|
Plagegeister aller Art und deren Bekämpfung: Sirefef und weitere auf Win7 64-bitWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
08.06.2012, 16:42 | #1 |
| Sirefef und weitere auf Win7 64-bit Liebe Community, nach viel google und Suche in eurem board (wonach ich dann einige eurer tipps und tricks und anti-malware-Progs ausprobiert habe) muss ich euch leider doch "bemühen": Ich hab einen acer Laptop mit Win7 64bit und allen updates. Seit ein paar Tagen ist die Firewall offline und läßt sich nicht mehr aktivieren - Fehlercode 0x8007042c Mein Securityprogramm ist MS Security Essentials, welche der Schädling auch deaktiviert hat. Ich mußte es neu installieren und bekomme nun ständig Benachrichtigungen über schwere Bedrohungen Sirefef, Alureon, Cybot.cfg). Removen nützt nichts, es kommt dieselbe Meldung wieder. Mittlerweile habe ich MWB probiert, Kaspersky Security Disk (über boot-CD), Emsisoft und was weiß ich alles. Die logfiles vom OTL hab ich euch angehängt. - defogger bringt keine Fehlermeldung ich habe keine Cracks oder sowas wissentlich runtergeladen, ich hoffe es findet sich nichts derartiges auf dem log. Vielen Dank für eure Hilfe im voraus! |
09.06.2012, 07:55 | #2 |
/// Selecta Jahrusso | Sirefef und weitere auf Win7 64-bitMein Name ist Daniel und ich werde dir mit deinem Malware Relevanten Problemen helfen. Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts "fixen" sondern nur einen Scan Report sehen. Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ |
09.06.2012, 10:24 | #3 |
| Sirefef und weitere auf Win7 64-bit Servus Daniel, vielen Dank für die schnelle Antwort!
__________________Hier kommt mein logfile, gefunden hat das tool nichts. Code:
ATTFilter 11:20:02.0679 3436 TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16 11:20:02.0944 3436 ============================================================ 11:20:02.0944 3436 Current date / time: 2012/06/09 11:20:02.0944 11:20:02.0944 3436 SystemInfo: 11:20:02.0944 3436 11:20:02.0944 3436 OS Version: 6.1.7601 ServicePack: 1.0 11:20:02.0944 3436 Product type: Workstation 11:20:02.0944 3436 ComputerName: NOTEBOOK_SP 11:20:02.0944 3436 UserName: sandra 11:20:02.0944 3436 Windows directory: C:\Windows 11:20:02.0944 3436 System windows directory: C:\Windows 11:20:02.0944 3436 Running under WOW64 11:20:02.0944 3436 Processor architecture: Intel x64 11:20:02.0944 3436 Number of processors: 2 11:20:02.0944 3436 Page size: 0x1000 11:20:02.0944 3436 Boot type: Normal boot 11:20:02.0944 3436 ============================================================ 11:20:03.0568 3436 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 11:20:04.0098 3436 Drive \Device\Harddisk1\DR1 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W' 11:20:04.0114 3436 ============================================================ 11:20:04.0114 3436 \Device\Harddisk0\DR0: 11:20:04.0114 3436 MBR partitions: 11:20:04.0114 3436 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1E00800, BlocksNum 0x32000 11:20:04.0114 3436 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1E32800, BlocksNum 0x38553830 11:20:04.0114 3436 \Device\Harddisk1\DR1: 11:20:04.0114 3436 MBR partitions: 11:20:04.0114 3436 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D1C41BF 11:20:04.0114 3436 ============================================================ 11:20:04.0145 3436 C: <-> \Device\Harddisk0\DR0\Partition1 11:20:04.0176 3436 E: <-> \Device\Harddisk1\DR1\Partition0 11:20:04.0176 3436 ============================================================ 11:20:04.0176 3436 Initialize success 11:20:04.0176 3436 ============================================================ 11:20:06.0641 4344 ============================================================ 11:20:06.0641 4344 Scan started 11:20:06.0641 4344 Mode: Manual; 11:20:06.0641 4344 ============================================================ 11:20:07.0031 4344 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys 11:20:07.0047 4344 1394ohci - ok 11:20:07.0093 4344 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys 11:20:07.0109 4344 ACPI - ok 11:20:07.0125 4344 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys 11:20:07.0125 4344 AcpiPmi - ok 11:20:07.0281 4344 AdobeFlashPlayerUpdateSvc (0d4c486a24a711a45fd83acdf4d18506) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe 11:20:07.0296 4344 AdobeFlashPlayerUpdateSvc - ok 11:20:07.0359 4344 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys 11:20:07.0374 4344 adp94xx - ok 11:20:07.0437 4344 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys 11:20:07.0452 4344 adpahci - ok 11:20:07.0483 4344 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys 11:20:07.0483 4344 adpu320 - ok 11:20:07.0530 4344 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll 11:20:07.0546 4344 AeLookupSvc - ok 11:20:07.0608 4344 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys 11:20:07.0624 4344 AFD - ok 11:20:07.0671 4344 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys 11:20:07.0686 4344 agp440 - ok 11:20:07.0733 4344 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe 11:20:07.0733 4344 ALG - ok 11:20:07.0764 4344 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys 11:20:07.0764 4344 aliide - ok 11:20:07.0780 4344 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys 11:20:07.0780 4344 amdide - ok 11:20:07.0795 4344 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys 11:20:07.0795 4344 AmdK8 - ok 11:20:07.0811 4344 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys 11:20:07.0811 4344 AmdPPM - ok 11:20:07.0842 4344 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys 11:20:07.0858 4344 amdsata - ok 11:20:07.0889 4344 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys 11:20:07.0905 4344 amdsbs - ok 11:20:07.0920 4344 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys 11:20:07.0920 4344 amdxata - ok 11:20:07.0951 4344 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys 11:20:07.0951 4344 AppID - ok 11:20:07.0983 4344 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll 11:20:07.0983 4344 AppIDSvc - ok 11:20:07.0998 4344 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll 11:20:07.0998 4344 Appinfo - ok 11:20:08.0123 4344 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 11:20:08.0139 4344 Apple Mobile Device - ok 11:20:08.0170 4344 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys 11:20:08.0170 4344 arc - ok 11:20:08.0201 4344 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys 11:20:08.0217 4344 arcsas - ok 11:20:08.0341 4344 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe 11:20:08.0341 4344 aspnet_state - ok 11:20:08.0373 4344 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys 11:20:08.0373 4344 AsyncMac - ok 11:20:08.0419 4344 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys 11:20:08.0419 4344 atapi - ok 11:20:08.0451 4344 AthBTPort (cbe61b4494165f458bd87e37181ee934) C:\Windows\system32\DRIVERS\btath_flt.sys 11:20:08.0451 4344 AthBTPort - ok 11:20:08.0513 4344 AtherosSvc (fbbe79d7445aa4494e069a0b91f9417b) C:\Program Files (x86)\Bluetooth Suite\adminservice.exe 11:20:08.0513 4344 AtherosSvc - ok 11:20:08.0653 4344 athr (c8679a07267f030704168e45e27c3d43) C:\Windows\system32\DRIVERS\athrx.sys 11:20:08.0747 4344 athr - ok 11:20:08.0887 4344 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll 11:20:08.0950 4344 AudioEndpointBuilder - ok 11:20:08.0965 4344 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll 11:20:08.0965 4344 AudioSrv - ok 11:20:09.0012 4344 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll 11:20:09.0012 4344 AxInstSV - ok 11:20:09.0106 4344 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys 11:20:09.0121 4344 b06bdrv - ok 11:20:09.0184 4344 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys 11:20:09.0199 4344 b57nd60a - ok 11:20:09.0231 4344 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll 11:20:09.0246 4344 BDESVC - ok 11:20:09.0262 4344 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys 11:20:09.0262 4344 Beep - ok 11:20:09.0340 4344 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll 11:20:09.0387 4344 BFE - ok 11:20:09.0449 4344 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll 11:20:09.0511 4344 BITS - ok 11:20:09.0589 4344 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys 11:20:09.0605 4344 blbdrive - ok 11:20:09.0714 4344 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe 11:20:09.0730 4344 Bonjour Service - ok 11:20:09.0777 4344 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys 11:20:09.0777 4344 bowser - ok 11:20:09.0823 4344 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys 11:20:09.0823 4344 BrFiltLo - ok 11:20:09.0823 4344 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys 11:20:09.0823 4344 BrFiltUp - ok 11:20:09.0870 4344 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll 11:20:09.0870 4344 Browser - ok 11:20:09.0901 4344 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys 11:20:09.0933 4344 Brserid - ok 11:20:09.0933 4344 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys 11:20:09.0933 4344 BrSerWdm - ok 11:20:09.0948 4344 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys 11:20:09.0948 4344 BrUsbMdm - ok 11:20:09.0948 4344 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys 11:20:09.0948 4344 BrUsbSer - ok 11:20:10.0011 4344 BTATH_A2DP (227c8f308de4af4808e587465ceab838) C:\Windows\system32\drivers\btath_a2dp.sys 11:20:10.0026 4344 BTATH_A2DP - ok 11:20:10.0073 4344 BTATH_BUS (a83a91d07d1fe6bbe7a9db46ca00434b) C:\Windows\system32\DRIVERS\btath_bus.sys 11:20:10.0089 4344 BTATH_BUS - ok 11:20:10.0120 4344 BTATH_HCRP (c864ff85ee16d61c2bdd5ef76824625f) C:\Windows\system32\DRIVERS\btath_hcrp.sys 11:20:10.0135 4344 BTATH_HCRP - ok 11:20:10.0167 4344 BTATH_LWFLT (0dea505efb5d771826d177ef8b8a208f) C:\Windows\system32\DRIVERS\btath_lwflt.sys 11:20:10.0167 4344 BTATH_LWFLT - ok 11:20:10.0182 4344 BTATH_RCP (724c8088c96efe7a3e63fec21d4681c0) C:\Windows\system32\DRIVERS\btath_rcp.sys 11:20:10.0198 4344 BTATH_RCP - ok 11:20:10.0245 4344 BtFilter (ff8b065f96e4d9525aa7227299fbd05c) C:\Windows\system32\DRIVERS\btfilter.sys 11:20:10.0260 4344 BtFilter - ok 11:20:10.0307 4344 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\DRIVERS\BthEnum.sys 11:20:10.0307 4344 BthEnum - ok 11:20:10.0338 4344 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys 11:20:10.0354 4344 BTHMODEM - ok 11:20:10.0385 4344 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys 11:20:10.0385 4344 BthPan - ok 11:20:10.0447 4344 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\system32\Drivers\BTHport.sys 11:20:10.0463 4344 BTHPORT - ok 11:20:10.0525 4344 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll 11:20:10.0525 4344 bthserv - ok 11:20:10.0557 4344 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\system32\Drivers\BTHUSB.sys 11:20:10.0557 4344 BTHUSB - ok 11:20:10.0603 4344 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys 11:20:10.0603 4344 cdfs - ok 11:20:10.0635 4344 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys 11:20:10.0650 4344 cdrom - ok 11:20:10.0697 4344 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll 11:20:10.0697 4344 CertPropSvc - ok 11:20:10.0728 4344 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys 11:20:10.0728 4344 circlass - ok 11:20:10.0775 4344 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys 11:20:10.0791 4344 CLFS - ok 11:20:10.0869 4344 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 11:20:10.0869 4344 clr_optimization_v2.0.50727_32 - ok 11:20:10.0915 4344 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 11:20:10.0931 4344 clr_optimization_v2.0.50727_64 - ok 11:20:11.0056 4344 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 11:20:11.0056 4344 clr_optimization_v4.0.30319_32 - ok 11:20:11.0103 4344 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 11:20:11.0118 4344 clr_optimization_v4.0.30319_64 - ok 11:20:11.0149 4344 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys 11:20:11.0149 4344 CmBatt - ok 11:20:11.0165 4344 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys 11:20:11.0165 4344 cmdide - ok 11:20:11.0243 4344 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys 11:20:11.0259 4344 CNG - ok 11:20:11.0290 4344 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys 11:20:11.0290 4344 Compbatt - ok 11:20:11.0337 4344 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys 11:20:11.0337 4344 CompositeBus - ok 11:20:11.0352 4344 COMSysApp - ok 11:20:11.0368 4344 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys 11:20:11.0368 4344 crcdisk - ok 11:20:11.0430 4344 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll 11:20:11.0446 4344 CryptSvc - ok 11:20:11.0493 4344 dc3d (1ca90212a99db6975c344826d11055c9) C:\Windows\system32\DRIVERS\dc3d.sys 11:20:11.0493 4344 dc3d - ok 11:20:11.0555 4344 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll 11:20:11.0586 4344 DcomLaunch - ok 11:20:11.0649 4344 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll 11:20:11.0664 4344 defragsvc - ok 11:20:11.0695 4344 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys 11:20:11.0695 4344 DfsC - ok 11:20:11.0742 4344 dg_ssudbus (113212d25d0c9bb8901a9833774da97f) C:\Windows\system32\DRIVERS\ssudbus.sys 11:20:11.0742 4344 dg_ssudbus - ok 11:20:11.0820 4344 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll 11:20:11.0851 4344 Dhcp - ok 11:20:11.0883 4344 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys 11:20:11.0883 4344 discache - ok 11:20:11.0914 4344 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys 11:20:11.0914 4344 Disk - ok 11:20:11.0992 4344 Dnscache (143d5e4f6b1c58774efca1bc7cebff2e) C:\Windows\System32\pouazns6k.dll 11:20:12.0023 4344 Dnscache - ok 11:20:12.0085 4344 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll 11:20:12.0101 4344 dot3svc - ok 11:20:12.0132 4344 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll 11:20:12.0132 4344 DPS - ok 11:20:12.0163 4344 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys 11:20:12.0179 4344 drmkaud - ok 11:20:12.0273 4344 DsiWMIService (4ab2a58816cc6be771f1d8c768b804c5) C:\Program Files (x86)\Launch Manager\dsiwmis.exe 11:20:12.0304 4344 DsiWMIService - ok 11:20:12.0382 4344 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys 11:20:12.0429 4344 DXGKrnl - ok 11:20:12.0475 4344 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll 11:20:12.0475 4344 EapHost - ok 11:20:12.0631 4344 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys 11:20:12.0741 4344 ebdrv - ok 11:20:12.0850 4344 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe 11:20:12.0865 4344 EFS - ok 11:20:12.0928 4344 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe 11:20:12.0959 4344 ehRecvr - ok 11:20:12.0975 4344 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe 11:20:12.0975 4344 ehSched - ok 11:20:13.0053 4344 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys 11:20:13.0084 4344 elxstor - ok 11:20:13.0177 4344 ePowerSvc (eb1c213a8550f066b2ccc29c9f41e2ae) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe 11:20:13.0224 4344 ePowerSvc - ok 11:20:13.0333 4344 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys 11:20:13.0349 4344 ErrDev - ok 11:20:13.0396 4344 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll 11:20:13.0427 4344 EventSystem - ok 11:20:13.0458 4344 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys 11:20:13.0474 4344 exfat - ok 11:20:13.0521 4344 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys 11:20:13.0536 4344 fastfat - ok 11:20:13.0599 4344 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe 11:20:13.0645 4344 Fax - ok 11:20:13.0661 4344 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys 11:20:13.0661 4344 fdc - ok 11:20:13.0677 4344 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll 11:20:13.0692 4344 fdPHost - ok 11:20:13.0708 4344 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll 11:20:13.0708 4344 FDResPub - ok 11:20:13.0755 4344 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys 11:20:13.0755 4344 FileInfo - ok 11:20:13.0770 4344 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys 11:20:13.0770 4344 Filetrace - ok 11:20:13.0895 4344 FLEXnet Licensing Service (bb0667b0171b632b97ea759515476f07) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe 11:20:13.0911 4344 FLEXnet Licensing Service - ok 11:20:13.0957 4344 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys 11:20:13.0957 4344 flpydisk - ok 11:20:13.0989 4344 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys 11:20:13.0989 4344 FltMgr - ok 11:20:14.0051 4344 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll 11:20:14.0098 4344 FontCache - ok 11:20:14.0160 4344 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 11:20:14.0160 4344 FontCache3.0.0.0 - ok 11:20:14.0207 4344 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys 11:20:14.0207 4344 FsDepends - ok 11:20:14.0254 4344 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys 11:20:14.0254 4344 Fs_Rec - ok 11:20:14.0301 4344 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys 11:20:14.0301 4344 fvevol - ok 11:20:14.0347 4344 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys 11:20:14.0347 4344 gagp30kx - ok 11:20:14.0394 4344 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 11:20:14.0394 4344 GEARAspiWDM - ok 11:20:14.0457 4344 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll 11:20:14.0503 4344 gpsvc - ok 11:20:14.0581 4344 GREGService (0191dee9b9eb7902af2cf4f67301095d) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe 11:20:14.0581 4344 GREGService - ok 11:20:14.0628 4344 gusvc (c1b577b2169900f4cf7190c39f085794) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe 11:20:14.0628 4344 gusvc - ok 11:20:14.0675 4344 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys 11:20:14.0675 4344 hcw85cir - ok 11:20:14.0722 4344 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys 11:20:14.0753 4344 HdAudAddService - ok 11:20:14.0784 4344 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys 11:20:14.0800 4344 HDAudBus - ok 11:20:14.0800 4344 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys 11:20:14.0800 4344 HidBatt - ok 11:20:14.0815 4344 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys 11:20:14.0815 4344 HidBth - ok 11:20:14.0847 4344 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys 11:20:14.0847 4344 HidIr - ok 11:20:14.0878 4344 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll 11:20:14.0893 4344 hidserv - ok 11:20:14.0909 4344 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys 11:20:14.0909 4344 HidUsb - ok 11:20:14.0925 4344 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll 11:20:14.0925 4344 hkmsvc - ok 11:20:14.0956 4344 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll 11:20:14.0956 4344 HomeGroupListener - ok 11:20:14.0987 4344 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll 11:20:15.0003 4344 HomeGroupProvider - ok 11:20:15.0034 4344 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys 11:20:15.0034 4344 HpSAMD - ok 11:20:15.0081 4344 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys 11:20:15.0112 4344 HTTP - ok 11:20:15.0127 4344 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys 11:20:15.0127 4344 hwpolicy - ok 11:20:15.0143 4344 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys 11:20:15.0159 4344 i8042prt - ok 11:20:15.0205 4344 iaStor (d7921d5a870b11cc1adab198a519d50a) C:\Windows\system32\drivers\iaStor.sys 11:20:15.0221 4344 iaStor - ok 11:20:15.0283 4344 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys 11:20:15.0315 4344 iaStorV - ok 11:20:15.0424 4344 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 11:20:15.0455 4344 idsvc - ok 11:20:15.0954 4344 igfx (553228e67639f52c9bd86362c0c64f85) C:\Windows\system32\DRIVERS\igdkmd64.sys 11:20:16.0235 4344 igfx - ok 11:20:16.0344 4344 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys 11:20:16.0344 4344 iirsp - ok 11:20:16.0407 4344 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll 11:20:16.0485 4344 IKEEXT - ok 11:20:16.0641 4344 IntcAzAudAddService (16c324e22208e6e8336c3f2da14cfe2d) C:\Windows\system32\drivers\RTKVHD64.sys 11:20:16.0734 4344 IntcAzAudAddService - ok 11:20:16.0875 4344 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\Windows\system32\DRIVERS\IntcDAud.sys 11:20:16.0890 4344 IntcDAud - ok 11:20:16.0906 4344 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys 11:20:16.0921 4344 intelide - ok 11:20:16.0953 4344 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys 11:20:16.0953 4344 intelppm - ok 11:20:16.0984 4344 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll 11:20:16.0984 4344 IPBusEnum - ok 11:20:16.0999 4344 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys 11:20:17.0031 4344 IpFilterDriver - ok 11:20:17.0031 4344 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys 11:20:17.0046 4344 IPMIDRV - ok 11:20:17.0077 4344 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys 11:20:17.0077 4344 IPNAT - ok 11:20:17.0218 4344 iPod Service (ee4c2a137c7088911a8919effc9812e7) C:\Program Files\iPod\bin\iPodService.exe 11:20:17.0265 4344 iPod Service - ok 11:20:17.0296 4344 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys 11:20:17.0296 4344 IRENUM - ok 11:20:17.0327 4344 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys 11:20:17.0327 4344 isapnp - ok 11:20:17.0343 4344 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys 11:20:17.0374 4344 iScsiPrt - ok 11:20:17.0405 4344 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys 11:20:17.0405 4344 kbdclass - ok 11:20:17.0421 4344 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys 11:20:17.0421 4344 kbdhid - ok 11:20:17.0483 4344 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 11:20:17.0483 4344 KeyIso - ok 11:20:17.0514 4344 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys 11:20:17.0514 4344 KSecDD - ok 11:20:17.0530 4344 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys 11:20:17.0545 4344 KSecPkg - ok 11:20:17.0577 4344 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys 11:20:17.0577 4344 ksthunk - ok 11:20:17.0639 4344 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll 11:20:17.0655 4344 KtmRm - ok 11:20:17.0686 4344 L1C (6dd5383c9413aae3113faf89e345663d) C:\Windows\system32\DRIVERS\L1C62x64.sys 11:20:17.0701 4344 L1C - ok 11:20:17.0748 4344 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll 11:20:17.0764 4344 LanmanServer - ok 11:20:17.0795 4344 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll 11:20:17.0811 4344 LanmanWorkstation - ok 11:20:17.0873 4344 Live Updater Service (6bcee9c766815bfff89de7d81af34ce1) C:\Program Files\Acer\Acer Updater\UpdaterService.exe 11:20:17.0889 4344 Live Updater Service - ok 11:20:17.0935 4344 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys 11:20:17.0935 4344 lltdio - ok 11:20:17.0998 4344 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll 11:20:18.0013 4344 lltdsvc - ok 11:20:18.0029 4344 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll 11:20:18.0045 4344 lmhosts - ok 11:20:18.0138 4344 LMS (2ed1786b7542cda261029f6b526edf44) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe 11:20:18.0154 4344 LMS - ok 11:20:18.0185 4344 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys 11:20:18.0201 4344 LSI_FC - ok 11:20:18.0232 4344 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys 11:20:18.0232 4344 LSI_SAS - ok 11:20:18.0247 4344 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys 11:20:18.0247 4344 LSI_SAS2 - ok 11:20:18.0294 4344 