bbc1a18f044bd17bd2fccf97865) C:\windows\system32\drivers\mbam.sys
08:45:03.0385 5952	MBAMProtector - ok
08:45:03.0494 5952	MBAMService     (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\madagaskar\mbamservice.exe
08:45:03.0525 5952	MBAMService - ok
08:45:03.0572 5952	Mcx2Svc         (bfb9ee8ee977efe85d1a3105abef6dd1) C:\windows\system32\Mcx2Svc.dll
08:45:03.0588 5952	Mcx2Svc - ok
08:45:03.0603 5952	megasas         (0fff5b045293002ab38eb1fd1fc2fb74) C:\windows\system32\DRIVERS\megasas.sys
08:45:03.0619 5952	megasas - ok
08:45:03.0666 5952	MegaSR          (dcbab2920c75f390caf1d29f675d03d6) C:\windows\system32\DRIVERS\MegaSR.sys
08:45:03.0697 5952	MegaSR - ok
08:45:03.0712 5952	MMCSS           (146b6f43a673379a3c670e86d89be5ea) C:\windows\system32\mmcss.dll
08:45:03.0744 5952	MMCSS - ok
08:45:03.0759 5952	Modem           (f001861e5700ee84e2d4e52c712f4964) C:\windows\system32\drivers\modem.sys
08:45:03.0806 5952	Modem - ok
08:45:03.0822 5952	monitor         (79d10964de86b292320e9dfe02282a23) C:\windows\system32\DRIVERS\monitor.sys
08:45:03.0853 5952	monitor - ok
08:45:03.0900 5952	mouclass        (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\windows\system32\drivers\mouclass.sys
08:45:03.0915 5952	mouclass - ok
08:45:03.0931 5952	mouhid          (2c388d2cd01c9042596cf3c8f3c7b24d) C:\windows\system32\DRIVERS\mouhid.sys
08:45:03.0962 5952	mouhid - ok
08:45:03.0993 5952	mountmgr        (fc8771f45ecccfd89684e38842539b9b) C:\windows\system32\drivers\mountmgr.sys
08:45:04.0009 5952	mountmgr - ok
08:45:04.0071 5952	MozillaMaintenance (6380ff81dd4d78b23398752d2f46ea43) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
08:45:04.0102 5952	MozillaMaintenance - ok
08:45:04.0149 5952	mpio            (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\windows\system32\drivers\mpio.sys
08:45:04.0149 5952	mpio - ok
08:45:04.0180 5952	mpsdrv          (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\windows\system32\drivers\mpsdrv.sys
08:45:04.0196 5952	mpsdrv - ok
08:45:04.0243 5952	MRxDAV          (ceb46ab7c01c9f825f8cc6babc18166a) C:\windows\system32\drivers\mrxdav.sys
08:45:04.0274 5952	MRxDAV - ok
08:45:04.0336 5952	mrxsmb          (5d16c921e3671636c0eba3bbaac5fd25) C:\windows\system32\DRIVERS\mrxsmb.sys
08:45:04.0383 5952	mrxsmb - ok
08:45:04.0430 5952	mrxsmb10        (6d17a4791aca19328c685d256349fefc) C:\windows\system32\DRIVERS\mrxsmb10.sys
08:45:04.0461 5952	mrxsmb10 - ok
08:45:04.0477 5952	mrxsmb20        (b81f204d146000be76651a50670a5e9e) C:\windows\system32\DRIVERS\mrxsmb20.sys
08:45:04.0508 5952	mrxsmb20 - ok
08:45:04.0539 5952	msahci          (012c5f4e9349e711e11e0f19a8589f0a) C:\windows\system32\drivers\msahci.sys
08:45:04.0555 5952	msahci - ok
08:45:04.0602 5952	msdsm           (55055f8ad8be27a64c831322a780a228) C:\windows\system32\drivers\msdsm.sys
08:45:04.0617 5952	msdsm - ok
08:45:04.0648 5952	MSDTC           (e1bce74a3bd9902b72599c0192a07e27) C:\windows\System32\msdtc.exe
08:45:04.0695 5952	MSDTC - ok
08:45:04.0726 5952	Msfs            (daefb28e3af5a76abcc2c3078c07327f) C:\windows\system32\drivers\Msfs.sys
08:45:04.0773 5952	Msfs - ok
08:45:04.0789 5952	mshidkmdf       (3e1e5767043c5af9367f0056295e9f84) C:\windows\System32\drivers\mshidkmdf.sys
08:45:04.0820 5952	mshidkmdf - ok
08:45:04.0851 5952	msisadrv        (0a4e5757ae09fa9622e3158cc1aef114) C:\windows\system32\drivers\msisadrv.sys
08:45:04.0867 5952	msisadrv - ok
08:45:04.0898 5952	MSiSCSI         (90f7d9e6b6f27e1a707d4a297f077828) C:\windows\system32\iscsiexe.dll
08:45:04.0929 5952	MSiSCSI - ok
08:45:04.0945 5952	msiserver - ok
08:45:04.0976 5952	MSKSSRV         (8c0860d6366aaffb6c5bb9df9448e631) C:\windows\system32\drivers\MSKSSRV.sys
08:45:05.0007 5952	MSKSSRV - ok
08:45:05.0023 5952	MSPCLOCK        (3ea8b949f963562cedbb549eac0c11ce) C:\windows\system32\drivers\MSPCLOCK.sys
08:45:05.0054 5952	MSPCLOCK - ok
08:45:05.0070 5952	MSPQM           (f456e973590d663b1073e9c463b40932) C:\windows\system32\drivers\MSPQM.sys
08:45:05.0085 5952	MSPQM - ok
08:45:05.0116 5952	MsRPC           (0e008fc4819d238c51d7c93e7b41e560) C:\windows\system32\drivers\MsRPC.sys
08:45:05.0148 5952	MsRPC - ok
08:45:05.0179 5952	mssmbios        (fc6b9ff600cc585ea38b12589bd4e246) C:\windows\system32\drivers\mssmbios.sys
08:45:05.0179 5952	mssmbios - ok
08:45:05.0257 5952	MSSQL$MSSMLBIZ - ok
08:45:05.0319 5952	MSSQLServerADHelper (1d89eb4e2a99cabd4e81225f4f4c4b25) C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe
08:45:05.0335 5952	MSSQLServerADHelper - ok
08:45:05.0335 5952	MSTEE           (b42c6b921f61a6e55159b8be6cd54a36) C:\windows\system32\drivers\MSTEE.sys
08:45:05.0366 5952	MSTEE - ok
08:45:05.0382 5952	MTConfig        (33599130f44e1f34631cea241de8ac84) C:\windows\system32\DRIVERS\MTConfig.sys
08:45:05.0413 5952	MTConfig - ok
08:45:05.0428 5952	Mup             (159fad02f64e6381758c990f753bcc80) C:\windows\system32\Drivers\mup.sys
08:45:05.0444 5952	Mup - ok
08:45:05.0491 5952	napagent        (61d57a5d7c6d9afe10e77dae6e1b445e) C:\windows\system32\qagentRT.dll
08:45:05.0522 5952	napagent - ok
08:45:05.0569 5952	NativeWifiP     (26384429fcd85d83746f63e798ab1480) C:\windows\system32\DRIVERS\nwifi.sys
08:45:05.0616 5952	NativeWifiP - ok
08:45:05.0709 5952	NDIS            (e7c54812a2aaf43316eb6930c1ffa108) C:\windows\system32\drivers\ndis.sys
08:45:05.0740 5952	NDIS - ok
08:45:05.0772 5952	NdisCap         (0e1787aa6c9191d3d319e8bafe86f80c) C:\windows\system32\DRIVERS\ndiscap.sys
08:45:05.0787 5952	NdisCap - ok
08:45:05.0818 5952	NdisTapi        (e4a8aec125a2e43a9e32afeea7c9c888) C:\windows\system32\DRIVERS\ndistapi.sys
08:45:05.0865 5952	NdisTapi - ok
08:45:05.0896 5952	Ndisuio         (d8a65dafb3eb41cbb622745676fcd072) C:\windows\system32\DRIVERS\ndisuio.sys
08:45:05.0928 5952	Ndisuio - ok
08:45:05.0974 5952	NdisWan         (38fbe267e7e6983311179230facb1017) C:\windows\system32\DRIVERS\ndiswan.sys
08:45:06.0006 5952	NdisWan - ok
08:45:06.0052 5952	NDProxy         (a4bdc541e69674fbff1a8ff00be913f2) C:\windows\system32\drivers\NDProxy.sys
08:45:06.0084 5952	NDProxy - ok
08:45:06.0130 5952	NetBIOS         (80b275b1ce3b0e79909db7b39af74d51) C:\windows\system32\DRIVERS\netbios.sys
08:45:06.0162 5952	NetBIOS - ok
08:45:06.0193 5952	NetBT           (280122ddcf04b378edd1ad54d71c1e54) C:\windows\system32\DRIVERS\netbt.sys
08:45:06.0224 5952	NetBT - ok
08:45:06.0271 5952	Netlogon        (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe
08:45:06.0286 5952	Netlogon - ok
08:45:06.0333 5952	Netman          (7cccfca7510684768da22092d1fa4db2) C:\windows\System32\netman.dll
08:45:06.0380 5952	Netman - ok
08:45:06.0411 5952	netprofm        (8c338238c16777a802d6a9211eb2ba50) C:\windows\System32\netprofm.dll
08:45:06.0442 5952	netprofm - ok
08:45:06.0536 5952	NetTcpPortSharing (f476ec40033cdb91efbe73eb99b8362d) C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
08:45:06.0567 5952	NetTcpPortSharing - ok
08:45:06.0598 5952	nfrd960         (1d85c4b390b0ee09c7a46b91efb2c097) C:\windows\system32\DRIVERS\nfrd960.sys
08:45:06.0614 5952	nfrd960 - ok
08:45:06.0692 5952	NlaSvc          (912084381d30d8b89ec4e293053f4710) C:\windows\System32\nlasvc.dll
08:45:06.0723 5952	NlaSvc - ok
08:45:06.0754 5952	Npfs            (1db262a9f8c087e8153d89bef3d2235f) C:\windows\system32\drivers\Npfs.sys
