Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Sirefef und weitere auf Win7 64-bit

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 08.06.2012, 17:42   #1
poldikater
 
Sirefef und weitere auf Win7 64-bit - Standard

Sirefef und weitere auf Win7 64-bit



Liebe Community,
nach viel google und Suche in eurem board (wonach ich dann einige eurer tipps und tricks und anti-malware-Progs ausprobiert habe) muss ich euch leider doch "bemühen":
Ich hab einen acer Laptop mit Win7 64bit und allen updates.
Seit ein paar Tagen ist die Firewall offline und läßt sich nicht mehr aktivieren - Fehlercode 0x8007042c
Mein Securityprogramm ist MS Security Essentials, welche der Schädling auch deaktiviert hat. Ich mußte es neu installieren und bekomme nun ständig Benachrichtigungen über schwere Bedrohungen Sirefef, Alureon, Cybot.cfg). Removen nützt nichts, es kommt dieselbe Meldung wieder.
Mittlerweile habe ich MWB probiert, Kaspersky Security Disk (über boot-CD), Emsisoft und was weiß ich alles.
Die logfiles vom OTL hab ich euch angehängt.
- defogger bringt keine Fehlermeldung
ich habe keine Cracks oder sowas wissentlich runtergeladen, ich hoffe es findet sich nichts derartiges auf dem log.

Vielen Dank für eure Hilfe im voraus!

Alt 09.06.2012, 08:55   #2
Larusso
/// Selecta Jahrusso
 
Sirefef und weitere auf Win7 64-bit - Standard

Sirefef und weitere auf Win7 64-bit





Mein Name ist Daniel und ich werde dir mit deinem Malware Relevanten Problemen helfen.

Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
  • Lies dir meine Anleitungen erst einmal durch. Sollte irgendetwas unklar sein, Frage bevor du beginnst.
  • Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.
  • Sollte ich auf diese, sowie allen weiteren Antworten, innerhalb von 3 Tagen keine Antwort von dir erhalten, werde ich das Thema aus meinen Abonnements löschen.
  • Nur Scanns durchführen zu denen Du von einem Helfer aufgefordert wirst und Installiere / Deinstalliere keine Software ohne Aufforderung.
  • Poste die Logfiles direkt in deinen Thread und nicht als Anhang, ausser du wurdest dazu aufgefordert. Erschwert mir das Auswerten.


Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts "fixen" sondern nur einen Scan Report sehen.

Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und speichere das Logfile.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern ( Meistens C:\ )
    Als Beispiel: C:\TDSSKiller.<version_date_time>log.txt
Poste den Inhalt bitte hier in deinen Thread.
__________________

