| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Trojaner: Sirefef.X / Sirefef.E / Conedex.A und Exploit: JS/Blacole.FFWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
11.06.2012, 15:42
| #16 |
 |  Trojaner: Sirefef.X / Sirefef.E / Conedex.A und Exploit: JS/Blacole.FFCode:
ATTFilter 16:38:29.0518 1160 TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
16:38:29.0689 1160 ============================================================
16:38:29.0689 1160 Current date / time: 2012/06/11 16:38:29.0689
16:38:29.0689 1160 SystemInfo:
16:38:29.0689 1160
16:38:29.0689 1160 OS Version: 6.1.7601 ServicePack: 1.0
16:38:29.0689 1160 Product type: Workstation
16:38:29.0689 1160 ComputerName: BONNY-PC
16:38:29.0689 1160 UserName: bonny
16:38:29.0689 1160 Windows directory: C:\Windows
16:38:29.0689 1160 System windows directory: C:\Windows
16:38:29.0689 1160 Running under WOW64
16:38:29.0689 1160 Processor architecture: Intel x64
16:38:29.0689 1160 Number of processors: 2
16:38:29.0689 1160 Page size: 0x1000
16:38:29.0689 1160 Boot type: Normal boot
16:38:29.0689 1160 ============================================================
16:38:30.0236 1160 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:38:30.0241 1160 ============================================================
16:38:30.0241 1160 \Device\Harddisk0\DR0:
16:38:30.0242 1160 MBR partitions:
16:38:30.0242 1160 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1801F5F, BlocksNum 0x32FCD
16:38:30.0242 1160 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1834F2C, BlocksNum 0x38B50904
16:38:30.0242 1160 ============================================================
16:38:30.0275 1160 C: <-> \Device\Harddisk0\DR0\Partition1
16:38:30.0275 1160 ============================================================
16:38:30.0275 1160 Initialize success
16:38:30.0275 1160 ============================================================
16:39:00.0104 0600 ============================================================
16:39:00.0104 0600 Scan started
16:39:00.0104 0600 Mode: Manual; SigCheck; TDLFS;
16:39:00.0104 0600 ============================================================
16:39:00.0564 0600 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
16:39:00.0670 0600 1394ohci - ok
16:39:00.0699 0600 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
16:39:00.0727 0600 ACPI - ok
16:39:00.0764 0600 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
16:39:00.0853 0600 AcpiPmi - ok
16:39:00.0990 0600 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
16:39:01.0010 0600 AdobeARMservice - ok
16:39:01.0122 0600 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
16:39:01.0155 0600 AdobeFlashPlayerUpdateSvc - ok
16:39:01.0227 0600 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
16:39:01.0273 0600 adp94xx - ok
16:39:01.0340 0600 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
16:39:01.0371 0600 adpahci - ok
16:39:01.0418 0600 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
16:39:01.0449 0600 adpu320 - ok
16:39:01.0480 0600 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
16:39:01.0621 0600 AeLookupSvc - ok
16:39:01.0683 0600 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
16:39:01.0777 0600 AFD - ok
16:39:01.0823 0600 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
16:39:01.0855 0600 agp440 - ok
16:39:01.0870 0600 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
16:39:01.0964 0600 ALG - ok
16:39:02.0011 0600 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
16:39:02.0026 0600 aliide - ok
16:39:02.0057 0600 AMD External Events Utility (20c8a3e435a47f0408a1ea674afa6194) C:\Windows\system32\atiesrxx.exe
16:39:02.0182 0600 AMD External Events Utility - ok
16:39:02.0213 0600 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
16:39:02.0245 0600 amdide - ok
16:39:02.0276 0600 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
16:39:02.0341 0600 AmdK8 - ok
16:39:02.0904 0600 amdkmdag (0b45c18b0f3ee996d25baa4e74884b83) C:\Windows\system32\DRIVERS\atikmdag.sys
16:39:03.0245 0600 amdkmdag - ok
16:39:03.0387 0600 amdkmdap (0e57258e5cc4cc7a9a9a877afdf0cec6) C:\Windows\system32\DRIVERS\atikmpag.sys
16:39:03.0434 0600 amdkmdap - ok
16:39:03.0496 0600 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
16:39:03.0528 0600 AmdPPM - ok
16:39:03.0574 0600 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
16:39:03.0590 0600 amdsata - ok
16:39:03.0652 0600 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
16:39:03.0699 0600 amdsbs - ok
16:39:03.0715 0600 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
16:39:03.0715 0600 amdxata - ok
16:39:03.0762 0600 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
16:39:03.0964 0600 AppID - ok
16:39:03.0980 0600 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
16:39:04.0027 0600 AppIDSvc - ok
16:39:04.0089 0600 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
16:39:04.0152 0600 Appinfo - ok
16:39:04.0198 0600 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
16:39:04.0214 0600 arc - ok
16:39:04.0230 0600 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
16:39:04.0245 0600 arcsas - ok
16:39:04.0261 0600 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
16:39:04.0351 0600 AsyncMac - ok
16:39:04.0386 0600 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
16:39:04.0400 0600 atapi - ok
16:39:04.0489 0600 athr (0acc06fcf46f64ed4f11e57ee461c1f4) C:\Windows\system32\DRIVERS\athrx.sys
16:39:04.0598 0600 athr - ok
16:39:05.0259 0600 atikmdag (0b45c18b0f3ee996d25baa4e74884b83) C:\Windows\system32\DRIVERS\atikmdag.sys
16:39:05.0392 0600 atikmdag - ok
16:39:05.0548 0600 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
16:39:05.0642 0600 AudioEndpointBuilder - ok
16:39:05.0657 0600 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
16:39:05.0704 0600 AudioSrv - ok
16:39:05.0767 0600 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
16:39:05.0876 0600 AxInstSV - ok
16:39:05.0954 0600 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
16:39:06.0032 0600 b06bdrv - ok
16:39:06.0063 0600 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
16:39:06.0125 0600 b57nd60a - ok
16:39:06.0297 0600 BCM43XX (b44879610f2dc4a046b14befa3ae72de) C:\Windows\system32\DRIVERS\bcmwl664.sys
16:39:06.0433 0600 BCM43XX - ok
16:39:06.0524 0600 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
16:39:06.0576 0600 BDESVC - ok
16:39:06.0621 0600 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
16:39:06.0700 0600 Beep - ok
16:39:06.0794 0600 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
16:39:06.0900 0600 BFE - ok
16:39:06.0978 0600 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
16:39:07.0085 0600 BITS - ok
16:39:07.0151 0600 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
16:39:07.0190 0600 blbdrive - ok
16:39:07.0242 0600 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
16:39:07.0277 0600 bowser - ok
16:39:07.0300 0600 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
16:39:07.0378 0600 BrFiltLo - ok
16:39:07.0409 0600 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
16:39:07.0441 0600 BrFiltUp - ok
16:39:07.0472 0600 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
16:39:07.0534 0600 Browser - ok
16:39:07.0565 0600 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
16:39:07.0643 0600 Brserid - ok
16:39:07.0659 0600 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
16:39:07.0690 0600 BrSerWdm - ok
16:39:07.0721 0600 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
16:39:07.0768 0600 BrUsbMdm - ok
16:39:07.0784 0600 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
16:39:07.0831 0600 BrUsbSer - ok
16:39:07.0846 0600 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
16:39:07.0877 0600 BTHMODEM - ok
16:39:07.0924 0600 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
16:39:07.0987 0600 bthserv - ok
16:39:08.0033 0600 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
16:39:08.0080 0600 cdfs - ok
16:39:08.0143 0600 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
16:39:08.0174 0600 cdrom - ok
16:39:08.0236 0600 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
16:39:08.0314 0600 CertPropSvc - ok
16:39:08.0345 0600 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
16:39:08.0387 0600 circlass - ok
16:39:08.0430 0600 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
16:39:08.0459 0600 CLFS - ok
16:39:08.0513 0600 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:39:08.0533 0600 clr_optimization_v2.0.50727_32 - ok
16:39:08.0572 0600 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
16:39:08.0589 0600 clr_optimization_v2.0.50727_64 - ok
16:39:08.0670 0600 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:39:08.0688 0600 clr_optimization_v4.0.30319_32 - ok
16:39:08.0742 0600 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
16:39:08.0762 0600 clr_optimization_v4.0.30319_64 - ok
16:39:08.0793 0600 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
16:39:08.0822 0600 CmBatt - ok
16:39:08.0848 0600 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
16:39:08.0861 0600 cmdide - ok
16:39:08.0916 0600 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
16:39:08.0974 0600 CNG - ok
16:39:09.0008 0600 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
16:39:09.0022 0600 Compbatt - ok
16:39:09.0059 0600 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
16:39:09.0092 0600 CompositeBus - ok
16:39:09.0106 0600 COMSysApp - ok
16:39:09.0128 0600 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
16:39:09.0141 0600 crcdisk - ok
16:39:09.0188 0600 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
16:39:09.0255 0600 CryptSvc - ok
16:39:09.0292 0600 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
16:39:09.0364 0600 DcomLaunch - ok
16:39:09.0442 0600 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
16:39:09.0533 0600 defragsvc - ok
16:39:09.0582 0600 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
16:39:09.0636 0600 DfsC - ok
16:39:09.0676 0600 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
16:39:09.0743 0600 Dhcp - ok
16:39:09.0765 0600 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
16:39:09.0804 0600 discache - ok
16:39:09.0859 0600 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
16:39:09.0884 0600 Disk - ok
16:39:09.0990 0600 DKbFltr (d5bcb77be83cf99f508943945d46343d) C:\Windows\SysWOW64\Drivers\DKbFltr.sys
16:39:10.0002 0600 DKbFltr - ok
16:39:10.0040 0600 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
16:39:10.0085 0600 Dnscache - ok
16:39:10.0122 0600 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
16:39:10.0197 0600 dot3svc - ok
16:39:10.0226 0600 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
16:39:10.0278 0600 DPS - ok
16:39:10.0320 0600 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
16:39:10.0338 0600 drmkaud - ok
16:39:10.0406 0600 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
16:39:10.0447 0600 DXGKrnl - ok
16:39:10.0461 0600 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
16:39:10.0523 0600 EapHost - ok
16:39:10.0695 0600 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
16:39:10.0835 0600 ebdrv - ok
16:39:10.0929 0600 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
16:39:10.0991 0600 EFS - ok
16:39:11.0069 0600 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
16:39:11.0163 0600 ehRecvr - ok
16:39:11.0194 0600 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
16:39:11.0257 0600 ehSched - ok
16:39:11.0335 0600 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
16:39:11.0397 0600 elxstor - ok
16:39:11.0491 0600 ePowerSvc (8e910f796f5f30281cdd24aba47ddea2) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
16:39:11.0569 0600 ePowerSvc - ok
16:39:11.0693 0600 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
16:39:11.0725 0600 ErrDev - ok
16:39:11.0787 0600 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
16:39:11.0881 0600 EventSystem - ok
16:39:11.0912 0600 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
16:39:11.0959 0600 exfat - ok
16:39:11.0990 0600 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
16:39:12.0037 0600 fastfat - ok
16:39:12.0115 0600 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
16:39:12.0177 0600 Fax - ok
16:39:12.0193 0600 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
16:39:12.0208 0600 fdc - ok