08:45:06.0801 5952	Npfs - ok
08:45:06.0817 5952	nsi             (ba387e955e890c8a88306d9b8d06bf17) C:\windows\system32\nsisvc.dll
08:45:06.0864 5952	nsi - ok
08:45:06.0879 5952	nsiproxy        (e9a0a4d07e53d8fea2bb8387a3293c58) C:\windows\system32\drivers\nsiproxy.sys
08:45:06.0926 5952	nsiproxy - ok
08:45:07.0051 5952	Ntfs            (33c3093d09017cfe2e219f2472bff6eb) C:\windows\system32\drivers\Ntfs.sys
08:45:07.0113 5952	Ntfs - ok
08:45:07.0144 5952	Null            (f9756a98d69098dca8945d62858a812c) C:\windows\system32\drivers\Null.sys
08:45:07.0160 5952	Null - ok
08:45:07.0222 5952	nvraid          (af2eec9580c1d32fb7eaf105d9784061) C:\windows\system32\drivers\nvraid.sys
08:45:07.0254 5952	nvraid - ok
08:45:07.0300 5952	nvstor          (9283c58ebaa2618f93482eb5dabcec82) C:\windows\system32\drivers\nvstor.sys
08:45:07.0332 5952	nvstor - ok
08:45:07.0363 5952	nv_agp          (5a0983915f02bae73267cc2a041f717d) C:\windows\system32\drivers\nv_agp.sys
08:45:07.0378 5952	nv_agp - ok
08:45:07.0472 5952	OberonGameConsoleService (b5d5da8230d3d3525839d939a9196c3e) C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe
08:45:07.0488 5952	OberonGameConsoleService - ok
08:45:07.0628 5952	odserv          (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
08:45:07.0659 5952	odserv - ok
08:45:07.0690 5952	ohci1394        (08a70a1f2cdde9bb49b885cb817a66eb) C:\windows\system32\drivers\ohci1394.sys
08:45:07.0706 5952	ohci1394 - ok
08:45:07.0753 5952	ose             (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
08:45:07.0768 5952	ose - ok
08:45:07.0815 5952	p2pimsvc        (82a8521ddc60710c3d3d3e7325209bec) C:\windows\system32\pnrpsvc.dll
08:45:07.0862 5952	p2pimsvc - ok
08:45:07.0893 5952	p2psvc          (59c3ddd501e39e006dac31bf55150d91) C:\windows\system32\p2psvc.dll
08:45:07.0924 5952	p2psvc - ok
08:45:07.0940 5952	Parport         (2ea877ed5dd9713c5ac74e8ea7348d14) C:\windows\system32\DRIVERS\parport.sys
08:45:07.0956 5952	Parport - ok
08:45:07.0987 5952	partmgr         (3f34a1b4c5f6475f320c275e63afce9b) C:\windows\system32\drivers\partmgr.sys
08:45:08.0002 5952	partmgr - ok
08:45:08.0018 5952	Parvdm          (eb0a59f29c19b86479d36b35983daadc) C:\windows\system32\DRIVERS\parvdm.sys
08:45:08.0034 5952	Parvdm - ok
08:45:08.0065 5952	PcaSvc          (358ab7956d3160000726574083dfc8a6) C:\windows\System32\pcasvc.dll
08:45:08.0080 5952	PcaSvc - ok
08:45:08.0143 5952	pci             (673e55c3498eb970088e812ea820aa8f) C:\windows\system32\drivers\pci.sys
08:45:08.0143 5952	pci - ok
08:45:08.0158 5952	pciide          (afe86f419014db4e5593f69ffe26ce0a) C:\windows\system32\drivers\pciide.sys
08:45:08.0174 5952	pciide - ok
08:45:08.0190 5952	pcmcia          (f396431b31693e71e8a80687ef523506) C:\windows\system32\DRIVERS\pcmcia.sys
08:45:08.0221 5952	pcmcia - ok
08:45:08.0236 5952	pcw             (250f6b43d2b613172035c6747aeeb19f) C:\windows\system32\drivers\pcw.sys
08:45:08.0252 5952	pcw - ok
08:45:08.0314 5952	PEAUTH          (9e0104ba49f4e6973749a02bf41344ed) C:\windows\system32\drivers\peauth.sys
08:45:08.0377 5952	PEAUTH - ok
08:45:08.0486 5952	pgsql-8.3       (4e87ef38a053f02e454935c8440ec91a) C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe
08:45:08.0517 5952	pgsql-8.3 ( UnsignedFile.Multi.Generic ) - warning
08:45:08.0517 5952	pgsql-8.3 - detected UnsignedFile.Multi.Generic (1)
08:45:08.0658 5952	pla             (414bba67a3ded1d28437eb66aeb8a720) C:\windows\system32\pla.dll
08:45:08.0751 5952	pla - ok
08:45:08.0876 5952	PlugPlay        (ec7bc28d207da09e79b3e9faf8b232ca) C:\windows\system32\umpnpmgr.dll
08:45:08.0923 5952	PlugPlay - ok
08:45:08.0938 5952	PNRPAutoReg     (63ff8572611249931eb16bb8eed6afc8) C:\windows\system32\pnrpauto.dll
08:45:08.0954 5952	PNRPAutoReg - ok
08:45:08.0985 5952	PNRPsvc         (82a8521ddc60710c3d3d3e7325209bec) C:\windows\system32\pnrpsvc.dll
08:45:09.0016 5952	PNRPsvc - ok
08:45:09.0063 5952	PolicyAgent     (53946b69ba0836bd95b03759530c81ec) C:\windows\System32\ipsecsvc.dll
08:45:09.0094 5952	PolicyAgent - ok
08:45:09.0141 5952	Power           (f87d30e72e03d579a5199ccb3831d6ea) C:\windows\system32\umpo.dll
08:45:09.0172 5952	Power - ok
08:45:09.0235 5952	PptpMiniport    (631e3e205ad6d86f2aed6a4a8e69f2db) C:\windows\system32\DRIVERS\raspptp.sys
08:45:09.0282 5952	PptpMiniport - ok
08:45:09.0282 5952	Processor       (85b1e3a0c7585bc4aae6899ec6fcf011) C:\windows\system32\DRIVERS\processr.sys
08:45:09.0297 5952	Processor - ok
08:45:09.0360 5952	ProfSvc         (43ca4ccc22d52fb58e8988f0198851d0) C:\windows\system32\profsvc.dll
08:45:09.0406 5952	ProfSvc - ok
08:45:09.0438 5952	ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe
08:45:09.0453 5952	ProtectedStorage - ok
08:45:09.0500 5952	ProtexisLicensing (f115af58abe5605d7d709cbfbd83f418) C:\windows\system32\PSIService.exe
08:45:09.0531 5952	ProtexisLicensing - ok
08:45:09.0578 5952	Psched          (6270ccae2a86de6d146529fe55b3246a) C:\windows\system32\DRIVERS\pacer.sys
08:45:09.0625 5952	Psched - ok
08:45:09.0734 5952	ql2300          (ab95ecf1f6659a60ddc166d8315b0751) C:\windows\system32\DRIVERS\ql2300.sys
08:45:09.0796 5952	ql2300 - ok
08:45:09.0906 5952	ql40xx          (b4dd51dd25182244b86737dc51af2270) C:\windows\system32\DRIVERS\ql40xx.sys
08:45:09.0937 5952	ql40xx - ok
08:45:09.0968 5952	QWAVE           (31ac809e7707eb580b2bdb760390765a) C:\windows\system32\qwave.dll
08:45:09.0984 5952	QWAVE - ok
08:45:09.0999 5952	QWAVEdrv        (584078ca1b95ca72df2a27c336f9719d) C:\windows\system32\drivers\qwavedrv.sys
08:45:10.0030 5952	QWAVEdrv - ok
08:45:10.0046 5952	RasAcd          (30a81b53c766d0133bb86d234e5556ab) C:\windows\system32\DRIVERS\rasacd.sys
08:45:10.0093 5952	RasAcd - ok
08:45:10.0124 5952	RasAgileVpn     (57ec4aef73660166074d8f7f31c0d4fd) C:\windows\system32\DRIVERS\AgileVpn.sys
08:45:10.0171 5952	RasAgileVpn - ok
08:45:10.0186 5952	RasAuto         (a60f1839849c0c00739787fd5ec03f13) C:\windows\System32\rasauto.dll
08:45:10.0218 5952	RasAuto - ok
08:45:10.0233 5952	Rasl2tp         (d9f91eafec2815365cbe6d167e4e332a) C:\windows\system32\DRIVERS\rasl2tp.sys
08:45:10.0280 5952	Rasl2tp - ok
08:45:10.0311 5952	RasMan          (cb9e04dc05eacf5b9a36ca276d475006) C:\windows\System32\rasmans.dll
08:45:10.0342 5952	RasMan - ok
08:45:10.0374 5952	RasPppoe        (0fe8b15916307a6ac12bfb6a63e45507) C:\windows\system32\DRIVERS\raspppoe.sys
08:45:10.0420 5952	RasPppoe - ok
08:45:10.0452 5952	RasSstp         (44101f495a83ea6401d886e7fd70096b) C:\windows\system32\DRIVERS\rassstp.sys
08:45:10.0483 5952	RasSstp - ok
08:45:10.0530 5952	rdbss           (d528bc58a489409ba40334ebf96a311b) C:\windows\system32\DRIVERS\rdbss.sys
08:45:10.0592 5952	rdbss - ok
08:45:10.0623 5952	rdpbus          (0d8f05481cb76e70e1da06ee9f0da9df) C:\windows\system32\DRIVERS\rdpbus.sys
08:45:10.0639 5952	rdpbus - ok
08:45:10.0670 5952	RDPCDD          (23dae03f29d253ae74c44f99e515f9a1) C:\windows\system32\DRIVERS\RDPCDD.sys
08:45:10.0701 5952	RDPCDD - ok
08:45:10.0732 5952	RDPENCDD        (5a53ca1598dd4156d44196d200c94b8a) C:\windows\system32\drivers\rdpencdd.sys
08:45:10.0764 5952	RDPENCDD - ok
08:45:10.0779 5952	RDPREFMP        (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\windows\system32\drivers\rdprefmp.sys
08:45:10.0810 5952	RDPREFMP - ok