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys 11:20:18.0310 4344 LSI_SCSI - ok 11:20:18.0341 4344 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys 11:20:18.0341 4344 luafv - ok 11:20:18.0403 4344 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys 11:20:18.0403 4344 MBAMProtector - ok 11:20:18.0481 4344 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe 11:20:18.0528 4344 MBAMService - ok 11:20:18.0575 4344 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll 11:20:18.0575 4344 Mcx2Svc - ok 11:20:18.0622 4344 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys 11:20:18.0622 4344 megasas - ok 11:20:18.0669 4344 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys 11:20:18.0684 4344 MegaSR - ok 11:20:18.0731 4344 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys 11:20:18.0731 4344 MEIx64 - ok 11:20:18.0762 4344 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll 11:20:18.0762 4344 MMCSS - ok 11:20:18.0793 4344 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys 11:20:18.0793 4344 Modem - ok 11:20:18.0825 4344 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys 11:20:18.0825 4344 monitor - ok 11:20:18.0856 4344 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys 11:20:18.0856 4344 mouclass - ok 11:20:18.0871 4344 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys 11:20:18.0871 4344 mouhid - ok 11:20:18.0918 4344 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys 11:20:18.0918 4344 mountmgr - ok 11:20:19.0027 4344 MozillaMaintenance (d9378fedbdb9895444ca07c761136106) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe 11:20:19.0027 4344 MozillaMaintenance - ok 11:20:19.0105 4344 MpFilter (94c66ededcdb6a126880472f9a704d8e) C:\Windows\system32\DRIVERS\MpFilter.sys 11:20:19.0105 4344 MpFilter - ok 11:20:19.0152 4344 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys 11:20:19.0168 4344 mpio - ok 11:20:19.0183 4344 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys 11:20:19.0183 4344 mpsdrv - ok 11:20:19.0293 4344 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll 11:20:19.0355 4344 MpsSvc - ok 11:20:19.0371 4344 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys 11:20:19.0386 4344 MRxDAV - ok 11:20:19.0417 4344 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys 11:20:19.0417 4344 mrxsmb - ok 11:20:19.0449 4344 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys 11:20:19.0464 4344 mrxsmb10 - ok 11:20:19.0495 4344 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys 11:20:19.0495 4344 mrxsmb20 - ok 11:20:19.0527 4344 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys 11:20:19.0527 4344 msahci - ok 11:20:19.0542 4344 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys 11:20:19.0558 4344 msdsm - ok 11:20:19.0589 4344 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe 11:20:19.0605 4344 MSDTC - ok 11:20:19.0620 4344 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys 11:20:19.0620 4344 Msfs - ok 11:20:19.0636 4344 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys 11:20:19.0651 4344 mshidkmdf - ok 11:20:19.0651 4344 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys 11:20:19.0651 4344 msisadrv - ok 11:20:19.0683 4344 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll 11:20:19.0683 4344 MSiSCSI - ok 11:20:19.0683 4344 msiserver - ok 11:20:19.0729 4344 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys 11:20:19.0729 4344 MSKSSRV - ok 11:20:19.0839 4344 MsMpSvc (59faaf2c83c8169ea20f9e335e418907) c:\Program Files\Microsoft Security Client\MsMpEng.exe 11:20:19.0839 4344 MsMpSvc - ok 11:20:19.0839 4344 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys 11:20:19.0854 4344 MSPCLOCK - ok 11:20:19.0854 4344 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys 11:20:19.0854 4344 MSPQM - ok 11:20:19.0901 4344 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys 11:20:19.0932 4344 MsRPC - ok 11:20:19.0948 4344 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys 11:20:19.0948 4344 mssmbios - ok 11:20:19.0963 4344 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys 11:20:19.0963 4344 MSTEE - ok 11:20:19.0979 4344 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys 11:20:19.0979 4344 MTConfig - ok 11:20:19.0995 4344 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys 11:20:19.0995 4344 Mup - ok 11:20:20.0057 4344 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll 11:20:20.0073 4344 napagent - ok 11:20:20.0135 4344 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys 11:20:20.0151 4344 NativeWifiP - ok 11:20:20.0229 4344 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys 11:20:20.0291 4344 NDIS - ok 11:20:20.0322 4344 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys 11:20:20.0322 4344 NdisCap - ok 11:20:20.0353 4344 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys 11:20:20.0353 4344 NdisTapi - ok 11:20:20.0369 4344 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys 11:20:20.0369 4344 Ndisuio - ok 11:20:20.0400 4344 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys 11:20:20.0400 4344 NdisWan - ok 11:20:20.0416 4344 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys 11:20:20.0416 4344 NDProxy - ok 11:20:20.0447 4344 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys 11:20:20.0447 4344 NetBIOS - ok 11:20:20.0478 4344 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys 11:20:20.0494 4344 NetBT - ok 11:20:20.0556 4344 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 11:20:20.0556 4344 Netlogon - ok 11:20:20.0603 4344 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll 11:20:20.0634 4344 Netman - ok 11:20:20.0759 4344 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 11:20:20.0775 4344 NetMsmqActivator - ok 11:20:20.0790 4344 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 11:20:20.0790 4344 NetPipeActivator - ok 11:20:20.0853 4344 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll 11:20:20.0884 4344 netprofm - ok 11:20:20.0899 4344 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 11:20:20.0899 4344 NetTcpActivator - ok 11:20:20.0899 4344 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 11:20:20.0899 4344 NetTcpPortSharing - ok 11:20:20.0962 4344 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys 11:20:20.0962 4344 nfrd960 - ok 11:20:21.0009 4344 NisDrv (91b4e0273d2f6c24ef845f2b41311289) C:\Windows\system32\DRIVERS\NisDrvWFP.sys 11:20:21.0024 4344 NisDrv - ok 11:20:21.0149 4344 NisSrv (10a43829a9e606af3eef25a1c1665923) c:\Program Files\Microsoft Security Client\NisSrv.exe 11:20:21.0180 4344 NisSrv - ok 11:20:21.0243 4344 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll 11:20:21.0274 4344 NlaSvc - ok 11:20:21.0274 4344 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys 11:20:21.0274 4344 Npfs - ok 11:20:21.0305 4344 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll 11:20:21.0305 4344 nsi - ok 11:20:21.0321 4344 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys 11:20:21.0321 4344 nsiproxy - ok 11:20:21.0445 4344 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys 11:20:21.0492 4344 Ntfs - ok 11:20:21.0617 4344 NTI IScheduleSvc (773eed20bbf50809437373c0285bfa5e) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe 11:20:21.0617 4344 NTI IScheduleSvc - ok 11:20:21.0742 4344 NTIDrvr (ee3ba1024594d5d09e314f206b94069e) C:\Windows\system32\drivers\NTIDrvr.sys 11:20:21.0757 4344 NTIDrvr - ok 11:20:21.0773 4344 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys 11:20:21.0773 4344 Null - ok 11:20:21.0820 4344 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys 11:20:21.0820 4344 nvraid - ok 11:20:21.0835 4344 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys 11:20:21.0851 4344 nvstor - ok 11:20:21.0867 4344 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys 11:20:21.0867 4344 nv_agp - ok 11:20:21.0991 4344 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE 11:20:22.0007 4344 odserv - ok 11:20:22.0038 4344 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys 11:20:22.0038 4344 ohci1394 - ok 11:20:22.0085 4344 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 11:20:22.0101 4344 ose - ok 11:20:22.0147 4344 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll 11:20:22.0163 4344 p2pimsvc - ok 11:20:22.0225 4344 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll 11:20:22.0241 4344 p2psvc - ok 11:20:22.0288 4344 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys 11:20:22.0288 4344 Parport - ok 11:20:22.0335 4344 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys 11:20:22.0350 4344 partmgr - ok 11:20:22.0366 4344 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll 11:20:22.0381 4344 PcaSvc - ok 11:20:22.0413 4344 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys 11:20:22.0428 4344 pci - ok 11:20:22.0459 4344 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys 11:20:22.0459 4344 pciide - ok 11:20:22.0491 4344 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys 11:20:22.0506 4344 pcmcia - ok 11:20:22.0537 4344 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys 11:20:22.0537 4344 pcw - ok 11:20:22.0584 4344 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys 11:20:22.0631 4344 PEAUTH - ok 11:20:22.0709 4344 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe 11:20:22.0709 4344 PerfHost - ok 11:20:22.0771 4344 pjdcoemi (37de5c89d49d8842c29504a7377c8bdc) C:\Windows\system32\drivers\pjdcoemi.sys 11:20:22.0803 4344 pjdcoemi - ok 11:20:22.0881 4344 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll 11:20:22.0943 4344 pla - ok 11:20:22.0990 4344 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll 11:20:23.0005 4344 PlugPlay - ok 11:20:23.0021 4344 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll 11:20:23.0021 4344 PNRPAutoReg - ok 11:20:23.0068 4344 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll 11:20:23.0068 4344 PNRPsvc - ok 11:20:23.0161 4344 Point64 (4f0878fd62d5f7444c5f1c4c66d9d293) C:\Windows\system32\DRIVERS\point64.sys 11:20:23.0161 4344 Point64 - ok 11:20:23.0224 4344 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll 11:20:23.0255 4344 PolicyAgent - ok 11:20:23.0302 4344 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll 11:20:23.0317 4344 Power - ok 11:20:23.0349 4344 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys 11:20:23.0349 4344 PptpMiniport - ok 11:20:23.0364 4344 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys 11:20:23.0380 4344 Processor - ok 11:20:23.0427 4344 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll 11:20:23.0442 4344 ProfSvc - ok 11:20:23.0489 4344 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 11:20:23.0489 4344 ProtectedStorage - ok 11:20:23.0536 4344 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys 11:20:23.0536 4344 Psched - ok 11:20:23.0567 4344 PSI (fb46e9a827a8799ebd7bfa9128c91f37) C:\Windows\system32\DRIVERS\psi_mf.sys 11:20:23.0567 4344 PSI - ok 11:20:23.0661 4344 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys 11:20:23.0707 4344 ql2300 - ok 11:20:23.0817 4344 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys 11:20:23.0817 4344 ql40xx - ok 11:20:23.0863 4344 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll 11:20:23.0895 4344 QWAVE - ok 11:20:23.0910 4344 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys 11:20:23.0910 4344 QWAVEdrv - ok 11:20:23.0926 4344 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys 11:20:23.0926 4344 RasAcd - ok 11:20:23.0973 4344 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys 11:20:23.0973 4344 RasAgileVpn - ok 11:20:24.0004 4344 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll 11:20:24.0004 4344 RasAuto - ok 11:20:24.0035 4344 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys 11:20:24.0035 4344 Rasl2tp - ok 11:20:24.0066 4344 