__________________

Alt 09.06.2012, 11:24   #3
poldikater
 
Sirefef und weitere auf Win7 64-bit - Standard

Sirefef und weitere auf Win7 64-bit



Servus Daniel, vielen Dank für die schnelle Antwort!
Hier kommt mein logfile, gefunden hat das tool nichts.
Code:
ATTFilter
11:20:02.0679 3436	TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
11:20:02.0944 3436	============================================================
11:20:02.0944 3436	Current date / time: 2012/06/09 11:20:02.0944
11:20:02.0944 3436	SystemInfo:
11:20:02.0944 3436	
11:20:02.0944 3436	OS Version: 6.1.7601 ServicePack: 1.0
11:20:02.0944 3436	Product type: Workstation
11:20:02.0944 3436	ComputerName: NOTEBOOK_SP
11:20:02.0944 3436	UserName: sandra
11:20:02.0944 3436	Windows directory: C:\Windows
11:20:02.0944 3436	System windows directory: C:\Windows
11:20:02.0944 3436	Running under WOW64
11:20:02.0944 3436	Processor architecture: Intel x64
11:20:02.0944 3436	Number of processors: 2
11:20:02.0944 3436	Page size: 0x1000
11:20:02.0944 3436	Boot type: Normal boot
11:20:02.0944 3436	============================================================
11:20:03.0568 3436	Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
11:20:04.0098 3436	Drive \Device\Harddisk1\DR1 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
11:20:04.0114 3436	============================================================
11:20:04.0114 3436	\Device\Harddisk0\DR0:
11:20:04.0114 3436	MBR partitions:
11:20:04.0114 3436	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1E00800, BlocksNum 0x32000
11:20:04.0114 3436	\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1E32800, BlocksNum 0x38553830
11:20:04.0114 3436	\Device\Harddisk1\DR1:
11:20:04.0114 3436	MBR partitions:
11:20:04.0114 3436	\Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D1C41BF
11:20:04.0114 3436	============================================================
11:20:04.0145 3436	C: <-> \Device\Harddisk0\DR0\Partition1
11:20:04.0176 3436	E: <-> \Device\Harddisk1\DR1\Partition0
11:20:04.0176 3436	============================================================
11:20:04.0176 3436	Initialize success
11:20:04.0176 3436	============================================================
11:20:06.0641 4344	============================================================
11:20:06.0641 4344	Scan started
11:20:06.0641 4344	Mode: Manual; 
11:20:06.0641 4344	============================================================
11:20:07.0031 4344	1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
11:20:07.0047 4344	1394ohci - ok
11:20:07.0093 4344	ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
11:20:07.0109 4344	ACPI - ok
11:20:07.0125 4344	AcpiPmi         (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
11:20:07.0125 4344	AcpiPmi - ok
11:20:07.0281 4344	AdobeFlashPlayerUpdateSvc (0d4c486a24a711a45fd83acdf4d18506) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
11:20:07.0296 4344	AdobeFlashPlayerUpdateSvc - ok
11:20:07.0359 4344	adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
11:20:07.0374 4344	adp94xx - ok
11:20:07.0437 4344	adpahci         (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
11:20:07.0452 4344	adpahci - ok
11:20:07.0483 4344	adpu320         (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
11:20:07.0483 4344	adpu320 - ok
11:20:07.0530 4344	AeLookupSvc     (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
11:20:07.0546 4344	AeLookupSvc - ok
11:20:07.0608 4344	AFD             (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
11:20:07.0624 4344	AFD - ok
11:20:07.0671 4344	agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
11:20:07.0686 4344	agp440 - ok
11:20:07.0733 4344	ALG             (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
11:20:07.0733 4344	ALG - ok
11:20:07.0764 4344	aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
11:20:07.0764 4344	aliide - ok
11:20:07.0780 4344	amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
11:20:07.0780 4344	amdide - ok
11:20:07.0795 4344	AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
11:20:07.0795 4344	AmdK8 - ok
11:20:07.0811 4344	AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
11:20:07.0811 4344	AmdPPM - ok
11:20:07.0842 4344	amdsata         (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
11:20:07.0858 4344	amdsata - ok
11:20:07.0889 4344	amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
11:20:07.0905 4344	amdsbs - ok
11:20:07.0920 4344	amdxata         (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
11:20:07.0920 4344	amdxata - ok
11:20:07.0951 4344	AppID           (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
11:20:07.0951 4344	AppID - ok
11:20:07.0983 4344	AppIDSvc        (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
11:20:07.0983 4344	AppIDSvc - ok
11:20:07.0998 4344	Appinfo         (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
11:20:07.0998 4344	Appinfo - ok
11:20:08.0123 4344	Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
11:20:08.0139 4344	Apple Mobile Device - ok
11:20:08.0170 4344	arc             (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