08:45:10.0857 5952	RDPWD           (244c83332f44589ae98fc347f11b2693) C:\windows\system32\drivers\RDPWD.sys
08:45:10.0920 5952	RDPWD - ok
08:45:10.0966 5952	rdyboost        (518395321dc96fe2c9f0e96ac743b656) C:\windows\system32\drivers\rdyboost.sys
08:45:11.0013 5952	rdyboost - ok
08:45:11.0044 5952	RemoteAccess    (7b5e1419717fac363a31cc302895217a) C:\windows\System32\mprdim.dll
08:45:11.0076 5952	RemoteAccess - ok
08:45:11.0107 5952	RemoteRegistry  (cb9a8683f4ef2bf99e123d79950d7935) C:\windows\system32\regsvc.dll
08:45:11.0138 5952	RemoteRegistry - ok
08:45:11.0154 5952	RpcEptMapper    (78d072f35bc45d9e4e1b61895c152234) C:\windows\System32\RpcEpMap.dll
08:45:11.0185 5952	RpcEptMapper - ok
08:45:11.0216 5952	RpcLocator      (94d36c0e44677dd26981d2bfeef2a29d) C:\windows\system32\locator.exe
08:45:11.0247 5952	RpcLocator - ok
08:45:11.0294 5952	RpcSs           (7660f01d3b38aca1747e397d21d790af) C:\windows\system32\rpcss.dll
08:45:11.0325 5952	RpcSs - ok
08:45:11.0372 5952	rspndr          (032b0d36ad92b582d869879f5af5b928) C:\windows\system32\DRIVERS\rspndr.sys
08:45:11.0403 5952	rspndr - ok
08:45:11.0450 5952	RTL8167         (6465166dd9b2f841dabad16abdadbe98) C:\windows\system32\DRIVERS\Rt86win7.sys
08:45:11.0512 5952	RTL8167 - ok
08:45:11.0559 5952	SABI            (6e5fbb7cbaec47038b945d5e9b144a64) C:\windows\system32\Drivers\SABI.sys
08:45:11.0606 5952	SABI - ok
08:45:11.0637 5952	SamSs           (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe
08:45:11.0668 5952	SamSs - ok
08:45:11.0715 5952	sbp2port        (05d860da1040f111503ac416ccef2bca) C:\windows\system32\drivers\sbp2port.sys
08:45:11.0731 5952	sbp2port - ok
08:45:11.0762 5952	SCardSvr        (8fc518ffe9519c2631d37515a68009c4) C:\windows\System32\SCardSvr.dll
08:45:11.0809 5952	SCardSvr - ok
08:45:11.0824 5952	scfilter        (0693b5ec673e34dc147e195779a4dcf6) C:\windows\system32\DRIVERS\scfilter.sys
08:45:11.0871 5952	scfilter - ok
08:45:11.0949 5952	Schedule        (a04bb13f8a72f8b6e8b4071723e4e336) C:\windows\system32\schedsvc.dll
08:45:12.0012 5952	Schedule - ok
08:45:12.0043 5952	SCPolicySvc     (319c6b309773d063541d01df8ac6f55f) C:\windows\System32\certprop.dll
08:45:12.0074 5952	SCPolicySvc - ok
08:45:12.0105 5952	SDRSVC          (08236c4bce5edd0a0318a438af28e0f7) C:\windows\System32\SDRSVC.dll
08:45:12.0168 5952	SDRSVC - ok
08:45:12.0199 5952	secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\windows\system32\drivers\secdrv.sys
08:45:12.0261 5952	secdrv - ok
08:45:12.0292 5952	seclogon        (a59b3a4442c52060cc7a85293aa3546f) C:\windows\system32\seclogon.dll
08:45:12.0324 5952	seclogon - ok
08:45:12.0324 5952	SENS            (dcb7fcdcc97f87360f75d77425b81737) C:\windows\System32\sens.dll
08:45:12.0370 5952	SENS - ok
08:45:12.0402 5952	SensrSvc        (50087fe1ee447009c9cc2997b90de53f) C:\windows\system32\sensrsvc.dll
08:45:12.0417 5952	SensrSvc - ok
08:45:12.0448 5952	Serenum         (9ad8b8b515e3df6acd4212ef465de2d1) C:\windows\system32\DRIVERS\serenum.sys
08:45:12.0495 5952	Serenum - ok
08:45:12.0511 5952	Serial          (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\windows\system32\DRIVERS\serial.sys
08:45:12.0526 5952	Serial - ok
08:45:12.0573 5952	sermouse        (79bffb520327ff916a582dfea17aa813) C:\windows\system32\DRIVERS\sermouse.sys
08:45:12.0604 5952	sermouse - ok
08:45:12.0667 5952	SessionEnv      (4ae380f39a0032eab7dd953030b26d28) C:\windows\system32\sessenv.dll
08:45:12.0729 5952	SessionEnv - ok
08:45:12.0760 5952	sffdisk         (9f976e1eb233df46fce808d9dea3eb9c) C:\windows\system32\drivers\sffdisk.sys
08:45:12.0792 5952	sffdisk - ok
08:45:12.0792 5952	sffp_mmc        (932a68ee27833cfd57c1639d375f2731) C:\windows\system32\drivers\sffp_mmc.sys
08:45:12.0807 5952	sffp_mmc - ok
08:45:12.0823 5952	sffp_sd         (6d4ccaedc018f1cf52866bbbaa235982) C:\windows\system32\drivers\sffp_sd.sys
08:45:12.0838 5952	sffp_sd - ok
08:45:12.0870 5952	sfloppy         (db96666cc8312ebc45032f30b007a547) C:\windows\system32\DRIVERS\sfloppy.sys
08:45:12.0901 5952	sfloppy - ok
08:45:12.0948 5952	ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\windows\System32\shsvcs.dll
08:45:12.0979 5952	ShellHWDetection - ok
08:45:13.0026 5952	sisagp          (2565cac0dc9fe0371bdce60832582b2e) C:\windows\system32\drivers\sisagp.sys
08:45:13.0041 5952	sisagp - ok
08:45:13.0072 5952	SiSRaid2        (a9f0486851becb6dda1d89d381e71055) C:\windows\system32\DRIVERS\SiSRaid2.sys
08:45:13.0088 5952	SiSRaid2 - ok
08:45:13.0119 5952	SiSRaid4        (3727097b55738e2f554972c3be5bc1aa) C:\windows\system32\DRIVERS\sisraid4.sys
08:45:13.0135 5952	SiSRaid4 - ok
08:45:13.0166 5952	SMARTMouseFilterx86 (9d819137bbdee71f4241706acf80fbe1) C:\windows\system32\DRIVERS\SMARTMouseFilterx86.sys
08:45:13.0166 5952	SMARTMouseFilterx86 - ok
08:45:13.0197 5952	SMARTVHidMini2000x86 (2d362731fac8440e9d3a43f5d1dae280) C:\windows\system32\DRIVERS\SMARTVHidMini2000x86.sys
08:45:13.0213 5952	SMARTVHidMini2000x86 - ok
08:45:13.0228 5952	SMARTVTabletPCx86 (cb07b494d60a0f31b12b01dee0fb251f) C:\windows\system32\DRIVERS\SMARTVTabletPCx86.sys
08:45:13.0244 5952	SMARTVTabletPCx86 - ok
08:45:13.0291 5952	Smb             (3e21c083b8a01cb70ba1f09303010fce) C:\windows\system32\DRIVERS\smb.sys
08:45:13.0322 5952	Smb - ok
08:45:13.0369 5952	SNMPTRAP        (6a984831644eca1a33ffeae4126f4f37) C:\windows\System32\snmptrap.exe
08:45:13.0384 5952	SNMPTRAP - ok
08:45:13.0400 5952	spldr           (95cf1ae7527fb70f7816563cbc09d942) C:\windows\system32\drivers\spldr.sys
08:45:13.0416 5952	spldr - ok
08:45:13.0478 5952	Spooler         (866a43013535dc8587c258e43579c764) C:\windows\System32\spoolsv.exe
08:45:13.0509 5952	Spooler - ok
08:45:13.0759 5952	sppsvc          (cf87a1de791347e75b98885214ced2b8) C:\windows\system32\sppsvc.exe
08:45:13.0868 5952	sppsvc - ok
08:45:13.0977 5952	sppuinotify     (b0180b20b065d89232a78a40fe56eaa6) C:\windows\system32\sppuinotify.dll
08:45:14.0024 5952	sppuinotify - ok
08:45:14.0149 5952	sptd            (cdddec541bc3c96f91ecb48759673505) C:\windows\system32\Drivers\sptd.sys
08:45:14.0149 5952	Suspicious file (NoAccess): C:\windows\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
08:45:14.0164 5952	sptd ( LockedFile.Multi.Generic ) - warning
08:45:14.0164 5952	sptd - detected LockedFile.Multi.Generic (1)
08:45:14.0258 5952	SQLBrowser      (86ebd8b1f23e743aad21f4d5b4d40985) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
08:45:14.0289 5952	SQLBrowser - ok
08:45:14.0320 5952	SQLWriter       (d89083c4eb02daca8f944b0e05e57f9d) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
08:45:14.0352 5952	SQLWriter - ok
08:45:14.0398 5952	srv             (e4c2764065d66ea1d2d3ebc28fe99c46) C:\windows\system32\DRIVERS\srv.sys
08:45:14.0476 5952	srv - ok
08:45:14.0508 5952	srv2            (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\windows\system32\DRIVERS\srv2.sys
08:45:14.0539 5952	srv2 - ok
08:45:14.0554 5952	srvnet          (be6bd660caa6f291ae06a718a4fa8abc) C:\windows\system32\DRIVERS\srvnet.sys
08:45:14.0586 5952	srvnet - ok
08:45:14.0617 5952	SSDPSRV         (d887c9fd02ac9fa880f6e5027a43e118) C:\windows\System32\ssdpsrv.dll
08:45:14.0648 5952	SSDPSRV - ok
08:45:14.0695 5952	ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\windows\system32\DRIVERS\ssmdrv.sys