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll 11:20:24.0097 4344 RasMan - ok 11:20:24.0113 4344 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys 11:20:24.0113 4344 RasPppoe - ok 11:20:24.0144 4344 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys 11:20:24.0144 4344 RasSstp - ok 11:20:24.0175 4344 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys 11:20:24.0191 4344 rdbss - ok 11:20:24.0207 4344 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys 11:20:24.0207 4344 rdpbus - ok 11:20:24.0238 4344 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys 11:20:24.0238 4344 RDPCDD - ok 11:20:24.0269 4344 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys 11:20:24.0269 4344 RDPENCDD - ok 11:20:24.0285 4344 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys 11:20:24.0285 4344 RDPREFMP - ok 11:20:24.0331 4344 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys 11:20:24.0347 4344 RDPWD - ok 11:20:24.0378 4344 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys 11:20:24.0394 4344 rdyboost - ok 11:20:24.0441 4344 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll 11:20:24.0456 4344 RemoteAccess - ok 11:20:24.0472 4344 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll 11:20:24.0503 4344 RemoteRegistry - ok 11:20:24.0534 4344 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys 11:20:24.0550 4344 RFCOMM - ok 11:20:24.0565 4344 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll 11:20:24.0565 4344 RpcEptMapper - ok 11:20:24.0597 4344 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe 11:20:24.0612 4344 RpcLocator - ok 11:20:24.0643 4344 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll 11:20:24.0659 4344 RpcSs - ok 11:20:24.0753 4344 RSPCIESTOR (85b325723f67ef80927326fd7eb1cc10) C:\Windows\system32\DRIVERS\RtsPStor.sys 11:20:24.0768 4344 RSPCIESTOR - ok 11:20:24.0815 4344 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys 11:20:24.0815 4344 rspndr - ok 11:20:24.0862 4344 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 11:20:24.0862 4344 SamSs - ok 11:20:24.0893 4344 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys 11:20:24.0893 4344 sbp2port - ok 11:20:24.0940 4344 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll 11:20:24.0955 4344 SCardSvr - ok 11:20:24.0971 4344 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys 11:20:24.0971 4344 scfilter - ok 11:20:25.0049 4344 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll 11:20:25.0111 4344 Schedule - ok 11:20:25.0143 4344 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll 11:20:25.0143 4344 SCPolicySvc - ok 11:20:25.0158 4344 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll 11:20:25.0189 4344 SDRSVC - ok 11:20:25.0252 4344 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys 11:20:25.0252 4344 secdrv - ok 11:20:25.0283 4344 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll 11:20:25.0299 4344 seclogon - ok 11:20:25.0423 4344 Secunia PSI Agent (5b66db4877bbac9f7493aa8d84421e49) C:\Program Files (x86)\SecuniaPSI\PSIA.exe 11:20:25.0470 4344 Secunia PSI Agent - ok 11:20:25.0533 4344 Secunia Update Agent (0e88fdf474f2cdd370a4a6ce77d018f0) C:\Program Files (x86)\SecuniaPSI\sua.exe 11:20:25.0548 4344 Secunia Update Agent - ok 11:20:25.0657 4344 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll 11:20:25.0657 4344 SENS - ok 11:20:25.0689 4344 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll 11:20:25.0689 4344 SensrSvc - ok 11:20:25.0735 4344 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys 11:20:25.0735 4344 Serenum - ok 11:20:25.0767 4344 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys 11:20:25.0767 4344 Serial - ok 11:20:25.0782 4344 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys 11:20:25.0782 4344 sermouse - ok 11:20:25.0845 4344 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll 11:20:25.0860 4344 SessionEnv - ok 11:20:25.0876 4344 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys 11:20:25.0891 4344 sffdisk - ok 11:20:25.0907 4344 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys 11:20:25.0907 4344 sffp_mmc - ok 11:20:25.0907 4344 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys 11:20:25.0923 4344 sffp_sd - ok 11:20:25.0923 4344 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys 11:20:25.0923 4344 sfloppy - ok 11:20:25.0969 4344 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll 11:20:25.0985 4344 ShellHWDetection - ok 11:20:26.0001 4344 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys 11:20:26.0001 4344 SiSRaid2 - ok 11:20:26.0032 4344 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys 11:20:26.0032 4344 SiSRaid4 - ok 11:20:26.0047 4344 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys 11:20:26.0047 4344 Smb - ok 11:20:26.0094 4344 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe 11:20:26.0094 4344 SNMPTRAP - ok 11:20:26.0110 4344 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys 11:20:26.0110 4344 spldr - ok 11:20:26.0157 4344 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe 11:20:26.0188 4344 Spooler - ok 11:20:26.0359 4344 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe 11:20:26.0453 4344 sppsvc - ok 11:20:26.0547 4344 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll 11:20:26.0562 4344 sppuinotify - ok 11:20:26.0640 4344 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys 11:20:26.0656 4344 srv - ok 11:20:26.0703 4344 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys 11:20:26.0718 4344 srv2 - ok 11:20:26.0749 4344 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys 11:20:26.0749 4344 srvnet - ok 11:20:26.0812 4344 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll 11:20:26.0827 4344 SSDPSRV - ok 11:20:26.0843 4344 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll 11:20:26.0843 4344 SstpSvc - ok 11:20:26.0921 4344 ssudmdm (78cd64791f8634cf7b582fd085e57c4b) C:\Windows\system32\DRIVERS\ssudmdm.sys 11:20:26.0937 4344 ssudmdm - ok 11:20:26.0968 4344 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys 11:20:26.0968 4344 stexstor - ok 11:20:27.0046 4344 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll 11:20:27.0093 4344 stisvc - ok 11:20:27.0108 4344 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys 11:20:27.0108 4344 swenum - ok 11:20:27.0171 4344 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll 11:20:27.0202 4344 swprv - ok 11:20:27.0327 4344 SynTP (b0c7d4dcf4800df2f2145b500d0161e8) C:\Windows\system32\DRIVERS\SynTP.sys 11:20:27.0389 4344 SynTP - ok 11:20:27.0592 4344 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll 11:20:27.0670 4344 SysMain - ok 11:20:27.0826 4344 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll 11:20:27.0826 4344 TabletInputService - ok 11:20:27.0873 4344 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll 11:20:27.0888 4344 TapiSrv - ok 11:20:27.0904 4344 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll 11:20:27.0919 4344 TBS - ok 11:20:28.0091 4344 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys 11:20:28.0169 4344 Tcpip - ok 11:20:28.0403 4344 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys 11:20:28.0419 4344 TCPIP6 - ok 11:20:28.0543 4344 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys 11:20:28.0543 4344 tcpipreg - ok 11:20:28.0559 4344 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys 11:20:28.0559 4344 TDPIPE - ok 11:20:28.0590 4344 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys 11:20:28.0606 4344 TDTCP - ok 11:20:28.0637 4344 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys 11:20:28.0637 4344 tdx - ok 11:20:28.0855 4344 TeamViewer7 (3e85bdd019e3db66d9471dad7fd6a887) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe 11:20:28.0949 4344 TeamViewer7 - ok 11:20:29.0058 4344 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys 11:20:29.0058 4344 TermDD - ok 11:20:29.0136 4344 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll 11:20:29.0167 4344 TermService - ok 11:20:29.0199 4344 Themes (9201be2bab8a9ff8e20d8439ae3bb04d) C:\Windows\system32\themeservice.dll 11:20:29.0245 4344 Themes - ok 11:20:29.0277 4344 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll 11:20:29.0277 4344 THREADORDER - ok 11:20:29.0339 4344 totrsdiy (37de5c89d49d8842c29504a7377c8bdc) C:\Windows\system32\drivers\totrsdiy.sys 11:20:29.0370 4344 totrsdiy - ok 11:20:29.0401 4344 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll 11:20:29.0401 4344 TrkWks - ok 11:20:29.0464 4344 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe 11:20:29.0479 4344 TrustedInstaller - ok 11:20:29.0495 4344 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys 11:20:29.0511 4344 tssecsrv - ok 11:20:29.0542 4344 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys 11:20:29.0542 4344 TsUsbFlt - ok 11:20:29.0557 4344 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys 11:20:29.0573 4344 TsUsbGD - ok 11:20:29.0604 4344 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys 11:20:29.0604 4344 tunnel - ok 11:20:29.0620 4344 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys 11:20:29.0635 4344 uagp35 - ok 11:20:29.0682 4344 UBHelper (a17d5e1a6df4eab0a480f2c490de4c9d) C:\Windows\system32\drivers\UBHelper.sys 11:20:29.0682 4344 UBHelper - ok 11:20:29.0729 4344 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys 11:20:29.0745 4344 udfs - ok 11:20:29.0776 4344 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe 11:20:29.0776 4344 UI0Detect - ok 11:20:29.0791 4344 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys 11:20:29.0791 4344 uliagpkx - ok 11:20:29.0823 4344 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys 11:20:29.0823 4344 umbus - ok 11:20:29.0838 4344 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys 11:20:29.0838 4344 UmPass - ok 11:20:29.0916 4344 UnlockerDriver5 (9dc07e73a4abb9acf692113b36a5009f) C:\Program Files\Unlocker\UnlockerDriver5.sys 11:20:29.0916 4344 UnlockerDriver5 - ok 11:20:30.0119 4344 UNS (7e5e1603d0ff2d240ae70295c5c3fefc) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe 11:20:30.0213 4344 UNS - ok 11:20:30.0306 4344 Update-Service - ok 11:20:30.0353 4344 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll 11:20:30.0384 4344 upnphost - ok 11:20:30.0431 4344 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys 11:20:30.0431 4344 usbccgp - ok 11:20:30.0462 4344 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys 11:20:30.0478 4344 usbcir - ok 11:20:30.0509 4344 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys 11:20:30.0509 4344 usbehci - ok 11:20:30.0556 4344 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys 11:20:30.0587 4344 usbhub - ok 11:20:30.0603 4344 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys 11:20:30.0603 4344 usbohci - ok 11:20:30.0634 4344 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys 11:20:30.0634 4344 usbprint - ok 11:20:30.0665 4344 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys 11:20:30.0665 4344 usbscan - ok 11:20:30.0696 4344 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS 11:20:30.0696 4344 USBSTOR - ok 11:20:30.0727 4344 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys 11:20:30.0727 4344 usbuhci - ok 11:20:30.0759 4344 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys 11:20:30.0759 4344 usbvideo - ok 11:20:30.0805 4344 usb_rndisx (70d05ee263568a742d14e1876df80532) C:\Windows\system32\DRIVERS\usb8023x.sys 11:20:30.0805 4344 usb_rndisx - ok 11:20:30.0821 4344 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll 11:20:30.0837 4344 UxSms - ok 11:20:30.0883 4344 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 11:20:30.0883 4344 VaultSvc - ok 11:20:30.0961 4344 VBoxDrv (c30f3d43ceb6f79ade9b805387e5f63c) C:\Windows\system32\DRIVERS\VBoxDrv.sys 11:20:30.0977 4344 VBoxDrv - ok 11:20:31.0008 4344 VBoxNetAdp (8acf22b86ce4e85c23e3e9513bf45c37) C:\Windows\system32\DRIVERS\VBoxNetAdp.sys 11:20:31.0024 4344 VBoxNetAdp - ok 11:20:31.0039 4344 VBoxNetFlt (7b657669c53a0e6583f07ebaa303d9ea) C:\Windows\system32\DRIVERS\VBoxNetFlt.sys 11:20:31.0039 4344 VBoxNetFlt - ok 11:20:31.0071 4344 VBoxUSBMon (cf3ee68cd9723e9f21e3198a0f690400) C:\Windows\system32\DRIVERS\VBoxUSBMon.sys 11:20:31.0071 4344 VBoxUSBMon - ok 11:20:31.0086 4344 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys 11:20:31.0086 4344 vdrvroot - ok 11:20:31.0149 4344 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe 11:20:31.0180 4344 vds - ok 11:20:31.0211 4344 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys 11:20:31.0211 4344 vga - ok 11:20:31.0242 4344 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys 11:20:31.0242 4344 VgaSave - ok 11:20:31.0273 4344 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys 11:20:31.0289 4344 vhdmp - ok 11:20:31.0305 4344 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys 11:20:31.0305 4344 viaide - ok 11:20:31.0336 4344 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys 11:20:31.0336 4344 volmgr - ok 11:20:31.0367 4344 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys 11:20:31.0383 4344 volmgrx - ok 11:20:31.0398 4344 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys 11:20:31.0414 4344 volsnap - ok 11:20:31.0445 4344 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys 11:20:31.0461 4344 vsmraid - ok 11:20:31.0554 4344 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe 11:20:31.0601 4344 VSS - ok 11:20:31.0710 4344 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys 11:20:31.0710 4344 vwifibus - ok 11:20:31.0741 4344 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys 11:20:31.0741 4344 vwififlt - ok 11:20:31.0788 4344 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys 11:20:31.0788 4344 vwifimp - ok 11:20:31.0851 4344 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll 11:20:31.0882 4344 W32Time - ok 11:20:31.0913 4344 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys 11:20:31.0913 4344 WacomPen - ok 11:20:31.0929 4344 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys 11:20:31.0944 4344 WANARP - ok 11:20:31.0960 4344 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys 11:20:31.0960 4344 Wanarpv6 - ok 11:20:32.0053 4344 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe 11:20:32.0116 4344 WatAdminSvc - ok 11:20:32.0209 4344 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe 11:20:32.0272 4344 wbengine - ok 11:20:32.0365 4344 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll 11:20:32.0381 4344 WbioSrvc - ok 11:20:32.0412 4344 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll 11:20:32.0428 4344 wcncsvc - ok 11:20:32.0443 4344 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll 11:20:32.0459 4344 WcsPlugInService - ok 11:20:32.0490 4344 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys 11:20:32.0490 4344 Wd - ok 11:20:32.0537 4344 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys 11:20:32.0568 4344 Wdf01000 - ok 11:20:32.0584 4344 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll 11:20:32.0584 4344 WdiServiceHost - ok 11:20:32.0599 4344 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll 11:20:32.0599 4344 WdiSystemHost - ok 11:20:32.0646 4344 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll 11:20:32.0662 4344 WebClient - ok 11:20:32.0693 4344 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll 11:20:32.0709 4344 Wecsvc - ok 11:20:32.0724 4344 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll 11:20:32.0724 4344 wercplsupport - ok 11:20:32.0771 4344 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll 11:20:32.0771 4344 WerSvc - ok 11:20:32.0849 4344 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys 11:20:32.0849 4344 WfpLwf - ok 11:20:32.0865 4344 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys 11:20:32.0865 4344 WIMMount - ok 11:20:32.0880 4344 WinHttpAutoProxySvc - ok 11:20:32.0943 4344 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll 11:20:32.0958 4344 Winmgmt - ok 11:20:33.0083 4344 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll 11:20:33.0130 4344 WinRM - ok 11:20:33.0255 4344 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys 11:20:33.0270 4344 WinUsb - ok 11:20:33.0348 4344 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll 11:20:33.0379 4344 Wlansvc - ok 11:20:33.0473 4344 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe 11:20:33.0473 4344 wlcrasvc - ok 11:20:33.0629 4344 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 11:20:33.0691 4344 wlidsvc - ok 11:20:33.0801 4344 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys 11:20:33.0816 4344 WmiAcpi - ok 11:20:33.0879 4344 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe 11:20:33.0894 4344 wmiApSrv - ok 11:20:33.0957 4344 WMPNetworkSvc - ok 11:20:33.0988 4344 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll 11:20:33.0988 4344 WPCSvc - ok 11:20:34.0019 4344 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll 11:20:34.0019 4344 WPDBusEnum - ok 11:20:34.0050 4344 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys 11:20:34.0050 4344 ws2ifsl - ok 11:20:34.0050 4344 WSearch - ok 11:20:34.0191 4344 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll 11:20:34.0269 4344 wuauserv - ok 11:20:34.0378 4344 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys 11:20:34.0393 4344 WudfPf - ok 11:20:34.0425 4344 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys 11:20:34.0440 4344 WUDFRd - ok 11:20:34.0487 4344 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll 11:20:34.0503 4344 wudfsvc - ok 11:20:34.0534 4344 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll 11:20:34.0549 4344 WwanSvc - ok 11:20:34.0659 4344 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0 11:20:34.0830 4344 \Device\Harddisk0\DR0 - ok 11:20:35.0205 4344 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1 11:20:35.0314 4344 \Device\Harddisk1\DR1 - ok 11:20:35.0329 4344 Boot (0x1200) (ac5db4b66a4c509054b8a7ed6df0c99c) \Device\Harddisk0\DR0\Partition0 11:20:35.0329 4344 \Device\Harddisk0\DR0\Partition0 - ok 11:20:35.0361 4344 Boot (0x1200) (64f51fccd4f72a0dd2e4450eb4fbc777) \Device\Harddisk0\DR0\Partition1 11:20:35.0361 4344 \Device\Harddisk0\DR0\Partition1 - ok 11:20:35.0361 4344 Boot (0x1200) (d14a14fbc7a4ca1d38c81792d916a205) \Device\Harddisk1\DR1\Partition0 11:20:35.0376 4344 \Device\Harddisk1\DR1\Partition0 - ok 11:20:35.0376 4344 ============================================================ 11:20:35.0376 4344 Scan finished 11:20:35.0376 4344 ============================================================ 11:20:35.0376 4792 Detected object count: 0 11:20:35.0376 4792 Actual detected object count: 0 11:20:44.0300 2652 Deinitialize success Sandra |
09.06.2012, 10:32 | #4 | |
/// Selecta Jahrusso | Sirefef und weitere auf Win7 64-bit [code] Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde! Downloade dir bitte Combofix von einem dieser Downloadspiegel Link 1 Link 2 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
09.06.2012, 10:33 | #5 | |
/// Selecta Jahrusso | Sirefef und weitere auf Win7 64-bitCombofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde! Downloade dir bitte Combofix von einem dieser Downloadspiegel Link 1 Link 2 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
09.06.2012, 11:30 | #6 |
| Sirefef und weitere auf Win7 64-bit Hi, combofix hat keine Meldungen gebracht, dafür meinen Desktop zerschossen (schwarzer Bildschirm) - hab dann neu gestartet, dann ist alles was ich gestartet habe, eingefroren, jetzt läuft alles wieder normal (meine Security Progs sind noch alle deaktiviert) combofix hat weder unter C:\ noch am Desktop eine logdatei angelegt. LG |
09.06.2012, 11:32 | #7 |
/// Selecta Jahrusso | Sirefef und weitere auf Win7 64-bit Gehe in den abgesicherten Modus (Link bitte unbedingt anklicken & lesen!) von windows
Starte bitte Combofix erneut
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
09.06.2012, 13:09 | #8 |
| Sirefef und weitere auf Win7 64-bit Hallo, leider noch immer keine log-Datei, die so heißt. Dafür kommt mir mein Rechner sehr schnell vor *g* Combofix öffnet eine art bash-Fenster, da läuft dann ein scan durch, dann schließt sich das programm, ohne dass ich was bestätigen muss, und leider keine log-Datei. Ich glaub ich steig wieder auf Linux um |
09.06.2012, 14:17 | #9 |
/// Selecta Jahrusso | Sirefef und weitere auf Win7 64-bit Hy. Sieh mal bitte unter C:\Qoobox nach, ob da eine Combofix.txt ist
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
09.06.2012, 14:49 | #10 |
| Sirefef und weitere auf Win7 64-bit Das Verzeichnis gibts leider nicht - ich hab auch schon das LW durchsucht nach der Datei... |
09.06.2012, 14:58 | #11 |
/// Selecta Jahrusso | Sirefef und weitere auf Win7 64-bit Na dann müssen wir anders ran. Scheint die neue Version zu sein. Downloade dir bitte Farbar's Recovery Scan Tool x64 und speichere diese auf einen USB Stick. Schließe den USB Stick an das infizierte System an Du musst das System nun in die System Reparatur Option booten. Über den Boot Manager
Mit Windows CD/DVD
Wähle in den Reparaturoptionen Eingabeaufforderung
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
09.06.2012, 15:25 | #12 |
| Sirefef und weitere auf Win7 64-bit Servus Daniel - hier der log: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool Version: 09-06-2012 01 Ran by SYSTEM at 09-06-2012 16:19:04 Running from H:\ Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard The current controlset is ControlSet001 ========================== Registry (Whitelisted) ============= HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [167960 2010-12-29] (Intel Corporation) HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [391704 2010-12-29] (Intel Corporation) HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [418328 2010-12-29] (Intel Corporation) HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2531624 2010-12-16] (Synaptics Incorporated) HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [11775592 2011-01-12] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE4 [2186856 2011-01-09] (Realtek Semiconductor) HKLM\...\Run: [AthBtTray] "C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe" [379552 2011-01-20] (Atheros Commnucations) HKLM\...\Run: [Power Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [1796200 2011-02-22] (Acer Incorporated) HKLM\...\Run: [itype] "c:\Program Files\Microsoft IntelliType Pro\itype.exe" [1873256 2011-08-10] (Microsoft Corporation) HKLM\...\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2417032 2011-08-01] (Microsoft Corporation) HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1271168 2012-03-26] (Microsoft Corporation) HKLM-x32\...\Run: [BackupManagerTray] "C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" -h -k [297280 2011-02-15] (NTI Corporation) HKLM-x32\...