|
Plagegeister aller Art und deren Bekämpfung: Trojaner: Sirefef.X / Sirefef.E / Conedex.A und Exploit: JS/Blacole.FFWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
11.06.2012, 15:42 | #16 |
| Trojaner: Sirefef.X / Sirefef.E / Conedex.A und Exploit: JS/Blacole.FFCode:
ATTFilter 16:38:29.0518 1160 TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16 16:38:29.0689 1160 ============================================================ 16:38:29.0689 1160 Current date / time: 2012/06/11 16:38:29.0689 16:38:29.0689 1160 SystemInfo: 16:38:29.0689 1160 16:38:29.0689 1160 OS Version: 6.1.7601 ServicePack: 1.0 16:38:29.0689 1160 Product type: Workstation 16:38:29.0689 1160 ComputerName: BONNY-PC 16:38:29.0689 1160 UserName: bonny 16:38:29.0689 1160 Windows directory: C:\Windows 16:38:29.0689 1160 System windows directory: C:\Windows 16:38:29.0689 1160 Running under WOW64 16:38:29.0689 1160 Processor architecture: Intel x64 16:38:29.0689 1160 Number of processors: 2 16:38:29.0689 1160 Page size: 0x1000 16:38:29.0689 1160 Boot type: Normal boot 16:38:29.0689 1160 ============================================================ 16:38:30.0236 1160 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 16:38:30.0241 1160 ============================================================ 16:38:30.0241 1160 \Device\Harddisk0\DR0: 16:38:30.0242 1160 MBR partitions: 16:38:30.0242 1160 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1801F5F, BlocksNum 0x32FCD 16:38:30.0242 1160 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1834F2C, BlocksNum 0x38B50904 16:38:30.0242 1160 ============================================================ 16:38:30.0275 1160 C: <-> \Device\Harddisk0\DR0\Partition1 16:38:30.0275 1160 ============================================================ 16:38:30.0275 1160 Initialize success 16:38:30.0275 1160 ============================================================ 16:39:00.0104 0600 ============================================================ 16:39:00.0104 0600 Scan started 16:39:00.0104 0600 Mode: Manual; SigCheck; TDLFS; 16:39:00.0104 0600 ============================================================ 16:39:00.0564 0600 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys 16:39:00.0670 0600 1394ohci - ok 16:39:00.0699 0600 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys 16:39:00.0727 0600 ACPI - ok 16:39:00.0764 0600 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys 16:39:00.0853 0600 AcpiPmi - ok 16:39:00.0990 0600 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe 16:39:01.0010 0600 AdobeARMservice - ok 16:39:01.0122 0600 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe 16:39:01.0155 0600 AdobeFlashPlayerUpdateSvc - ok 16:39:01.0227 0600 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys 16:39:01.0273 0600 adp94xx - ok 16:39:01.0340 0600 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys 16:39:01.0371 0600 adpahci - ok 16:39:01.0418 0600 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys 16:39:01.0449 0600 adpu320 - ok 16:39:01.0480 0600 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll 16:39:01.0621 0600 AeLookupSvc - ok 16:39:01.0683 0600 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys 16:39:01.0777 0600 AFD - ok 16:39:01.0823 0600 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys 16:39:01.0855 0600 agp440 - ok 16:39:01.0870 0600 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe 16:39:01.0964 0600 ALG - ok 16:39:02.0011 0600 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys 16:39:02.0026 0600 aliide - ok 16:39:02.0057 0600 AMD External Events Utility (20c8a3e435a47f0408a1ea674afa6194) C:\Windows\system32\atiesrxx.exe 16:39:02.0182 0600 AMD External Events Utility - ok 16:39:02.0213 0600 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys 16:39:02.0245 0600 amdide - ok 16:39:02.0276 0600 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys 16:39:02.0341 0600 AmdK8 - ok 16:39:02.0904 0600 amdkmdag (0b45c18b0f3ee996d25baa4e74884b83) C:\Windows\system32\DRIVERS\atikmdag.sys 16:39:03.0245 0600 amdkmdag - ok 16:39:03.0387 0600 amdkmdap (0e57258e5cc4cc7a9a9a877afdf0cec6) C:\Windows\system32\DRIVERS\atikmpag.sys 16:39:03.0434 0600 amdkmdap - ok 16:39:03.0496 0600 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys 16:39:03.0528 0600 AmdPPM - ok 16:39:03.0574 0600 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys 16:39:03.0590 0600 amdsata - ok 16:39:03.0652 0600 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys 16:39:03.0699 0600 amdsbs - ok 16:39:03.0715 0600 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys 16:39:03.0715 0600 amdxata - ok 16:39:03.0762 0600 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys 16:39:03.0964 0600 AppID - ok 16:39:03.0980 0600 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll 16:39:04.0027 0600 AppIDSvc - ok 16:39:04.0089 0600 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll 16:39:04.0152 0600 Appinfo - ok 16:39:04.0198 0600 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys 16:39:04.0214 0600 arc - ok 16:39:04.0230 0600 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys 16:39:04.0245 0600 arcsas - ok 16:39:04.0261 0600 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys 16:39:04.0351 0600 AsyncMac - ok 16:39:04.0386 0600 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys 16:39:04.0400 0600 atapi - ok 16:39:04.0489 0600 athr (0acc06fcf46f64ed4f11e57ee461c1f4) C:\Windows\system32\DRIVERS\athrx.sys 16:39:04.0598 0600 athr - ok 16:39:05.0259 0600 atikmdag (0b45c18b0f3ee996d25baa4e74884b83) C:\Windows\system32\DRIVERS\atikmdag.sys 16:39:05.0392 0600 atikmdag - ok 16:39:05.0548 0600 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll 16:39:05.0642 0600 AudioEndpointBuilder - ok 16:39:05.0657 0600 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll 16:39:05.0704 0600 AudioSrv - ok 16:39:05.0767 0600 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll 16:39:05.0876 0600 AxInstSV - ok 16:39:05.0954 0600 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys 16:39:06.0032 0600 b06bdrv - ok 16:39:06.0063 0600 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys 16:39:06.0125 0600 b57nd60a - ok 16:39:06.0297 0600 BCM43XX (b44879610f2dc4a046b14befa3ae72de) C:\Windows\system32\DRIVERS\bcmwl664.sys 16:39:06.0433 0600 BCM43XX - ok 16:39:06.0524 0600 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll 16:39:06.0576 0600 BDESVC - ok 16:39:06.0621 0600 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys 16:39:06.0700 0600 Beep - ok 16:39:06.0794 0600 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll 16:39:06.0900 0600 BFE - ok 16:39:06.0978 0600 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll 16:39:07.0085 0600 BITS - ok 16:39:07.0151 0600 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys 16:39:07.0190 0600 blbdrive - ok 16:39:07.0242 0600 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys 16:39:07.0277 0600 bowser - ok 16:39:07.0300 0600 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys 16:39:07.0378 0600 BrFiltLo - ok 16:39:07.0409 0600 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys 16:39:07.0441 0600 BrFiltUp - ok 16:39:07.0472 0600 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll 16:39:07.0534 0600 Browser - ok 16:39:07.0565 0600 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys 16:39:07.0643 0600 Brserid - ok 16:39:07.0659 0600 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys 16:39:07.0690 0600 BrSerWdm - ok 16:39:07.0721 0600 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys 16:39:07.0768 0600 BrUsbMdm - ok 16:39:07.0784 0600 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys 16:39:07.0831 0600 BrUsbSer - ok 16:39:07.0846 0600 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys 16:39:07.0877 0600 BTHMODEM - ok 16:39:07.0924 0600 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll 16:39:07.0987 0600 bthserv - ok 16:39:08.0033 0600 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys 16:39:08.0080 0600 cdfs - ok 16:39:08.0143 0600 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys 16:39:08.0174 0600 cdrom - ok 16:39:08.0236 0600 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll 16:39:08.0314 0600 CertPropSvc - ok 16:39:08.0345 0600 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys 16:39:08.0387 0600 circlass - ok 16:39:08.0430 0600 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys 16:39:08.0459 0600 CLFS - ok 16:39:08.0513 0600 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 16:39:08.0533 0600 clr_optimization_v2.0.50727_32 - ok 16:39:08.0572 0600 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 16:39:08.0589 0600 clr_optimization_v2.0.50727_64 - ok 16:39:08.0670 0600 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 16:39:08.0688 0600 clr_optimization_v4.0.30319_32 - ok 16:39:08.0742 0600 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 16:39:08.0762 0600 clr_optimization_v4.0.30319_64 - ok 16:39:08.0793 0600 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys 16:39:08.0822 0600 CmBatt - ok 16:39:08.0848 0600 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys 16:39:08.0861 0600 cmdide - ok 16:39:08.0916 0600 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys 16:39:08.0974 0600 CNG - ok 16:39:09.0008 0600 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys 16:39:09.0022 0600 Compbatt - ok 16:39:09.0059 0600 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys 16:39:09.0092 0600 CompositeBus - ok 16:39:09.0106 0600 COMSysApp - ok 16:39:09.0128 0600 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys 16:39:09.0141 0600 crcdisk - ok 16:39:09.0188 0600 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll 16:39:09.0255 0600 CryptSvc - ok 16:39:09.0292 0600 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll 16:39:09.0364 0600 DcomLaunch - ok 16:39:09.0442 0600 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll 16:39:09.0533 0600 defragsvc - ok 16:39:09.0582 0600 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys 16:39:09.0636 0600 DfsC - ok 16:39:09.0676 0600 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll 16:39:09.0743 0600 Dhcp - ok 16:39:09.0765 0600 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys 16:39:09.0804 0600 discache - ok 16:39:09.0859 0600 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys 16:39:09.0884 0600 Disk - ok 16:39:09.0990 0600 DKbFltr (d5bcb77be83cf99f508943945d46343d) C:\Windows\SysWOW64\Drivers\DKbFltr.sys 16:39:10.0002 0600 DKbFltr - ok 16:39:10.0040 0600 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll 16:39:10.0085 0600 Dnscache - ok 16:39:10.0122 0600 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll 16:39:10.0197 0600 dot3svc - ok 16:39:10.0226 0600 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll 16:39:10.0278 0600 DPS - ok 16:39:10.0320 0600 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys 16:39:10.0338 0600 drmkaud - ok 16:39:10.0406 0600 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys 16:39:10.0447 0600 DXGKrnl - ok 16:39:10.0461 0600 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll 16:39:10.0523 0600 EapHost - ok 16:39:10.0695 0600 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys 16:39:10.0835 0600 ebdrv - ok 16:39:10.0929 0600 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe 16:39:10.0991 0600 EFS - ok 16:39:11.0069 0600 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe 16:39:11.0163 0600 ehRecvr - ok 16:39:11.0194 0600 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe 16:39:11.0257 0600 ehSched - ok 16:39:11.0335 0600 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys 16:39:11.0397 0600 elxstor - ok 16:39:11.0491 0600 ePowerSvc (8e910f796f5f30281cdd24aba47ddea2) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe 16:39:11.0569 0600 ePowerSvc - ok 16:39:11.0693 0600 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys 16:39:11.0725 0600 ErrDev - ok 16:39:11.0787 0600 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll 16:39:11.0881 0600 EventSystem - ok 16:39:11.0912 0600 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys 16:39:11.0959 0600 exfat - ok 16:39:11.0990 0600 