08:45:14.0710 5952	ssmdrv - ok
08:45:14.0726 5952	SstpSvc         (d318f23be45d5e3a107469eb64815b50) C:\windows\system32\sstpsvc.dll
08:45:14.0757 5952	SstpSvc - ok
08:45:14.0788 5952	stexstor        (db32d325c192b801df274bfd12a7e72b) C:\windows\system32\DRIVERS\stexstor.sys
08:45:14.0804 5952	stexstor - ok
08:45:14.0851 5952	StiSvc          (e1fb3706030fb4578a0d72c2fc3689e4) C:\windows\System32\wiaservc.dll
08:45:14.0898 5952	StiSvc - ok
08:45:14.0913 5952	swenum          (e58c78a848add9610a4db6d214af5224) C:\windows\system32\drivers\swenum.sys
08:45:14.0929 5952	swenum - ok
08:45:14.0960 5952	swprv           (a28bd92df340e57b024ba433165d34d7) C:\windows\System32\swprv.dll
08:45:15.0007 5952	swprv - ok
08:45:15.0054 5952	SynTP           (7a9025d8f7852b06d6d08ed536135e7e) C:\windows\system32\DRIVERS\SynTP.sys
08:45:15.0069 5952	SynTP - ok
08:45:15.0194 5952	SysMain         (36650d618ca34c9d357dfd3d89b2c56f) C:\windows\system32\sysmain.dll
08:45:15.0256 5952	SysMain - ok
08:45:15.0303 5952	TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\windows\System32\TabSvc.dll
08:45:15.0334 5952	TabletInputService - ok
08:45:15.0366 5952	TapiSrv         (613bf4820361543956909043a265c6ac) C:\windows\System32\tapisrv.dll
08:45:15.0412 5952	TapiSrv - ok
08:45:15.0444 5952	TBS             (b799d9fdb26111737f58288d8dc172d9) C:\windows\System32\tbssvc.dll
08:45:15.0475 5952	TBS - ok
08:45:15.0631 5952	Tcpip           (7fa2e0f8b072bd04b77b421480b6cc22) C:\windows\system32\drivers\tcpip.sys
08:45:15.0693 5952	Tcpip - ok
08:45:15.0724 5952	TCPIP6          (7fa2e0f8b072bd04b77b421480b6cc22) C:\windows\system32\DRIVERS\tcpip.sys
08:45:15.0756 5952	TCPIP6 - ok
08:45:15.0787 5952	tcpipreg        (cca24162e055c3714ce5a88b100c64ed) C:\windows\system32\drivers\tcpipreg.sys
08:45:15.0849 5952	tcpipreg - ok
08:45:15.0896 5952	TDPIPE          (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\windows\system32\drivers\tdpipe.sys
08:45:15.0912 5952	TDPIPE - ok
08:45:15.0912 5952	TDTCP           (2c2c5afe7ee4f620d69c23c0617651a8) C:\windows\system32\drivers\tdtcp.sys
08:45:15.0943 5952	TDTCP - ok
08:45:15.0974 5952	tdx             (b459575348c20e8121d6039da063c704) C:\windows\system32\DRIVERS\tdx.sys
08:45:16.0005 5952	tdx - ok
08:45:16.0052 5952	TermDD          (04dbf4b01ea4bf25a9a3e84affac9b20) C:\windows\system32\drivers\termdd.sys
08:45:16.0068 5952	TermDD - ok
08:45:16.0130 5952	TermService     (382c804c92811be57829d8e550a900e2) C:\windows\System32\termsrv.dll
08:45:16.0177 5952	TermService - ok
08:45:16.0208 5952	Themes          (42fb6afd6b79d9fe07381609172e7ca4) C:\windows\system32\themeservice.dll
08:45:16.0224 5952	Themes - ok
08:45:16.0255 5952	THREADORDER     (146b6f43a673379a3c670e86d89be5ea) C:\windows\system32\mmcss.dll
08:45:16.0286 5952	THREADORDER - ok
08:45:16.0302 5952	TrkWks          (4792c0378db99a9bc2ae2de6cfff0c3a) C:\windows\System32\trkwks.dll
08:45:16.0333 5952	TrkWks - ok
08:45:16.0395 5952	TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\windows\servicing\TrustedInstaller.exe
08:45:16.0458 5952	TrustedInstaller - ok
08:45:16.0489 5952	tssecsrv        (254bb140eee3c59d6114c1a86b636877) C:\windows\system32\DRIVERS\tssecsrv.sys
08:45:16.0504 5952	tssecsrv - ok
08:45:16.0567 5952	TsUsbFlt        (fd1d6c73e6333be727cbcc6054247654) C:\windows\system32\drivers\tsusbflt.sys
08:45:16.0598 5952	TsUsbFlt - ok
08:45:16.0660 5952	tunnel          (b2fa25d9b17a68bb93d58b0556e8c90d) C:\windows\system32\DRIVERS\tunnel.sys
08:45:16.0723 5952	tunnel - ok
08:45:16.0754 5952	uagp35          (750fbcb269f4d7dd2e420c56b795db6d) C:\windows\system32\DRIVERS\uagp35.sys
08:45:16.0770 5952	uagp35 - ok
08:45:16.0816 5952	udfs            (ee43346c7e4b5e63e54f927babbb32ff) C:\windows\system32\DRIVERS\udfs.sys
08:45:16.0848 5952	udfs - ok
08:45:16.0879 5952	UI0Detect       (8344fd4fce927880aa1aa7681d4927e5) C:\windows\system32\UI0Detect.exe
08:45:16.0910 5952	UI0Detect - ok
08:45:16.0941 5952	uliagpkx        (44e8048ace47befbfdc2e9be4cbc8880) C:\windows\system32\drivers\uliagpkx.sys
08:45:16.0972 5952	uliagpkx - ok
08:45:17.0019 5952	umbus           (d295bed4b898f0fd999fcfa9b32b071b) C:\windows\system32\drivers\umbus.sys
08:45:17.0035 5952	umbus - ok
08:45:17.0050 5952	UmPass          (7550ad0c6998ba1cb4843e920ee0feac) C:\windows\system32\DRIVERS\umpass.sys
08:45:17.0066 5952	UmPass - ok
08:45:17.0097 5952	upnphost        (833fbb672460efce8011d262175fad33) C:\windows\System32\upnphost.dll
08:45:17.0128 5952	upnphost - ok
08:45:17.0175 5952	usbccgp         (7e72e7d7e0757d59481d530fd2b0bfae) C:\windows\system32\drivers\usbccgp.sys
08:45:17.0191 5952	usbccgp - ok
08:45:17.0238 5952	usbcir          (04ec7cec62ec3b6d9354eee93327fc82) C:\windows\system32\drivers\usbcir.sys
08:45:17.0269 5952	usbcir - ok
08:45:17.0300 5952	usbehci         (cfbce999c057d78979a181c9c60f208e) C:\windows\system32\drivers\usbehci.sys
08:45:17.0347 5952	usbehci - ok
08:45:17.0409 5952	usbhub          (9d22aad9ac6a07c691a1113e5f860868) C:\windows\system32\drivers\usbhub.sys
08:45:17.0472 5952	usbhub - ok
08:45:17.0518 5952	usbohci         (a6fb7957ea7afb1165991e54ce934b74) C:\windows\system32\drivers\usbohci.sys
08:45:17.0534 5952	usbohci - ok
08:45:17.0581 5952	usbprint        (797d862fe0875e75c7cc4c1ad7b30252) C:\windows\system32\DRIVERS\usbprint.sys
08:45:17.0596 5952	usbprint - ok
08:45:17.0643 5952	usbscan         (576096ccbc07e7c4ea4f5e6686d6888f) C:\windows\system32\DRIVERS\usbscan.sys
08:45:17.0659 5952	usbscan - ok
08:45:17.0706 5952	USBSTOR         (bf63ebfc6979fefb2bc03df7989a0c1a) C:\windows\system32\DRIVERS\USBSTOR.SYS
08:45:17.0721 5952	USBSTOR - ok
08:45:17.0768 5952	usbuhci         (78780c3ebce17405b1ccd07a3a8a7d72) C:\windows\system32\drivers\usbuhci.sys
08:45:17.0784 5952	usbuhci - ok
08:45:17.0846 5952	usbvideo        (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\windows\System32\Drivers\usbvideo.sys
08:45:17.0908 5952	usbvideo - ok
08:45:17.0940 5952	UxSms           (081e6e1c91aec36758902a9f727cd23c) C:\windows\System32\uxsms.dll
08:45:17.0986 5952	UxSms - ok
08:45:18.0018 5952	VaultSvc        (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe
08:45:18.0033 5952	VaultSvc - ok
08:45:18.0096 5952	vdrvroot        (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\windows\system32\drivers\vdrvroot.sys
08:45:18.0111 5952	vdrvroot - ok
08:45:18.0174 5952	vds             (c3cd30495687c2a2f66a65ca6fd89be9) C:\windows\System32\vds.exe
08:45:18.0220 5952	vds - ok
08:45:18.0252 5952	vga             (17c408214ea61696cec9c66e388b14f3) C:\windows\system32\DRIVERS\vgapnp.sys
08:45:18.0267 5952	vga - ok
08:45:18.0283 5952	VgaSave         (8e38096ad5c8570a6f1570a61e251561) C:\windows\System32\drivers\vga.sys
08:45:18.0314 5952	VgaSave - ok
08:45:18.0361 5952	vhdmp           (5461686cca2fda57b024547733ab42e3) C:\windows\system32\drivers\vhdmp.sys
08:45:18.0376 5952	vhdmp - ok
08:45:18.0408 5952	viaagp          (c829317a37b4bea8f39735d4b076e923) C:\windows\system32\drivers\viaagp.sys
08:45:18.0423 5952	viaagp - ok
08:45:18.0454 5952	ViaC7           (e02f079a6aa107f06b16549c6e5c7b74) C:\windows\system32\DRIVERS\viac7.sys
08:45:18.0470 5952	ViaC7 - ok
08:45:18.0470 5952	viaide          (e43574f6a56a0ee11809b48c09e4fd3c) C:\windows\system32\drivers\viaide.sys