\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe [1081424 2011-03-14] (Dritek System Inc.) HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [37296 2012-03-27] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Spy Protector] C:\Program Files (x86)\Security Task Manager\SpyProtector.exe /autostart [140616 2010-11-09] (Neuber Software - www.neuber.com) Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation) Tcpip\Parameters: [DhcpNameServer] 80.237.176.196 Startup: C:\Users\All Users\Start Menu\Programs\Startup\Secunia PSI Tray.lnk ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\SecuniaPSI\psi_tray.exe (Secunia) ==================== Services (Whitelisted) ====== 2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [76448 2011-01-20] (Atheros Commnucations) 2 Dnscache; C:\Windows\System32\pouazns6k.dll [354304 2012-06-02] (Parental Solutions Inc.) 2 DsiWMIService; C:\Program Files (x86)\Launch Manager\dsiwmis.exe [352336 2011-03-14] (Dritek System Inc.) 2 ePowerSvc; C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [873064 2011-02-22] (Acer Incorporated) 2 GREGService; C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [23584 2010-01-08] (Acer Incorporated) 2 Live Updater Service; C:\Program Files\Acer\Acer Updater\UpdaterService.exe [244624 2011-01-31] (Acer Incorporated) 2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [12600 2012-03-26] (Microsoft Corporation) 3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [291696 2012-03-26] (Microsoft Corporation) 2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [257344 2011-02-15] (NTI Corporation) 2 Secunia PSI Agent; "C:\Program Files (x86)\SecuniaPSI\PSIA.exe" --start-service [994360 2011-10-13] (Secunia) 2 Secunia Update Agent; "C:\Program Files (x86)\SecuniaPSI\sua.exe" --start-service [399416 2011-10-13] (Secunia) 2 UNS; "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe" [2656280 2010-12-20] (Intel Corporation) 2 Update-Service; C:\Windows\SysWow64\UpdSvc.dll [114000 2011-12-06] (Joosoft.com GmbH) 2 WinDefend; C:\Program Files (x86)\Windows Defender\mpsvc.dll [x] ========================== Drivers (Whitelisted) ============= 3 AthBTPort; C:\Windows\System32\DRIVERS\btath_flt.sys [36000 2011-01-20] (Atheros) 3 BTATH_A2DP; C:\Windows\System32\Drivers\BTATH_A2DP.sys [298144 2011-01-20] (Atheros) 3 BTATH_BUS; C:\Windows\System32\Drivers\BTATH_BUS.sys [28832 2011-01-20] (Atheros) 3 BTATH_HCRP; C:\Windows\System32\Drivers\BTATH_HCRP.sys [201376 2011-01-20] (Atheros) 3 BTATH_LWFLT; C:\Windows\System32\Drivers\BTATH_LWFLT.sys [55456 2011-01-20] (Atheros) 3 BTATH_RCP; C:\Windows\System32\Drivers\BTATH_RCP.sys [154272 2011-01-20] (Atheros) 3 BtFilter; C:\Windows\System32\Drivers\BtFilter.sys [279200 2011-01-20] (Atheros) 3 NTIDrvr; C:\Windows\System32\Drivers\NTIDrvr.sys [18432 2011-03-09] (NTI Corporation) 3 UBHelper; C:\Windows\System32\Drivers\UBHelper.sys [17408 2011-03-09] (NTI Corporation) ========================== NetSvcs (Whitelisted) =========== ============ One Month Created Files and Folders ============== 2012-06-09 16:19 - 2012-06-09 16:19 - 00000000 ____D C:\FRST 2012-06-09 06:13 - 2012-06-09 06:14 - 01399435 ____A C:\Users\sandra\Downloads\FRST64.exe 2012-06-09 05:55 - 2012-06-09 06:07 - 673229715 ____A C:\Users\sandra\Downloads\Secrets of the Dark 2 Eclipse Mountain CE.rar 2012-06-09 03:54 - 2012-06-09 04:00 - 00269820 ____A C:\Windows\ntbtlog.txt 2012-06-09 02:15 - 2012-06-09 03:56 - 00000000 ___SD C:\32788R22FWJFW 2012-06-09 02:07 - 2012-06-09 02:07 - 04538510 ____R (Swearware) C:\Users\sandra\Desktop\ComboFix.exe 2012-06-09 01:20 - 2012-06-09 01:20 - 00133168 ____A C:\TDSSKiller.2.7.36.0_09.06.2012_11.20.02_log.txt 2012-06-09 01:18 - 2012-06-09 01:18 - 02127960 ____A (Kaspersky Lab ZAO) C:\Users\sandra\Desktop\tdsskiller.exe 2012-06-08 08:53 - 2012-06-08 08:53 - 00002006 ____A C:\Users\sandra\Desktop\Rite of Passage - The Perfect Show Collector's Edition.lnk 2012-06-08 07:38 - 2012-06-08 07:38 - 00034934 ____A C:\Users\sandra\Downloads\OTL.zip 2012-06-08 07:35 - 2012-06-08 07:35 - 00114350 ____A C:\Users\sandra\Downloads\Extras.Txt 2012-06-08 07:34 - 2012-06-08 07:34 - 00098090 ____A C:\Users\sandra\Downloads\OTL.Txt 2012-06-08 07:30 - 2012-06-08 07:30 - 00595456 ____A (OldTimer Tools) C:\Users\sandra\Downloads\OTL.exe 2012-06-08 07:26 - 2012-06-08 07:26 - 00000474 ____A C:\Users\sandra\Downloads\defogger_disable.log 2012-06-08 07:26 - 2012-06-08 07:26 - 00000000 ____A C:\Users\sandra\defogger_reenable 2012-06-08 07:25 - 2012-06-08 07:25 - 00050477 ____A C:\Users\sandra\Downloads\Defogger.exe 2012-06-07 11:15 - 2012-06-09 02:10 - 00000000 ____D C:\Program Files (x86)\Emsisoft Anti-Malware 2012-06-07 11:15 - 2012-06-08 07:44 - 00000000 ____D C:\Users\sandra\Documents\Anti-Malware 2012-06-07 09:43 - 2012-06-07 09:45 - 00000000 ____D C:\Users\sandra\AppData\Roaming\ImgBurn 2012-06-07 09:32 - 2012-06-07 09:32 - 00000000 ____D C:\Program Files (x86)\ImgBurn 2012-06-07 09:30 - 2012-06-07 09:30 - 00000000 ____D C:\Users\sandra\AppData\Roaming\Malwarebytes 2012-06-07 09:29 - 2012-06-07 09:29 - 00000000 ____D C:\Users\All Users\Malwarebytes 2012-06-07 09:06 - 2012-06-07 09:06 - 00000000 ____D C:\TDSSKiller_Quarantine 2012-06-07 08:37 - 2012-06-07 08:40 - 00000000 ____D C:\Users\sandra\AppData\Local\ElevatedDiagnostics 2012-06-07 08:25 - 2012-06-07 08:25 - 00000000 ____D C:\Program Files\Microsoft Security Client 2012-06-07 08:25 - 2012-06-07 08:25 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client 2012-06-05 08:34 - 2012-06-08 10:01 - 00000000 ____D C:\Users\sandra\AppData\Roaming\TOMI3 2012-06-05 08:33 - 2012-06-05 08:33 - 00000000 ____D C:\Users\sandra\AppData\Roaming\Persha Studia 2012-06-05 08:32 - 2012-06-05 08:32 - 00000000 ____D C:\Users\All Users\Dying for Daylight 2012-06-05 02:43 - 2012-06-05 02:43 - 00001039 ____A C:\Users\sandra\Desktop\TeslasTower_TheWardenclyffeMystery.exe - Verknüpfung.lnk 2012-06-03 01:46 - 2012-06-03 01:46 - 00000000 ____D C:\Windows\SysWOW64\1049 2012-06-02 06:08 - 2012-06-02 06:08 - 00354304 ____A (Parental Solutions Inc.) C:\Windows\System32\pouazns6k.dll 2012-05-25 10:33 - 2012-05-25 10:33 - 00000000 ____A C:\Users\sandra\AppData\Roaming\BrgNm.txt 2012-05-19 02:12 - 2012-05-22 12:23 - 00000000 ____D C:\Users\sandra\Desktop\tmp 2012-05-17 05:22 - 2012-05-17 05:22 - 00114904 ____A C:\Users\sandra\AppData\Local\GDIPFONTCACHEV1.DAT 2012-05-17 05:21 - 2012-06-09 04:01 - 00003454 ____A C:\Windows\setupact.log 2012-05-17 05:21 - 2012-06-09 03:54 - 00035716 ____A C:\Windows\PFRO.log 2012-05-17 05:21 - 2012-05-17 05:21 - 00461552 ____A C:\Windows\System32\FNTCACHE.DAT 2012-05-17 05:21 - 2012-05-17 05:21 - 00000000 ____A C:\Windows\setuperr.log 2012-05-15 08:41 - 2012-05-15 08:41 - 00000000 ____D C:\Windows\SysWOW64\1093 2012-05-11 17:01 - 2012-05-11 17:01 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2012-05-11 17:01 - 2012-05-11 17:01 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight ============ 3 Months Modified Files and Folders ============= 2012-06-09 16:19 - 2012-06-09 16:19 - 00000000 ____D C:\FRST 2012-06-09 06:15 - 2011-07-08 00:57 - 01486038 ____A C:\Windows\WindowsUpdate.log 2012-06-09 06:14 - 2012-06-09 06:13 - 01399435 ____A C:\Users\sandra\Downloads\FRST64.exe 2012-06-09 06:12 - 2011-07-08 10:48 - 00702508 ____A C:\Windows\System32\perfh007.dat 2012-06-09 06:12 - 2011-07-08 10:48 - 00150172 ____A C:\Windows\System32\perfc007.dat 2012-06-09 06:12 - 2009-07-13 21:13 - 01627732 ____A C:\Windows\System32\PerfStringBackup.INI 2012-06-09 06:10 - 2011-12-06 09:32 - 00000000 ____D C:\Users\sandra\AppData\Roaming\BitTorrent 2012-06-09 06:07 - 2012-06-09 05:55 - 673229715 ____A C:\Users\sandra\Downloads\Secrets of the Dark 2 Eclipse Mountain CE.rar 2012-06-09 05:42 - 2012-03-30 05:59 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2012-06-09 04:08 - 2009-07-13 20:45 - 00016976 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2012-06-09 04:08 - 2009-07-13 20:45 - 00016976 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2012-06-09 04:01 - 2012-05-17 05:21 - 00003454 ____A C:\Windows\setupact.log 2012-06-09 04:01 - 2011-12-06 05:22 - 00000000 ____D C:\Users\All Users\clear.fi 2012-06-09 04:01 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2012-06-09 04:00 - 2012-06-09 03:54 - 00269820 ____A C:\Windows\ntbtlog.txt 2012-06-09 03:56 - 2012-06-09 02:15 - 00000000 ___SD C:\32788R22FWJFW 2012-06-09 03:54 - 2012-05-17 05:21 - 00035716 ____A C:\Windows\PFRO.log 2012-06-09 02:20 - 2012-03-21 22:46 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2012-06-09 02:20 - 2009-07-13 21:08 - 00020246 ____A C:\Windows\Tasks\SCHEDLGU.TXT 2012-06-09 02:12 - 2011-12-06 05:47 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2012-06-09 02:10 - 2012-06-07 11:15 - 00000000 ____D C:\Program Files (x86)\Emsisoft Anti-Malware 2012-06-09 02:09 - 2011-12-06 09:57 - 00000000 ____D C:\Program Files (x86)\SecuniaPSI 2012-06-09 02:07 - 2012-06-09 02:07 - 04538510 ____R (Swearware) C:\Users\sandra\Desktop\ComboFix.exe 2012-06-09 01:20 - 2012-06-09 01:20 - 00133168 ____A C:\TDSSKiller.2.7.36.0_09.06.2012_11.20.02_log.txt 2012-06-09 01:18 - 2012-06-09 01:18 - 02127960 ____A (Kaspersky Lab ZAO) C:\Users\sandra\Desktop\tdsskiller.exe 2012-06-08 10:01 - 2012-06-05 08:34 - 00000000 ____D C:\Users\sandra\AppData\Roaming\TOMI3 2012-06-08 08:53 - 2012-06-08 08:53 - 00002006 ____A C:\Users\sandra\Desktop\Rite of Passage - The Perfect Show Collector's Edition.lnk 2012-06-08 08:51 - 2011-12-06 13:38 - 00000000 ____D C:\Spiele 2012-06-08 07:44 - 2012-06-07 11:15 - 00000000 ____D C:\Users\sandra\Documents\Anti-Malware 2012-06-08 07:38 - 2012-06-08 07:38 - 00034934 ____A C:\Users\sandra\Downloads\OTL.zip 2012-06-08 07:35 - 2012-06-08 07:35 - 00114350 ____A C:\Users\sandra\Downloads\Extras.Txt 2012-06-08 07:34 - 2012-06-08 07:34 - 00098090 ____A C:\Users\sandra\Downloads\OTL.Txt 2012-06-08 07:30 - 2012-06-08 07:30 - 00595456 ____A (OldTimer Tools) C:\Users\sandra\Downloads\OTL.exe 2012-06-08 07:26 - 2012-06-08 07:26 - 00000474 ____A C:\Users\sandra\Downloads\defogger_disable.log 2012-06-08 07:26 - 2012-06-08 07:26 - 00000000 ____A C:\Users\sandra\defogger_reenable 2012-06-08 07:26 - 2011-12-06 09:24 - 00000000 ____D C:\users\sandra 2012-06-08 07:25 - 2012-06-08 07:25 - 00050477 ____A C:\Users\sandra\Downloads\Defogger.exe 2012-06-07 21:28 - 2012-02-24 09:20 - 00000000 ____D C:\Users\sandra\AppData\Roaming\E0168 2012-06-07 11:21 - 2011-12-07 16:22 - 02125824 ____A C:\Users\sandra\s-1-5-21-3302248352-1844511566-3404724950-1000.rrr 2012-06-07 10:24 - 2011-05-09 00:55 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2012-06-07 10:15 - 2012-04-15 09:27 - 00000000 ____D C:\Users\All Users\Deadtime Stories 2012-06-07 10:08 - 2011-07-08 01:09 - 00000035 ____A C:\Users\Public\Documents\AtherosServiceConfig.ini 2012-06-07 09:45 - 2012-06-07 09:43 - 00000000 ____D C:\Users\sandra\AppData\Roaming\ImgBurn 2012-06-07 09:32 - 2012-06-07 09:32 - 00000000 ____D C:\Program Files (x86)\ImgBurn 2012-06-07 09:30 - 2012-06-07 09:30 - 00000000 ____D C:\Users\sandra\AppData\Roaming\Malwarebytes 2012-06-07 09:29 - 2012-06-07 09:29 - 00000000 ____D C:\Users\All Users\Malwarebytes 2012-06-07 09:06 - 2012-06-07 09:06 - 00000000 ____D C:\TDSSKiller_Quarantine 2012-06-07 08:40 - 2012-06-07 08:37 - 00000000 ____D C:\Users\sandra\AppData\Local\ElevatedDiagnostics 2012-06-07 08:25 - 2012-06-07 08:25 - 00000000 ____D C:\Program Files\Microsoft Security Client 2012-06-07 08:25 - 2012-06-07 08:25 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client 2012-06-07 08:25 - 2011-12-06 11:00 - 01650254 ____A C:\Windows\SysWOW64\PerfStringBackup.INI 2012-06-07 08:25 - 2011-12-06 11:00 - 00001912 ____A C:\Windows\epplauncher.mif 2012-06-07 08:16 - 2012-03-23 08:09 - 00000000 ____D C:\Users\sandra\AppData\Roaming\QuickScan 2012-06-07 08:14 - 2012-04-28 00:18 - 00000000 ____D C:\Program Files (x86)\MyTomTom 3 2012-06-07 08:04 - 2011-12-07 14:26 - 00000000 ____D C:\Users\All Users\SecTaskMan 2012-06-07 06:22 - 2011-12-06 09:24 - 00000000 ____D C:\Users\sandra\AppData\Local\VirtualStore 2012-06-05 08:33 - 2012-06-05 08:33 - 00000000 ____D C:\Users\sandra\AppData\Roaming\Persha Studia 2012-06-05 08:32 - 2012-06-05 08:32 - 00000000 ____D C:\Users\All Users\Dying for Daylight 2012-06-05 02:43 - 2012-06-05 02:43 - 00001039 ____A C:\Users\sandra\Desktop\TeslasTower_TheWardenclyffeMystery.exe - Verknüpfung.lnk 2012-06-03 01:46 - 2012-06-03 01:46 - 00000000 ____D C:\Windows\SysWOW64\1049 2012-06-02 06:08 - 2012-06-02 06:08 - 00354304 ____A (Parental Solutions Inc.) C:\Windows\System32\pouazns6k.dll 