16:39:12.0239 0600 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
16:39:12.0319 0600 fdPHost - ok
16:39:12.0341 0600 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
16:39:12.0408 0600 FDResPub - ok
16:39:12.0444 0600 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
16:39:12.0459 0600 FileInfo - ok
16:39:12.0469 0600 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
16:39:12.0523 0600 Filetrace - ok
16:39:12.0558 0600 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
16:39:12.0585 0600 flpydisk - ok
16:39:12.0643 0600 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
16:39:12.0681 0600 FltMgr - ok
16:39:12.0757 0600 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
16:39:12.0879 0600 FontCache - ok
16:39:12.0938 0600 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
16:39:12.0954 0600 FontCache3.0.0.0 - ok
16:39:13.0009 0600 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
16:39:13.0032 0600 FsDepends - ok
16:39:13.0055 0600 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
16:39:13.0077 0600 Fs_Rec - ok
16:39:13.0122 0600 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
16:39:13.0143 0600 fvevol - ok
16:39:13.0173 0600 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
16:39:13.0187 0600 gagp30kx - ok
16:39:13.0246 0600 GDPkIcpt (290ddb8c97249f99569b77e9df2f76fc) C:\Windows\system32\drivers\PktIcpt.sys
16:39:13.0267 0600 GDPkIcpt - ok
16:39:13.0320 0600 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
16:39:13.0445 0600 gpsvc - ok
16:39:13.0554 0600 Greg_Service (816fd5a6f3c2f3d600900096632fc60e) C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
16:39:13.0632 0600 Greg_Service - ok
16:39:13.0710 0600 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
16:39:13.0742 0600 gupdate - ok
16:39:13.0757 0600 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
16:39:13.0773 0600 gupdatem - ok
16:39:13.0882 0600 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
16:39:13.0913 0600 hcw85cir - ok
16:39:13.0976 0600 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
16:39:14.0038 0600 HdAudAddService - ok
16:39:14.0100 0600 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
16:39:14.0147 0600 HDAudBus - ok
16:39:14.0178 0600 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
16:39:14.0210 0600 HidBatt - ok
16:39:14.0241 0600 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
16:39:14.0272 0600 HidBth - ok
16:39:14.0288 0600 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
16:39:14.0303 0600 HidIr - ok
16:39:14.0334 0600 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
16:39:14.0388 0600 hidserv - ok
16:39:14.0450 0600 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
16:39:14.0475 0600 HidUsb - ok
16:39:14.0506 0600 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
16:39:14.0546 0600 hkmsvc - ok
16:39:14.0590 0600 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
16:39:14.0666 0600 HomeGroupListener - ok
16:39:14.0690 0600 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
16:39:14.0708 0600 HomeGroupProvider - ok
16:39:14.0757 0600 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
16:39:14.0780 0600 HpSAMD - ok
16:39:14.0847 0600 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
16:39:14.0948 0600 HTTP - ok
16:39:14.0980 0600 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
16:39:14.0994 0600 hwpolicy - ok
16:39:15.0049 0600 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
16:39:15.0074 0600 i8042prt - ok
16:39:15.0185 0600 IAANTMON (660bf3255a1eb18ed803fd2fba6ae400) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
16:39:15.0232 0600 IAANTMON - ok
16:39:15.0269 0600 iaStor (be7d72fcf442c26975942007e0831241) C:\Windows\system32\DRIVERS\iaStor.sys
16:39:15.0286 0600 iaStor - ok
16:39:15.0360 0600 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
16:39:15.0399 0600 iaStorV - ok
16:39:15.0508 0600 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
16:39:15.0570 0600 idsvc - ok
16:39:15.0882 0600 igfx (a87261ef1546325b559374f5689cf5bc) C:\Windows\system32\DRIVERS\igdkmd64.sys
16:39:16.0070 0600 igfx - ok
16:39:16.0194 0600 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
16:39:16.0226 0600 iirsp - ok
16:39:16.0304 0600 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
16:39:16.0394 0600 IKEEXT - ok
16:39:16.0521 0600 IntcAzAudAddService (0c3cf4b3bae28e121a1689e3538f8712) C:\Windows\system32\drivers\RTKVHD64.sys
16:39:16.0563 0600 IntcAzAudAddService - ok
16:39:16.0689 0600 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
16:39:16.0711 0600 intelide - ok
16:39:16.0743 0600 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
16:39:16.0787 0600 intelppm - ok
16:39:16.0829 0600 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
16:39:16.0896 0600 IPBusEnum - ok
16:39:16.0936 0600 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:39:16.0992 0600 IpFilterDriver - ok
16:39:17.0041 0600 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
16:39:17.0114 0600 iphlpsvc - ok
16:39:17.0149 0600 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
16:39:17.0165 0600 IPMIDRV - ok
16:39:17.0199 0600 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
16:39:17.0255 0600 IPNAT - ok
16:39:17.0276 0600 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
16:39:17.0363 0600 IRENUM - ok
16:39:17.0403 0600 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
16:39:17.0488 0600 isapnp - ok
16:39:17.0517 0600 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
16:39:17.0553 0600 iScsiPrt - ok
16:39:17.0566 0600 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
16:39:17.0579 0600 kbdclass - ok
16:39:17.0590 0600 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
16:39:17.0605 0600 kbdhid - ok
16:39:17.0626 0600 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:39:17.0639 0600 KeyIso - ok
16:39:17.0657 0600 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
16:39:17.0672 0600 KSecDD - ok
16:39:17.0694 0600 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
16:39:17.0711 0600 KSecPkg - ok
16:39:17.0733 0600 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
16:39:17.0778 0600 ksthunk - ok
16:39:17.0846 0600 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
16:39:17.0909 0600 KtmRm - ok
16:39:17.0975 0600 L1C (9c46a5421de9d116c47155317cabb522) C:\Windows\system32\DRIVERS\L1C62x64.sys
16:39:18.0023 0600 L1C - ok
16:39:18.0065 0600 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
16:39:18.0125 0600 LanmanServer - ok
16:39:18.0153 0600 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
16:39:18.0201 0600 LanmanWorkstation - ok
16:39:18.0244 0600 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
16:39:18.0294 0600 lltdio - ok
16:39:18.0340 0600 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
16:39:18.0427 0600 lltdsvc - ok
16:39:18.0458 0600 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
16:39:18.0490 0600 lmhosts - ok
16:39:18.0521 0600 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
16:39:18.0536 0600 LSI_FC - ok
16:39:18.0568 0600 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
16:39:18.0583 0600 LSI_SAS - ok
16:39:18.0599 0600 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
16:39:18.0614 0600 LSI_SAS2 - ok
16:39:18.0630 0600 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
16:39:18.0646 0600 LSI_SCSI - ok
16:39:18.0661 0600 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
16:39:18.0708 0600 luafv - ok
16:39:18.0755 0600 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
16:39:18.0770 0600 MBAMProtector - ok
16:39:18.0880 0600 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
16:39:18.0942 0600 MBAMService - ok
16:39:18.0973 0600 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
16:39:19.0004 0600 Mcx2Svc - ok
16:39:19.0036 0600 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
16:39:19.0051 0600 megasas - ok
16:39:19.0067 0600 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
16:39:19.0098 0600 MegaSR - ok
16:39:19.0160 0600 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
16:39:19.0176 0600 Microsoft Office Groove Audit Service - ok
16:39:19.0223 0600 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
16:39:19.0285 0600 MMCSS - ok
16:39:19.0316 0600 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
16:39:19.0397 0600 Modem - ok
16:39:19.0431 0600 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
16:39:19.0458 0600 monitor - ok
16:39:19.0503 0600 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
16:39:19.0525 0600 mouclass - ok
16:39:19.0557 0600 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
16:39:19.0584 0600 mouhid - ok
16:39:19.0618 0600 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
16:39:19.0633 0600 mountmgr - ok
16:39:19.0690 0600 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
16:39:19.0712 0600 MozillaMaintenance - ok
16:39:19.0765 0600 MpFilter (94c66ededcdb6a126880472f9a704d8e) C:\Windows\system32\DRIVERS\MpFilter.sys
16:39:19.0789 0600 MpFilter - ok
16:39:19.0826 0600 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
16:39:19.0842 0600 mpio - ok
16:39:19.0869 0600 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
16:39:19.0907 0600 mpsdrv - ok
16:39:19.0977 0600 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
16:39:20.0077 0600 MpsSvc - ok
16:39:20.0111 0600 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
16:39:20.0148 0600 MRxDAV - ok
16:39:20.0183 0600 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
16:39:20.0236 0600 mrxsmb - ok
16:39:20.0284 0600 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:39:20.0330 0600 mrxsmb10 - ok
16:39:20.0351 0600 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:39:20.0366 0600 mrxsmb20 - ok
16:39:20.0398 0600 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
16:39:20.0413 0600 msahci - ok
16:39:20.0507 0600 MSCamSvc (41fb1d61df09c36ccab0b04eec66f6d5) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
16:39:20.0538 0600 MSCamSvc - ok
16:39:20.0554 0600 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
16:39:20.0569 0600 msdsm - ok
16:39:20.0600 0600 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
16:39:20.0632 0600 MSDTC - ok
16:39:20.0678 0600 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
16:39:20.0725 0600 Msfs - ok
16:39:20.0725 0600 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
16:39:20.0788 0600 mshidkmdf - ok
16:39:20.0834 0600 MSHUSBVideo (bb590070d606ae6f008341fc9a7b2ad7) C:\Windows\system32\Drivers\nx6000.sys
16:39:20.0850 0600 MSHUSBVideo - ok
16:39:20.0881 0600 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
16:39:20.0897 0600 msisadrv - ok
16:39:20.0928 0600 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
16:39:21.0022 0600 MSiSCSI - ok
16:39:21.0022 0600 msiserver - ok
16:39:21.0053 0600 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
16:39:21.0115 0600 MSKSSRV - ok
16:39:21.0162 0600 MsMpSvc (59faaf2c83c8169ea20f9e335e418907) c:\Program Files\Microsoft Security Client\MsMpEng.exe
16:39:21.0193 0600 MsMpSvc - ok
16:39:21.0209 0600 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
16:39:21.0271 0600 MSPCLOCK - ok
16:39:21.0302 0600 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
16:39:21.0349 0600 MSPQM - ok
16:39:21.0396 0600 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
16:39:21.0412 0600 MsRPC - ok
16:39:21.0458 0600 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
16:39:21.0474 0600 mssmbios - ok
16:39:21.0505 0600 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
16:39:21.0558 0600 MSTEE - ok
16:39:21.0579 0600 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
16:39:21.0615 0600 MTConfig - ok
16:39:21.0640 0600 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
16:39:21.0655 0600 Mup - ok
16:39:21.0690 0600 mwlPSDFilter (6ffecc25b39dc7652a0cec0ada9db589) C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
16:39:21.0706 0600 mwlPSDFilter - ok
16:39:21.0723 0600 mwlPSDNServ (0befe32ca56d6ee89d58175725596a85) C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
16:39:21.0732 0600 mwlPSDNServ - ok
16:39:21.0745 0600 mwlPSDVDisk (d43bc633b8660463e446e28e14a51262) C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
16:39:21.0754 0600 mwlPSDVDisk - ok
16:39:21.0869 0600 MWLService (2f139207f618ec2933830227eeffddb4) C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe
16:39:21.0901 0600 MWLService - ok
16:39:21.0948 0600 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
16:39:22.0022 0600 napagent - ok
16:39:22.0085 0600 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
16:39:22.0142 0600 NativeWifiP - ok
16:39:22.0217 0600 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
16:39:22.0272 0600 NDIS - ok
16:39:22.0315 0600 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
16:39:22.0357 0600 NdisCap - ok
16:39:22.0385 0600 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
16:39:22.0435 0600 NdisTapi - ok
16:39:22.0454 0600 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
16:39:22.0516 0600 Ndisuio - ok
16:39:22.0548 0600 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
16:39:22.0604 0600 NdisWan - ok
16:39:22.0622 0600 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
16:39:22.0679 0600 NDProxy - ok
16:39:22.0726 0600 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
16:39:22.0789 0600 NetBIOS - ok
16:39:22.0838 0600 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
16:39:22.0890 0600 NetBT - ok
16:39:22.0921 0600 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:39:22.0935 0600 Netlogon - ok
16:39:23.0005 0600 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
16:39:23.0085 0600 Netman - ok
16:39:23.0120 0600 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
16:39:23.0201 0600 netprofm - ok
16:39:23.0259 0600 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:39:23.0271 0600 NetTcpPortSharing - ok
16:39:23.0305 0600 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
16:39:23.0320 0600 nfrd960 - ok
16:39:23.0358 0600 NisDrv (91b4e0273d2f6c24ef845f2b41311289) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
16:39:23.0371 0600 NisDrv - ok
16:39:23.0473 0600 NisSrv (10a43829a9e606af3eef25a1c1665923) c:\Program Files\Microsoft Security Client\NisSrv.exe
16:39:23.0513 0600 NisSrv - ok
16:39:23.0574 0600 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
16:39:23.0653 0600 NlaSvc - ok
16:39:23.0676 0600 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
16:39:23.0715 0600 Npfs - ok
16:39:23.0743 0600 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
16:39:23.0802 0600 nsi - ok
16:39:23.0857 0600 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
16:39:23.0927 0600 nsiproxy - ok
16:39:24.0024 0600 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
16:39:24.0105 0600 Ntfs - ok
16:39:24.0197 0600 NTIBackupSvc (fd324cce1d4d5bb5af65f8e55b462c7e) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
16:39:24.0215 0600 NTIBackupSvc - ok
16:39:24.0326 0600 NTIDrvr (64ddd0dee976302f4bd93e5efcc2f013) C:\Windows\system32\drivers\NTIDrvr.sys
16:39:24.0338 0600 NTIDrvr - ok
16:39:24.0387 0600 NTISchedulerSvc (3f6268a2ec33cd38cf75c880af8ded42) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
16:39:24.0413 0600 NTISchedulerSvc - ok
16:39:24.0442 0600 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
16:39:24.0500 0600 Null - ok
16:39:24.0553 0600 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
16:39:24.0572 0600 nvraid - ok
16:39:24.0611 0600 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
16:39:24.0640 0600 nvstor - ok
16:39:24.0665 0600 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
16:39:24.0682 0600 nv_agp - ok
16:39:24.0760 0600 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
16:39:24.0799 0600 odserv - ok
16:39:24.0826 0600 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
16:39:24.0853 0600 ohci1394 - ok
16:39:24.0929 0600 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:39:24.0943 0600 ose - ok
16:39:24.0989 0600 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
16:39:25.0049 0600 p2pimsvc - ok
16:39:25.0089 0600 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
16:39:25.0127 0600 p2psvc - ok
16:39:25.0161 0600 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
16:39:25.0178 0600 Parport - ok
16:39:25.0214 0600 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
16:39:25.0230 0600 partmgr - ok
16:39:25.0254 0600 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
16:39:25.0297 0600 PcaSvc - ok
16:39:25.0327 0600 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
16:39:25.0343 0600 pci - ok
16:39:25.0361 0600 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
16:39:25.0374 0600 pciide - ok
16:39:25.0401 0600 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
16:39:25.0420 0600 pcmcia - ok
16:39:25.0438 0600 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
16:39:25.0452 0600 pcw - ok
16:39:25.0495 0600 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
16:39:25.0576 0600 PEAUTH - ok
16:39:25.0644 0600 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
16:39:25.0675 0600 PerfHost - ok
16:39:25.0784 0600 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
16:39:25.0900 0600 pla - ok
16:39:25.0956 0600 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
16:39:26.0004 0600 PlugPlay - ok
16:39:26.0021 0600 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
16:39:26.0047 0600 PNRPAutoReg - ok
16:39:26.0079 0600 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
16:39:26.0097 0600 PNRPsvc - ok
16:39:26.0158 0600 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
16:39:26.0227 0600 PolicyAgent - ok
16:39:26.0266 0600 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
16:39:26.0323 0600 Power - ok
16:39:26.0400 0600 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
16:39:26.0455 0600 PptpMiniport - ok
16:39:26.0488 0600 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
16:39:26.0512 0600 Processor - ok
16:39:26.0574 0600 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
16:39:26.0669 0600 ProfSvc - ok
16:39:26.0696 0600 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:39:26.0709 0600 ProtectedStorage - ok
16:39:26.0745 0600 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
16:39:26.0801 0600 Psched - ok
16:39:26.0904 0600 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
16:39:26.0970 0600 ql2300 - ok
16:39:27.0077 0600 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
16:39:27.0098 0600 ql40xx - ok
16:39:27.0139 0600 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
16:39:27.0183 0600 QWAVE - ok
16:39:27.0201 0600 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
16:39:27.0245 0600 QWAVEdrv - ok
16:39:27.0285 0600 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
16:39:27.0393 0600 RasAcd - ok
16:39:27.0426 0600 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
16:39:27.0491 0600 RasAgileVpn - ok
16:39:27.0520 0600 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
16:39:27.0574 0600 RasAuto - ok
16:39:27.0614 0600 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
16:39:27.0685 0600 Rasl2tp - ok
16:39:27.0719 0600 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
16:39:27.0790 0600 RasMan - ok
16:39:27.0827 0600 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
16:39:27.0878 0600 RasPppoe - ok
16:39:27.0901 0600 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
16:39:27.0965 0600 RasSstp - ok
16:39:28.0024 0600 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
16:39:28.0088 0600 rdbss - ok
16:39:28.0130 0600 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
16:39:28.0167 0600 rdpbus - ok
16:39:28.0199 0600 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
16:39:28.0253 0600 RDPCDD - ok
16:39:28.0286 0600 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
16:39:28.0360 0600 RDPENCDD - ok
16:39:28.0390 0600 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
16:39:28.0434 0600 RDPREFMP - ok
16:39:28.0477 0600 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
16:39:28.0526 0600 RDPWD - ok
16:39:28.0593 0600 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
16:39:28.0623 0600 rdyboost - ok
16:39:28.0650 0600 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
16:39:28.0711 0600 RemoteAccess - ok
16:39:28.0754 0600 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
16:39:28.0862 0600 RemoteRegistry - ok
16:39:28.0892 0600 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
16:39:28.0945 0600 RpcEptMapper - ok
16:39:28.0965 0600 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
16:39:29.0013 0600 RpcLocator - ok
16:39:29.0074 0600 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
16:39:29.0157 0600 RpcSs - ok
16:39:29.0200 0600 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
16:39:29.0247 0600 rspndr - ok
16:39:29.0310 0600 RSUSBSTOR (db30aa4daa0d492fa5d7717d8181ffa1) C:\Windows\system32\Drivers\RtsUStor.sys
16:39:29.0359 0600 RSUSBSTOR - ok
16:39:29.0403 0600 s217bus (b49951a2c8fd81307707443d01936e37) C:\Windows\system32\DRIVERS\s217bus.sys
16:39:29.0419 0600 s217bus - ok
16:39:29.0449 0600 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:39:29.0466 0600 SamSs - ok
16:39:29.0501 0600 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
16:39:29.0519 0600 sbp2port - ok
16:39:29.0555 0600 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
16:39:29.0609 0600 SCardSvr - ok
16:39:29.0638 0600 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
16:39:29.0684 0600 scfilter - ok
16:39:29.0783 0600 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
16:39:29.0871 0600 Schedule - ok
16:39:29.0889 0600 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
16:39:29.0936 0600 SCPolicySvc - ok
16:39:29.0975 0600 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
16:39:30.0028 0600 SDRSVC - ok
16:39:30.0084 0600 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
16:39:30.0146 0600 secdrv - ok
16:39:30.0181 0600 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
16:39:30.0233 0600 seclogon - ok
16:39:30.0273 0600 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
16:39:30.0326 0600 SENS - ok
16:39:30.0348 0600 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
16:39:30.0403 0600 SensrSvc - ok
16:39:30.0438 0600 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
16:39:30.0456 0600 Serenum - ok
16:39:30.0482 0600 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
16:39:30.0510 0600 Serial - ok
16:39:30.0567 0600 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
16:39:30.0598 0600 sermouse - ok
16:39:30.0633 0600 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
16:39:30.0687 0600 SessionEnv - ok
16:39:30.0701 0600 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
16:39:30.0741 0600 sffdisk - ok
16:39:30.0766 0600 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
16:39:30.0792 0600 sffp_mmc - ok
16:39:30.0807 0600 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
16:39:30.0839 0600 sffp_sd - ok
16:39:30.0873 0600 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
16:39:30.0901 0600 sfloppy - ok
16:39:30.0946 0600 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
16:39:31.0015 0600 SharedAccess - ok
16:39:31.0078 0600 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
16:39:31.0140 0600 ShellHWDetection - ok
16:39:31.0162 0600 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
16:39:31.0176 0600 SiSRaid2 - ok
16:39:31.0203 0600 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
16:39:31.0218 0600 SiSRaid4 - ok
16:39:31.0247 0600 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
16:39:31.0297 0600 Smb - ok
16:39:31.0345 0600 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
16:39:31.0379 0600 SNMPTRAP - ok
16:39:31.0402 0600 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
16:39:31.0415 0600 spldr - ok
16:39:31.0474 0600 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
16:39:31.0525 0600 Spooler - ok
16:39:31.0698 0600 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
16:39:31.0868 0600 sppsvc - ok
16:39:31.0979 0600 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
16:39:32.0063 0600 sppuinotify - ok
16:39:32.0141 0600 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
16:39:32.0187 0600 srv - ok
16:39:32.0238 0600 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
16:39:32.0291 0600 srv2 - ok
16:39:32.0317 0600 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
16:39:32.0350 0600 srvnet - ok
16:39:32.0394 0600 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
16:39:32.0450 0600 SSDPSRV - ok
16:39:32.0475 0600 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