08:45:18.0486 5952	viaide - ok
08:45:18.0517 5952	volmgr          (4c63e00f2f4b5f86ab48a58cd990f212) C:\windows\system32\drivers\volmgr.sys
08:45:18.0532 5952	volmgr - ok
08:45:18.0564 5952	volmgrx         (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\windows\system32\drivers\volmgrx.sys
08:45:18.0579 5952	volmgrx - ok
08:45:18.0610 5952	volsnap         (f497f67932c6fa693d7de2780631cfe7) C:\windows\system32\drivers\volsnap.sys
08:45:18.0642 5952	volsnap - ok
08:45:18.0673 5952	vsmraid         (9dfa0cc2f8855a04816729651175b631) C:\windows\system32\DRIVERS\vsmraid.sys
08:45:18.0704 5952	vsmraid - ok
08:45:18.0813 5952	VSS             (209a3b1901b83aeb8527ed211cce9e4c) C:\windows\system32\vssvc.exe
08:45:18.0860 5952	VSS - ok
08:45:18.0876 5952	vwifibus        (90567b1e658001e79d7c8bbd3dde5aa6) C:\windows\system32\DRIVERS\vwifibus.sys
08:45:18.0907 5952	vwifibus - ok
08:45:18.0954 5952	vwififlt        (7090d3436eeb4e7da3373090a23448f7) C:\windows\system32\DRIVERS\vwififlt.sys
08:45:19.0000 5952	vwififlt - ok
08:45:19.0032 5952	vwifimp         (a3f04cbea6c2a10e6cb01f8b47611882) C:\windows\system32\DRIVERS\vwifimp.sys
08:45:19.0047 5952	vwifimp - ok
08:45:19.0094 5952	W32Time         (55187fd710e27d5095d10a472c8baf1c) C:\windows\system32\w32time.dll
08:45:19.0125 5952	W32Time - ok
08:45:19.0172 5952	WacomPen        (de3721e89c653aa281428c8a69745d90) C:\windows\system32\DRIVERS\wacompen.sys
08:45:19.0188 5952	WacomPen - ok
08:45:19.0234 5952	WANARP          (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\windows\system32\DRIVERS\wanarp.sys
08:45:19.0281 5952	WANARP - ok
08:45:19.0281 5952	Wanarpv6        (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\windows\system32\DRIVERS\wanarp.sys
08:45:19.0312 5952	Wanarpv6 - ok
08:45:19.0453 5952	wbengine        (691e3285e53dca558e1a84667f13e15a) C:\windows\system32\wbengine.exe
08:45:19.0531 5952	wbengine - ok
08:45:19.0546 5952	WbioSrvc        (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\windows\System32\wbiosrvc.dll
08:45:19.0578 5952	WbioSrvc - ok
08:45:19.0624 5952	wcncsvc         (34eee0dfaadb4f691d6d5308a51315dc) C:\windows\System32\wcncsvc.dll
08:45:19.0656 5952	wcncsvc - ok
08:45:19.0671 5952	WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\windows\System32\WcsPlugInService.dll
08:45:19.0702 5952	WcsPlugInService - ok
08:45:19.0780 5952	Wd              (1112a9badacb47b7c0bb0392e3158dff) C:\windows\system32\DRIVERS\wd.sys
08:45:19.0796 5952	Wd - ok
08:45:19.0843 5952	Wdf01000        (9950e3d0f08141c7e89e64456ae7dc73) C:\windows\system32\drivers\Wdf01000.sys
08:45:19.0874 5952	Wdf01000 - ok
08:45:19.0890 5952	WdiServiceHost  (46ef9dc96265fd0b423db72e7c38c2a5) C:\windows\system32\wdi.dll
08:45:19.0952 5952	WdiServiceHost - ok
08:45:19.0952 5952	WdiSystemHost   (46ef9dc96265fd0b423db72e7c38c2a5) C:\windows\system32\wdi.dll
08:45:19.0968 5952	WdiSystemHost - ok
08:45:20.0030 5952	WebClient       (a9d880f97530d5b8fee278923349929d) C:\windows\System32\webclnt.dll
08:45:20.0061 5952	WebClient - ok
08:45:20.0092 5952	Wecsvc          (760f0afe937a77cff27153206534f275) C:\windows\system32\wecsvc.dll
08:45:20.0124 5952	Wecsvc - ok
08:45:20.0155 5952	wercplsupport   (ac804569bb2364fb6017370258a4091b) C:\windows\System32\wercplsupport.dll
08:45:20.0186 5952	wercplsupport - ok
08:45:20.0217 5952	WerSvc          (08e420d873e4fd85241ee2421b02c4a4) C:\windows\System32\WerSvc.dll
08:45:20.0248 5952	WerSvc - ok
08:45:20.0280 5952	WfpLwf          (8b9a943f3b53861f2bfaf6c186168f79) C:\windows\system32\DRIVERS\wfplwf.sys
08:45:20.0295 5952	WfpLwf - ok
08:45:20.0311 5952	WIMMount        (5cf95b35e59e2a38023836fff31be64c) C:\windows\system32\drivers\wimmount.sys
08:45:20.0326 5952	WIMMount - ok
08:45:20.0326 5952	WinHttpAutoProxySvc - ok
08:45:20.0404 5952	Winmgmt         (f62e510b6ad4c21eb9fe8668ed251826) C:\windows\system32\wbem\WMIsvc.dll
08:45:20.0420 5952	Winmgmt - ok
08:45:20.0529 5952	WinRM           (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\windows\system32\WsmSvc.dll
08:45:20.0607 5952	WinRM - ok
08:45:20.0701 5952	WinUsb          (a67e5f9a400f3bd1be3d80613b45f708) C:\windows\system32\DRIVERS\WinUsb.sys
08:45:20.0732 5952	WinUsb - ok
08:45:20.0810 5952	Wlansvc         (16935c98ff639d185086a3529b1f2067) C:\windows\System32\wlansvc.dll
08:45:20.0857 5952	Wlansvc - ok
08:45:20.0872 5952	WmiAcpi         (0217679b8fca58714c3bf2726d2ca84e) C:\windows\system32\drivers\wmiacpi.sys
08:45:20.0888 5952	WmiAcpi - ok
08:45:20.0935 5952	wmiApSrv        (6eb6b66517b048d87dc1856ddf1f4c3f) C:\windows\system32\wbem\WmiApSrv.exe
08:45:20.0950 5952	wmiApSrv - ok
08:45:21.0075 5952	WMPNetworkSvc   (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
08:45:21.0138 5952	WMPNetworkSvc - ok
08:45:21.0169 5952	WPCSvc          (a2f0ec770a92f2b3f9de6d518e11409c) C:\windows\System32\wpcsvc.dll
08:45:21.0200 5952	WPCSvc - ok
08:45:21.0231 5952	WPDBusEnum      (aa53356d60af47eacc85bc617a4f3f66) C:\windows\system32\wpdbusenum.dll
08:45:21.0278 5952	WPDBusEnum - ok
08:45:21.0340 5952	ws2ifsl         (6db3276587b853bf886b69528fdb048c) C:\windows\system32\drivers\ws2ifsl.sys
08:45:21.0403 5952	ws2ifsl - ok
08:45:21.0403 5952	WSearch - ok
08:45:21.0574 5952	wuauserv        (3026418a50c5b4761befa632cedb7406) C:\windows\system32\wuaueng.dll
08:45:21.0668 5952	wuauserv - ok
08:45:21.0793 5952	WudfPf          (e714a1c0354636837e20ccbf00888ee7) C:\windows\system32\drivers\WudfPf.sys
08:45:21.0840 5952	WudfPf - ok
08:45:21.0871 5952	WUDFRd          (1023ee888c9b47178c5293ed5336ab69) C:\windows\system32\DRIVERS\WUDFRd.sys
08:45:21.0902 5952	WUDFRd - ok
08:45:21.0949 5952	wudfsvc         (8d1e1e529a2c9e9b6a85b55a345f7629) C:\windows\System32\WUDFSvc.dll
08:45:21.0980 5952	wudfsvc - ok
08:45:22.0027 5952	WwanSvc         (ff2d745b560f7c71b31f30f4d49f73d2) C:\windows\System32\wwansvc.dll
08:45:22.0042 5952	WwanSvc - ok
08:45:22.0136 5952	MBR (0x1B8)     (2e5debb2116b3417023e0d6562d7ed07) \Device\Harddisk0\DR0
08:45:22.0542 5952	\Device\Harddisk0\DR0 - ok
08:45:22.0542 5952	Boot (0x1200)   (f19731e6fe94b6ae3e1f3e18bd062d9a) \Device\Harddisk0\DR0\Partition0
08:45:22.0542 5952	\Device\Harddisk0\DR0\Partition0 - ok
08:45:22.0573 5952	Boot (0x1200)   (1cf201412f0213464cb101bf59833b11) \Device\Harddisk0\DR0\Partition1
08:45:22.0573 5952	\Device\Harddisk0\DR0\Partition1 - ok
08:45:22.0588 5952	Boot (0x1200)   (9dadb1f068c32f9436258323a47f7f23) \Device\Harddisk0\DR0\Partition2
08:45:22.0604 5952	\Device\Harddisk0\DR0\Partition2 - ok
08:45:22.0604 5952	============================================================
08:45:22.0604 5952	Scan finished
08:45:22.0604 5952	============================================================
08:45:22.0620 5456	Detected object count: 3
08:45:22.0620 5456	Actual detected object count: 3
08:45:42.0681 5456	CVPNDRVA ( UnsignedFile.Multi.Generic ) - skipped by user
08:45:42.0681 5456	CVPNDRVA ( UnsignedFile.Multi.Generic ) - User select action: Skip 
08:45:42.0681 5456	pgsql-8.3 ( UnsignedFile.Multi.Generic ) - skipped by user
08:45:42.0681 5456	pgsql-8.3 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
08:45:42.0697 5456	sptd ( LockedFile.Multi.Generic ) - skipped by user
08:45:42.0697 5456	sptd ( LockedFile.Multi.Generic ) - User select action: Skip
         