11:20:08.0170 4344	arc - ok
11:20:08.0201 4344	arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
11:20:08.0217 4344	arcsas - ok
11:20:08.0341 4344	aspnet_state    (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
11:20:08.0341 4344	aspnet_state - ok
11:20:08.0373 4344	AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
11:20:08.0373 4344	AsyncMac - ok
11:20:08.0419 4344	atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
11:20:08.0419 4344	atapi - ok
11:20:08.0451 4344	AthBTPort       (cbe61b4494165f458bd87e37181ee934) C:\Windows\system32\DRIVERS\btath_flt.sys
11:20:08.0451 4344	AthBTPort - ok
11:20:08.0513 4344	AtherosSvc      (fbbe79d7445aa4494e069a0b91f9417b) C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
11:20:08.0513 4344	AtherosSvc - ok
11:20:08.0653 4344	athr            (c8679a07267f030704168e45e27c3d43) C:\Windows\system32\DRIVERS\athrx.sys
11:20:08.0747 4344	athr - ok
11:20:08.0887 4344	AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
11:20:08.0950 4344	AudioEndpointBuilder - ok
11:20:08.0965 4344	AudioSrv        (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
11:20:08.0965 4344	AudioSrv - ok
11:20:09.0012 4344	AxInstSV        (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
11:20:09.0012 4344	AxInstSV - ok
11:20:09.0106 4344	b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
11:20:09.0121 4344	b06bdrv - ok
11:20:09.0184 4344	b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
11:20:09.0199 4344	b57nd60a - ok
11:20:09.0231 4344	BDESVC          (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
11:20:09.0246 4344	BDESVC - ok
11:20:09.0262 4344	Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
11:20:09.0262 4344	Beep - ok
11:20:09.0340 4344	BFE             (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
11:20:09.0387 4344	BFE - ok
11:20:09.0449 4344	BITS            (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
11:20:09.0511 4344	BITS - ok
11:20:09.0589 4344	blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys
11:20:09.0605 4344	blbdrive - ok
11:20:09.0714 4344	Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
11:20:09.0730 4344	Bonjour Service - ok
11:20:09.0777 4344	bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
11:20:09.0777 4344	bowser - ok
11:20:09.0823 4344	BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
11:20:09.0823 4344	BrFiltLo - ok
11:20:09.0823 4344	BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
11:20:09.0823 4344	BrFiltUp - ok
11:20:09.0870 4344	Browser         (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
11:20:09.0870 4344	Browser - ok
11:20:09.0901 4344	Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
11:20:09.0933 4344	Brserid - ok
11:20:09.0933 4344	BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
11:20:09.0933 4344	BrSerWdm - ok
11:20:09.0948 4344	BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
11:20:09.0948 4344	BrUsbMdm - ok
11:20:09.0948 4344	BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
11:20:09.0948 4344	BrUsbSer - ok
11:20:10.0011 4344	BTATH_A2DP      (227c8f308de4af4808e587465ceab838) C:\Windows\system32\drivers\btath_a2dp.sys
11:20:10.0026 4344	BTATH_A2DP - ok
11:20:10.0073 4344	BTATH_BUS       (a83a91d07d1fe6bbe7a9db46ca00434b) C:\Windows\system32\DRIVERS\btath_bus.sys
11:20:10.0089 4344	BTATH_BUS - ok
11:20:10.0120 4344	BTATH_HCRP      (c864ff85ee16d61c2bdd5ef76824625f) C:\Windows\system32\DRIVERS\btath_hcrp.sys
11:20:10.0135 4344	BTATH_HCRP - ok
11:20:10.0167 4344	BTATH_LWFLT     (0dea505efb5d771826d177ef8b8a208f) C:\Windows\system32\DRIVERS\btath_lwflt.sys
11:20:10.0167 4344	BTATH_LWFLT - ok
11:20:10.0182 4344	BTATH_RCP       (724c8088c96efe7a3e63fec21d4681c0) C:\Windows\system32\DRIVERS\btath_rcp.sys
11:20:10.0198 4344	BTATH_RCP - ok
11:20:10.0245 4344	BtFilter        (ff8b065f96e4d9525aa7227299fbd05c) C:\Windows\system32\DRIVERS\btfilter.sys
11:20:10.0260 4344	BtFilter - ok
11:20:10.0307 4344	BthEnum         (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\DRIVERS\BthEnum.sys
11:20:10.0307 4344	BthEnum - ok
11:20:10.0338 4344	BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
11:20:10.0354 4344	BTHMODEM - ok
11:20:10.0385 4344	BthPan          (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
11:20:10.0385 4344	BthPan - ok
11:20:10.0447 4344	BTHPORT         (64c198198501f7560ee41d8d1efa7952) C:\Windows\system32\Drivers\BTHport.sys
11:20:10.0463 4344	BTHPORT - ok
11:20:10.0525 4344	bthserv         (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
11:20:10.0525 4344	bthserv - ok
11:20:10.0557 4344	BTHUSB          (f188b7394d81010767b6df3178519a37) C:\Windows\system32\Drivers\BTHUSB.sys
11:20:10.0557 4344	BTHUSB - ok
11:20:10.0603 4344	cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
11:20:10.0603 4344	cdfs - ok
11:20:10.0635 4344	cdrom           (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
11:20:10.0650 4344	cdrom - ok
11:20:10.0697 4344	CertPropSvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
11:20:10.0697 4344	CertPropSvc - ok
11:20:10.0728 4344	circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