16:39:32.0517 0600 SstpSvc - ok
16:39:32.0545 0600 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
16:39:32.0561 0600 stexstor - ok
16:39:32.0606 0600 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
16:39:32.0663 0600 stisvc - ok
16:39:32.0703 0600 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
16:39:32.0715 0600 swenum - ok
16:39:32.0769 0600 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
16:39:32.0840 0600 swprv - ok
16:39:32.0884 0600 SynTP (bcf305959b53b200ceb2ad25ad22f8a7) C:\Windows\system32\DRIVERS\SynTP.sys
16:39:32.0905 0600 SynTP - ok
16:39:33.0011 0600 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
16:39:33.0131 0600 SysMain - ok
16:39:33.0223 0600 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
16:39:33.0254 0600 TabletInputService - ok
16:39:33.0285 0600 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
16:39:33.0367 0600 TapiSrv - ok
16:39:33.0400 0600 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
16:39:33.0460 0600 TBS - ok
16:39:33.0616 0600 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
16:39:33.0658 0600 Tcpip - ok
16:39:33.0831 0600 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
16:39:33.0875 0600 TCPIP6 - ok
16:39:33.0950 0600 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
16:39:34.0022 0600 tcpipreg - ok
16:39:34.0068 0600 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
16:39:34.0086 0600 TDPIPE - ok
16:39:34.0113 0600 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
16:39:34.0146 0600 TDTCP - ok
16:39:34.0213 0600 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
16:39:34.0273 0600 tdx - ok
16:39:34.0302 0600 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
16:39:34.0317 0600 TermDD - ok
16:39:34.0379 0600 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
16:39:34.0457 0600 TermService - ok
16:39:34.0488 0600 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
16:39:34.0519 0600 Themes - ok
16:39:34.0535 0600 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
16:39:34.0586 0600 THREADORDER - ok
16:39:34.0605 0600 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
16:39:34.0666 0600 TrkWks - ok
16:39:34.0723 0600 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
16:39:34.0802 0600 TrustedInstaller - ok
16:39:34.0832 0600 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
16:39:34.0870 0600 tssecsrv - ok
16:39:34.0887 0600 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
16:39:34.0908 0600 TsUsbFlt - ok
16:39:34.0946 0600 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
16:39:34.0999 0600 tunnel - ok
16:39:35.0033 0600 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
16:39:35.0047 0600 uagp35 - ok
16:39:35.0066 0600 UBHelper (2e22c1fd397a5a9ffef55e9d1fc96c00) C:\Windows\system32\drivers\UBHelper.sys
16:39:35.0075 0600 UBHelper - ok
16:39:35.0110 0600 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
16:39:35.0179 0600 udfs - ok
16:39:35.0207 0600 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
16:39:35.0225 0600 UI0Detect - ok
16:39:35.0250 0600 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
16:39:35.0264 0600 uliagpkx - ok
16:39:35.0309 0600 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
16:39:35.0350 0600 umbus - ok
16:39:35.0376 0600 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
16:39:35.0410 0600 UmPass - ok
16:39:35.0499 0600 Updater Service (70dde3a86dbeb1d6c3c30ad687b1877a) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
16:39:35.0521 0600 Updater Service - ok
16:39:35.0568 0600 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
16:39:35.0630 0600 upnphost - ok
16:39:35.0693 0600 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
16:39:35.0708 0600 usbaudio - ok
16:39:35.0755 0600 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
16:39:35.0771 0600 usbccgp - ok
16:39:35.0818 0600 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
16:39:35.0833 0600 usbcir - ok
16:39:35.0849 0600 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
16:39:35.0880 0600 usbehci - ok
16:39:35.0911 0600 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
16:39:35.0958 0600 usbhub - ok
16:39:35.0974 0600 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
16:39:36.0005 0600 usbohci - ok
16:39:36.0058 0600 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
16:39:36.0090 0600 usbprint - ok
16:39:36.0126 0600 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
16:39:36.0144 0600 usbscan - ok
16:39:36.0170 0600 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:39:36.0219 0600 USBSTOR - ok
16:39:36.0249 0600 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
16:39:36.0276 0600 usbuhci - ok
16:39:36.0332 0600 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
16:39:36.0363 0600 usbvideo - ok
16:39:36.0395 0600 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
16:39:36.0446 0600 UxSms - ok
16:39:36.0480 0600 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:39:36.0493 0600 VaultSvc - ok
16:39:36.0527 0600 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
16:39:36.0540 0600 vdrvroot - ok
16:39:36.0600 0600 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
16:39:36.0658 0600 vds - ok
16:39:36.0684 0600 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
16:39:36.0701 0600 vga - ok
16:39:36.0713 0600 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
16:39:36.0769 0600 VgaSave - ok
16:39:36.0809 0600 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
16:39:36.0826 0600 vhdmp - ok
16:39:36.0837 0600 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
16:39:36.0850 0600 viaide - ok
16:39:36.0871 0600 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
16:39:36.0886 0600 volmgr - ok
16:39:36.0930 0600 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
16:39:36.0966 0600 volmgrx - ok
16:39:37.0009 0600 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
16:39:37.0050 0600 volsnap - ok
16:39:37.0092 0600 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
16:39:37.0115 0600 vsmraid - ok
16:39:37.0207 0600 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
16:39:37.0315 0600 VSS - ok
16:39:37.0422 0600 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
16:39:37.0453 0600 vwifibus - ok
16:39:37.0496 0600 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
16:39:37.0532 0600 vwififlt - ok
16:39:37.0558 0600 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
16:39:37.0575 0600 vwifimp - ok
16:39:37.0621 0600 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
16:39:37.0699 0600 W32Time - ok
16:39:37.0727 0600 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
16:39:37.0756 0600 WacomPen - ok
16:39:37.0808 0600 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
16:39:37.0872 0600 WANARP - ok
16:39:37.0899 0600 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
16:39:37.0935 0600 Wanarpv6 - ok
16:39:38.0042 0600 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
16:39:38.0124 0600 wbengine - ok
16:39:38.0229 0600 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
16:39:38.0264 0600 WbioSrvc - ok
16:39:38.0321 0600 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
16:39:38.0366 0600 wcncsvc - ok
16:39:38.0387 0600 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
16:39:38.0409 0600 WcsPlugInService - ok
16:39:38.0456 0600 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
16:39:38.0470 0600 Wd - ok
16:39:38.0510 0600 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
16:39:38.0572 0600 Wdf01000 - ok
16:39:38.0608 0600 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
16:39:38.0736 0600 WdiServiceHost - ok
16:39:38.0741 0600 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
16:39:38.0769 0600 WdiSystemHost - ok
16:39:38.0830 0600 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
16:39:38.0888 0600 WebClient - ok
16:39:38.0935 0600 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
16:39:38.0999 0600 Wecsvc - ok
16:39:39.0037 0600 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
16:39:39.0092 0600 wercplsupport - ok
16:39:39.0126 0600 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
16:39:39.0220 0600 WerSvc - ok
16:39:39.0298 0600 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
16:39:39.0348 0600 WfpLwf - ok
16:39:39.0369 0600 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
16:39:39.0382 0600 WIMMount - ok
16:39:39.0414 0600 WinDefend - ok
16:39:39.0424 0600 WinHttpAutoProxySvc - ok
16:39:39.0474 0600 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
16:39:39.0526 0600 Winmgmt - ok
16:39:39.0678 0600 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
16:39:39.0784 0600 WinRM - ok
16:39:39.0937 0600 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
16:39:39.0976 0600 WinUsb - ok
16:39:40.0059 0600 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
16:39:40.0132 0600 Wlansvc - ok
16:39:40.0152 0600 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
16:39:40.0166 0600 WmiAcpi - ok
16:39:40.0220 0600 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
16:39:40.0250 0600 wmiApSrv - ok
16:39:40.0304 0600 WMPNetworkSvc - ok
16:39:40.0335 0600 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
16:39:40.0382 0600 WPCSvc - ok
16:39:40.0413 0600 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
16:39:40.0428 0600 WPDBusEnum - ok
16:39:40.0460 0600 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
16:39:40.0522 0600 ws2ifsl - ok
16:39:40.0538 0600 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
16:39:40.0569 0600 wscsvc - ok
16:39:40.0569 0600 WSearch - ok
16:39:40.0709 0600 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
16:39:40.0865 0600 wuauserv - ok
16:39:40.0974 0600 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
16:39:41.0052 0600 WudfPf - ok
16:39:41.0084 0600 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
16:39:41.0115 0600 wudfsvc - ok
16:39:41.0146 0600 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
16:39:41.0208 0600 WwanSvc - ok
16:39:41.0255 0600 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
16:39:41.0736 0600 \Device\Harddisk0\DR0 - ok
16:39:41.0741 0600 Boot (0x1200) (e448c47abb9998fd77772387669ed748) \Device\Harddisk0\DR0\Partition0
16:39:41.0744 0600 \Device\Harddisk0\DR0\Partition0 - ok
16:39:41.0779 0600 Boot (0x1200) (d2c18a15376539e7ce14ea7b4f2f1986) \Device\Harddisk0\DR0\Partition1
16:39:41.0781 0600 \Device\Harddisk0\DR0\Partition1 - ok
16:39:41.0782 0600 ============================================================
16:39:41.0782 0600 Scan finished
16:39:41.0782 0600 ============================================================
16:39:41.0798 0640 Detected object count: 0
16:39:41.0798 0640 Actual detected object count: 0
|
|
11.06.2012, 16:01
| #17 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Trojaner: Sirefef.X / Sirefef.E / Conedex.A und Exploit: JS/Blacole.FF Dann bitte jetzt CF ausführen:
__________________ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ |
|
11.06.2012, 16:52
| #18 |
| | Trojaner: Sirefef.X / Sirefef.E / Conedex.A und Exploit: JS/Blacole.FFCode:
ATTFilter ComboFix 12-06-10.01 - bonny 11.06.2012 17:22:25.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.4094.2876 [GMT 2:00]
ausgeführt von:: c:\users\bonny\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Common Files\Acer GameZone online.ico
c:\users\bonny\%appda~1
c:\users\bonny\%appda~1\Microsoft\Windows\IETldCache\index.dat
c:\users\bonny\Documents\~WRL0001.tmp
c:\users\bonny\Documents\~WRL0002.tmp
c:\users\bonny\Documents\~WRL0003.tmp
c:\users\bonny\Documents\~WRL0004.tmp
c:\users\bonny\Documents\~WRL0005.tmp
c:\users\bonny\Documents\~WRL0006.tmp
c:\users\bonny\Documents\~WRL0007.tmp
c:\users\bonny\Documents\~WRL0008.tmp
c:\users\bonny\Documents\~WRL1340.tmp
c:\users\bonny\Documents\~WRL1647.tmp
c:\users\bonny\Documents\~WRL1958.tmp
c:\users\bonny\Documents\~WRL2040.tmp
c:\users\KSK\Favorites\locked-Teletext, Videotext - n-tv.de.url.thil
c:\windows\assembly\tmp\U
c:\windows\security\Database\tmp.edb
c:\windows\system32\fxsst.dll
c:\windows\system32\slwga.dll
c:\windows\system32\srrstr.dll
c:\windows\system32\systemcpl.dll
c:\windows\system32\termsrv.dll
c:\windows\SysWow64\odbcad32.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-05-11 bis 2012-06-11 ))))))))))))))))))))))))))))))
.