Alt 13.06.2012, 10:31   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Live Security Platinum - Malwarebytes meldet Löschung von 3 infizierten Dateien, sind aber wieder da - Standard

Live Security Platinum - Malwarebytes meldet Löschung von 3 infizierten Dateien, sind aber wieder da



Ja den Stick kannst du anstecken, durch das Deaktivieren der Autowiedergabe wird auch nichts automatisch ausgeführt

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 13.06.2012, 11:37   #13
Magnetiseur
 
Live Security Platinum - Malwarebytes meldet Löschung von 3 infizierten Dateien, sind aber wieder da - Standard

Live Security Platinum - Malwarebytes meldet Löschung von 3 infizierten Dateien, sind aber wieder da



Hilfe. Ich hab den Echtzeitscanner ausgeschalten. Trotzdem meldet ComboFix, dass "folgende Real-Time-Scanner aktiv sind:
antivirus: Avira Desktop
antispyware: Avira Desktop"

Habe schon in der Hilfe und in Foren nach Deaktivieren gesucht, jedoch nichts anderes gefunden, als das was ich gemacht habe. Was soll ich tun (muss ich es deinstallieren, das ist noch eine andere Möglichkeit die ich gefunden habe...)

Jetzt bin ich noch über die Systemsteuerung rein "Sytem und Sicherheit" Muss ich vielleicht hier unter Allgemeines Warnungen die Häkchen alle wegmachen?

Sorry, dass ich mich so dumm anstelle

Hallo,

ich habe jetzt in der Konfiguration auch bei "Allgemeines" - "Sicherheit" alle Häkchen weggemacht - dacht, das ist es und habe dann auf ok bei ComboFix geclickt. Das meldet jetzt:

"antivirus: Avira Desktop
antispyware: Avira Desktop

Die obigen Real-Time-Scanner sind immer noch aktivv aber ComboFix wird trotzdem mit dem Scuhlauf fortfahren. Bitte nehme zur Kenntnis, das dies in eigener Verantwortung geschieht"

Ich kann nur OK und nicht ABBRECHEN klicken...

Was kann ich tun?

Gruß,
Magnetiseur

Also ich denke, jetzt habe ich es doch geschafft ComboFix richtig auszuführen (habe Antivir deninstalliert) Entschuldige bitte nochmal, dass ich mit den Fragen danach - für dich wahrscheinlich Kleinigkeiten - genervt habe. Hat das jetzt auch die 2 (ziemlich sicher infizierten) USB-Sticks, die wärenddessen eingesteckt waren, gescannt und gereinigt bzw. wenn nicht, mit welchem Programm/Tool kann ich das tun?
Es folgt das ComboFix-Log:

Combofix Logfile:
Code:
ATTFilter
ComboFix 12-06-13.01 - Sarah 13.06.2012  15:06:38.1.2 - x86
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.3005.1870 [GMT 2:00]
ausgeführt von:: c:\users\Sarah\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\FullRemove.exe
c:\users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Live Security Platinum
c:\users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Live Security Platinum\Live Security Platinum.lnk
c:\windows\IsUn0407.exe
.
Infizierte Kopie von c:\windows\system32\Services.exe wurde gefunden und desinfiziert 
Kopie von - c:\windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe wurde wiederhergestellt 
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-05-13 bis 2012-06-13  ))))))))))))))))))))))))))))))
.
.
2012-06-13 13:13 . 2012-06-13 13:15	--------	d-----w-	c:\users\Sarah\AppData\Local\temp
2012-06-13 13:13 . 2012-06-13 13:13	--------	d-----w-	c:\users\postgres\AppData\Local\temp
2012-06-13 13:13 . 2012-06-13 13:13	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-06-13 10:35 . 2012-05-17 22:24	2382848	----a-w-	c:\windows\system32\mshtml.tlb
2012-06-13 10:35 . 2012-05-17 23:21	140920	----a-w-	c:\program files\Internet Explorer\sqmapi.dll
2012-06-13 10:35 . 2012-05-17 22:31	194560	----a-w-	c:\program files\Internet Explorer\ieproxy.dll
2012-06-13 10:35 . 2012-05-17 22:31	194048	----a-w-	c:\program files\Internet Explorer\IEShims.dll
2012-06-13 06:41 . 2012-04-28 03:17	183808	----a-w-	c:\windows\system32\drivers\rdpwd.sys
2012-06-13 06:41 . 2012-05-15 01:05	2343936	----a-w-	c:\windows\system32\win32k.sys
2012-06-13 06:41 . 2012-04-26 04:45	58880	----a-w-	c:\windows\system32\rdpwsx.dll
2012-06-13 06:41 . 2012-04-26 04:45	129536	----a-w-	c:\windows\system32\rdpcorekmts.dll
2012-06-13 06:41 . 2012-04-26 04:41	8192	----a-w-	c:\windows\system32\rdrmemptylst.exe
2012-06-12 05:53 . 2012-06-12 05:53	--------	d-----w-	C:\_OTL
2012-06-10 19:51 . 2012-06-10 19:51	--------	d-----w-	c:\program files\ESET
2012-06-09 11:32 . 2012-06-09 11:32	770384	----a-w-	c:\program files\Mozilla Firefox\msvcr100.dll
2012-06-09 11:32 . 2012-06-09 11:32	421200	----a-w-	c:\program files\Mozilla Firefox\msvcp100.dll
2012-06-08 17:36 . 2012-06-08 17:36	--------	d-----w-	c:\programdata\HitmanPro
2012-06-08 10:37 . 2012-06-08 10:37	--------	d-----w-	c:\program files\madagaskar
2012-06-08 10:37 . 2012-04-04 13:56	22344	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-06-08 10:34 . 2012-06-08 10:34	--------	d-sh--w-	c:\windows\system32\%APPDATA%
2012-06-08 09:53 . 2012-06-08 09:53	--------	d-----w-	c:\programdata\F4D55F3B00017A63000BC0D3B4EB23C1
2012-06-08 09:47 . 2012-05-08 16:40	6737808	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{ADDEA680-1ACE-4137-8456-D23A24763456}\mpengine.dll
2012-06-03 13:34 . 2012-06-03 13:34	419488	----a-w-	c:\windows\system32\FlashPlayerApp.exe
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-03 13:34 . 2012-02-02 22:23	70304	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-31 04:39 . 2012-05-09 19:33	3913072	----a-w-	c:\windows\system32\ntoskrnl.exe
2012-03-31 04:39 . 2012-05-09 19:33	3968368	----a-w-	c:\windows\system32\ntkrnlpa.exe
2012-03-30 10:23 . 2012-05-09 19:34	1291632	----a-w-	c:\windows\system32\drivers\tcpip.sys
2012-03-27 18:41 . 2009-12-08 17:23	2300696	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2012-03-27 18:41 . 2010-11-05 17:35	42776	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-03-27 18:41 . 2010-01-06 07:55	1236816	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2012-03-19 21:22 . 2010-05-04 07:35	472808	----a-w-	c:\windows\system32\deployJava1.dll
2012-03-19 20:59 . 2009-07-14 02:05	152576	----a-w-	c:\windows\system32\msclmd.dll
2012-03-17 07:27 . 2012-05-09 19:33	56176	----a-w-	c:\windows\system32\drivers\partmgr.sys
2012-06-09 11:32 . 2011-05-16 19:24	85472	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-09-17 39408]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-09-29 7744032]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-07-14 1541416]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-02-16 98304]
"SMART Board Service"="c:\program files\SMART Technologies\SMART Product Drivers\SMARTBoardService.exe" [2010-01-05 3372328]
"SMART SNMP Agent"="c:\program files\SMART Technologies\SMART Product Drivers\SMARTSNMPAgent.exe" [2010-01-05 1053992]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 170520]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Malwarebytes' Anti-Malware"="c:\program files\madagaskar\mbamgui.exe" [2012-04-04 462408]
.
c:\users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Scanner Finder.lnk - c:\program files\ScanWizard 5\ScannerFinder.exe [2010-1-7 356352]
SMART Board-Werkzeuge.lnk - c:\program files\SMART Technologies\SMART Product Drivers\SMARTBoardTools.exe [2010-1-5 11154728]
VPN Client.lnk - c:\windows\Installer\{B0BF7057-6869-4E4B-920C-EA2A58DA07F0}\Icon3E5562ED7.ico [2011-5-17 6144]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-07 135664]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-03 257696]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [2009-12-07 201168]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-07 135664]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [2009-10-12 101120]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-09 113120]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-04-19 691696]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [2009-05-28 10752]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 acedrv10;acedrv10;c:\windows\system32\drivers\acedrv10.sys [2007-10-28 583128]
S2 acehlp10;acehlp10;c:\windows\system32\drivers\acehlp10.sys [2007-10-26 250560]
S2 MBAMService;MBAMService;c:\program files\madagaskar\mbamservice.exe [2012-04-04 654408]
S2 OberonGameConsoleService;Oberon Media Game Console service;c:\program files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe [2009-08-13 44312]
S2 pgsql-8.3;PostgreSQL Database Server 8.3;c:\program files\PostgreSQL\8.3\bin\pg_ctl.exe [2008-09-19 65536]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 22344]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-31 187392]
S3 SMARTMouseFilterx86;HID-compliant mouse;c:\windows\system32\DRIVERS\SMARTMouseFilterx86.sys [2009-12-15 11048]
S3 SMARTVHidMini2000x86;SMART HID Device;c:\windows\system32\DRIVERS\SMARTVHidMini2000x86.sys [2009-12-15 14120]
S3 SMARTVTabletPCx86;SMART Virtual TabletPC;c:\windows\system32\DRIVERS\SMARTVTabletPCx86.sys [2009-12-15 13440]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-06-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-03 13:34]
.
2012-06-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-07 14:32]
.
2012-06-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-07 14:32]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = 
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{90EAE591-7E7E-434a-8E28-ECFD00071806} - c:\program files\PokerStars.FR\PokerStarsUpdate.exe
TCP: DhcpNameServer = 192.168.178.1
TCP: Interfaces\{4F84A043-FD63-43E5-8299-06DDA3ED9C9F}: NameServer = 193.189.244.225 193.189.244.206
TCP: Interfaces\{57D0DCD6-B7E1-4D82-916B-816B68ACA0C5}: NameServer = 193.189.244.225 193.189.244.206
TCP: Interfaces\{9539C053-D6E2-4FA1-A6F6-49629EE48D8E}: NameServer = 193.189.244.225 193.189.244.206
FF - ProfilePath - c:\users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\x6grzyfh.default\
FF - prefs.js: browser.search.selectedEngine - LEO Eng-Deu
FF - user.js: yahoo.homepage.dontask - true
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-CPN Notifier - c:\program files\Cake Poker 2.0\PokerNotifier.exe
SafeBoot-mcmscsvc
SafeBoot-MCODS
AddRemove-Umwelt Technik Arbeitsblätter 2 - c:\windows\IsUn0407.exe
AddRemove-Winload Toolbar - c:\progra~1\Winload\UNWISE.EXE
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(632)
c:\program files\SMART Technologies\SMART Product Drivers\UtahHook.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\SYSTEM32\WISPTIS.EXE
c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\windows\system32\PSIService.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\PostgreSQL\8.3\bin\postgres.exe
c:\windows\system32\conhost.exe
c:\program files\PostgreSQL\8.3\bin\postgres.exe
c:\program files\PostgreSQL\8.3\bin\postgres.exe
c:\program files\PostgreSQL\8.3\bin\postgres.exe
c:\program files\PostgreSQL\8.3\bin\postgres.exe
c:\program files\PostgreSQL\8.3\bin\postgres.exe
c:\windows\system32\WUDFHost.exe
c:\windows\SYSTEM32\WISPTIS.EXE
c:\program files\Common Files\microsoft shared\ink\TabTip.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\taskhost.exe
c:\program files\Samsung\Samsung Update Plus\SUPBackground.exe
c:\program files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
c:\program files\Samsung\Samsung Support Center\SSCKbdHk.exe
c:\windows\system32\conhost.exe
c:\windows\system32\igfxext.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\windows\System32\rundll32.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\program files\SMART Technologies\SMART Product Drivers\Aware.exe
c:\program files\SMART Technologies\SMART Product Drivers\Marker.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
c:\program files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-06-13  15:20:16 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-06-13 13:20
.
Vor Suchlauf: 12 Verzeichnis(se), 94.420.967.424 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 94.291.087.360 Bytes frei
.
- - End Of File - - C7A489ED39E8F7822C2F1CE300F4BD47
         