2012-05-31 11:38 - 2011-12-06 13:28 - 00000000 ____D C:\Users\sandra\Documents\daten 2012-05-27 11:02 - 2011-12-19 13:52 - 00000000 ____D C:\Users\sandra\AppData\Local\CrashDumps 2012-05-25 10:33 - 2012-05-25 10:33 - 00000000 ____A C:\Users\sandra\AppData\Roaming\BrgNm.txt 2012-05-22 12:52 - 2011-12-07 16:18 - 00000000 ____D C:\Users\sandra\AppData\Roaming\vlc 2012-05-22 12:23 - 2012-05-19 02:12 - 00000000 ____D C:\Users\sandra\Desktop\tmp 2012-05-22 12:22 - 2011-12-09 13:25 - 00000000 ____D C:\Users\sandra\AppData\Roaming\Audacity 2012-05-21 11:10 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF 2012-05-17 05:22 - 2012-05-17 05:22 - 00114904 ____A C:\Users\sandra\AppData\Local\GDIPFONTCACHEV1.DAT 2012-05-17 05:21 - 2012-05-17 05:21 - 00461552 ____A C:\Windows\System32\FNTCACHE.DAT 2012-05-17 05:21 - 2012-05-17 05:21 - 00000000 ____A C:\Windows\setuperr.log 2012-05-17 05:13 - 2011-12-07 16:22 - 00000000 ____D C:\Users\sandra\AppData\Roaming\Registry Mechanic 2012-05-17 05:13 - 2009-07-13 21:32 - 00000000 ____D C:\Windows\Downloaded Program Files 2012-05-17 05:06 - 2011-12-06 09:33 - 00000000 ____D C:\Program Files (x86)\BitTorrent 2012-05-15 08:41 - 2012-05-15 08:41 - 00000000 ____D C:\Windows\SysWOW64\1093 2012-05-11 17:01 - 2012-05-11 17:01 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2012-05-11 17:01 - 2012-05-11 17:01 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight 2012-05-11 06:15 - 2012-03-30 05:59 - 00419488 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2012-05-11 06:15 - 2011-12-07 14:39 - 00070304 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2012-05-10 17:13 - 2011-12-06 10:07 - 57848688 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe 2012-05-10 17:13 - 2011-12-06 09:12 - 00000000 ____D C:\Users\All Users\Microsoft Help 2012-05-10 17:00 - 2010-11-20 23:17 - 00000000 ____D C:\Program Files\Windows Journal 2012-05-10 09:55 - 2012-01-08 11:27 - 00000000 ____D C:\Users\All Users\Elephant Games 2012-05-06 11:05 - 2012-05-06 11:05 - 00466456 ____A (Creative Labs) C:\Windows\System32\wrap_oal.dll 2012-05-06 11:05 - 2012-05-06 11:05 - 00444952 ____A (Creative Labs) C:\Windows\SysWOW64\wrap_oal.dll 2012-05-06 11:05 - 2012-05-06 11:05 - 00122904 ____A (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\System32\OpenAL32.dll 2012-05-06 11:05 - 2012-05-06 11:05 - 00109080 ____A (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\SysWOW64\OpenAL32.dll 2012-05-06 11:05 - 2012-05-06 11:05 - 00000000 ____D C:\Program Files (x86)\OpenAL 2012-05-06 03:26 - 2012-05-06 03:26 - 00167936 ____A (www.ipauly.com) C:\Program Files (x86)\BOOTICE_0.9.EXE 2012-05-05 02:50 - 2011-12-06 06:26 - 00000000 ____D C:\Users\sandra\Documents\Bluetooth Folder 2012-05-05 02:41 - 2011-12-06 09:54 - 00000000 ____D C:\Program Files (x86)\Picasa3 2012-05-05 02:40 - 2011-12-06 09:55 - 00000000 ____D C:\Users\sandra\AppData\Local\Google 2012-05-04 12:13 - 2012-02-25 13:29 - 00000000 ____D C:\Program Files\CCleaner 2012-04-30 09:20 - 2012-04-30 09:20 - 00000000 ____D C:\Users\All Users\DailyMagic 2012-04-28 00:18 - 2012-04-28 00:18 - 00000000 ____D C:\Users\sandra\AppData\Local\TomTom 2012-04-28 00:18 - 2012-04-28 00:18 - 00000000 ____D C:\Program Files (x86)\TomTom International B.V 2012-04-24 22:31 - 2012-04-24 22:31 - 00000000 ____D C:\Windows\SysWOW64\1009 2012-04-22 08:21 - 2012-04-22 08:21 - 00000000 ____D C:\Users\All Users\Meridian93 2012-04-21 06:42 - 2012-02-04 04:47 - 00000000 ____D C:\Users\sandra\AppData\Roaming\Mp3tag 2012-04-21 06:38 - 2011-12-06 09:54 - 00000000 ____D C:\Program Files (x86)\Mp3tag 2012-04-18 10:12 - 2012-04-18 10:12 - 00000000 ____D C:\Windows\SysWOW64\1044 2012-04-15 10:54 - 2012-04-15 10:04 - 00000000 ____D C:\Users\sandra\AppData\Local\Deadtime Stories 2012-04-15 09:27 - 2012-02-13 07:18 - 00001892 ____A C:\Windows\wininit.ini 2012-04-06 05:55 - 2012-04-06 05:55 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_WinUsb_01007.Wdf 2012-04-04 10:12 - 2012-04-04 09:05 - 00000000 ____D C:\Users\sandra\.gimp-2.6 2012-04-04 09:36 - 2012-04-04 09:09 - 00000000 ____D C:\Users\sandra\AppData\Roaming\gtk-2.0 2012-04-04 09:21 - 2012-04-04 09:21 - 00000000 ____D C:\Users\sandra\.thumbnails 2012-04-04 09:05 - 2012-04-04 09:05 - 00000000 ____D C:\Users\sandra\Documents\gegl-0.0 2012-04-03 10:57 - 2012-04-03 10:53 - 00000000 ____D C:\Program Files (x86)\phase5 2012-03-31 03:10 - 2012-03-31 03:10 - 00000000 ____D C:\Program Files (x86)\Visual CertExam Suite 2012-03-31 03:05 - 2012-03-31 03:04 - 00000000 ____D C:\Users\All Users\Visual CertExam Suite 2012-03-30 22:05 - 2012-05-09 20:21 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe 2012-03-30 20:39 - 2012-05-09 20:21 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2012-03-30 20:39 - 2012-05-09 20:21 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2012-03-30 19:10 - 2012-05-09 20:21 - 03146240 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys 2012-03-30 05:41 - 2012-03-30 05:41 - 00000000 ____D C:\Program Files (x86)\Mighty Uninstaller 2012-03-30 03:35 - 2012-05-09 20:21 - 01918320 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys 2012-03-29 05:39 - 2012-03-29 05:39 - 00000237 ____A C:\user.js 2012-03-29 05:39 - 2012-03-29 05:39 - 00000000 ____D C:\Users\sandra\AppData\Roaming\Media Finder 2012-03-29 05:39 - 2012-03-29 05:39 - 00000000 ____D C:\Users\sandra\AppData\Local\Babylon 2012-03-29 05:39 - 2012-03-29 05:39 - 00000000 ____D C:\Users\All Users\Babylon 2012-03-23 08:24 - 2012-03-23 08:24 - 00860667 ____A C:\Users\sandra\AppData\Local\census.cache 2012-03-23 08:23 - 2012-03-23 08:23 - 00097634 ____A C:\Users\sandra\AppData\Local\ars.cache 2012-03-22 11:12 - 2012-03-22 11:12 - 04435968 ____A (Google Inc.) C:\Windows\SysWOW64\GPhotos.scr 2012-03-21 22:47 - 2012-03-21 22:47 - 00000000 ____D C:\Users\All Users\Mozilla 2012-03-20 10:44 - 2012-03-20 10:44 - 00203888 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\MpFilter.sys 2012-03-20 10:44 - 2012-03-20 10:44 - 00098688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\NisDrvWFP.sys 2012-03-18 12:06 - 2012-03-18 12:03 - 00000000 ____D C:\Users\All Users\Floodlight Games 2012-03-16 23:58 - 2012-05-09 20:21 - 00075120 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys 2012-03-16 11:48 - 2012-03-16 11:48 - 00000000 ____D C:\Windows\SysWOW64\2097 2012-03-15 13:36 - 2012-03-15 13:36 - 00000000 ____A C:\Users\sandra\AppData\Roaming\OhgVE.txt 2012-03-15 13:36 - 2012-03-15 13:36 - 00000000 ____A C:\Users\sandra\AppData\Roaming\NbarN.txt 2012-03-12 00:40 - 2012-03-11 10:20 - 00000000 ____D C:\Program Files (x86)\FinanzmanagerV8 ZeroAccess: C:\Windows\Installer\{ce099c72-c4e1-bfe6-1767-79315802bb67} C:\Windows\Installer\{ce099c72-c4e1-bfe6-1767-79315802bb67}\@ C:\Windows\Installer\{ce099c72-c4e1-bfe6-1767-79315802bb67}\L C:\Windows\Installer\{ce099c72-c4e1-bfe6-1767-79315802bb67}\U C:\Windows\Installer\{ce099c72-c4e1-bfe6-1767-79315802bb67}\L\00000004.@ C:\Windows\Installer\{ce099c72-c4e1-bfe6-1767-79315802bb67}\L\00000008.@ C:\Windows\Installer\{ce099c72-c4e1-bfe6-1767-79315802bb67}\U\00000004.@ C:\Windows\Installer\{ce099c72-c4e1-bfe6-1767-79315802bb67}\U\00000008.@ C:\Windows\Installer\{ce099c72-c4e1-bfe6-1767-79315802bb67}\U\000000cb.@ C:\Windows\Installer\{ce099c72-c4e1-bfe6-1767-79315802bb67}\U\80000000.@ C:\Windows\Installer\{ce099c72-c4e1-bfe6-1767-79315802bb67}\U\80000032.@ C:\Windows\Installer\{ce099c72-c4e1-bfe6-1767-79315802bb67}\U\80000064.@ ========================= Known DLLs (Whitelisted) ============ ========================= Bamital & volsnap Check ============ C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe [2011-12-06 09:59] - [2011-12-06 11:28] - 2871808 ____A (Microsoft Corporation) 5ABE1764163E19A6F83A5574B7184231 C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe [2009-07-13 15:19] - [2009-07-13 17:39] - 0329216 ____A (Microsoft Corporation) 50BEA589F7D7958BDD2528A8F69D05CC C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ========================= Memory info ====================== Percentage of memory in use: 17% Total physical RAM: 3946.73 MB Available physical RAM: 3245.82 MB Total Pagefile: 3944.93 MB Available Pagefile: 3230.47 MB Total Virtual: 8192 MB Available Virtual: 8191.9 MB ======================= Partitions ========================= 1 Drive c: (Notebook_SP) (Fixed) (Total:450.66 GB) (Free:365.99 GB) NTFS 2 Drive e: (PQSERVICE) (Fixed) (Total:15 GB) (Free:1.04 GB) NTFS 4 Drive g: (HDD_ext) (Fixed) (Total:232.88 GB) (Free:26.99 GB) NTFS 5 Drive h: () (Removable) (Total:0.96 GB) (Free:0.95 GB) FAT32 6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS 7 Drive y: (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)] Datentr„ger ### Status Gr”áe Frei Dyn GPT --------------- ------------- ------- ------- --- --- Datentr„ger 0 Online 465 GB 0 B Datentr„ger 1 Online 232 GB 1024 KB Datentr„ger 2 Online 981 MB 0 B Partitions of Disk 0: =============== Partition ### Typ Gr”áe Offset ------------- ---------------- ------- ------- Partition 1 Wiederherstellun 15 GB 1024 KB Partition 2 Prim„r 100 MB 15 GB Partition 3 Prim„r 450 GB 15 GB ====================================================================================================== Disk: 0 Partition 1 Typ : 27 Versteckt: Ja Aktiv : Nein Volume ### Bst Bezeichnung DS Typ Gr”áe Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 3 E PQSERVICE NTFS Partition 15 GB Fehlerfre Versteck ====================================================================================================== Disk: 0 Partition 2 Typ : 07 Versteckt: Nein Aktiv : Ja Volume ### Bst Bezeichnung DS Typ Gr”áe Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 1 Y SYSTEM RESE NTFS Partition 100 MB Fehlerfre ====================================================================================================== Disk: 0 Partition 3 Typ : 07 Versteckt: Nein Aktiv : Nein Volume ### Bst Bezeichnung DS Typ Gr”áe Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 2 C Notebook_SP NTFS Partition 450 GB Fehlerfre ====================================================================================================== Partitions of Disk 1: =============== Partition ### Typ Gr”áe Offset ------------- ---------------- ------- ------- Partition 1 Prim„r 232 GB 31 KB ====================================================================================================== Disk: 1 Partition 1 Typ : 07 Versteckt: Nein Aktiv : Ja Volume ### Bst Bezeichnung DS Typ Gr”áe Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 4 G HDD_ext NTFS Partition 232 GB Fehlerfre ====================================================================================================== Partitions of Disk 2: =============== Partition ### Typ Gr”áe Offset ------------- ---------------- ------- ------- Partition 1 Prim„r 980 MB 31 KB ====================================================================================================== Disk: 2 Partition 1 Typ : 0C Versteckt: Nein Aktiv : Nein Volume ### Bst Bezeichnung DS Typ Gr”áe Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 5 H FAT32 Wechselmed 980 MB Fehlerfre ====================================================================================================== ========================================================== Last Boot: 2012-06-07 22:40 ======================= End Of Log ========================== Geändert von poldikater (09.06.2012 um 15:29 Uhr) Grund: Nachtrag |
09.06.2012, 16:51 | #13 |
/// Selecta Jahrusso | Sirefef und weitere auf Win7 64-bit Drücke bitte die + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter C:\Windows\Installer\{ce099c72-c4e1-bfe6-1767-79315802bb67}
Starte bitte Combofix sofort nach dem Neustart erneut und poste die Logfile hier.