.
2012-06-11 14:57 . 2012-05-08 08:02 8955792 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7F62675D-AE76-4EA8-B562-99A0E6717F34}\mpengine.dll
2012-06-11 13:04 . 2012-06-11 13:04 -------- d-----w- C:\_OTL
2012-06-11 13:00 . 2012-05-08 08:02 8955792 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-06-06 02:36 . 2012-06-06 02:35 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7A999E4D-089C-4FA4-9146-38B873817F4F}\gapaengine.dll
2012-06-06 02:33 . 2012-06-06 02:33 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-06-06 02:33 . 2012-06-06 02:33 -------- d-----w- c:\program files\Microsoft Security Client
2012-06-06 02:31 . 2012-06-06 02:31 -------- d-----w- c:\programdata\ATI
2012-06-06 02:23 . 2012-06-06 02:23 -------- d-----w- c:\programdata\AMD
2012-06-06 02:23 . 2012-06-06 02:23 -------- d-----w- c:\program files (x86)\AMD AVT
2012-06-06 02:23 . 2012-06-06 02:23 -------- d-----w- c:\program files (x86)\AMD APP
2012-06-06 02:23 . 2012-06-06 02:23 -------- d-----w- c:\program files (x86)\Common Files\ATI Technologies
2012-06-06 02:22 . 2012-06-06 02:22 -------- d-----w- c:\program files (x86)\ATI Technologies
2012-06-06 02:20 . 2012-06-06 02:23 -------- d-----w- c:\program files\ATI Technologies
2012-06-06 02:17 . 2012-06-06 02:19 -------- d-----w- C:\AMD
2012-06-06 00:35 . 2012-06-06 00:35 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2012-06-06 00:35 . 2012-06-06 00:35 588728 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll
2012-06-06 00:35 . 2012-06-06 00:35 43960 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll
2012-06-06 00:35 . 2012-06-06 00:35 157352 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2012-06-06 00:35 . 2012-06-06 00:35 129976 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice.exe
2012-06-05 17:00 . 2012-06-05 17:04 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-06-05 17:00 . 2012-06-05 17:03 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-06-05 16:47 . 2012-06-05 16:47 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2012-06-04 15:11 . 2012-06-04 15:11 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-04 15:11 . 2012-06-04 15:11 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-04 13:50 . 2012-06-04 13:56 -------- d-----w- c:\program files (x86)\Common Files\PC Tools
2012-06-04 13:07 . 2012-06-04 13:07 -------- d-----w- c:\users\bonny\AppData\Roaming\Malwarebytes
2012-06-04 13:06 . 2012-04-04 13:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-04 13:06 . 2012-06-04 13:06 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-06-04 10:44 . 2012-06-04 10:44 8769696 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-06-04 10:42 . 2012-05-08 17:02 8955792 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7C1F800E-3683-43AD-A0AF-0A7EFC76C0F1}\mpengine.dll
2012-05-14 15:09 . 2012-02-23 08:18 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-05-14 15:05 . 2012-05-14 15:05 106648 ----a-w- c:\windows\system32\drivers\GRD.sys
2012-05-14 15:03 . 2012-03-30 11:35 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-14 15:02 . 2012-06-04 10:44 666689 ----a-w- c:\windows\SysWow64\sig.bin
2012-05-14 14:48 . 2012-05-14 14:48 59768 ----a-w- c:\windows\system32\drivers\PktIcpt.sys
2012-05-14 14:48 . 2012-05-14 14:48 65912 ----a-w- c:\windows\system32\drivers\gdwfpcd64.sys
2012-05-14 14:48 . 2012-05-14 14:48 54136 ----a-w- c:\windows\system32\drivers\GDBehave.sys
2012-05-14 14:48 . 2012-05-14 14:48 122744 ----a-w- c:\windows\system32\drivers\MiniIcpt.sys
2012-05-14 14:47 . 2012-06-04 13:40 -------- d-----w- c:\programdata\G DATA
2012-05-14 14:47 . 2012-06-04 13:40 -------- d-----w- c:\program files (x86)\Common Files\G Data
2012-05-14 14:47 . 2012-06-04 13:10 -------- d-----w- c:\program files (x86)\G Data
2012-05-14 14:41 . 2012-06-04 13:10 -------- d-----w- c:\users\bonny\AppData\Local\Downloaded Installations
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-06 05:22 . 2012-04-06 05:22 11174400 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2012-04-06 02:22 . 2012-04-06 02:22 159744 ----a-w- c:\windows\system32\atiapfxx.exe
2012-04-06 02:21 . 2012-04-06 02:21 909312 ----a-w- c:\windows\SysWow64\aticfx32.dll
2012-04-06 02:20 . 2012-04-06 02:20 1067520 ----a-w- c:\windows\system32\aticfx64.dll
2012-04-06 02:16 . 2012-04-06 02:16 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
2012-04-06 02:16 . 2012-04-06 02:16 503808 ----a-w- c:\windows\system32\atieclxx.exe
2012-04-06 02:16 . 2012-04-06 02:16 236544 ----a-w- c:\windows\system32\atiesrxx.exe
2012-04-06 02:14 . 2012-04-06 02:14 120320 ----a-w- c:\windows\system32\atitmm64.dll
2012-04-06 02:14 . 2012-04-06 02:14 21504 ----a-w- c:\windows\system32\atimuixx.dll
2012-04-06 02:14 . 2012-04-06 02:14 59392 ----a-w- c:\windows\system32\atiedu64.dll
2012-04-06 02:14 . 2012-04-06 02:14 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2012-04-06 02:13 . 2012-04-06 02:13 6800896 ----a-w- c:\windows\SysWow64\atidxx32.dll
2012-04-06 02:10 . 2012-04-06 02:10 26181632 ----a-w- c:\windows\system32\atio6axx.dll
2012-04-06 02:00 . 2012-04-06 02:00 64000 ----a-w- c:\windows\system32\coinst.dll
2012-04-06 01:54 . 2009-11-03 03:44 7479296 ----a-w- c:\windows\system32\atidxx64.dll
2012-04-06 01:50 . 2012-04-06 01:50 19753984 ----a-w- c:\windows\SysWow64\atioglxx.dll
2012-04-06 01:35 . 2012-04-06 01:35 1120768 ----a-w- c:\windows\system32\atiumd6v.dll
2012-04-06 01:34 . 2012-04-06 01:34 1831424 ----a-w- c:\windows\SysWow64\atiumdmv.dll
2012-04-06 01:34 . 2012-04-06 01:34 4731904 ----a-w- c:\windows\system32\atiumd6a.dll
2012-04-06 01:34 . 2012-04-06 01:34 6203392 ----a-w- c:\windows\SysWow64\atiumdag.dll
2012-04-06 01:30 . 2012-04-06 01:30 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2012-04-06 01:30 . 2012-04-06 01:30 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2012-04-06 01:30 . 2012-04-06 01:30 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2012-04-06 01:30 . 2012-04-06 01:30 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2012-04-06 01:29 . 2012-04-06 01:29 16090624 ----a-w- c:\windows\system32\aticaldd64.dll
2012-04-06 01:25 . 2012-04-06 01:25 13764096 ----a-w- c:\windows\SysWow64\aticaldd.dll
2012-04-06 01:23 . 2012-04-06 01:23 7431680 ----a-w- c:\windows\system32\atiumd64.dll
2012-04-06 01:22 . 2012-04-06 01:22 4795904 ----a-w- c:\windows\SysWow64\atiumdva.dll
2012-04-06 01:11 . 2012-04-06 01:11 514560 ----a-w- c:\windows\system32\atiadlxx.dll
2012-04-06 01:11 . 2012-04-06 01:11 360448 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2012-04-06 01:11 . 2012-04-06 01:11 17408 ----a-w- c:\windows\system32\atig6pxx.dll
2012-04-06 01:11 . 2012-04-06 01:11 14848 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2012-04-06 01:11 . 2012-04-06 01:11 14848 ----a-w- c:\windows\system32\atiglpxx.dll
2012-04-06 01:11 . 2012-04-06 01:11 41984 ----a-w- c:\windows\system32\atig6txx.dll
2012-04-06 01:10 . 2012-04-06 01:10 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll
2012-04-06 01:10 . 2012-04-06 01:10 343040 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2012-04-06 01:09 . 2012-04-06 01:09 54784 ----a-w- c:\windows\system32\atiuxp64.dll
2012-04-06 01:09 . 2012-04-06 01:09 41984 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2012-04-06 01:09 . 2012-04-06 01:09 44544 ----a-w- c:\windows\system32\atiu9p64.dll
2012-04-06 01:09 . 2012-04-06 01:09 32256 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2012-04-06 01:09 . 2012-04-06 01:09 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2012-04-06 01:06 . 2012-04-06 01:06 54784 ----a-w- c:\windows\system32\atimpc64.dll
2012-04-06 01:06 . 2012-04-06 01:06 54784 ----a-w- c:\windows\system32\amdpcom64.dll
2012-04-06 01:06 . 2012-04-06 01:06 53760 ----a-w- c:\windows\SysWow64\atimpc32.dll
2012-04-06 01:06 . 2012-04-06 01:06 53760 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2012-04-05 20:34 . 2012-04-05 20:34 187392 ----a-w- c:\windows\system32\clinfo.exe
2012-04-05 20:34 . 2012-04-05 20:34 74752 ----a-w- c:\windows\system32\OpenVideo64.dll
2012-04-05 20:34 . 2012-04-05 20:34 64512 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2012-04-05 20:33 . 2012-04-05 20:33 63488 ----a-w- c:\windows\system32\OVDecode64.dll
2012-04-05 20:33 . 2012-04-05 20:33 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll
2012-04-05 20:33 . 2012-04-05 20:33 16457216 ----a-w- c:\windows\system32\amdocl64.dll
2012-04-05 20:32 . 2012-04-05 20:32 13007872 ----a-w- c:\windows\SysWow64\amdocl.dll
2012-04-05 20:32 . 2012-04-05 20:32 54784 ----a-w- c:\windows\system32\OpenCL.dll
2012-04-05 20:32 . 2012-04-05 20:32 50176 ----a-w- c:\windows\SysWow64\OpenCL.dll
2012-03-20 18:44 . 2012-03-20 18:44 98688 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-03-20 18:44 . 2012-03-20 18:44 203888 ----a-w- c:\windows\system32\drivers\MpFilter.sys
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2010-11-20 . 2E648163254233755035B46DD7B89123 . 680960 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.1.7601.17514_none_ecc547376ae3a1a3\termsrv.dll
[7] 2009-07-14 . 0F05EC2887BFE197AD82A13287D2F404 . 706560 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.1.7600.16385_none_ea94336f6df51e09\termsrv.dll
.
c:\windows\system32\termsrv.dll ... Fehlt !!