--- --- ---

Alt 13.06.2012, 16:46   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Live Security Platinum - Malwarebytes meldet Löschung von 3 infizierten Dateien, sind aber wieder da - Standard

Live Security Platinum - Malwarebytes meldet Löschung von 3 infizierten Dateien, sind aber wieder da



Combofix - Scripten

1. Starte das Notepad (Start / Ausführen / notepad[Enter])

2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein.

Code:
ATTFilter
Folder::
c:\windows\system32\%APPDATA%
c:\programdata\F4D55F3B00017A63000BC0D3B4EB23C1
         
3. Speichere im Notepad als CFScript.txt auf dem Desktop.

4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall.
(Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !)

5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.



6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien:
Combofix.txt

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 13.06.2012, 21:40   #15
Magnetiseur
 
Live Security Platinum - Malwarebytes meldet Löschung von 3 infizierten Dateien, sind aber wieder da - Standard

Live Security Platinum - Malwarebytes meldet Löschung von 3 infizierten Dateien, sind aber wieder da



Ok, hier das nächste Log:

Combofix Logfile:
Code:
ATTFilter
ComboFix 12-06-13.04 - Sarah 13.06.2012  20:30:27.2.2 - x86
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.3005.1743 [GMT 2:00]
ausgeführt von:: c:\users\Sarah\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Sarah\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\F4D55F3B00017A63000BC0D3B4EB23C1
c:\programdata\F4D55F3B00017A63000BC0D3B4EB23C1\F4D55F3B00017A63000BC0D3B4EB23C1
c:\windows\system32\%APPDATA%
c:\windows\system32\%APPDATA%\Microsoft\Windows\IETldCache\index.dat
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-05-13 bis 2012-06-13  ))))))))))))))))))))))))))))))
.
.
2012-06-13 18:38 . 2012-06-13 18:38	--------	d-----w-	c:\users\Sarah\AppData\Local\temp
2012-06-13 18:38 . 2012-06-13 18:38	--------	d-----w-	c:\users\postgres\AppData\Local\temp
2012-06-13 18:38 . 2012-06-13 18:38	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-06-13 15:21 . 2012-06-13 15:21	4126880	----a-w-	c:\windows\system32\FlashPlayerInstaller.exe
2012-06-13 15:08 . 2012-06-13 15:08	--------	d-----w-	c:\program files\Common Files\Skype
2012-06-13 14:54 . 2012-06-13 14:54	--------	d-----w-	c:\users\Sarah\AppData\Local\Macromedia
2012-06-13 14:51 . 2012-06-13 14:51	--------	d-----w-	c:\programdata\Apple Computer
2012-06-13 14:48 . 2012-06-13 14:48	476936	----a-w-	c:\windows\system32\npdeployJava1.dll
2012-06-13 14:33 . 2012-06-13 14:33	--------	d-----w-	c:\users\Sarah\AppData\Local\Secunia PSI
2012-06-13 14:33 . 2012-06-13 14:33	--------	d-----w-	c:\program files\Secunia
2012-06-13 10:35 . 2012-05-17 22:24	2382848	----a-w-	c:\windows\system32\mshtml.tlb
2012-06-13 10:35 . 2012-05-17 23:21	140920	----a-w-	c:\program files\Internet Explorer\sqmapi.dll
2012-06-13 10:35 . 2012-05-17 22:31	194560	----a-w-	c:\program files\Internet Explorer\ieproxy.dll
2012-06-13 10:35 . 2012-05-17 22:31	194048	----a-w-	c:\program files\Internet Explorer\IEShims.dll
2012-06-13 06:41 . 2012-04-28 03:17	183808	----a-w-	c:\windows\system32\drivers\rdpwd.sys
2012-06-13 06:41 . 2012-05-15 01:05	2343936	----a-w-	c:\windows\system32\win32k.sys
2012-06-13 06:41 . 2012-04-26 04:45	58880	----a-w-	c:\windows\system32\rdpwsx.dll
2012-06-13 06:41 . 2012-04-26 04:45	129536	----a-w-	c:\windows\system32\rdpcorekmts.dll
2012-06-13 06:41 . 2012-04-26 04:41	8192	----a-w-	c:\windows\system32\rdrmemptylst.exe
2012-06-12 05:53 . 2012-06-12 05:53	--------	d-----w-	C:\_OTL
2012-06-10 19:51 . 2012-06-10 19:51	--------	d-----w-	c:\program files\ESET
2012-06-09 11:32 . 2012-06-09 11:32	770384	----a-w-	c:\program files\Mozilla Firefox\msvcr100.dll
2012-06-09 11:32 . 2012-06-09 11:32	421200	----a-w-	c:\program files\Mozilla Firefox\msvcp100.dll
2012-06-08 17:36 . 2012-06-08 17:36	--------	d-----w-	c:\programdata\HitmanPro
2012-06-08 10:37 . 2012-06-08 10:37	--------	d-----w-	c:\program files\madagaskar
2012-06-08 10:37 . 2012-04-04 13:56	22344	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-06-08 09:47 . 2012-05-08 16:40	6737808	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{ADDEA680-1ACE-4137-8456-D23A24763456}\mpengine.dll
2012-06-03 13:34 . 2012-06-13 15:21	419488	----a-w-	c:\windows\system32\FlashPlayerApp.exe
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-13 15:21 . 2012-02-02 22:23	70304	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-13 14:48 . 2010-05-04 07:35	472840	----a-w-	c:\windows\system32\deployJava1.dll
2012-04-18 18:56 . 2012-04-18 18:56	94208	----a-w-	c:\windows\system32\QuickTimeVR.qtx
2012-04-18 18:56 . 2012-04-18 18:56	69632	----a-w-	c:\windows\system32\QuickTime.qts
2012-03-31 04:39 . 2012-05-09 19:33	3913072	----a-w-	c:\windows\system32\ntoskrnl.exe
2012-03-31 04:39 . 2012-05-09 19:33	3968368	----a-w-	c:\windows\system32\ntkrnlpa.exe
2012-03-30 10:23 . 2012-05-09 19:34	1291632	----a-w-	c:\windows\system32\drivers\tcpip.sys
2012-03-27 18:41 . 2009-12-08 17:23	2300696	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2012-03-27 18:41 . 2010-11-05 17:35	42776	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-03-27 18:41 . 2010-01-06 07:55	1236816	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2012-03-19 20:59 . 2009-07-14 02:05	152576	----a-w-	c:\windows\system32\msclmd.dll
2012-03-17 07:27 . 2012-05-09 19:33	56176	----a-w-	c:\windows\system32\drivers\partmgr.sys
2012-06-09 11:32 . 2011-05-16 19:24	85472	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-09-17 39408]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-09-29 7744032]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-07-14 1541416]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SMART Board Service"="c:\program files\SMART Technologies\SMART Product Drivers\SMARTBoardService.exe" [2010-01-05 3372328]
"SMART SNMP Agent"="c:\program files\SMART Technologies\SMART Product Drivers\SMARTSNMPAgent.exe" [2010-01-05 1053992]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 170520]
"Malwarebytes' Anti-Malware"="c:\program files\madagaskar\mbamgui.exe" [2012-04-04 462408]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-18 421888]
.
c:\users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Scanner Finder.lnk - c:\program files\ScanWizard 5\ScannerFinder.exe [2010-1-7 356352]
Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2011-10-14 291896]
SMART Board-Werkzeuge.lnk - c:\program files\SMART Technologies\SMART Product Drivers\SMARTBoardTools.exe [2010-1-5 11154728]