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys 16:39:12.0037 0600 fastfat - ok 16:39:12.0115 0600 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe 16:39:12.0177 0600 Fax - ok 16:39:12.0193 0600 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys 16:39:12.0208 0600 fdc - ok 16:39:12.0239 0600 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll 16:39:12.0319 0600 fdPHost - ok 16:39:12.0341 0600 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll 16:39:12.0408 0600 FDResPub - ok 16:39:12.0444 0600 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys 16:39:12.0459 0600 FileInfo - ok 16:39:12.0469 0600 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys 16:39:12.0523 0600 Filetrace - ok 16:39:12.0558 0600 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys 16:39:12.0585 0600 flpydisk - ok 16:39:12.0643 0600 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys 16:39:12.0681 0600 FltMgr - ok 16:39:12.0757 0600 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll 16:39:12.0879 0600 FontCache - ok 16:39:12.0938 0600 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 16:39:12.0954 0600 FontCache3.0.0.0 - ok 16:39:13.0009 0600 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys 16:39:13.0032 0600 FsDepends - ok 16:39:13.0055 0600 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys 16:39:13.0077 0600 Fs_Rec - ok 16:39:13.0122 0600 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys 16:39:13.0143 0600 fvevol - ok 16:39:13.0173 0600 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys 16:39:13.0187 0600 gagp30kx - ok 16:39:13.0246 0600 GDPkIcpt (290ddb8c97249f99569b77e9df2f76fc) C:\Windows\system32\drivers\PktIcpt.sys 16:39:13.0267 0600 GDPkIcpt - ok 16:39:13.0320 0600 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll 16:39:13.0445 0600 gpsvc - ok 16:39:13.0554 0600 Greg_Service (816fd5a6f3c2f3d600900096632fc60e) C:\Program Files (x86)\Acer\Registration\GregHSRW.exe 16:39:13.0632 0600 Greg_Service - ok 16:39:13.0710 0600 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 16:39:13.0742 0600 gupdate - ok 16:39:13.0757 0600 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 16:39:13.0773 0600 gupdatem - ok 16:39:13.0882 0600 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys 16:39:13.0913 0600 hcw85cir - ok 16:39:13.0976 0600 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys 16:39:14.0038 0600 HdAudAddService - ok 16:39:14.0100 0600 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys 16:39:14.0147 0600 HDAudBus - ok 16:39:14.0178 0600 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys 16:39:14.0210 0600 HidBatt - ok 16:39:14.0241 0600 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys 16:39:14.0272 0600 HidBth - ok 16:39:14.0288 0600 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys 16:39:14.0303 0600 HidIr - ok 16:39:14.0334 0600 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll 16:39:14.0388 0600 hidserv - ok 16:39:14.0450 0600 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys 16:39:14.0475 0600 HidUsb - ok 16:39:14.0506 0600 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll 16:39:14.0546 0600 hkmsvc - ok 16:39:14.0590 0600 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll 16:39:14.0666 0600 HomeGroupListener - ok 16:39:14.0690 0600 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll 16:39:14.0708 0600 HomeGroupProvider - ok 16:39:14.0757 0600 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys 16:39:14.0780 0600 HpSAMD - ok 16:39:14.0847 0600 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys 16:39:14.0948 0600 HTTP - ok 16:39:14.0980 0600 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys 16:39:14.0994 0600 hwpolicy - ok 16:39:15.0049 0600 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys 16:39:15.0074 0600 i8042prt - ok 16:39:15.0185 0600 IAANTMON (660bf3255a1eb18ed803fd2fba6ae400) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe 16:39:15.0232 0600 IAANTMON - ok 16:39:15.0269 0600 iaStor (be7d72fcf442c26975942007e0831241) C:\Windows\system32\DRIVERS\iaStor.sys 16:39:15.0286 0600 iaStor - ok 16:39:15.0360 0600 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys 16:39:15.0399 0600 iaStorV - ok 16:39:15.0508 0600 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 16:39:15.0570 0600 idsvc - ok 16:39:15.0882 0600 igfx (a87261ef1546325b559374f5689cf5bc) C:\Windows\system32\DRIVERS\igdkmd64.sys 16:39:16.0070 0600 igfx - ok 16:39:16.0194 0600 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys 16:39:16.0226 0600 iirsp - ok 16:39:16.0304 0600 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll 16:39:16.0394 0600 IKEEXT - ok 16:39:16.0521 0600 IntcAzAudAddService (0c3cf4b3bae28e121a1689e3538f8712) C:\Windows\system32\drivers\RTKVHD64.sys 16:39:16.0563 0600 IntcAzAudAddService - ok 16:39:16.0689 0600 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys 16:39:16.0711 0600 intelide - ok 16:39:16.0743 0600 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys 16:39:16.0787 0600 intelppm - ok 16:39:16.0829 0600 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll 16:39:16.0896 0600 IPBusEnum - ok 16:39:16.0936 0600 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys 16:39:16.0992 0600 IpFilterDriver - ok 16:39:17.0041 0600 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll 16:39:17.0114 0600 iphlpsvc - ok 16:39:17.0149 0600 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys 16:39:17.0165 0600 IPMIDRV - ok 16:39:17.0199 0600 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys 16:39:17.0255 0600 IPNAT - ok 16:39:17.0276 0600 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys 16:39:17.0363 0600 IRENUM - ok 16:39:17.0403 0600 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys 16:39:17.0488 0600 isapnp - ok 16:39:17.0517 0600 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys 16:39:17.0553 0600 iScsiPrt - ok 16:39:17.0566 0600 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys 16:39:17.0579 0600 kbdclass - ok 16:39:17.0590 0600 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys 16:39:17.0605 0600 kbdhid - ok 16:39:17.0626 0600 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 16:39:17.0639 0600 KeyIso - ok 16:39:17.0657 0600 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys 16:39:17.0672 0600 KSecDD - ok 16:39:17.0694 0600 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys 16:39:17.0711 0600 KSecPkg - ok 16:39:17.0733 0600 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys 16:39:17.0778 0600 ksthunk - ok 16:39:17.0846 0600 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll 16:39:17.0909 0600 KtmRm - ok 16:39:17.0975 0600 L1C (9c46a5421de9d116c47155317cabb522) C:\Windows\system32\DRIVERS\L1C62x64.sys 16:39:18.0023 0600 L1C - ok 16:39:18.0065 0600 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll 16:39:18.0125 0600 LanmanServer - ok 16:39:18.0153 0600 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll 16:39:18.0201 0600 LanmanWorkstation - ok 16:39:18.0244 0600 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys 16:39:18.0294 0600 lltdio - ok 16:39:18.0340 0600 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll 16:39:18.0427 0600 lltdsvc - ok 16:39:18.0458 0600 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll 16:39:18.0490 0600 lmhosts - ok 16:39:18.0521 0600 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys 16:39:18.0536 0600 LSI_FC - ok 16:39:18.0568 0600 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys 16:39:18.0583 0600 LSI_SAS - ok 16:39:18.0599 0600 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys 16:39:18.0614 0600 LSI_SAS2 - ok 16:39:18.0630 0600 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys 16:39:18.0646 0600 LSI_SCSI - ok 16:39:18.0661 0600 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys 16:39:18.0708 0600 luafv - ok 16:39:18.0755 0600 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys 16:39:18.0770 0600 MBAMProtector - ok 16:39:18.0880 0600 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe 16:39:18.0942 0600 MBAMService - ok 16:39:18.0973 0600 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll 16:39:19.0004 0600 Mcx2Svc - ok 16:39:19.0036 0600 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys 16:39:19.0051 0600 megasas - ok 16:39:19.0067 0600 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys 16:39:19.0098 0600 MegaSR - ok 16:39:19.0160 0600 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe 16:39:19.0176 0600 Microsoft Office Groove Audit Service - ok 16:39:19.0223 0600 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll 16:39:19.0285 0600 MMCSS - ok 16:39:19.0316 0600 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys 16:39:19.0397 0600 Modem - ok 16:39:19.0431 0600 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys 16:39:19.0458 0600 monitor - ok 16:39:19.0503 0600 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys 16:39:19.0525 0600 mouclass - ok 16:39:19.0557 0600 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys 16:39:19.0584 0600 mouhid - ok 16:39:19.0618 0600 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys 16:39:19.0633 0600 mountmgr - ok 16:39:19.0690 0600 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe 16:39:19.0712 0600 MozillaMaintenance - ok 16:39:19.0765 0600 MpFilter (94c66ededcdb6a126880472f9a704d8e) C:\Windows\system32\DRIVERS\MpFilter.sys 16:39:19.0789 0600 MpFilter - ok 16:39:19.0826 0600 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys 16:39:19.0842 0600 mpio - ok 16:39:19.0869 0600 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys 16:39:19.0907 0600 mpsdrv - ok 16:39:19.0977 0600 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll 16:39:20.0077 0600 MpsSvc - ok 16:39:20.0111 0600 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys 16:39:20.0148 0600 MRxDAV - ok 16:39:20.0183 0600 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys 16:39:20.0236 0600 mrxsmb - ok 16:39:20.0284 0600 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys 16:39:20.0330 0600 mrxsmb10 - ok 16:39:20.0351 0600 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys 16:39:20.0366 0600 mrxsmb20 - ok 16:39:20.0398 0600 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys 16:39:20.0413 0600 msahci - ok 16:39:20.0507 0600 MSCamSvc (41fb1d61df09c36ccab0b04eec66f6d5) C:\Program Files\Microsoft LifeCam\MSCamS64.exe 16:39:20.0538 0600 MSCamSvc - ok 16:39:20.0554 0600 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys 16:39:20.0569 0600 msdsm - ok 16:39:20.0600 0600 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe 16:39:20.0632 0600 MSDTC - ok 16:39:20.0678 0600 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys 16:39:20.0725 0600 Msfs - ok 16:39:20.0725 0600 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys 16:39:20.0788 0600 mshidkmdf - ok 16:39:20.0834 0600 MSHUSBVideo (bb590070d606ae6f008341fc9a7b2ad7) C:\Windows\system32\Drivers\nx6000.sys 16:39:20.0850 0600 MSHUSBVideo - ok 16:39:20.0881 0600 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys 16:39:20.0897 0600 msisadrv - ok 16:39:20.0928 0600 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll 16:39:21.0022 0600 MSiSCSI - ok 16:39:21.0022 0600 msiserver - ok 16:39:21.0053 0600 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys 16:39:21.0115 0600 MSKSSRV - ok 16:39:21.0162 0600 MsMpSvc (59faaf2c83c8169ea20f9e335e418907) c:\Program Files\Microsoft Security Client\MsMpEng.exe 16:39:21.0193 0600 MsMpSvc - ok 16:39:21.0209 0600 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys 16:39:21.0271 0600 MSPCLOCK - ok 16:39:21.0302 0600 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys 16:39:21.0349 0600 MSPQM - ok 16:39:21.0396 0600 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys 16:39:21.0412 0600 MsRPC - ok 16:39:21.0458 0600 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys 16:39:21.0474 0600 mssmbios - ok 16:39:21.0505 0600 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys 16:39:21.0558 0600 MSTEE - ok 16:39:21.0579 0600 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys 16:39:21.0615 0600 MTConfig - ok 16:39:21.0640 0600 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys 16:39:21.0655 0600 Mup - ok 16:39:21.0690 0600 mwlPSDFilter (6ffecc25b39dc7652a0cec0ada9db589) C:\Windows\system32\DRIVERS\mwlPSDFilter.sys 16:39:21.0706 0600 mwlPSDFilter - ok 16:39:21.0723 0600 mwlPSDNServ (0befe32ca56d6ee89d58175725596a85) C:\Windows\system32\DRIVERS\mwlPSDNServ.sys 16:39:21.0732 0600 mwlPSDNServ - ok 16:39:21.0745 0600 mwlPSDVDisk (d43bc633b8660463e446e28e14a51262) C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys 16:39:21.0754 0600 mwlPSDVDisk - ok 16:39:21.0869 0600 MWLService (2f139207f618ec2933830227eeffddb4) C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe 16:39:21.0901 0600 MWLService - ok 16:39:21.0948 0600 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll 16:39:22.0022 0600 napagent - ok 16:39:22.0085 0600 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys 16:39:22.0142 0600 NativeWifiP - ok 16:39:22.0217 0600 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys 16:39:22.0272 0600 NDIS - ok 16:39:22.0315 0600 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys 16:39:22.0357 0600 NdisCap - ok 16:39:22.0385 0600 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys 16:39:22.0435 0600 NdisTapi - ok 16:39:22.0454 0600 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys 16:39:22.0516 0600 Ndisuio - ok 16:39:22.0548 0600 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys 16:39:22.0604 0600 NdisWan - ok 16:39:22.0622 0600 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys 16:39:22.0679 0600 NDProxy - ok 16:39:22.0726 0600 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys 16:39:22.0789 0600 NetBIOS - ok 16:39:22.0838 0600 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys 16:39:22.0890 0600 NetBT - ok 16:39:22.0921 0600 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 16:39:22.0935 0600 Netlogon - ok 16:39:23.0005 0600 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll 16:39:23.0085 0600 Netman - ok 16:39:23.0120 0600 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll 16:39:23.0201 0600 netprofm - ok 16:39:23.0259 0600 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe 16:39:23.0271 0600 NetTcpPortSharing - ok 16:39:23.0305 0600 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys 16:39:23.0320 0600 nfrd960 - ok 16:39:23.0358 0600 NisDrv (91b4e0273d2f6c24ef845f2b41311289) C:\Windows\system32\DRIVERS\NisDrvWFP.sys 16:39:23.0371 0600 NisDrv - ok 16:39:23.0473 0600 NisSrv (10a43829a9e606af3eef25a1c1665923) c:\Program Files\Microsoft Security Client\NisSrv.exe 16:39:23.0513 0600 NisSrv - ok 16:39:23.0574 0600 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll 16:39:23.0653 0600 NlaSvc - ok 16:39:23.0676 0600 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys 16:39:23.0715 0600 Npfs - ok 16:39:23.0743 0600 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll 16:39:23.0802 0600 nsi - ok 16:39:23.0857 0600 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys 16:39:23.0927 0600 nsiproxy - ok 16:39:24.0024 0600 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys 16:39:24.0105 0600 Ntfs - ok 16:39:24.0197 0600 NTIBackupSvc (fd324cce1d4d5bb5af65f8e55b462c7e) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe 16:39:24.0215 0600 NTIBackupSvc - ok 16:39:24.0326 0600 NTIDrvr (64ddd0dee976302f4bd93e5efcc2f013) C:\Windows\system32\drivers\NTIDrvr.sys 16:39:24.0338 0600 NTIDrvr - ok 16:39:24.0387 0600 NTISchedulerSvc (3f6268a2ec33cd38cf75c880af8ded42) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe 16:39:24.0413 0600 NTISchedulerSvc - ok 16:39:24.0442 0600 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys 16:39:24.0500 0600 Null - ok 16:39:24.0553 0600 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys 16:39:24.0572 0600 nvraid - ok 16:39:24.0611 0600 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys 16:39:24.0640 0600 nvstor - ok 16:39:24.0665 0600 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys 16:39:24.0682 0600 nv_agp - ok 16:39:24.0760 0600 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE 16:39:24.0799 0600 odserv - ok 16:39:24.0826 0600 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys 16:39:24.0853 0600 ohci1394 - ok 16:39:24.0929 0600 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 16:39:24.0943 0600 ose - ok 16:39:24.0989 0600 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll 16:39:25.0049 0600 p2pimsvc - ok 16:39:25.0089 0600 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll 16:39:25.0127 0600 p2psvc - ok 16:39:25.0161 0600 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys 16:39:25.0178 0600 Parport - ok 16:39:25.0214 0600 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys 16:39:25.0230 0600 partmgr - ok 16:39:25.0254 0600 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll 16:39:25.0297 0600 PcaSvc - ok 16:39:25.0327 0600 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys 16:39:25.0343 0600 pci - ok 16:39:25.0361 0600 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys 16:39:25.0374 0600 pciide - ok 16:39:25.0401 0600 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys 16:39:25.0420 0600 pcmcia - ok 16:39:25.0438 0600 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys 16:39:25.0452 0600 pcw - ok 16:39:25.0495 0600 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys 16:39:25.0576 0600 PEAUTH - ok 16:39:25.0644 0600 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe 16:39:25.0675 0600 PerfHost - ok 16:39:25.0784 0600 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll 16:39:25.0900 0600 pla - ok 16:39:25.0956 0600 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll 16:39:26.0004 0600 PlugPlay - ok 16:39:26.0021 0600 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll 16:39:26.0047 0600 PNRPAutoReg - ok 16:39:26.0079 0600 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll 16:39:26.0097 0600 PNRPsvc - ok 16:39:26.0158 0600 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll 16:39:26.0227 0600 PolicyAgent - ok 16:39:26.0266 0600 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll 16:39:26.0323 0600 Power - ok 16:39:26.0400 0600 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys 16:39:26.0455 0600 PptpMiniport - ok 16:39:26.0488 0600 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys 16:39:26.0512 0600 Processor - ok 16:39:26.0574 0600 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll 16:39:26.0669 0600 ProfSvc - ok 16:39:26.0696 0600 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 16:39:26.0709 0600 ProtectedStorage - ok 16:39:26.0745 0600 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys 16:39:26.0801 0600 Psched - ok 16:39:26.0904 0600 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys 16:39:26.0970 0600 ql2300 - ok 16:39:27.0077 0600 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys 16:39:27.0098 0600 ql40xx - ok 16:39:27.0139 0600 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll 16:39:27.0183 0600 QWAVE - ok 16:39:27.0201 0600 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys 16:39:27.0245 0600 QWAVEdrv - ok 16:39:27.0285 0600 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys 16:39:27.0393 0600 RasAcd - ok 16:39:27.0426 0600 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys 16:39:27.0491 0600 RasAgileVpn - ok 16:39:27.0520 0600 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll 16:39:27.0574 0600 RasAuto - ok 16:39:27.0614 0600 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys 16:39:27.0685 0600 Rasl2tp - ok 16:39:27.0719 0600 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll 16:39:27.0790 0600 RasMan - ok 16:39:27.0827 0600 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys 16:39:27.0878 0600 RasPppoe - ok 16:39:27.0901 0600 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys 16:39:27.0965 0600 RasSstp - ok 16:39:28.0024 0600 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys 16:39:28.0088 0600 rdbss - ok 16:39:28.0130 0600 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys 16:39:28.0167 0600 rdpbus - ok 16:39:28.0199 0600 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys 16:39:28.0253 0600 RDPCDD - ok 16:39:28.0286 0600 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys 16:39:28.0360 0600 RDPENCDD - ok 16:39:28.0390 0600 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys 16:39:28.0434 0600 RDPREFMP - ok 16:39:28.0477 0600 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys 16:39:28.0526 0600 RDPWD - ok 16:39:28.0593 0600 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys 16:39:28.0623 0600 rdyboost - ok 16:39:28.0650 0600 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll 16:39:28.0711 0600 RemoteAccess - ok 16:39:28.0754 0600 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll 16:39:28.0862 0600 RemoteRegistry - ok 16:39:28.0892 0600 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll 16:39:28.0945 0600 RpcEptMapper - ok 16:39:28.0965 0600 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe 16:39:29.0013 0600 RpcLocator - ok 16:39:29.0074 0600 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll 16:39:29.0157 0600 RpcSs - ok 16:39:29.0200 0600 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys 16:39:29.0247 0600 rspndr - ok 16:39:29.0310 0600 RSUSBSTOR (db30aa4daa0d492fa5d7717d8181ffa1) C:\Windows\system32\Drivers\RtsUStor.sys 16:39:29.0359 0600 RSUSBSTOR - ok 16:39:29.0403 0600 s217bus (b49951a2c8fd81307707443d01936e37) C:\Windows\system32\DRIVERS\s217bus.sys 16:39:29.0419 0600 s217bus - ok 16:39:29.0449 0600 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 16:39:29.0466 0600 SamSs - ok 16:39:29.0501 0600 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys 16:39:29.0519 0600 sbp2port - ok 16:39:29.0555 0600 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll 16:39:29.0609 0600 SCardSvr - ok 16:39:29.0638 0600 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys 16:39:29.0684 0600 scfilter - ok 16:39:29.0783 0600 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll 16:39:29.0871 0600 Schedule - ok 16:39:29.0889 0600 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll 16:39:29.0936 0600 SCPolicySvc - ok 16:39:29.0975 0600 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll 16:39:30.0028 0600 SDRSVC - ok 16:39:30.0084 0600 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys 16:39:30.0146 0600 secdrv - ok 16:39:30.0181 0600 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll 16:39:30.0233 0600 seclogon - ok 16:39:30.0273 0600 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll 16:39:30.0326 0600 SENS - ok 16:39:30.0348 0600 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll 16:39:30.0403 0600 SensrSvc - ok 16:39:30.0438 0600 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys 16:39:30.0456 0600 Serenum - ok 16:39:30.0482 0600 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys 16:39:30.0510 0600 Serial - ok 16:39:30.0567 0600 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys 16:39:30.0598 0600 sermouse - ok 16:39:30.0633 0600 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll 16:39:30.0687 0600 SessionEnv - ok 16:39:30.0701 0600 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys 16:39:30.0741 0600 sffdisk - ok 16:39:30.0766 0600 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys 16:39:30.0792 0600 sffp_mmc - ok 16:39:30.0807 0600 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys 16:39:30.0839 0600 sffp_sd - ok 16:39:30.0873 0600 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys 16:39:30.0901 0600 sfloppy - ok 16:39:30.0946 0600 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll 16:39:31.0015 0600 SharedAccess - ok 16:39:31.0078 0600 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll 16:39:31.0140 0600 ShellHWDetection - ok 16:39:31.0162 0600 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys 16:39:31.0176 0600 SiSRaid2 - ok 16:39:31.0203 0600 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys 16:39:31.0218 0600 SiSRaid4 - ok 16:39:31.0247 0600 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys 16:39:31.0297 0600 Smb - ok 16:39:31.0345 0600 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe 16:39:31.0379 0600 SNMPTRAP - ok 16:39:31.0402 0600 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys 16:39:31.0415 0600 spldr - ok 16:39:31.0474 0600 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe 16:39:31.0525 0600 Spooler - ok 16:39:31.0698 0600 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe 16:39:31.0868 0600 sppsvc - ok 16:39:31.0979 0600 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll 16:39:32.0063 0600 sppuinotify - ok 16:39:32.0141 0600 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys 16:39:32.0187 0600 srv - ok 16:39:32.0238 0600 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys 16:39:32.0291 0600 srv2 - ok 16:39:32.0317 0600 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys 16:39:32.0350 0600 srvnet - ok 16:39:32.0394 0600 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll 16:39:32.0450 0600 SSDPSRV - ok 16:39:32.0475 0600 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll 16:39:32.0517 0600 SstpSvc - ok 16:39:32.0545 0600 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys 16:39:32.0561 0600 stexstor - ok 16:39:32.0606 0600 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll 16:39:32.0663 0600 stisvc - ok 16:39:32.0703 0600 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys 16:39:32.0715 0600 swenum - ok 16:39:32.0769 0600 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll 16:39:32.0840 0600 swprv - ok 16:39:32.0884 0600 SynTP (bcf305959b53b200ceb2ad25ad22f8a7) C:\Windows\system32\DRIVERS\SynTP.sys 16:39:32.0905 0600 SynTP - ok 16:39:33.0011 0600 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll 16:39:33.0131 0600 SysMain - ok 16:39:33.0223 0600 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll 16:39:33.0254 0600 TabletInputService - ok 16:39:33.0285 0600 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll 16:39:33.0367 0600 TapiSrv - ok 16:39:33.0400 0600 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll 16:39:33.0460 0600 TBS - ok 16:39:33.0616 0600 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys 16:39:33.0658 0600 Tcpip - ok 16:39:33.0831 0600 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys 16:39:33.0875 0600 TCPIP6 - ok 16:39:33.0950 0600 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys 16:39:34.0022 0600 tcpipreg - ok 16:39:34.0068 0600 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys 16:39:34.0086 0600 TDPIPE - ok 16:39:34.0113 0600 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys 16:39:34.0146 0600 TDTCP - ok 16:39:34.0213 0600 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys 16:39:34.0273 0600 tdx - ok 16:39:34.0302 0600 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys 16:39:34.0317 0600 TermDD - ok 16:39:34.0379 0600 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll 16:39:34.0457 0600 TermService - ok 16:39:34.0488 0600 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll 16:39:34.0519 0600 Themes - ok 16:39:34.0535 0600 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll 16:39:34.0586 0600 THREADORDER - ok 16:39:34.0605 0600 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll 16:39:34.0666 0600 TrkWks - ok 16:39:34.0723 0600 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe 16:39:34.0802 0600 TrustedInstaller - ok 16:39:34.0832 0600 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys 16:39:34.0870 0600 tssecsrv - ok 16:39:34.0887 0600 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys 16:39:34.0908 0600 TsUsbFlt - ok 16:39:34.0946 0600 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys 16:39:34.0999 0600 tunnel - ok 16:39:35.0033 0600 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys 16:39:35.0047 0600 uagp35 - ok 16:39:35.0066 0600 UBHelper (2e22c1fd397a5a9ffef55e9d1fc96c00) C:\Windows\system32\drivers\UBHelper.sys 16:39:35.0075 0600 UBHelper - ok 16:39:35.0110 0600 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys 16:39:35.0179 0600 udfs - ok 16:39:35.0207 0600 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe 16:39:35.0225 0600 UI0Detect - ok 16:39:35.0250 0600 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys 16:39:35.0264 0600 uliagpkx - ok 16:39:35.0309 0600 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys 16:39:35.0350 0600 umbus - ok 16:39:35.0376 0600 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys 16:39:35.0410 0600 UmPass - ok 16:39:35.0499 0600 Updater Service (70dde3a86dbeb1d6c3c30ad687b1877a) C:\Program Files\Acer\Acer Updater\UpdaterService.exe 16:39:35.0521 0600 Updater Service - ok 16:39:35.0568 0600 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll 16:39:35.0630 0600 upnphost - ok 16:39:35.0693 0600 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys 16:39:35.0708 0600 usbaudio - ok 16:39:35.0755 0600 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys 16:39:35.0771 0600 usbccgp - ok 16:39:35.0818 0600 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys 16:39:35.0833 0600 usbcir - ok 16:39:35.0849 0600 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys 16:39:35.0880 0600 usbehci - ok 16:39:35.0911 0600 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys 16:39:35.0958 0600 usbhub - ok 16:39:35.0974 0600 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys 16:39:36.0005 0600 usbohci - ok 16:39:36.0058 0600 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys 16:39:36.0090 0600 usbprint - ok 16:39:36.0126 0600 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys 16:39:36.0144 0600 usbscan - ok 16:39:36.0170 0600 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS 16:39:36.0219 0600 USBSTOR - ok 16:39:36.0249 0600 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys 16:39:36.0276 0600 usbuhci - ok 16:39:36.0332 0600 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys 16:39:36.0363 0600 usbvideo - ok 16:39:36.0395 0600 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll 16:39:36.0446 0600 UxSms - ok 16:39:36.0480 0600 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 16:39:36.0493 0600 VaultSvc - ok 16:39:36.0527 0600 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys 16:39:36.0540 0600 vdrvroot - ok 16:39:36.0600 0600 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe 16:39:36.0658 0600 vds - ok 16:39:36.0684 0600 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys 16:39:36.0701 0600 vga - ok 16:39:36.0713 0600 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys 16:39:36.0769 0600 VgaSave - ok 16:39:36.0809 0600 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys 16:39:36.0826 0600 vhdmp - ok 16:39:36.0837 0600 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys 16:39:36.0850 0600 viaide - ok 16:39:36.0871 0600 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys 16:39:36.0886 0600 volmgr - ok 16:39:36.0930 0600 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys 16:39:36.0966 0600 volmgrx - ok 16:39:37.0009 0600 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys 16:39:37.0050 0600 volsnap - ok 16:39:37.0092 0600 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys 16:39:37.0115 0600 vsmraid - ok 16:39:37.0207 0600 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe 16:39:37.0315 0600 VSS - ok 16:39:37.0422 0600 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys 16:39:37.0453 0600 vwifibus - ok 16:39:37.0496 0600 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys 16:39:37.0532 0600 vwififlt - ok 16:39:37.0558 0600 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys 16:39:37.0575 0600 vwifimp - ok 16:39:37.0621 0600 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll 16:39:37.0699 0600 W32Time - ok 16:39:37.0727 0600 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys 16:39:37.0756 0600 WacomPen - ok 16:39:37.0808 0600 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys 16:39:37.0872 0600 WANARP - ok 16:39:37.0899 0600 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys 16:39:37.0935 0600 Wanarpv6 - ok 16:39:38.0042 0600 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe 16:39:38.0124 0600 wbengine - ok 16:39:38.0229 0600 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll 16:39:38.0264 0600 WbioSrvc - ok 16:39:38.0321 0600 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll 16:39:38.0366 0600 wcncsvc - ok 16:39:38.0387 0600 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll 16:39:38.0409 0600 WcsPlugInService - ok 16:39:38.0456 0600 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys 16:39:38.0470 0600 Wd - ok 16:39:38.0510 0600 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys 16:39:38.0572 0600 Wdf01000 - ok 16:39:38.0608 0600 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll 16:39:38.0736 0600 WdiServiceHost - ok 16:39:38.0741 0600 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll 16:39:38.0769 0600 WdiSystemHost - ok 16:39:38.0830 0600 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll 16:39:38.0888 0600 WebClient - ok 16:39:38.0935 0600 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll 16:39:38.0999 0600 Wecsvc - ok 16:39:39.0037 0600 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll 16:39:39.0092 0600 wercplsupport - ok 16:39:39.0126 0600 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll 16:39:39.0220 0600 WerSvc - ok 16:39:39.0298 0600 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys 16:39:39.0348 0600 WfpLwf - ok 16:39:39.0369 0600 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys 16:39:39.0382 0600 WIMMount - ok 16:39:39.0414 0600 WinDefend - ok 16:39:39.0424 0600 WinHttpAutoProxySvc - ok 16:39:39.0474 0600 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll 16:39:39.0526 0600 Winmgmt - ok 16:39:39.0678 0600 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll 16:39:39.0784 0600 WinRM - ok 16:39:39.0937 0600 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys 16:39:39.0976 0600 WinUsb - ok 16:39:40.0059 0600 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll 16:39:40.0132 0600 Wlansvc - ok 16:39:40.0152 0600 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys 16:39:40.0166 0600 WmiAcpi - ok 16:39:40.0220 0600 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe 16:39:40.0250 0600 wmiApSrv - ok 16:39:40.0304 0600 WMPNetworkSvc - ok 16:39:40.0335 0600 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll 16:39:40.0382 0600 WPCSvc - ok 16:39:40.0413 0600 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll 16:39:40.0428 0600 WPDBusEnum - ok 16:39:40.0460 0600 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys 16:39:40.0522 0600 ws2ifsl - ok 16:39:40.0538 0600 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll 16:39:40.0569 0600 wscsvc - ok 16:39:40.0569 0600 WSearch - ok 16:39:40.0709 0600 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll 16:39:40.0865 0600 wuauserv - ok 16:39:40.0974 0600 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys 16:39:41.0052 0600 WudfPf - ok 16:39:41.0084 0600 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll 16:39:41.0115 0600 wudfsvc - ok 16:39:41.0146 0600 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll 16:39:41.0208 0600 WwanSvc - ok 16:39:41.0255 0600 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0 16:39:41.0736 0600 \Device\Harddisk0\DR0 - ok 16:39:41.0741 0600 Boot (0x1200) (e448c47abb9998fd77772387669ed748) \Device\Harddisk0\DR0\Partition0 16:39:41.0744 0600 \Device\Harddisk0\DR0\Partition0 - ok 16:39:41.0779 0600 Boot (0x1200) (d2c18a15376539e7ce14ea7b4f2f1986) \Device\Harddisk0\DR0\Partition1 16:39:41.0781 0600 \Device\Harddisk0\DR0\Partition1 - ok 16:39:41.0782 0600 ============================================================ 16:39:41.0782 0600 Scan finished 16:39:41.0782 0600 ============================================================ 16:39:41.0798 0640 Detected object count: 0 16:39:41.0798 0640 Actual detected object count: 0 |
11.06.2012, 16:01 | #17 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner: Sirefef.X / Sirefef.E / Conedex.A und Exploit: JS/Blacole.FF Dann bitte jetzt CF ausführen:
__________________ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ |
11.06.2012, 16:52 | #18 |
| Trojaner: Sirefef.X / Sirefef.E / Conedex.A und Exploit: JS/Blacole.FFCode:
ATTFilter ComboFix 12-06-10.01 - bonny 11.06.2012 17:22:25.1.2 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.4094.2876 [GMT 2:00] ausgeführt von:: c:\users\bonny\Desktop\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6} SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files (x86)\Common Files\Acer GameZone online.ico c:\users\bonny\%appda~1 c:\users\bonny\%appda~1\Microsoft\Windows\IETldCache\index.dat c:\users\bonny\Documents\~WRL0001.tmp c:\users\bonny\Documents\~WRL0002.tmp c:\users\bonny\Documents\~WRL0003.tmp c:\users\bonny\Documents\~WRL0004.tmp c:\users\bonny\Documents\~WRL0005.tmp c:\users\bonny\Documents\~WRL0006.tmp c:\users\bonny\Documents\~WRL0007.tmp c:\users\bonny\Documents\~WRL0008.tmp c:\users\bonny\Documents\~WRL1340.tmp c:\users\bonny\Documents\~WRL1647.tmp c:\users\bonny\Documents\~WRL1958.tmp c:\users\bonny\Documents\~WRL2040.tmp c:\users\KSK\Favorites\locked-Teletext, Videotext - n-tv.de.url.thil c:\windows\assembly\tmp\U c:\windows\security\Database\tmp.edb c:\windows\system32\fxsst.dll c:\windows\system32\slwga.dll c:\windows\system32\srrstr.dll c:\windows\system32\systemcpl.dll c:\windows\system32\termsrv.dll c:\windows\SysWow64\odbcad32.exe . . ((((((((((((((((((((((( Dateien erstellt von 2012-05-11 bis 2012-06-11 )))))))))))))))))))))))))))))) . . 2012-06-11 14:57 . 2012-05-08 08:02 8955792 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7F62675D-AE76-4EA8-B562-99A0E6717F34}\mpengine.dll 2012-06-11 13:04 . 2012-06-11 13:04 -------- d-----w- C:\_OTL 2012-06-11 13:00 . 2012-05-08 08:02 8955792 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-06-06 02:36 . 2012-06-06 02:35 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7A999E4D-089C-4FA4-9146-38B873817F4F}\gapaengine.dll 2012-06-06 02:33 . 2012-06-06 02:33 -------- d-----w- c:\program files (x86)\Microsoft Security Client 2012-06-06 02:33 . 2012-06-06 02:33 -------- d-----w- c:\program files\Microsoft Security Client 2012-06-06 02:31 . 2012-06-06 02:31 -------- d-----w- c:\programdata\ATI 2012-06-06 02:23 . 2012-06-06 02:23 -------- d-----w- c:\programdata\AMD 2012-06-06 02:23 . 2012-06-06 02:23 -------- d-----w- c:\program files (x86)\AMD AVT 2012-06-06 02:23 . 2012-06-06 02:23 -------- d-----w- c:\program files (x86)\AMD APP 2012-06-06 02:23 . 2012-06-06 02:23 -------- d-----w- c:\program files (x86)\Common Files\ATI Technologies 2012-06-06 02:22 . 2012-06-06 02:22 -------- d-----w- c:\program files (x86)\ATI Technologies 2012-06-06 02:20 . 2012-06-06 02:23 -------- d-----w- c:\program files\ATI Technologies 2012-06-06 02:17 . 2012-06-06 02:19 -------- d-----w- C:\AMD 2012-06-06 00:35 . 2012-06-06 00:35 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service 2012-06-06 00:35 . 2012-06-06 00:35 588728 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll 2012-06-06 00:35 . 2012-06-06 00:35 43960 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll 2012-06-06 00:35 . 2012-06-06 00:35 157352 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice_installer.exe 2012-06-06 00:35 . 2012-06-06 00:35 129976 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice.exe 2012-06-05 17:00 . 2012-06-05 17:04 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2012-06-05 17:00 . 2012-06-05 17:03 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2012-06-05 16:47 . 2012-06-05 16:47 -------- d-----w- c:\program files (x86)\Common Files\Adobe 2012-06-04 15:11 . 2012-06-04 15:11 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-06-04 15:11 . 2012-06-04 15:11 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-06-04 13:50 . 2012-06-04 13:56 -------- d-----w- c:\program files (x86)\Common Files\PC Tools 2012-06-04 13:07 . 2012-06-04 13:07 -------- d-----w- c:\users\bonny\AppData\Roaming\Malwarebytes 2012-06-04 13:06 . 2012-04-04 13:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-06-04 13:06 . 2012-06-04 13:06 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-06-04 10:44 . 2012-06-04 10:44 8769696 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe 2012-06-04 10:42 . 2012-05-08 17:02 8955792 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7C1F800E-3683-43AD-A0AF-0A7EFC76C0F1}\mpengine.dll 2012-05-14 15:09 . 2012-02-23 08:18 279656 ------w- c:\windows\system32\MpSigStub.exe 2012-05-14 15:05 . 2012-05-14 15:05 106648 ----a-w- c:\windows\system32\drivers\GRD.sys 2012-05-14 15:03 . 2012-03-30 11:35 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys 2012-05-14 15:02 . 2012-06-04 10:44 666689 ----a-w- c:\windows\SysWow64\sig.bin 2012-05-14 14:48 . 2012-05-14 14:48 59768 ----a-w- c:\windows\system32\drivers\PktIcpt.sys 2012-05-14 14:48 . 2012-05-14 14:48 65912 ----a-w- c:\windows\system32\drivers\gdwfpcd64.sys 2012-05-14 14:48 . 2012-05-14 14:48 54136 ----a-w- c:\windows\system32\drivers\GDBehave.sys 2012-05-14 14:48 . 2012-05-14 14:48 122744 ----a-w- c:\windows\system32\drivers\MiniIcpt.sys 2012-05-14 14:47 . 2012-06-04 13:40 -------- d-----w- c:\programdata\G DATA 2012-05-14 14:47 . 2012-06-04 13:40 -------- d-----w- c:\program files (x86)\Common Files\G Data 2012-05-14 14:47 . 2012-06-04 13:10 -------- d-----w- c:\program files (x86)\G Data 2012-05-14 14:41 . 2012-06-04 13:10 -------- d-----w- c:\users\bonny\AppData\Local\Downloaded Installations . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-04-06 05:22 . 2012-04-06 05:22 11174400 ----a-w- c:\windows\system32\drivers\atikmdag.sys 2012-04-06 02:22 . 2012-04-06 02:22 159744 ----a-w- c:\windows\system32\atiapfxx.exe 2012-04-06 02:21 . 2012-04-06 02:21 909312 ----a-w- c:\windows\SysWow64\aticfx32.dll 2012-04-06 02:20 . 2012-04-06 02:20 1067520 ----a-w- c:\windows\system32\aticfx64.dll 2012-04-06 02:16 . 2012-04-06 02:16 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll 2012-04-06 02:16 . 2012-04-06 02:16 503808 ----a-w- c:\windows\system32\atieclxx.exe 2012-04-06 02:16 . 2012-04-06 02:16 236544 ----a-w- c:\windows\system32\atiesrxx.exe 2012-04-06 02:14 . 2012-04-06 02:14 120320 ----a-w- c:\windows\system32\atitmm64.dll 2012-04-06 02:14 . 2012-04-06 02:14 21504 ----a-w- c:\windows\system32\atimuixx.dll 2012-04-06 02:14 . 2012-04-06 02:14 59392 ----a-w- c:\windows\system32\atiedu64.dll 2012-04-06 02:14 . 2012-04-06 02:14 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll 2012-04-06 02:13 . 2012-04-06 02:13 6800896 ----a-w- c:\windows\SysWow64\atidxx32.dll 2012-04-06 02:10 . 2012-04-06 02:10 26181632 ----a-w- c:\windows\system32\atio6axx.dll 2012-04-06 02:00 . 2012-04-06 02:00 64000 ----a-w- c:\windows\system32\coinst.dll 2012-04-06 01:54 . 2009-11-03 03:44 7479296 ----a-w- c:\windows\system32\atidxx64.dll 2012-04-06 01:50 . 2012-04-06 01:50 19753984 ----a-w- c:\windows\SysWow64\atioglxx.dll 2012-04-06 01:35 . 2012-04-06 01:35 1120768 ----a-w- c:\windows\system32\atiumd6v.dll 2012-04-06 01:34 . 2012-04-06 01:34 1831424 ----a-w- c:\windows\SysWow64\atiumdmv.dll 2012-04-06 01:34 . 2012-04-06 01:34 4731904 ----a-w- c:\windows\system32\atiumd6a.dll 2012-04-06 01:34 . 2012-04-06 01:34 6203392 ----a-w- c:\windows\SysWow64\atiumdag.dll 2012-04-06 01:30 . 2012-04-06 01:30 51200 ----a-w- c:\windows\system32\aticalrt64.dll 2012-04-06 01:30 . 2012-04-06 01:30 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll 2012-04-06 01:30 . 2012-04-06 01:30 44544 ----a-w- c:\windows\system32\aticalcl64.dll 2012-04-06 01:30 . 2012-04-06 01:30 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll 2012-04-06 01:29 . 2012-04-06 01:29 16090624 ----a-w- c:\windows\system32\aticaldd64.dll 2012-04-06 01:25 . 2012-04-06 01:25 13764096 ----a-w- c:\windows\SysWow64\aticaldd.dll 2012-04-06 01:23 . 2012-04-06 01:23 7431680 ----a-w- c:\windows\system32\atiumd64.dll 2012-04-06 01:22 . 2012-04-06 01:22 4795904 ----a-w- c:\windows\SysWow64\atiumdva.dll 2012-04-06 01:11 . 2012-04-06 01:11 514560 ----a-w- c:\windows\system32\atiadlxx.dll 2012-04-06 01:11 . 2012-04-06 01:11 360448 ----a-w- c:\windows\SysWow64\atiadlxy.dll 2012-04-06 01:11 . 2012-04-06 01:11 17408 ----a-w- c:\windows\system32\atig6pxx.dll 2012-04-06 01:11 . 2012-04-06 01:11 14848 ----a-w- c:\windows\SysWow64\atiglpxx.dll 2012-04-06 01:11 . 2012-04-06 01:11 14848 ----a-w- c:\windows\system32\atiglpxx.dll 2012-04-06 01:11 . 2012-04-06 01:11 41984 ----a-w- c:\windows\system32\atig6txx.dll 2012-04-06 01:10 . 2012-04-06 01:10 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll 2012-04-06 01:10 . 2012-04-06 01:10 343040 ----a-w- c:\windows\system32\drivers\atikmpag.sys 2012-04-06 01:09 . 2012-04-06 01:09 54784 ----a-w- c:\windows\system32\atiuxp64.dll 2012-04-06 01:09 . 2012-04-06 01:09 41984 ----a-w- c:\windows\SysWow64\atiuxpag.dll 2012-04-06 01:09 . 2012-04-06 01:09 44544 ----a-w- c:\windows\system32\atiu9p64.dll 2012-04-06 01:09 . 2012-04-06 01:09 32256 ----a-w- c:\windows\SysWow64\atiu9pag.dll 2012-04-06 01:09 . 2012-04-06 01:09 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll 2012-04-06 01:06 . 2012-04-06 01:06 54784 ----a-w- c:\windows\system32\atimpc64.dll 2012-04-06 01:06 . 2012-04-06 01:06 54784 ----a-w- c:\windows\system32\amdpcom64.dll 2012-04-06 01:06 . 2012-04-06 01:06 53760 ----a-w- c:\windows\SysWow64\atimpc32.dll 2012-04-06 01:06 . 2012-04-06 01:06 53760 ----a-w- c:\windows\SysWow64\amdpcom32.dll 2012-04-05 20:34 . 2012-04-05 20:34 187392 ----a-w- c:\windows\system32\clinfo.exe 2012-04-05 20:34 . 2012-04-05 20:34 74752 ----a-w- c:\windows\system32\OpenVideo64.dll 2012-04-05 20:34 . 2012-04-05 20:34 64512 ----a-w- c:\windows\SysWow64\OpenVideo.dll 2012-04-05 20:33 . 2012-04-05 20:33 63488 ----a-w- c:\windows\system32\OVDecode64.dll 2012-04-05 20:33 . 2012-04-05 20:33 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll 2012-04-05 20:33 . 2012-04-05 20:33 16457216 ----a-w- c:\windows\system32\amdocl64.dll 2012-04-05 20:32 . 2012-04-05 20:32 13007872 ----a-w- c:\windows\SysWow64\amdocl.dll 2012-04-05 20:32 . 2012-04-05 20:32 54784 ----a-w- c:\windows\system32\OpenCL.dll 2012-04-05 20:32 . 2012-04-05 20:32 50176 ----a-w- c:\windows\SysWow64\OpenCL.dll 2012-03-20 18:44 . 2012-03-20 18:44 98688 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys 2012-03-20 18:44 . 2012-03-20 18:44 203888 ----a-w- c:\windows\system32\drivers\MpFilter.sys . . ------- Sigcheck ------- Note: Unsigned files aren't necessarily malware. . [7] 2010-11-20 . 2E648163254233755035B46DD7B89123 . 680960 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.1.7601.17514_none_ecc547376ae3a1a3\termsrv.dll [7] 2009-07-14 . 0F05EC2887BFE197AD82A13287D2F404 . 706560 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.1.7600.16385_none_ea94336f6df51e09\termsrv.dll . c:\windows\system32\termsrv.dll ... Fehlt !! . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP] @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}" [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}] 2009-09-10 13:41 120104 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x86\PSDProtect.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X] "LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2009-08-18 1157128] "ArcadeDeluxeAgent"="c:\program files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2009-10-29 419112] "PlayMovie"="c:\program files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2009-10-22 181480] "SunJavaUpdateSched"="c:\program files (x86)\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 132496] "GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040] "LifeCam"="c:\program files (x86)\Microsoft LifeCam\LifeExp.exe" [2010-12-13 135536] "DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376] "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-04-05 641664] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "mixer2"=wdmaud.drv . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-03 135664] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-04 257696] R3 GDPkIcpt;GDPkIcpt;c:\windows\system32\drivers\PktIcpt.sys [x] R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-03 135664] R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-06 129976] R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys [x] R3 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [2009-09-10 305448] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x] R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696] R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-06-18 50432] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-09-02 225280] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [x] S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [x] S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x] S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2009-10-29 844320] S2 Greg_Service;GRegService;c:\program files (x86)\Acer\Registration\GregHSRW.exe [2009-08-28 1150496] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408] S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-06-18 144640] S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2009-07-04 240160] S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x] S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x] S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x] . . --- Andere Dienste/Treiber im Speicher --- . *NewlyCreated* - WS2IFSL . Inhalt des "geplante Tasks" Ordners . 2012-06-11 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-04 15:11] . 2012-06-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-03 14:15] . 2012-06-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-03 14:15] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP] @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}" [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}] 2009-09-10 13:44 137512 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x64\PSDProtect.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-10-13 186904] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-28 7982112] "Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2009-10-29 822816] "PLFSetI"="c:\windows\PLFSetI.exe" [2008-07-29 200704] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . ------- Zusätzlicher Suchlauf ------- . uStart Page = uLocal Page = c:\windows\system32\blank.htm mStart Page = mLocal Page = IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.178.1 FF - ProfilePath - c:\users\bonny\AppData\Roaming\Mozilla\Firefox\Profiles\2tx3ff8e.default\ FF - prefs.js: browser.search.selectedEngine - FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/ . - - - - Entfernte verwaiste Registrierungseinträge - - - - . SafeBoot-mcmscsvc SafeBoot-MCODS HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe AddRemove-123 Free Solitaire_is1 - e:\123 free solitaire\unins000.exe . . . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Weitere laufende Prozesse ------------------------ . c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe . ************************************************************************** . Zeit der Fertigstellung: 2012-06-11 17:46:53 - PC wurde neu gestartet ComboFix-quarantined-files.txt 2012-06-11 15:46 . Vor Suchlauf: 15 Verzeichnis(se), 433.746.923.520 Bytes frei Nach Suchlauf: 20 Verzeichnis(se), 433.595.645.952 Bytes frei . - - End Of File - - 7EF114C6F75EB79FFAC885B4CCDE5986 |
11.06.2012, 19:10 | #19 | |
| Trojaner: Sirefef.X / Sirefef.E / Conedex.A und Exploit: JS/Blacole.FF Problem nach dem ComboFix Log: Ich wollte MS Security Essentials wieder aktivieren, doch dort steht nun, dass die Echtheit dieser Kopie von Windows nicht bestätigt werden konnte. Essentials wurde daher deaktiviert!!! Klicke ich nun auf den Button "Jetzt beheben" (siehe angefügten Screenshot) komme ich auf eine Microsoft Webseite, wo ich einen Updater für Windows 7 herunterladen kann. Unter diesem Link (hxxp://www.microsoft.com/genuine/validate/DownloadValidationSupport.aspx?displaylang=de&PartnerID=258) findet sich folgender Text: Zitat:
Können Sie mir da weiterhelfen? |
11.06.2012, 21:03 | #20 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner: Sirefef.X / Sirefef.E / Conedex.A und Exploit: JS/Blacole.FF Combofix - Scripten 1. Starte das Notepad (Start / Ausführen / notepad[Enter]) 2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein. Code:
ATTFilter DeQuarantine:: C:\Qoobox\Quarantine\C\windows\system32\slwga.dll C:\Qoobox\Quarantine\C\windows\system32\srrstr.dll C:\Qoobox\Quarantine\C\windows\system32\systemcpl.dll C:\Qoobox\Quarantine\C\windows\system32\termsrv.dll C:\Qoobox\Quarantine\C\windows\SysWow64\odbcad32.exe QUIT:: 4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall. (Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !) 5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet. 6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien: Combofix.txt Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
11.06.2012, 21:42 | #21 |
| Trojaner: Sirefef.X / Sirefef.E / Conedex.A und Exploit: JS/Blacole.FFCode:
ATTFilter ComboFix 12-06-11.04 - bonny 11.06.2012 22:14:44.2.2 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.4094.2805 [GMT 2:00] ausgeführt von:: c:\users\bonny\Desktop\ComboFix.exe Benutzte Befehlsschalter :: c:\users\bonny\Desktop\CFScript.txt AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6} SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((( Dateien erstellt von 2012-05-11 bis 2012-06-11 )))))))))))))))))))))))))))))) . . 2012-06-11 20:24 . 2012-06-11 20:29 -------- d-----w- c:\users\bonny\AppData\Local\temp 2012-06-11 20:24 . 2012-06-11 20:24 -------- d-----w- c:\users\KSK\AppData\Local\temp 2012-06-11 20:24 . 2012-06-11 20:24 -------- d-----w- c:\users\Firma\AppData\Local\temp 2012-06-11 20:24 . 2012-06-11 20:24 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-06-11 15:51 . 2012-06-11 15:51 -------- d-----w- c:\windows\SysWow64\Wat 2012-06-11 15:51 . 2012-06-11 15:51 -------- d-----w- c:\windows\system32\Wat 2012-06-11 15:49 . 2012-05-08 08:02 8955792 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D3D49F50-C2FA-4099-8DA4-165A2F636897}\mpengine.dll 2012-06-11 13:04 . 2012-06-11 13:04 -------- d-----w- C:\_OTL 2012-06-11 13:00 . 2012-05-08 08:02 8955792 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-06-06 02:36 . 2012-06-06 02:35 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7A999E4D-089C-4FA4-9146-38B873817F4F}\gapaengine.dll 2012-06-06 02:33 . 2012-06-06 02:33 -------- d-----w- c:\program files (x86)\Microsoft Security Client 2012-06-06 02:33 . 2012-06-06 02:33 -------- d-----w- c:\program files\Microsoft Security Client 2012-06-06 02:31 . 2012-06-06 02:31 -------- d-----w- c:\programdata\ATI 2012-06-06 02:23 . 2012-06-06 02:23 -------- d-----w- c:\programdata\AMD 2012-06-06 02:23 . 2012-06-06 02:23 -------- d-----w- c:\program files (x86)\AMD AVT 2012-06-06 02:23 . 2012-06-06 02:23 -------- d-----w- c:\program files (x86)\AMD APP 2012-06-06 02:23 . 2012-06-06 02:23 -------- d-----w- c:\program files (x86)\Common Files\ATI Technologies 2012-06-06 02:22 . 2012-06-06 02:22 -------- d-----w- c:\program files (x86)\ATI Technologies 2012-06-06 02:20 . 2012-06-06 02:23 -------- d-----w- c:\program files\ATI Technologies 2012-06-06 02:17 . 2012-06-06 02:19 -------- d-----w- C:\AMD 2012-06-06 00:35 . 2012-06-06 00:35 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service 2012-06-06 00:35 . 2012-06-06 00:35 588728 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll 2012-06-06 00:35 . 2012-06-06 00:35 43960 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll 2012-06-06 00:35 . 2012-06-06 00:35 157352 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice_installer.exe 2012-06-06 00:35 . 2012-06-06 00:35 129976 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice.exe 2012-06-05 17:00 . 2012-06-05 17:04 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2012-06-05 17:00 . 2012-06-05 17:03 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2012-06-05 16:47 . 2012-06-05 16:47 -------- d-----w- c:\program files (x86)\Common Files\Adobe 2012-06-04 15:11 . 2012-06-04 15:11 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-06-04 15:11 . 2012-06-04 15:11 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-06-04 13:50 . 2012-06-04 13:56 -------- d-----w- c:\program files (x86)\Common Files\PC Tools 2012-06-04 13:07 . 2012-06-04 13:07 -------- d-----w- c:\users\bonny\AppData\Roaming\Malwarebytes 2012-06-04 13:06 . 2012-04-04 13:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-06-04 13:06 . 2012-06-04 13:06 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-06-04 10:44 . 2012-06-04 10:44 8769696 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe 2012-06-04 10:42 . 2012-05-08 17:02 8955792 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7C1F800E-3683-43AD-A0AF-0A7EFC76C0F1}\mpengine.dll 2012-05-14 15:09 . 2012-02-23 08:18 279656 ------w- c:\windows\system32\MpSigStub.exe 2012-05-14 15:05 . 2012-05-14 15:05 106648 ----a-w- c:\windows\system32\drivers\GRD.sys 2012-05-14 15:03 . 2012-03-30 11:35 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys 2012-05-14 15:02 . 2012-06-04 10:44 666689 ----a-w- c:\windows\SysWow64\sig.bin 2012-05-14 14:48 . 2012-05-14 14:48 59768 ----a-w- c:\windows\system32\drivers\PktIcpt.sys 2012-05-14 14:48 . 2012-05-14 14:48 65912 ----a-w- c:\windows\system32\drivers\gdwfpcd64.sys 2012-05-14 14:48 . 2012-05-14 14:48 54136 ----a-w- c:\windows\system32\drivers\GDBehave.sys 2012-05-14 14:48 . 2012-05-14 14:48 122744 ----a-w- c:\windows\system32\drivers\MiniIcpt.sys 2012-05-14 14:47 . 2012-06-04 13:40 -------- d-----w- c:\programdata\G DATA 2012-05-14 14:47 . 2012-06-04 13:40 -------- d-----w- c:\program files (x86)\Common Files\G Data 2012-05-14 14:47 . 2012-06-04 13:10 -------- d-----w- c:\program files (x86)\G Data 2012-05-14 14:41 . 2012-06-04 13:10 -------- d-----w- c:\users\bonny\AppData\Local\Downloaded Installations . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-04-06 05:22 . 2012-04-06 05:22 11174400 ----a-w- c:\windows\system32\drivers\atikmdag.sys 2012-04-06 02:22 . 2012-04-06 02:22 159744 ----a-w- c:\windows\system32\atiapfxx.exe 2012-04-06 02:21 . 2012-04-06 02:21 909312 ----a-w- c:\windows\SysWow64\aticfx32.dll 2012-04-06 02:20 . 2012-04-06 02:20 1067520 ----a-w- c:\windows\system32\aticfx64.dll 2012-04-06 02:16 . 2012-04-06 02:16 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll 2012-04-06 02:16 . 2012-04-06 02:16 503808 ----a-w- c:\windows\system32\atieclxx.exe 2012-04-06 02:16 . 2012-04-06 02:16 236544 ----a-w- c:\windows\system32\atiesrxx.exe 2012-04-06 02:14 . 2012-04-06 02:14 120320 ----a-w- c:\windows\system32\atitmm64.dll 2012-04-06 02:14 . 2012-04-06 02:14 21504 ----a-w- c:\windows\system32\atimuixx.dll 2012-04-06 02:14 . 2012-04-06 02:14 59392 ----a-w- c:\windows\system32\atiedu64.dll 2012-04-06 02:14 . 2012-04-06 02:14 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll 2012-04-06 02:13 . 2012-04-06 02:13 6800896 ----a-w- c:\windows\SysWow64\atidxx32.dll 2012-04-06 02:10 . 2012-04-06 02:10 26181632 ----a-w- c:\windows\system32\atio6axx.dll 2012-04-06 02:00 . 2012-04-06 02:00 64000 ----a-w- c:\windows\system32\coinst.dll 2012-04-06 01:54 . 2009-11-03 03:44 7479296 ----a-w- c:\windows\system32\atidxx64.dll 2012-04-06 01:50 . 2012-04-06 01:50 19753984 ----a-w- c:\windows\SysWow64\atioglxx.dll 2012-04-06 01:35 . 2012-04-06 01:35 1120768 ----a-w- c:\windows\system32\atiumd6v.dll 2012-04-06 01:34 . 2012-04-06 01:34 1831424 ----a-w- c:\windows\SysWow64\atiumdmv.dll 2012-04-06 01:34 . 2012-04-06 01:34 4731904 ----a-w- c:\windows\system32\atiumd6a.dll 2012-04-06 01:34 . 2012-04-06 01:34 6203392 ----a-w- c:\windows\SysWow64\atiumdag.dll 2012-04-06 01:30 . 2012-04-06 01:30 51200 ----a-w- c:\windows\system32\aticalrt64.dll 2012-04-06 01:30 . 2012-04-06 01:30 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll 2012-04-06 01:30 . 2012-04-06 01:30 44544 ----a-w- c:\windows\system32\aticalcl64.dll 2012-04-06 01:30 . 2012-04-06 01:30 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll 2012-04-06 01:29 . 2012-04-06 01:29 16090624 ----a-w- c:\windows\system32\aticaldd64.dll 2012-04-06 01:25 . 2012-04-06 01:25 13764096 ----a-w- c:\windows\SysWow64\aticaldd.dll 2012-04-06 01:23 . 2012-04-06 01:23 7431680 ----a-w- c:\windows\system32\atiumd64.dll 2012-04-06 01:22 . 2012-04-06 01:22 4795904 ----a-w- c:\windows\SysWow64\atiumdva.dll 2012-04-06 01:11 . 2012-04-06 01:11 514560 ----a-w- c:\windows\system32\atiadlxx.dll 2012-04-06 01:11 . 2012-04-06 01:11 360448 ----a-w- c:\windows\SysWow64\atiadlxy.dll 2012-04-06 01:11 . 2012-04-06 01:11 17408 ----a-w- c:\windows\system32\atig6pxx.dll 2012-04-06 01:11 . 