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-09-10 13:41 120104 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x86\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2009-08-18 1157128]
"ArcadeDeluxeAgent"="c:\program files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2009-10-29 419112]
"PlayMovie"="c:\program files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2009-10-22 181480]
"SunJavaUpdateSched"="c:\program files (x86)\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 132496]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"LifeCam"="c:\program files (x86)\Microsoft LifeCam\LifeExp.exe" [2010-12-13 135536]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-04-05 641664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-03 135664]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-04 257696]
R3 GDPkIcpt;GDPkIcpt;c:\windows\system32\drivers\PktIcpt.sys [x]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-03 135664]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-06 129976]
R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys [x]
R3 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [2009-09-10 305448]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-06-18 50432]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-09-02 225280]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2009-10-29 844320]
S2 Greg_Service;GRegService;c:\program files (x86)\Acer\Registration\GregHSRW.exe [2009-08-28 1150496]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-06-18 144640]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2009-07-04 240160]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2012-06-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-04 15:11]
.
2012-06-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-03 14:15]
.
2012-06-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-03 14:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-09-10 13:44 137512 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x64\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-10-13 186904]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-28 7982112]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2009-10-29 822816]
"PLFSetI"="c:\windows\PLFSetI.exe" [2008-07-29 200704]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uStart Page =
uLocal Page = c:\windows\system32\blank.htm
mStart Page =
mLocal Page =
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\bonny\AppData\Roaming\Mozilla\Firefox\Profiles\2tx3ff8e.default\
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
SafeBoot-mcmscsvc
SafeBoot-MCODS
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-123 Free Solitaire_is1 - e:\123 free solitaire\unins000.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-06-11 17:46:53 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-06-11 15:46
.
Vor Suchlauf: 15 Verzeichnis(se), 433.746.923.520 Bytes frei
Nach Suchlauf: 20 Verzeichnis(se), 433.595.645.952 Bytes frei
.
- - End Of File - - 7EF114C6F75EB79FFAC885B4CCDE5986
|
|
11.06.2012, 19:10
| #19 | |
| | Trojaner: Sirefef.X / Sirefef.E / Conedex.A und Exploit: JS/Blacole.FF Problem nach dem ComboFix Log: Ich wollte MS Security Essentials wieder aktivieren, doch dort steht nun, dass die Echtheit dieser Kopie von Windows nicht bestätigt werden konnte. Essentials wurde daher deaktiviert!!! Klicke ich nun auf den Button "Jetzt beheben" (siehe angefügten Screenshot) komme ich auf eine Microsoft Webseite, wo ich einen Updater für Windows 7 herunterladen kann. Unter diesem Link (hxxp://www.microsoft.com/genuine/validate/DownloadValidationSupport.aspx?displaylang=de&PartnerID=258) findet sich folgender Text: Zitat:
Können Sie mir da weiterhelfen? |
|
11.06.2012, 21:03
| #20 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner: Sirefef.X / Sirefef.E / Conedex.A und Exploit: JS/Blacole.FF Combofix - Scripten 1. Starte das Notepad (Start / Ausführen / notepad[Enter]) 2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein. Code:
ATTFilter DeQuarantine::
C:\Qoobox\Quarantine\C\windows\system32\slwga.dll
C:\Qoobox\Quarantine\C\windows\system32\srrstr.dll
C:\Qoobox\Quarantine\C\windows\system32\systemcpl.dll
C:\Qoobox\Quarantine\C\windows\system32\termsrv.dll
C:\Qoobox\Quarantine\C\windows\SysWow64\odbcad32.exe
QUIT::
4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall. (Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !) 5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.  6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien: Combofix.txt Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
11.06.2012, 21:42
| #21 |
| | Trojaner: Sirefef.X / Sirefef.E / Conedex.A und Exploit: JS/Blacole.FFCode:
ATTFilter ComboFix 12-06-11.04 - bonny 11.06.2012 22:14:44.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.4094.2805 [GMT 2:00]
ausgeführt von:: c:\users\bonny\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\bonny\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-05-11 bis 2012-06-11 ))))))))))))))))))))))))))))))
.
.
2012-06-11 20:24 . 2012-06-11 20:29 -------- d-----w- c:\users\bonny\AppData\Local\temp
2012-06-11 20:24 . 2012-06-11 20:24 -------- d-----w- c:\users\KSK\AppData\Local\temp
2012-06-11 20:24 . 2012-06-11 20:24 -------- d-----w- c:\users\Firma\AppData\Local\temp
2012-06-11 20:24 . 2012-06-11 20:24 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-11 15:51 . 2012-06-11 15:51 -------- d-----w- c:\windows\SysWow64\Wat
2012-06-11 15:51 . 2012-06-11 15:51 -------- d-----w- c:\windows\system32\Wat
2012-06-11 15:49 . 2012-05-08 08:02 8955792 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D3D49F50-C2FA-4099-8DA4-165A2F636897}\mpengine.dll
2012-06-11 13:04 . 2012-06-11 13:04 -------- d-----w- C:\_OTL
2012-06-11 13:00 . 2012-05-08 08:02 8955792 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-06-06 02:36 . 2012-06-06 02:35 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7A999E4D-089C-4FA4-9146-38B873817F4F}\gapaengine.dll
2012-06-06 02:33 . 2012-06-06 02:33 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-06-06 02:33 . 2012-06-06 02:33 -------- d-----w- c:\program files\Microsoft Security Client
2012-06-06 02:31 . 2012-06-06 02:31 -------- d-----w- c:\programdata\ATI
2012-06-06 02:23 . 2012-06-06 02:23 -------- d-----w- c:\programdata\AMD
2012-06-06 02:23 . 2012-06-06 02:23 -------- d-----w- c:\program files (x86)\AMD AVT
2012-06-06 02:23 . 2012-06-06 02:23 -------- d-----w- c:\program files (x86)\AMD APP
2012-06-06 02:23 . 2012-06-06 02:23 -------- d-----w- c:\program files (x86)\Common Files\ATI Technologies
2012-06-06 02:22 . 2012-06-06 02:22 -------- d-----w- c:\program files (x86)\ATI Technologies
2012-06-06 02:20 . 2012-06-06 02:23 -------- d-----w- c:\program files\ATI Technologies
2012-06-06 02:17 . 2012-06-06 02:19 -------- d-----w- C:\AMD
2012-06-06 00:35 . 2012-06-06 00:35 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2012-06-06 00:35 . 2012-06-06 00:35 588728 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll
2012-06-06 00:35 . 2012-06-06 00:35 43960 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll
2012-06-06 00:35 . 2012-06-06 00:35 157352 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2012-06-06 00:35 . 2012-06-06 00:35 129976 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice.exe
2012-06-05 17:00 . 2012-06-05 17:04 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-06-05 17:00 . 2012-06-05 17:03 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-06-05 16:47 . 2012-06-05 16:47 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2012-06-04 15:11 . 2012-06-04 15:11 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-04 15:11 . 2012-06-04 15:11 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-04 13:50 . 2012-06-04 13:56 -------- d-----w- c:\program files (x86)\Common Files\PC Tools
2012-06-04 13:07 . 2012-06-04 13:07 -------- d-----w- c:\users\bonny\AppData\Roaming\Malwarebytes
2012-06-04 13:06 . 2012-04-04 13:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-04 13:06 . 2012-06-04 13:06 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-06-04 10:44 . 2012-06-04 10:44 8769696 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-06-04 10:42 . 2012-05-08 17:02 8955792 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7C1F800E-3683-43AD-A0AF-0A7EFC76C0F1}\mpengine.dll
2012-05-14 15:09 . 2012-02-23 08:18 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-05-14 15:05 . 2012-05-14 15:05 106648 ----a-w- c:\windows\system32\drivers\GRD.sys
2012-05-14 15:03 . 2012-03-30 11:35 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-14 15:02 . 2012-06-04 10:44 666689 ----a-w- c:\windows\SysWow64\sig.bin
2012-05-14 14:48 . 2012-05-14 14:48 59768 ----a-w- c:\windows\system32\drivers\PktIcpt.sys
2012-05-14 14:48 . 2012-05-14 14:48 65912 ----a-w- c:\windows\system32\drivers\gdwfpcd64.sys
2012-05-14 14:48 . 2012-05-14 14:48 54136 ----a-w- c:\windows\system32\drivers\GDBehave.sys
2012-05-14 14:48 . 2012-05-14 14:48 122744 ----a-w- c:\windows\system32\drivers\MiniIcpt.sys
2012-05-14 14:47 . 2012-06-04 13:40 -------- d-----w- c:\programdata\G DATA
2012-05-14 14:47 . 2012-06-04 13:40 -------- d-----w- c:\program files (x86)\Common Files\G Data
2012-05-14 14:47 . 2012-06-04 13:10 -------- d-----w- c:\program files (x86)\G Data
2012-05-14 14:41 . 2012-06-04 13:10 -------- d-----w- c:\users\bonny\AppData\Local\Downloaded Installations
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-06 05:22 . 2012-04-06 05:22 11174400 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2012-04-06 02:22 . 2012-04-06 02:22 159744 ----a-w- c:\windows\system32\atiapfxx.exe
2012-04-06 02:21 . 2012-04-06 02:21 909312 ----a-w- c:\windows\SysWow64\aticfx32.dll
2012-04-06 02:20 . 2012-04-06 02:20 1067520 ----a-w- c:\windows\system32\aticfx64.dll
2012-04-06 02:16 . 2012-04-06 02:16 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