VPN Client.lnk - c:\windows\Installer\{B0BF7057-6869-4E4B-920C-EA2A58DA07F0}\Icon3E5562ED7.ico [2011-5-17 6144]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-07 135664]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2012-06-05 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-13 257696]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [2009-12-07 201168]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-07 135664]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [2009-10-12 101120]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-09 113120]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-04-19 691696]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [2009-05-28 10752]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 acedrv10;acedrv10;c:\windows\system32\drivers\acedrv10.sys [2007-10-28 583128]
S2 acehlp10;acehlp10;c:\windows\system32\drivers\acehlp10.sys [2007-10-26 250560]
S2 MBAMService;MBAMService;c:\program files\madagaskar\mbamservice.exe [2012-04-04 654408]
S2 OberonGameConsoleService;Oberon Media Game Console service;c:\program files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe [2009-08-13 44312]
S2 pgsql-8.3;PostgreSQL Database Server 8.3;c:\program files\PostgreSQL\8.3\bin\pg_ctl.exe [2008-09-19 65536]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\PSIA.exe [2011-10-14 994360]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [2011-10-14 399416]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 22344]
S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2010-09-01 15544]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-31 187392]
S3 SMARTMouseFilterx86;HID-compliant mouse;c:\windows\system32\DRIVERS\SMARTMouseFilterx86.sys [2009-12-15 11048]
S3 SMARTVHidMini2000x86;SMART HID Device;c:\windows\system32\DRIVERS\SMARTVHidMini2000x86.sys [2009-12-15 14120]
S3 SMARTVTabletPCx86;SMART Virtual TabletPC;c:\windows\system32\DRIVERS\SMARTVTabletPCx86.sys [2009-12-15 13440]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-06-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-03 15:21]
.
2012-06-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-07 14:32]
.
2012-06-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-07 14:32]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = 
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{90EAE591-7E7E-434a-8E28-ECFD00071806} - c:\program files\PokerStars.FR\PokerStarsUpdate.exe
TCP: DhcpNameServer = 192.168.178.1
TCP: Interfaces\{4F84A043-FD63-43E5-8299-06DDA3ED9C9F}: NameServer = 193.189.244.225 193.189.244.206
TCP: Interfaces\{57D0DCD6-B7E1-4D82-916B-816B68ACA0C5}: NameServer = 193.189.244.225 193.189.244.206
TCP: Interfaces\{9539C053-D6E2-4FA1-A6F6-49629EE48D8E}: NameServer = 193.189.244.225 193.189.244.206
FF - ProfilePath - c:\users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\x6grzyfh.default\
FF - prefs.js: browser.search.selectedEngine - LEO Eng-Deu
FF - user.js: yahoo.homepage.dontask - true
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-06-13  20:47:14
ComboFix-quarantined-files.txt  2012-06-13 18:47
ComboFix2.txt  2012-06-13 13:20
.
Vor Suchlauf: 15 Verzeichnis(se), 92.251.070.464 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 92.079.673.344 Bytes frei
.
- - End Of File - - 009475CDDF7289FBEACB488D2E874126
         
--- --- ---


Vielen Dank mal wieder und Gruß,
Magnetiseur

Antwort

Themen zu Live Security Platinum - Malwarebytes meldet Löschung von 3 infizierten Dateien, sind aber wieder da
80000000.@, 800000cb.@, administrator, alternate, anti-malware, antivir, conduit, dateisystem, entfernen, explorer, forum, heuristiks/extra, heuristiks/shuriken, infizierte, live, live security platinum, malwarebyte auswertung, malwarebytes, platinum, plötzlich, programm, quarantäne, rechner, rootkit.0access, searchscopes, security, service, speicher, taskhost.exe, thema, trojan.sirefef, trojan.small, version, version=1.0, winload toolbar



Ähnliche Themen: Live Security Platinum - Malwarebytes meldet Löschung von 3 infizierten Dateien, sind aber wieder da


  1. Malwarebytes meldet infizierten Laptop.
    Log-Analyse und Auswertung - 20.12.2013 (5)
  2. troj zero acces in: Live Security Platinum und Microsoft\Security Center|
    Log-Analyse und Auswertung - 10.12.2012 (7)
  3. Live Security Platinum - leider mal wieder
    Plagegeister aller Art und deren Bekämpfung - 03.10.2012 (33)
  4. Live Security Platinum eingefangen - wie werde ich den wieder los?
    Log-Analyse und Auswertung - 20.09.2012 (28)
  5. Der Metz wieder: live security platinum legt Rechner Lahm
    Plagegeister aller Art und deren Bekämpfung - 10.09.2012 (9)
  6. LIVE SECURITY PLATINUM Trojaner entfernt. Avira Antivir startet aber keinen Suchlauf!
    Plagegeister aller Art und deren Bekämpfung - 06.09.2012 (16)
  7. Live Security Platinum und dessen Anhang - mal wieder
    Plagegeister aller Art und deren Bekämpfung - 01.09.2012 (1)
  8. LIVE SECURITY PLATINUM: kein Browser ruft Webseiten auf - habe versehentlich alle Malwarebytes-Funde entfernt
    Plagegeister aller Art und deren Bekämpfung - 28.08.2012 (1)
  9. Live Security Platinum
    Plagegeister aller Art und deren Bekämpfung - 07.08.2012 (5)
  10. Live Security Platinum wieder entfernen?
    Log-Analyse und Auswertung - 24.07.2012 (27)
  11. (2x) Live Security Platinum - keine .exe Dateien möglich
    Mülltonne - 23.07.2012 (1)
  12. Live Security Platinum - Wie System wieder sauber bekommen? Evtl. ZeroAccess?
    Plagegeister aller Art und deren Bekämpfung - 22.07.2012 (2)
  13. Live Security Platinum auf dem Laptop mit Logfiles - ist nun nach Malwarebytes alles gut?
    Mülltonne - 20.07.2012 (0)
  14. Live Security Platinum entfernen - hier mein Malwarebytes scan
    Plagegeister aller Art und deren Bekämpfung - 19.07.2012 (1)
  15. Infektion mit Live Security Platinum: Dateien lassen sich nicht mehr ausführen inkl. F8
    Plagegeister aller Art und deren Bekämpfung - 15.07.2012 (33)
  16. PC wiederholt verseucht mit "Live Security Platinum", jetzt wieder sauber?
    Log-Analyse und Auswertung - 21.06.2012 (1)
  17. Sind die infizierten Dateien schlimm?
    Mülltonne - 19.02.2010 (1)

Zum Thema Live Security Platinum - Malwarebytes meldet Löschung von 3 infizierten Dateien, sind aber wieder da - Hallo, ich bitte um eure Hilfe. Heute mittag meldetet sich plötzlich ein Programm namens "Live Security Platinum" auf dem PC meiner Freundin. Nach chaotischer Googlesuche (ich habe leider sehr wenig - Live Security Platinum - Malwarebytes meldet Löschung von 3 infizierten Dateien, sind aber wieder da...
Archiv
Du betrachtest: Live Security Platinum - Malwarebytes meldet Löschung von 3 infizierten Dateien, sind aber wieder da auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.