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
09.06.2012, 17:29 | #14 |
| Sirefef und weitere auf Win7 64-bit es hat funktioniert - combofix hat ein update gemacht und dann ging's! fixlog.txt: Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 09-06-2012 01 Ran by SYSTEM at 2012-06-09 18:04:24 Run:1 Running from H:\ ============================================== C:\Windows\Installer\{ce099c72-c4e1-bfe6-1767-79315802bb67} moved successfully. ==== End of Fixlog ==== Code:
ATTFilter ComboFix 12-06-09.01 - sandra 09.06.2012 18:10:21.1.2 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.43.1031.18.3947.2262 [GMT 2:00] ausgeführt von:: c:\users\sandra\Desktop\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6} SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\FullRemove.exe c:\windows\assembly\GAC_32\Desktop.ini c:\windows\assembly\GAC_64\Desktop.ini c:\windows\SysWow64\C_0037.NLS c:\windows\SysWow64\muzapp.exe . Infizierte Kopie von c:\windows\explorer.exe wurde gefunden und desinfiziert Kopie von - c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe wurde wiederhergestellt . . ((((((((((((((((((((((( Dateien erstellt von 2012-05-09 bis 2012-06-09 )))))))))))))))))))))))))))))) . . 2012-06-10 00:19 . 2012-06-10 00:19 -------- d-----w- C:\FRST 2012-06-09 16:16 . 2012-06-09 16:16 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-06-08 15:44 . 2012-05-08 08:02 8955792 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F430A3C9-5BD8-4ED8-A707-59289F17293B}\mpengine.dll 2012-06-07 19:15 . 2012-06-09 10:10 -------- d-----w- c:\program files (x86)\Emsisoft Anti-Malware 2012-06-07 17:43 . 2012-06-07 17:45 -------- d-----w- c:\users\sandra\AppData\Roaming\ImgBurn 2012-06-07 17:32 . 2012-06-07 17:32 -------- d-----w- c:\program files (x86)\ImgBurn 2012-06-07 17:30 . 2012-06-07 17:30 -------- d-----w- c:\users\sandra\AppData\Roaming\Malwarebytes 2012-06-07 17:29 . 2012-06-07 17:29 -------- d-----w- c:\programdata\Malwarebytes 2012-06-07 17:06 . 2012-06-07 17:06 -------- d-----w- C:\TDSSKiller_Quarantine 2012-06-07 16:37 . 2012-06-07 16:40 -------- d-----w- c:\users\sandra\AppData\Local\ElevatedDiagnostics 2012-06-07 16:27 . 2012-06-07 16:27 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BB015A82-0430-4127-AD9D-9E18BDCA62D2}\gapaengine.dll 2012-06-07 16:27 . 2012-05-08 08:02 8955792 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-06-07 16:25 . 2012-06-07 16:25 -------- d-----w- c:\program files (x86)\Microsoft Security Client 2012-06-07 16:25 . 2012-06-07 16:25 -------- d-----w- c:\program files\Microsoft Security Client 2012-06-05 16:34 . 2012-06-08 18:01 -------- d-----w- c:\users\sandra\AppData\Roaming\TOMI3 2012-06-05 16:33 . 2012-06-05 16:33 -------- d-----w- c:\users\sandra\AppData\Roaming\Persha Studia 2012-06-05 16:32 . 2012-06-05 16:32 -------- d-----w- c:\programdata\Dying for Daylight 2012-06-03 09:46 . 2012-06-03 09:46 -------- d-----w- c:\windows\SysWow64\1049 2012-06-02 14:08 . 2012-06-02 14:08 354304 ----a-w- c:\windows\system32\pouazns6k.dll 2012-05-15 16:41 . 2012-05-15 16:41 -------- d-----w- c:\windows\SysWow64\1093 2012-05-12 01:01 . 2012-05-12 01:01 -------- d-----w- c:\program files\Microsoft Silverlight 2012-05-12 01:01 . 2012-05-12 01:01 -------- d-----w- c:\program files (x86)\Microsoft Silverlight . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-05-11 14:15 . 2012-03-30 13:59 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-05-11 14:15 . 2011-12-07 22:39 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-05-06 19:05 . 2012-05-06 19:05 466456 ----a-w- c:\windows\system32\wrap_oal.dll 2012-05-06 19:05 . 2012-05-06 19:05 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll 2012-05-06 19:05 . 2012-05-06 19:05 122904 ----a-w- c:\windows\system32\OpenAL32.dll 2012-05-06 19:05 . 2012-05-06 19:05 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll 2012-05-06 11:26 . 2012-05-06 11:26 167936 ----a-w- c:\program files (x86)\BOOTICE_0.9.EXE 2012-03-31 06:05 . 2012-05-10 04:21 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-03-31 04:39 . 2012-05-10 04:21 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-03-31 04:39 . 2012-05-10 04:21 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2012-03-31 03:10 . 2012-05-10 04:21 3146240 ----a-w- c:\windows\system32\win32k.sys 2012-03-30 11:35 . 2012-05-10 04:21 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys 2012-03-22 19:12 . 2012-03-22 19:12 4435968 ----a-w- c:\windows\SysWow64\GPhotos.scr 2012-03-20 18:44 . 2012-03-20 18:44 98688 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys 2012-03-20 18:44 . 2012-03-20 18:44 203888 ----a-w- c:\windows\system32\drivers\MpFilter.sys 2012-03-17 07:58 . 2012-05-10 04:21 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys 2012-03-15 21:36 . 2012-03-15 21:41 1169224 ----a-w- c:\users\sandra\AppData\Roaming\Microsoft\6CEE\995u.exe 2012-03-15 21:36 . 2012-02-24 17:20 1169224 ----a-w- c:\users\sandra\AppData\Roaming\Microsoft\6CEE\995.exe 2011-12-04 16:41 . 2011-12-06 18:03 658944 ----a-w- c:\program files (x86)\Win7BootUpdater.exe . . ------- Sigcheck ------- Note: Unsigned files aren't necessarily malware. . [7] 2009-07-14 . 24ACB7E5BE595468E3B9AA488B9B4FCB . 328704 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe [-] 2009-07-14 . 50BEA589F7D7958BDD2528A8F69D05CC . 329216 . . [6.1.7600.16385] .. c:\windows\system32\services.exe . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "BackupManagerTray"="c:\program files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" [2011-02-15 297280] "LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2011-03-14 1081424] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712] "Spy Protector"="c:\program files (x86)\Security Task Manager\SpyProtector.exe" [2010-11-10 140616] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "IsMyWinLockerReboot"="msiexec.exe" [2010-11-21 73216] . c:\users\sandra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2012-2-26 98504] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Secunia PSI Tray.lnk - c:\program files (x86)\SecuniaPSI\psi_tray.exe [2011-10-14 291896] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 253600] R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [x] R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [x] R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [x] R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [x] R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [x] R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [x] R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [x] R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-09 113120] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x] R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696] R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [x] R3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [x] R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x] R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184] S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [x] S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2011-01-20 76448] S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2011-03-14 352336] S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2011-02-22 873064] S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe [2010-01-08 23584] S2 Live Updater Service;Live Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2011-01-31 244624] S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [2011-02-15 257344] S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\SecuniaPSI\PSIA.exe [2011-10-14 994360] S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\SecuniaPSI\sua.exe [2011-10-14 399416] S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-01-19 3027840] S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-20 2656280] S2 Update-Service;Update-Service;c:\windows\System32\svchost.exe [2009-07-14 27136] S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [x] S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x] S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x] S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x] S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x] S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x] S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [x] S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] Update-Service-Installer-Service REG_MULTI_SZ Update-Service-Installer-Service Update-Service REG_MULTI_SZ Update-Service . Inhalt des "geplante Tasks" Ordners . 2012-06-09 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 13:59] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AD4DF010-E2FD-43CE-864A-6BD1EDC59AC2}] 2011-12-07 16:28 414720 ----a-w- c:\users\sandra\AppData\Roaming\Media Finder\Extensions\IEPlugin64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-12-30 167960] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-12-30 391704] "Persistence"="c:\windows\system32\igfxpers.exe" [2010-12-30 418328] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-01-12 11775592] "RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-01-10 2186856] "AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2011-01-20 379552] "Power Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2011-02-22 1796200] "itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-08-10 1873256] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . ------- Zusätzlicher Suchlauf ------- . uStart Page = hxxp://www.google.com/ig uLocal Page = c:\windows\system32\blank.htm mStart Page = hxxp://acer.msn.com mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local uInternet Settings,ProxyServer = http=127.0.0.1:52444 uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Download with &Media Finder - c:\program files (x86)\Media Finder\hook.html LSP: mswsock.dll Trusted Zone: secunia.com TCP: DhcpNameServer = 80.237.176.196 FF - ProfilePath - c:\users\sandra\AppData\Roaming\Mozilla\Firefox\Profiles\4krip5g8.default\ FF - prefs.js: browser.search.selectedEngine - hxxp://www.google.com/search FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig FF - prefs.js: network.proxy.http - 127.0.0.1 FF - prefs.js: network.proxy.type - 0 FF - user.js: extensions.BabylonToolbar_i.id - e016886c000000000000deaf78303f35 FF - user.js: extensions.BabylonToolbar_i.hardId - e016886c000000000000deaf78303f35 FF - user.js: extensions.BabylonToolbar_i.instlDay - 15428 FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17 FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17 FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1715:39 FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar FF - user.js: extensions.BabylonToolbar_i.aflt - babsst FF - user.js: extensions.BabylonToolbar_i.smplGrp - none FF - user.js: extensions.BabylonToolbar_i.tlbrId - base FF - user.js: extensions.BabylonToolbar_i.newTab - false FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=111015 FF - user.js: extensions.BabylonToolbar_i.babExt - FF - user.js: extensions.BabylonToolbar_i.srcExt - ss FF - user.js: extensions.BabylonToolbar_i.instlRef - sst . - - - - Entfernte verwaiste Registrierungseinträge - - - - . Toolbar-Locked - (no file) Toolbar-Locked - (no file) HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe AddRemove-Witches' Legacy - The Charleston Curse CE V21.0 - c:\spiele\Witches Legacy - The Charleston Curse CE\uninstall.exe . . . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee] "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\ . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Weitere laufende Prozesse ------------------------ . c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files (x86)\Launch Manager\LMutilps32.exe c:\program files (x86)\TeamViewer\Version7\TeamViewer.exe c:\program files (x86)\TeamViewer\Version7\tv_w32.exe c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe . ************************************************************************** . Zeit der Fertigstellung: 2012-06-09 18:22:30 - PC wurde neu gestartet ComboFix-quarantined-files.txt 2012-06-09 16:22 . Vor Suchlauf: 13 Verzeichnis(se), 392.722.391.040 Bytes frei Nach Suchlauf: 20 Verzeichnis(se), 392.340.054.016 Bytes frei . - - End Of File - - 5027AA4CB2AB7CFEF8374227E60107E9 Geändert von poldikater (09.06.2012 um 17:39 Uhr) Grund: Nachtrag |
09.06.2012, 17:40 | #15 | |
/// Selecta Jahrusso | Sirefef und weitere auf Win7 64-bit Sieht schon mal ganz gut aus Bevor wir uns an die Reste machen, brauche ich noch ein paar Details Bitte lasse die Datei aus der Code-Box bei Virustotal überprüfen.
Zitat:
Warte bis unter Current status: Finished steht. Kopiere den Link aus deiner Adresszeile und poste ihn hier. Wiederhole diese Schritte bitte mit folgender Datei: c:\users\sandra\AppData\Roaming\Microsoft\6CEE\995u.exe Scan mit SystemLook Lade SystemLook von jpshortstuff von einem der folgenden Spiegel herunter und speichere das Tool auf dem Desktop. Download Mirror #1
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie Geändert von Larusso (09.06.2012 um 17:47 Uhr) |
Themen zu Sirefef und weitere auf Win7 64-bit |
0x8007042c, acer, aktivieren, alureon, benachrichtigungen, board, boot-cd, deaktiviert, emsisoft, essen, fehlercode, firewall, google, installieren, kaspersky, laptop, logfiles, meldung, ms security essentials, neu, nicht mehr, nichts, offline, removen, rootkit, schwere, schädling, sirefef, suche, tipps, win, win7, win7 64bit |