2012-04-06 02:16 . 2012-04-06 02:16 503808 ----a-w- c:\windows\system32\atieclxx.exe
2012-04-06 02:16 . 2012-04-06 02:16 236544 ----a-w- c:\windows\system32\atiesrxx.exe
2012-04-06 02:14 . 2012-04-06 02:14 120320 ----a-w- c:\windows\system32\atitmm64.dll
2012-04-06 02:14 . 2012-04-06 02:14 21504 ----a-w- c:\windows\system32\atimuixx.dll
2012-04-06 02:14 . 2012-04-06 02:14 59392 ----a-w- c:\windows\system32\atiedu64.dll
2012-04-06 02:14 . 2012-04-06 02:14 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2012-04-06 02:13 . 2012-04-06 02:13 6800896 ----a-w- c:\windows\SysWow64\atidxx32.dll
2012-04-06 02:10 . 2012-04-06 02:10 26181632 ----a-w- c:\windows\system32\atio6axx.dll
2012-04-06 02:00 . 2012-04-06 02:00 64000 ----a-w- c:\windows\system32\coinst.dll
2012-04-06 01:54 . 2009-11-03 03:44 7479296 ----a-w- c:\windows\system32\atidxx64.dll
2012-04-06 01:50 . 2012-04-06 01:50 19753984 ----a-w- c:\windows\SysWow64\atioglxx.dll
2012-04-06 01:35 . 2012-04-06 01:35 1120768 ----a-w- c:\windows\system32\atiumd6v.dll
2012-04-06 01:34 . 2012-04-06 01:34 1831424 ----a-w- c:\windows\SysWow64\atiumdmv.dll
2012-04-06 01:34 . 2012-04-06 01:34 4731904 ----a-w- c:\windows\system32\atiumd6a.dll
2012-04-06 01:34 . 2012-04-06 01:34 6203392 ----a-w- c:\windows\SysWow64\atiumdag.dll
2012-04-06 01:30 . 2012-04-06 01:30 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2012-04-06 01:30 . 2012-04-06 01:30 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2012-04-06 01:30 . 2012-04-06 01:30 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2012-04-06 01:30 . 2012-04-06 01:30 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2012-04-06 01:29 . 2012-04-06 01:29 16090624 ----a-w- c:\windows\system32\aticaldd64.dll
2012-04-06 01:25 . 2012-04-06 01:25 13764096 ----a-w- c:\windows\SysWow64\aticaldd.dll
2012-04-06 01:23 . 2012-04-06 01:23 7431680 ----a-w- c:\windows\system32\atiumd64.dll
2012-04-06 01:22 . 2012-04-06 01:22 4795904 ----a-w- c:\windows\SysWow64\atiumdva.dll
2012-04-06 01:11 . 2012-04-06 01:11 514560 ----a-w- c:\windows\system32\atiadlxx.dll
2012-04-06 01:11 . 2012-04-06 01:11 360448 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2012-04-06 01:11 . 2012-04-06 01:11 17408 ----a-w- c:\windows\system32\atig6pxx.dll
2012-04-06 01:11 . 2012-04-06 01:11 14848 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2012-04-06 01:11 . 2012-04-06 01:11 14848 ----a-w- c:\windows\system32\atiglpxx.dll
2012-04-06 01:11 . 2012-04-06 01:11 41984 ----a-w- c:\windows\system32\atig6txx.dll
2012-04-06 01:10 . 2012-04-06 01:10 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll
2012-04-06 01:10 . 2012-04-06 01:10 343040 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2012-04-06 01:09 . 2012-04-06 01:09 54784 ----a-w- c:\windows\system32\atiuxp64.dll
2012-04-06 01:09 . 2012-04-06 01:09 41984 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2012-04-06 01:09 . 2012-04-06 01:09 44544 ----a-w- c:\windows\system32\atiu9p64.dll
2012-04-06 01:09 . 2012-04-06 01:09 32256 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2012-04-06 01:09 . 2012-04-06 01:09 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2012-04-06 01:06 . 2012-04-06 01:06 54784 ----a-w- c:\windows\system32\atimpc64.dll
2012-04-06 01:06 . 2012-04-06 01:06 54784 ----a-w- c:\windows\system32\amdpcom64.dll
2012-04-06 01:06 . 2012-04-06 01:06 53760 ----a-w- c:\windows\SysWow64\atimpc32.dll
2012-04-06 01:06 . 2012-04-06 01:06 53760 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2012-04-05 20:34 . 2012-04-05 20:34 187392 ----a-w- c:\windows\system32\clinfo.exe
2012-04-05 20:34 . 2012-04-05 20:34 74752 ----a-w- c:\windows\system32\OpenVideo64.dll
2012-04-05 20:34 . 2012-04-05 20:34 64512 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2012-04-05 20:33 . 2012-04-05 20:33 63488 ----a-w- c:\windows\system32\OVDecode64.dll
2012-04-05 20:33 . 2012-04-05 20:33 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll
2012-04-05 20:33 . 2012-04-05 20:33 16457216 ----a-w- c:\windows\system32\amdocl64.dll
2012-04-05 20:32 . 2012-04-05 20:32 13007872 ----a-w- c:\windows\SysWow64\amdocl.dll
2012-04-05 20:32 . 2012-04-05 20:32 54784 ----a-w- c:\windows\system32\OpenCL.dll
2012-04-05 20:32 . 2012-04-05 20:32 50176 ----a-w- c:\windows\SysWow64\OpenCL.dll
2012-03-20 18:44 . 2012-03-20 18:44 98688 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-03-20 18:44 . 2012-03-20 18:44 203888 ----a-w- c:\windows\system32\drivers\MpFilter.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2012-06-11_15.35.46 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-11-03 04:04 . 2012-06-11 15:50 70984 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-06-11 15:50 45686 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-01-30 11:36 . 2012-06-11 15:50 18896 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2079184332-2997649951-1821268657-1000_UserData.bin
+ 2012-06-11 16:24 . 2012-06-11 18:48 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:46 . 2012-06-11 20:28 91888 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2010-03-22 18:20 . 2012-06-11 15:47 4456 c:\windows\system32\wdi\ERCQueuedResolutions.dat
- 2012-06-11 15:35 . 2012-06-11 15:35 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-06-11 20:25 . 2012-06-11 20:25 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-06-11 20:25 . 2012-06-11 20:25 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-06-11 15:35 . 2012-06-11 15:35 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-06-11 15:51 . 2012-06-11 15:51 128424 c:\windows\SysWOW64\Wat\WatWeb.dll
+ 2012-06-11 15:51 . 2012-06-11 15:51 114600 c:\windows\SysWOW64\Wat\npWatWeb.dll
+ 2010-01-30 17:21 . 2012-06-11 19:43 268720 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2012-06-11 15:51 . 2012-06-11 15:51 152888 c:\windows\system32\Wat\WatWeb.dll
+ 2012-06-11 15:51 . 2012-06-11 15:51 249656 c:\windows\system32\Wat\WatUX.exe
+ 2012-06-11 15:51 . 2012-06-11 15:51 138664 c:\windows\system32\Wat\npWatWeb.dll
+ 2009-12-24 17:35 . 2012-06-11 18:48 278528 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-12-24 17:35 . 2012-06-06 15:55 278528 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-10-01 20:33 . 2012-06-11 15:34 472480 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2011-10-01 20:33 . 2012-06-11 20:25 472480 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2009-07-14 05:01 . 2012-06-11 15:34 401008 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-06-11 20:25 401008 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-06-11 15:51 . 2012-06-11 15:51 1255736 c:\windows\system32\Wat\WatAdminSvc.exe
+ 2009-07-14 04:45 . 2012-06-11 19:10 7113171 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
- 2009-07-14 04:45 . 2012-06-04 11:25 7113171 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2011-05-09 06:56 . 2012-06-11 20:25 3077380 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2079184332-2997649951-1821268657-1000-8192.dat
+ 2009-07-14 04:54 . 2012-06-11 18:48 10813440 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-06-06 15:55 10813440 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-09-10 13:41 120104 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x86\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2009-08-18 1157128]
"ArcadeDeluxeAgent"="c:\program files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2009-10-29 419112]
"PlayMovie"="c:\program files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2009-10-22 181480]
"SunJavaUpdateSched"="c:\program files (x86)\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 132496]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"LifeCam"="c:\program files (x86)\Microsoft LifeCam\LifeExp.exe" [2010-12-13 135536]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-04-05 641664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-03 135664]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-04 257696]
R3 GDPkIcpt;GDPkIcpt;c:\windows\system32\drivers\PktIcpt.sys [x]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-03 135664]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-06 129976]
R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys [x]
R3 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [2009-09-10 305448]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-06-18 50432]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-09-02 225280]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2009-10-29 844320]
S2 Greg_Service;GRegService;c:\program files (x86)\Acer\Registration\GregHSRW.exe [2009-08-28 1150496]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-06-18 144640]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2009-07-04 240160]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-06-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-04 15:11]
.
2012-06-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-03 14:15]
.
2012-06-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-03 14:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-09-10 13:44 137512 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x64\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-10-13 186904]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-28 7982112]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2009-10-29 822816]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"PLFSetI"="c:\windows\PLFSetI.exe" [2008-07-29 200704]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page =
uLocal Page = c:\windows\system32\blank.htm
mStart Page =
mLocal Page =
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\bonny\AppData\Roaming\Mozilla\Firefox\Profiles\2tx3ff8e.default\
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-06-11 22:39:01 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-06-11 20:38
ComboFix2.txt 2012-06-11 15:46
.
Vor Suchlauf: 19 Verzeichnis(se), 433.428.611.072 Bytes frei
Nach Suchlauf: 20 Verzeichnis(se), 432.990.826.496 Bytes frei
.