2012-04-06 01:11 14848 ----a-w- c:\windows\SysWow64\atiglpxx.dll 2012-04-06 01:11 . 2012-04-06 01:11 14848 ----a-w- c:\windows\system32\atiglpxx.dll 2012-04-06 01:11 . 2012-04-06 01:11 41984 ----a-w- c:\windows\system32\atig6txx.dll 2012-04-06 01:10 . 2012-04-06 01:10 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll 2012-04-06 01:10 . 2012-04-06 01:10 343040 ----a-w- c:\windows\system32\drivers\atikmpag.sys 2012-04-06 01:09 . 2012-04-06 01:09 54784 ----a-w- c:\windows\system32\atiuxp64.dll 2012-04-06 01:09 . 2012-04-06 01:09 41984 ----a-w- c:\windows\SysWow64\atiuxpag.dll 2012-04-06 01:09 . 2012-04-06 01:09 44544 ----a-w- c:\windows\system32\atiu9p64.dll 2012-04-06 01:09 . 2012-04-06 01:09 32256 ----a-w- c:\windows\SysWow64\atiu9pag.dll 2012-04-06 01:09 . 2012-04-06 01:09 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll 2012-04-06 01:06 . 2012-04-06 01:06 54784 ----a-w- c:\windows\system32\atimpc64.dll 2012-04-06 01:06 . 2012-04-06 01:06 54784 ----a-w- c:\windows\system32\amdpcom64.dll 2012-04-06 01:06 . 2012-04-06 01:06 53760 ----a-w- c:\windows\SysWow64\atimpc32.dll 2012-04-06 01:06 . 2012-04-06 01:06 53760 ----a-w- c:\windows\SysWow64\amdpcom32.dll 2012-04-05 20:34 . 2012-04-05 20:34 187392 ----a-w- c:\windows\system32\clinfo.exe 2012-04-05 20:34 . 2012-04-05 20:34 74752 ----a-w- c:\windows\system32\OpenVideo64.dll 2012-04-05 20:34 . 2012-04-05 20:34 64512 ----a-w- c:\windows\SysWow64\OpenVideo.dll 2012-04-05 20:33 . 2012-04-05 20:33 63488 ----a-w- c:\windows\system32\OVDecode64.dll 2012-04-05 20:33 . 2012-04-05 20:33 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll 2012-04-05 20:33 . 2012-04-05 20:33 16457216 ----a-w- c:\windows\system32\amdocl64.dll 2012-04-05 20:32 . 2012-04-05 20:32 13007872 ----a-w- c:\windows\SysWow64\amdocl.dll 2012-04-05 20:32 . 2012-04-05 20:32 54784 ----a-w- c:\windows\system32\OpenCL.dll 2012-04-05 20:32 . 2012-04-05 20:32 50176 ----a-w- c:\windows\SysWow64\OpenCL.dll 2012-03-20 18:44 . 2012-03-20 18:44 98688 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys 2012-03-20 18:44 . 2012-03-20 18:44 203888 ----a-w- c:\windows\system32\drivers\MpFilter.sys . . ((((((((((((((((((((((((((((( SnapShot@2012-06-11_15.35.46 ))))))))))))))))))))))))))))))))))))))))) . + 2009-11-03 04:04 . 2012-06-11 15:50 70984 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin + 2009-07-14 05:10 . 2012-06-11 15:50 45686 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin + 2010-01-30 11:36 . 2012-06-11 15:50 18896 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2079184332-2997649951-1821268657-1000_UserData.bin + 2012-06-11 16:24 . 2012-06-11 18:48 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2009-07-14 04:46 . 2012-06-11 20:28 91888 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat + 2010-03-22 18:20 . 2012-06-11 15:47 4456 c:\windows\system32\wdi\ERCQueuedResolutions.dat - 2012-06-11 15:35 . 2012-06-11 15:35 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2012-06-11 20:25 . 2012-06-11 20:25 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2012-06-11 20:25 . 2012-06-11 20:25 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2012-06-11 15:35 . 2012-06-11 15:35 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2012-06-11 15:51 . 2012-06-11 15:51 128424 c:\windows\SysWOW64\Wat\WatWeb.dll + 2012-06-11 15:51 . 2012-06-11 15:51 114600 c:\windows\SysWOW64\Wat\npWatWeb.dll + 2010-01-30 17:21 . 2012-06-11 19:43 268720 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin + 2012-06-11 15:51 . 2012-06-11 15:51 152888 c:\windows\system32\Wat\WatWeb.dll + 2012-06-11 15:51 . 2012-06-11 15:51 249656 c:\windows\system32\Wat\WatUX.exe + 2012-06-11 15:51 . 2012-06-11 15:51 138664 c:\windows\system32\Wat\npWatWeb.dll + 2009-12-24 17:35 . 2012-06-11 18:48 278528 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2009-12-24 17:35 . 2012-06-06 15:55 278528 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2011-10-01 20:33 . 2012-06-11 15:34 472480 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat + 2011-10-01 20:33 . 2012-06-11 20:25 472480 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat - 2009-07-14 05:01 . 2012-06-11 15:34 401008 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2009-07-14 05:01 . 2012-06-11 20:25 401008 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2012-06-11 15:51 . 2012-06-11 15:51 1255736 c:\windows\system32\Wat\WatAdminSvc.exe + 2009-07-14 04:45 . 2012-06-11 19:10 7113171 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat - 2009-07-14 04:45 . 2012-06-04 11:25 7113171 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat + 2011-05-09 06:56 . 2012-06-11 20:25 3077380 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2079184332-2997649951-1821268657-1000-8192.dat + 2009-07-14 04:54 . 2012-06-11 18:48 10813440 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2009-07-14 04:54 . 2012-06-06 15:55 10813440 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP] @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}" [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}] 2009-09-10 13:41 120104 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x86\PSDProtect.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X] "LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2009-08-18 1157128] "ArcadeDeluxeAgent"="c:\program files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2009-10-29 419112] "PlayMovie"="c:\program files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2009-10-22 181480] "SunJavaUpdateSched"="c:\program files (x86)\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 132496] "GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040] "LifeCam"="c:\program files (x86)\Microsoft LifeCam\LifeExp.exe" [2010-12-13 135536] "DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376] "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-04-05 641664] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "mixer2"=wdmaud.drv . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-03 135664] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-04 257696] R3 GDPkIcpt;GDPkIcpt;c:\windows\system32\drivers\PktIcpt.sys [x] R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-03 135664] R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-06 129976] R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys [x] R3 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [2009-09-10 305448] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x] R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696] R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-06-18 50432] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-09-02 225280] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x] S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [x] S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [x] S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x] S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2009-10-29 844320] S2 Greg_Service;GRegService;c:\program files (x86)\Acer\Registration\GregHSRW.exe [2009-08-28 1150496] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408] S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-06-18 144640] S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2009-07-04 240160] S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x] S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x] S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x] . . Inhalt des "geplante Tasks" Ordners . 2012-06-11 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-04 15:11] . 2012-06-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-03 14:15] . 2012-06-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-03 14:15] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP] @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}" [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}] 2009-09-10 13:44 137512 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x64\PSDProtect.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-10-13 186904] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-28 7982112] "Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2009-10-29 822816] "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU] "PLFSetI"="c:\windows\PLFSetI.exe" [2008-07-29 200704] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168] . ------- Zusätzlicher Suchlauf ------- . uStart Page = uLocal Page = c:\windows\system32\blank.htm mStart Page = mLocal Page = IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.178.1 FF - ProfilePath - c:\users\bonny\AppData\Roaming\Mozilla\Firefox\Profiles\2tx3ff8e.default\ FF - prefs.js: browser.search.selectedEngine - FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/ . . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Weitere laufende Prozesse ------------------------ . c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe . ************************************************************************** . Zeit der Fertigstellung: 2012-06-11 22:39:01 - PC wurde neu gestartet ComboFix-quarantined-files.txt 2012-06-11 20:38 ComboFix2.txt 2012-06-11 15:46 . Vor Suchlauf: 19 Verzeichnis(se), 433.428.611.072 Bytes frei Nach Suchlauf: 20 Verzeichnis(se), 432.990.826.496 Bytes frei . - - End Of File - - 7660D585044A895A09024A984228BB8C Die Geschichte mit der Windows 7 Aktivierung -> Echtheitszertifikat besteht wohl immer noch! Geändert von IceCube (11.06.2012 um 21:50 Uhr) |
11.06.2012, 22:04 | #22 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner: Sirefef.X / Sirefef.E / Conedex.A und Exploit: JS/Blacole.FF Ich wollte eigentlich mit CF versehentlich gelöschte wiederherstellen...offenbar klappte das irgendwie nicht Ich brauch den Quarantäneordner von Combofix. Bitte folgendes machen: 1.) GANZ WICHTIG!! Virenscanner deaktivieren, der darf das Packen nicht beeinflussen! 2.) Ordner Quarantine in C:\Qoobox in eine Datei zippen 3.) die erstellte ZIP-Datei hier hochladen => http://www.trojaner-board.de/54791-a...ner-board.html Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang in den Thread posten! 4.) Wenns erfolgreich war Bescheid sagen 5.) Erst dann wieder den Virenscanner einschalten
__________________ Logfiles bitte immer in CODE-Tags posten |
11.06.2012, 22:17 | #23 |
| Trojaner: Sirefef.X / Sirefef.E / Conedex.A und Exploit: JS/Blacole.FF So Ordner Qoobox wurde als ZIP hochgeladen! Virenscanner Essentials geht nicht, da er die Echtheit der Windows Version bezweifelt -> siehe vorherige Post inkl. Screen Daten angekommen? |
12.06.2012, 09:54 | #24 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner: Sirefef.X / Sirefef.E / Conedex.A und Exploit: JS/Blacole.FF Neuer Versuch Combofix - Scripten 1. Starte das Notepad (Start / Ausführen / notepad[Enter]) 2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein. Code:
ATTFilter DeQuarantine:: C:\Qoobox\Quarantine\C\windows\system32\slwga.dll.vir C:\Qoobox\Quarantine\C\windows\system32\srrstr.dll.vir C:\Qoobox\Quarantine\C\windows\system32\systemcpl.dll.vir C:\Qoobox\Quarantine\C\windows\system32\termsrv.dll.vir C:\Qoobox\Quarantine\C\windows\SysWow64\odbcad32.exe.vir QUIT:: 4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall. (Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !) 5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet. 6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien: Combofix.txt Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
12.06.2012, 10:10 | #25 |
| Trojaner: Sirefef.X / Sirefef.E / Conedex.A und Exploit: JS/Blacole.FF So Anweisung befolgt. CF hat Aktualisierung durchgeführt. Dann DOS Fenster mit Hinweis auf 10 minütigen Scan gezeigt. Danach war jedoch nach ca. 2 Minuten Ende und es wurde ein leeres Editorfenster geöffnet (siehe Screen im Anhang). |
12.06.2012, 12:20 | #26 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner: Sirefef.X / Sirefef.E / Conedex.A und Exploit: JS/Blacole.FF Tja, dann muss man es manuell probieren Du musst diese Dateien umbenennen => .vir abschneiden Code:
ATTFilter C:\Qoobox\Quarantine\C\windows\system32\slwga.dll.vir C:\Qoobox\Quarantine\C\windows\system32\srrstr.dll.vir C:\Qoobox\Quarantine\C\windows\system32\systemcpl.dll.vir C:\Qoobox\Quarantine\C\windows\system32\termsrv.dll.vir C:\Qoobox\Quarantine\C\windows\SysWow64\odbcad32.exe.vir Dann hast du diese Dateinamen Code:
ATTFilter C:\Qoobox\Quarantine\C\windows\system32\slwga.dll C:\Qoobox\Quarantine\C\windows\system32\srrstr.dll C:\Qoobox\Quarantine\C\windows\system32\systemcpl.dll C:\Qoobox\Quarantine\C\windows\system32\termsrv.dll C:\Qoobox\Quarantine\C\windows\SysWow64\odbcad32.exe Code:
ATTFilter C:\Qoobox\Quarantine\C\windows\system32\slwga.dll => C:\windows\system32\slwga.dll C:\Qoobox\Quarantine\C\windows\system32\srrstr.dll => C:\windows\system32\srrstr.dll C:\Qoobox\Quarantine\C\windows\system32\systemcpl.dll => C:\windows\system32\systemcpl.dll C:\Qoobox\Quarantine\C\windows\system32\termsrv.dll => C:\windows\system32\termsrv.dll C:\Qoobox\Quarantine\C\windows\SysWow64\odbcad32.exe => C:\windows\SysWow64\odbcad32.exe
__________________ Logfiles bitte immer in CODE-Tags posten |
12.06.2012, 12:46 | #27 | |
| Trojaner: Sirefef.X / Sirefef.E / Conedex.A und Exploit: JS/Blacole.FFZitat:
Wie gehts weiter? |
12.06.2012, 13:50 | #28 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner: Sirefef.X / Sirefef.E / Conedex.A und Exploit: JS/Blacole.FF Puh, dann lag ich ja goldrichtig Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________ Logfiles bitte immer in CODE-Tags posten |
12.06.2012, 14:49 | #29 |
| Trojaner: Sirefef.X / Sirefef.E / Conedex.A und Exploit: JS/Blacole.FF Der GMER Scan hat nicht funktioniert! Deshalb hab ich dann mit dem OSAM weitergemacht. Hier nun das Log: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 15:50:28 on 12.06.2012 OS: Windows 7 Home Premium Edition Service Pack 1 (Build 7601), 64-bit Default Browser: Mozilla Corporation Firefox 12.0 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Common] -----( %SystemRoot%\Tasks )----- "GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe "Adobe Flash Player Updater.job" - "Adobe Systems Incorporated" - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [Control Panel Objects] -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~1\Office12\MLCFG32.CPL [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "catchme" (catchme) - ? - C:\ComboFix\catchme.sys (File not found) "GDPkIcpt" (GDPkIcpt) - "G Data Software AG" - C:\Windows\system32\drivers\PktIcpt.sys "MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\Windows\system32\drivers\mbam.sys "NTIDrvr" (NTIDrvr) - "NewTech Infosystems, Inc." - C:\Windows\system32\drivers\NTIDrvr.sys "UBHelper" (UBHelper) - "NewTech Infosystems Corporation" - C:\Windows\system32\drivers\UBHelper.sys [Explorer] -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll {828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL {88FED34C-F0CA-4636-A375-3CB6248B04CD} "Local Groove Web Services Protocol" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll {0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - c:\Program Files (x86)\Common Files\Microsoft Shared\Information Retrieval\msitss.dll {828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL {03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )----- {B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files (x86)\7-Zip\7-zip.dll {5E2121EE-0300-11D4-8D3B-444553540000} "Catalyst Context Menu extension" - ? - (File not found | COM-object registry key not found) {0563DB41-F538-4B37-A92D-4659049B7766} "CLSID_WLMCMimeFilter" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll {D8D1CE8C-B1EB-4E95-B63B-1531BA60E992} "DivX Property Handler" - "DivX, Inc." - C:\Program Files (x86)\DivX\DivX Plus Media Foundation Components\DivXPropertyHandler.dll {83238FAE-D346-4E12-8734-D42F7554B3E6} "DivX Thumbnail Provider" - "DivX, Inc." - C:\Program Files (x86)\DivX\DivX Plus Media Foundation Components\DivXThumbnailProvider.dll {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} "DragDropProtect Class" - "Egis Technology Inc." - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\psdprotect.dll {99FD978C-D287-4F50-827F-B2C658EDA8E7} "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} "Groove Explorer Icon Overlay 2 (GFS Stub)" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll {920E6DB1-9907-4370-B3A0-BAFC03D81399} "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll {16F3DD56-1AF5-4347-846D-7C10C4192619} "Groove Explorer Icon Overlay 3 (GFS Folder)" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll {2A541AE1-5BF6-4665-A8A3-CFA9672E4291} "Groove Folder Synchronization" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll {72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll {6C467336-8281-4E60-8204-430CED96822D} "Groove GFS Context Menu Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll {B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll {A449600E-1DC6-4232-B948-9BD794D62056} "Groove GFS Stub Icon Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll {387E725D-DC16-4D76-B310-2C93ED4752A0} "Groove XML Icon Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office12\msohevi.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~1\Office12\ONFILTER.DLL {00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~1\Office12\MLSHEXT.DLL {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~1\Office12\OLKFSTUB.DLL {2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files (x86)\WinRAR\rarext.dll {B41DB860-64E4-11D2-9906-E49FADC173CA} "WinRAR shell extension" - ? - (File not found | COM-object registry key not found) {06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} "Java Plug-in 1.6.0_02" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_23" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} "Java Plug-in 1.6.0_23" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_23" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\npjpi160_23.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab {C345E174-3E87-4F41-A01C-B066A90A49B4} "WRC Class" - "Microsoft Corporation" - C:\Windows\Downloaded Program Files\wrc32.ocx / hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll {5F7B1267-94A9-47F5-98DB-E99415F33AEC} "In Blog veröffentlichen" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll {9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\Users\bonny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )----- "StartupPrograms" - ? - rdpclip (File not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "ArcadeDeluxeAgent" - "CyberLink Corp." - "C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" "DivXUpdate" - ? - "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW "GrooveMonitor" - "Microsoft Corporation" - "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" "LifeCam" - "Microsoft Corporation" - "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe" "LManager" - "Dritek System Inc." - C:\Program Files (x86)\Launch Manager\LManager.exe "Malwarebytes' Anti-Malware" - "Malwarebytes Corporation" - "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray "PlayMovie" - "Acer Corp." - "C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe" "StartCCC" - "Advanced Micro Devices, Inc." - "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun "SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files (x86)\Java\jre1.6.0_02\bin\jusched.exe" [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "@%ProgramFiles%\Windows Defender\MsMpRes.dll,-103" (WinDefend) - ? - C:\Program Files (x86)\Windows Defender\mpsvc.dll (File not found) "@%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101" (WMPNetworkSvc) - ? - "C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe" (File not found) "@c:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243" (NisSrv) - "Microsoft Corporation" - c:\Program Files\Microsoft Security Client\NisSrv.exe "Acer ePower Service" (ePowerSvc) - "Acer Incorporated" - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe "Adobe Acrobat Update Service" (AdobeARMservice) - "Adobe Systems Incorporated" - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe "Adobe Flash Player Update Service" (AdobeFlashPlayerUpdateSvc) - "Adobe Systems Incorporated" - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe "Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe "Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe "GRegService" (Greg_Service) - "Acer Incorporated" - C:\Program Files (x86)\Acer\Registration\GregHSRW.exe "Intel(R) Matrix Storage Event Monitor" (IAANTMON) - "Intel Corporation" - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe "MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe "Microsoft .NET Framework NGEN v4.0.30319_X64" (clr_optimization_v4.0.30319_64) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe "Microsoft Antimalware Service" (MsMpSvc) - "Microsoft Corporation" - c:\Program Files\Microsoft Security Client\MsMpEng.exe "Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE "Microsoft Office Groove Audit Service" (Microsoft Office Groove Audit Service) - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe "Mozilla Maintenance Service" (MozillaMaintenance) - "Mozilla Foundation" - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe "MSCamSvc" (MSCamSvc) - "Microsoft Corporation" - C:\Program Files\Microsoft LifeCam\MSCamS64.exe "MyWinLocker Service" (MWLService) - "Egis Technology Inc." - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe "NTI Backup Now 5 Backup Service" (NTIBackupSvc) - "NewTech InfoSystems, Inc." - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe "NTI Backup Now 5 Scheduler Service" (NTISchedulerSvc) - "NewTech Infosystems, Inc." - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE "Updater Service" (Updater Service) - "Acer" - C:\Program Files\Acer\Acer Updater\UpdaterService.exe ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software Run date: 2012-06-12 15:55:36 ----------------------------- 15:55:36.362 OS Version: Windows x64 6.1.7601 Service Pack 1 15:55:36.362 Number of processors: 2 586 0x170A 15:55:36.362 ComputerName: BONNY-PC UserName: bonny 15:55:37.298 Initialize success 15:56:45.705 AVAST engine defs: 12061200 15:56:59.297 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 15:56:59.297 Disk 0 Vendor: ST950032 0001 Size: 476940MB BusType: 3 15:56:59.328 Disk 0 MBR read successfully 15:56:59.328 Disk 0 MBR scan 15:56:59.328 Disk 0 Windows 7 default MBR code 15:56:59.344 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 12291 MB offset 63 15:56:59.360 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 101 MB offset 25173855 15:56:59.375 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 464545 MB offset 25382700 15:56:59.391 Disk 0 scanning C:\Windows\system32\drivers 15:57:14.613 Service scanning 15:57:41.024 Modules scanning 15:57:41.024 Disk 0 trace - called modules: 15:57:41.102 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll 15:57:41.118 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004b57060] 15:57:41.118 3 CLASSPNP.SYS[fffff8800148b43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800473a050] 15:57:42.459 AVAST engine scan C:\Windows 15:57:46.203 AVAST engine scan C:\Windows\system32 16:01:09.994 AVAST engine scan C:\Windows\system32\drivers 16:01:26.550 AVAST engine scan C:\Users\bonny 16:02:53.454 AVAST engine scan C:\ProgramData 16:03:19.752 Scan finished successfully 16:04:33.120 Disk 0 MBR has been saved successfully to "C:\Users\bonny\Desktop\MBR.dat" 16:04:33.135 The log file has been saved successfully to "C:\Users\bonny\Desktop\aswMBR.txt" Geändert von IceCube (12.06.2012 um 15:06 Uhr) |
12.06.2012, 16:13 | #30 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner: Sirefef.X / Sirefef.E / Conedex.A und Exploit: JS/Blacole.FF Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ Logfiles bitte immer in CODE-Tags posten |
Themen zu Trojaner: Sirefef.X / Sirefef.E / Conedex.A und Exploit: JS/Blacole.FF |
alternate, andere, anderen, anhang, befindet, conrad, durchgeführt, email, essen, exploit, fiese, firma, g-data, google earth, installiert, js/blacole.ff, langer, launch, locker, ms security essentials, mywinlocker, natürlich, norton, plug-in, programme, rechner, scan, screenshot, searchscopes, security, security scan, testversion, trojaner, version, virenprogramme, win, win 7 64bit |