- - End Of File - - 7660D585044A895A09024A984228BB8C
Die Geschichte mit der Windows 7 Aktivierung -> Echtheitszertifikat besteht wohl immer noch! Geändert von IceCube (11.06.2012 um 21:50 Uhr) |
|
11.06.2012, 22:04
| #22 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner: Sirefef.X / Sirefef.E / Conedex.A und Exploit: JS/Blacole.FF Ich wollte eigentlich mit CF versehentlich gelöschte wiederherstellen...offenbar klappte das irgendwie nicht Ich brauch den Quarantäneordner von Combofix. Bitte folgendes machen: 1.) GANZ WICHTIG!! Virenscanner deaktivieren, der darf das Packen nicht beeinflussen! 2.) Ordner Quarantine in C:\Qoobox in eine Datei zippen 3.) die erstellte ZIP-Datei hier hochladen => http://www.trojaner-board.de/54791-a...ner-board.html Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang in den Thread posten! 4.) Wenns erfolgreich war Bescheid sagen 5.) Erst dann wieder den Virenscanner einschalten
__________________ Logfiles bitte immer in CODE-Tags posten |
|
11.06.2012, 22:17
| #23 |
| | Trojaner: Sirefef.X / Sirefef.E / Conedex.A und Exploit: JS/Blacole.FF So Ordner Qoobox wurde als ZIP hochgeladen! Virenscanner Essentials geht nicht, da er die Echtheit der Windows Version bezweifelt -> siehe vorherige Post inkl. Screen Daten angekommen? |
|
12.06.2012, 09:54
| #24 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner: Sirefef.X / Sirefef.E / Conedex.A und Exploit: JS/Blacole.FF Neuer Versuch Combofix - Scripten 1. Starte das Notepad (Start / Ausführen / notepad[Enter]) 2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein. Code:
ATTFilter DeQuarantine::
C:\Qoobox\Quarantine\C\windows\system32\slwga.dll.vir
C:\Qoobox\Quarantine\C\windows\system32\srrstr.dll.vir
C:\Qoobox\Quarantine\C\windows\system32\systemcpl.dll.vir
C:\Qoobox\Quarantine\C\windows\system32\termsrv.dll.vir
C:\Qoobox\Quarantine\C\windows\SysWow64\odbcad32.exe.vir
QUIT::
4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall. (Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !) 5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet. 6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien: Combofix.txt Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
12.06.2012, 10:10
| #25 |
| | Trojaner: Sirefef.X / Sirefef.E / Conedex.A und Exploit: JS/Blacole.FF So Anweisung befolgt. CF hat Aktualisierung durchgeführt. Dann DOS Fenster mit Hinweis auf 10 minütigen Scan gezeigt. Danach war jedoch nach ca. 2 Minuten Ende und es wurde ein leeres Editorfenster geöffnet (siehe Screen im Anhang). |
|
12.06.2012, 12:20
| #26 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner: Sirefef.X / Sirefef.E / Conedex.A und Exploit: JS/Blacole.FF Tja, dann muss man es manuell probieren  Du musst diese Dateien umbenennen => .vir abschneiden Code:
ATTFilter C:\Qoobox\Quarantine\C\windows\system32\slwga.dll.vir
C:\Qoobox\Quarantine\C\windows\system32\srrstr.dll.vir
C:\Qoobox\Quarantine\C\windows\system32\systemcpl.dll.vir
C:\Qoobox\Quarantine\C\windows\system32\termsrv.dll.vir
C:\Qoobox\Quarantine\C\windows\SysWow64\odbcad32.exe.vir
Dann hast du diese Dateinamen Code:
ATTFilter C:\Qoobox\Quarantine\C\windows\system32\slwga.dll
C:\Qoobox\Quarantine\C\windows\system32\srrstr.dll
C:\Qoobox\Quarantine\C\windows\system32\systemcpl.dll
C:\Qoobox\Quarantine\C\windows\system32\termsrv.dll
C:\Qoobox\Quarantine\C\windows\SysWow64\odbcad32.exe
Code:
ATTFilter C:\Qoobox\Quarantine\C\windows\system32\slwga.dll => C:\windows\system32\slwga.dll
C:\Qoobox\Quarantine\C\windows\system32\srrstr.dll => C:\windows\system32\srrstr.dll
C:\Qoobox\Quarantine\C\windows\system32\systemcpl.dll => C:\windows\system32\systemcpl.dll
C:\Qoobox\Quarantine\C\windows\system32\termsrv.dll => C:\windows\system32\termsrv.dll
C:\Qoobox\Quarantine\C\windows\SysWow64\odbcad32.exe => C:\windows\SysWow64\odbcad32.exe
__________________ Logfiles bitte immer in CODE-Tags posten |
|
12.06.2012, 12:46
| #27 | |
| | Trojaner: Sirefef.X / Sirefef.E / Conedex.A und Exploit: JS/Blacole.FFZitat:
  Wie gehts weiter? |
|
12.06.2012, 13:50
| #28 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner: Sirefef.X / Sirefef.E / Conedex.A und Exploit: JS/Blacole.FF Puh, dann lag ich ja goldrichtig   Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
12.06.2012, 14:49
| #29 |
| | Trojaner: Sirefef.X / Sirefef.E / Conedex.A und Exploit: JS/Blacole.FF Der GMER Scan hat nicht funktioniert! Deshalb hab ich dann mit dem OSAM weitergemacht. Hier nun das Log: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 15:50:28 on 12.06.2012 OS: Windows 7 Home Premium Edition Service Pack 1 (Build 7601), 64-bit Default Browser: Mozilla Corporation Firefox 12.0 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Common] -----( %SystemRoot%\Tasks )----- "GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe "Adobe Flash Player Updater.job" - "Adobe Systems Incorporated" - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [Control Panel Objects] -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~1\Office12\MLCFG32.CPL [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "catchme" (catchme) - ? - C:\ComboFix\catchme.sys (File not found) "GDPkIcpt" (GDPkIcpt) - "G Data Software AG" - C:\Windows\system32\drivers\PktIcpt.sys "MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\Windows\system32\drivers\mbam.sys "NTIDrvr" (NTIDrvr) - "NewTech Infosystems, Inc." - C:\Windows\system32\drivers\NTIDrvr.sys "UBHelper" (UBHelper) - "NewTech Infosystems Corporation" - C:\Windows\system32\drivers\UBHelper.sys [Explorer] -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll {828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL {88FED34C-F0CA-4636-A375-3CB6248B04CD} "Local Groove Web Services Protocol" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll {0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - c:\Program Files (x86)\Common Files\Microsoft Shared\Information Retrieval\msitss.dll {828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL {03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )----- {B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files (x86)\7-Zip\7-zip.dll {5E2121EE-0300-11D4-8D3B-444553540000} "Catalyst Context Menu extension" - ? - (File not found | COM-object registry key not found) {0563DB41-F538-4B37-A92D-4659049B7766} "CLSID_WLMCMimeFilter" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll {D8D1CE8C-B1EB-4E95-B63B-1531BA60E992} "DivX Property Handler" - "DivX, Inc." - C:\Program Files (x86)\DivX\DivX Plus Media Foundation Components\DivXPropertyHandler.dll {83238FAE-D346-4E12-8734-D42F7554B3E6} "DivX Thumbnail Provider" - "DivX, Inc." - C:\Program Files (x86)\DivX\DivX Plus Media Foundation Components\DivXThumbnailProvider.dll {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} "DragDropProtect Class" - "Egis Technology Inc." - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\psdprotect.dll {99FD978C-D287-4F50-827F-B2C658EDA8E7} "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} "Groove Explorer Icon Overlay 2 (GFS Stub)" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll {920E6DB1-9907-4370-B3A0-BAFC03D81399} "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll {16F3DD56-1AF5-4347-846D-7C10C4192619} "Groove Explorer Icon Overlay 3 (GFS Folder)" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll {2A541AE1-5BF6-4665-A8A3-CFA9672E4291} "Groove Folder Synchronization" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll {72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll {6C467336-8281-4E60-8204-430CED96822D} "Groove GFS Context Menu Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll {B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll {A449600E-1DC6-4232-B948-9BD794D62056} "Groove GFS Stub Icon Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll {387E725D-DC16-4D76-B310-2C93ED4752A0} "Groove XML Icon Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office12\msohevi.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~1\Office12\ONFILTER.DLL {00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~1\Office12\MLSHEXT.DLL {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~1\Office12\OLKFSTUB.DLL {2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files (x86)\WinRAR\rarext.dll {B41DB860-64E4-11D2-9906-E49FADC173CA} "WinRAR shell extension" - ? - (File not found | COM-object registry key not found) {06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} "Java Plug-in 1.6.0_02" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_23" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} "Java Plug-in 1.6.0_23" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_23" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\npjpi160_23.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab {C345E174-3E87-4F41-A01C-B066A90A49B4} "WRC Class" - "Microsoft Corporation" - C:\Windows\Downloaded Program Files\wrc32.ocx / hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll {5F7B1267-94A9-47F5-98DB-E99415F33AEC} "In Blog veröffentlichen" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll {9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\Users\bonny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )----- "StartupPrograms" - ? - rdpclip (File not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "ArcadeDeluxeAgent" - "CyberLink Corp." - "C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" "DivXUpdate" - ? - "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW "GrooveMonitor" - "Microsoft Corporation" - "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" "LifeCam" - "Microsoft Corporation" - "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe" "LManager" - "Dritek System Inc." - C:\Program Files (x86)\Launch Manager\LManager.exe "Malwarebytes' Anti-Malware" - "Malwarebytes Corporation" - "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray "PlayMovie" - "Acer Corp." - "C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe" "StartCCC" - "Advanced Micro Devices, Inc." - "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun "SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files (x86)\Java\jre1.6.0_02\bin\jusched.exe" [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "@%ProgramFiles%\Windows Defender\MsMpRes.dll,-103" (WinDefend) - ? - C:\Program Files (x86)\Windows Defender\mpsvc.dll (File not found) "@%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101" (WMPNetworkSvc) - ? - "C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe" (File not found) "@c:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243" (NisSrv) - "Microsoft Corporation" - c:\Program Files\Microsoft Security Client\NisSrv.exe "Acer ePower Service" (ePowerSvc) - "Acer Incorporated" - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe "Adobe Acrobat Update Service" (AdobeARMservice) - "Adobe Systems Incorporated" - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe "Adobe Flash Player Update Service" (AdobeFlashPlayerUpdateSvc) - "Adobe Systems Incorporated" - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe "Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe "Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe "GRegService" (Greg_Service) - "Acer Incorporated" - C:\Program Files (x86)\Acer\Registration\GregHSRW.exe "Intel(R) Matrix Storage Event Monitor" (IAANTMON) - "Intel Corporation" - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe "MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe "Microsoft .NET Framework NGEN v4.0.30319_X64" (clr_optimization_v4.0.30319_64) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe "Microsoft Antimalware Service" (MsMpSvc) - "Microsoft Corporation" - c:\Program Files\Microsoft Security Client\MsMpEng.exe "Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE "Microsoft Office Groove Audit Service" (Microsoft Office Groove Audit Service) - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe "Mozilla Maintenance Service" (MozillaMaintenance) - "Mozilla Foundation" - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe "MSCamSvc" (MSCamSvc) - "Microsoft Corporation" - C:\Program Files\Microsoft LifeCam\MSCamS64.exe "MyWinLocker Service" (MWLService) - "Egis Technology Inc." - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe "NTI Backup Now 5 Backup Service" (NTIBackupSvc) - "NewTech InfoSystems, Inc." - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe "NTI Backup Now 5 Scheduler Service" (NTISchedulerSvc) - "NewTech Infosystems, Inc." - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE "Updater Service" (Updater Service) - "Acer" - C:\Program Files\Acer\Acer Updater\UpdaterService.exe ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-06-12 15:55:36
-----------------------------
15:55:36.362 OS Version: Windows x64 6.1.7601 Service Pack 1
15:55:36.362 Number of processors: 2 586 0x170A
15:55:36.362 ComputerName: BONNY-PC UserName: bonny
15:55:37.298 Initialize success
15:56:45.705 AVAST engine defs: 12061200
15:56:59.297 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
15:56:59.297 Disk 0 Vendor: ST950032 0001 Size: 476940MB BusType: 3
15:56:59.328 Disk 0 MBR read successfully
15:56:59.328 Disk 0 MBR scan
15:56:59.328 Disk 0 Windows 7 default MBR code
15:56:59.344 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 12291 MB offset 63
15:56:59.360 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 101 MB offset 25173855
15:56:59.375 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 464545 MB offset 25382700
15:56:59.391 Disk 0 scanning C:\Windows\system32\drivers
15:57:14.613 Service scanning
15:57:41.024 Modules scanning
15:57:41.024 Disk 0 trace - called modules:
15:57:41.102 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
15:57:41.118 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004b57060]
15:57:41.118 3 CLASSPNP.SYS[fffff8800148b43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800473a050]
15:57:42.459 AVAST engine scan C:\Windows
15:57:46.203 AVAST engine scan C:\Windows\system32
16:01:09.994 AVAST engine scan C:\Windows\system32\drivers
16:01:26.550 AVAST engine scan C:\Users\bonny
16:02:53.454 AVAST engine scan C:\ProgramData
16:03:19.752 Scan finished successfully
16:04:33.120 Disk 0 MBR has been saved successfully to "C:\Users\bonny\Desktop\MBR.dat"
16:04:33.135 The log file has been saved successfully to "C:\Users\bonny\Desktop\aswMBR.txt"
Geändert von IceCube (12.06.2012 um 15:06 Uhr) |
|
12.06.2012, 16:13
| #30 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner: Sirefef.X / Sirefef.E / Conedex.A und Exploit: JS/Blacole.FF Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Trojaner: Sirefef.X / Sirefef.E / Conedex.A und Exploit: JS/Blacole.FF |
| alternate, andere, anderen, anhang, befindet, conrad, durchgeführt, email, essen, exploit, fiese, firma, g-data, google earth, installiert, js/blacole.ff, langer, launch, locker, ms security essentials, mywinlocker, natürlich, norton, plug-in, programme, rechner, scan, screenshot, searchscopes, security, security scan, testversion, trojaner, version, virenprogramme, win, win 7 64bit |
Linear-Darstellung