11:20:10.0728 4344	circlass - ok
11:20:10.0775 4344	CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
11:20:10.0791 4344	CLFS - ok
11:20:10.0869 4344	clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:20:10.0869 4344	clr_optimization_v2.0.50727_32 - ok
11:20:10.0915 4344	clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
11:20:10.0931 4344	clr_optimization_v2.0.50727_64 - ok
11:20:11.0056 4344	clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:20:11.0056 4344	clr_optimization_v4.0.30319_32 - ok
11:20:11.0103 4344	clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
11:20:11.0118 4344	clr_optimization_v4.0.30319_64 - ok
11:20:11.0149 4344	CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
11:20:11.0149 4344	CmBatt - ok
11:20:11.0165 4344	cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
11:20:11.0165 4344	cmdide - ok
11:20:11.0243 4344	CNG             (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
11:20:11.0259 4344	CNG - ok
11:20:11.0290 4344	Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
11:20:11.0290 4344	Compbatt - ok
11:20:11.0337 4344	CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
11:20:11.0337 4344	CompositeBus - ok
11:20:11.0352 4344	COMSysApp - ok
11:20:11.0368 4344	crcdisk         (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
11:20:11.0368 4344	crcdisk - ok
11:20:11.0430 4344	CryptSvc        (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
11:20:11.0446 4344	CryptSvc - ok
11:20:11.0493 4344	dc3d            (1ca90212a99db6975c344826d11055c9) C:\Windows\system32\DRIVERS\dc3d.sys
11:20:11.0493 4344	dc3d - ok
11:20:11.0555 4344	DcomLaunch      (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
11:20:11.0586 4344	DcomLaunch - ok
11:20:11.0649 4344	defragsvc       (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
11:20:11.0664 4344	defragsvc - ok
11:20:11.0695 4344	DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
11:20:11.0695 4344	DfsC - ok
11:20:11.0742 4344	dg_ssudbus      (113212d25d0c9bb8901a9833774da97f) C:\Windows\system32\DRIVERS\ssudbus.sys
11:20:11.0742 4344	dg_ssudbus - ok
11:20:11.0820 4344	Dhcp            (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
11:20:11.0851 4344	Dhcp - ok
11:20:11.0883 4344	discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
11:20:11.0883 4344	discache - ok
11:20:11.0914 4344	Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
11:20:11.0914 4344	Disk - ok
11:20:11.0992 4344	Dnscache        (143d5e4f6b1c58774efca1bc7cebff2e) C:\Windows\System32\pouazns6k.dll
11:20:12.0023 4344	Dnscache - ok
11:20:12.0085 4344	dot3svc         (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
11:20:12.0101 4344	dot3svc - ok
11:20:12.0132 4344	DPS             (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
11:20:12.0132 4344	DPS - ok
11:20:12.0163 4344	drmkaud         (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
11:20:12.0179 4344	drmkaud - ok
11:20:12.0273 4344	DsiWMIService   (4ab2a58816cc6be771f1d8c768b804c5) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
11:20:12.0304 4344	DsiWMIService - ok
11:20:12.0382 4344	DXGKrnl         (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
11:20:12.0429 4344	DXGKrnl - ok
11:20:12.0475 4344	EapHost         (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
11:20:12.0475 4344	EapHost - ok
11:20:12.0631 4344	ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
11:20:12.0741 4344	ebdrv - ok
11:20:12.0850 4344	EFS             (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
11:20:12.0865 4344	EFS - ok
11:20:12.0928 4344	ehRecvr         (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
11:20:12.0959 4344	ehRecvr - ok
11:20:12.0975 4344	ehSched         (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
11:20:12.0975 4344	ehSched - ok
11:20:13.0053 4344	elxstor         (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
11:20:13.0084 4344	elxstor - ok
11:20:13.0177 4344	ePowerSvc       (eb1c213a8550f066b2ccc29c9f41e2ae) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
11:20:13.0224 4344	ePowerSvc - ok
11:20:13.0333 4344	ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
11:20:13.0349 4344	ErrDev - ok
11:20:13.0396 4344	EventSystem     (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
11:20:13.0427 4344	EventSystem - ok
11:20:13.0458 4344	exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
11:20:13.0474 4344	exfat - ok
11:20:13.0521 4344	fastfat         (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
11:20:13.0536 4344	fastfat - ok
11:20:13.0599 4344	Fax             (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
11:20:13.0645 4344	Fax - ok
11:20:13.0661 4344	fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
11:20:13.0661 4344	fdc - ok
11:20:13.0677 4344	fdPHost         (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
11:20:13.0692 4344	fdPHost - ok
11:20:13.0708 4344	FDResPub        (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
11:20:13.0708 4344	FDResPub - ok
11:20:13.0755 4344	FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
11:20:13.0755 4344	FileInfo - ok
11:20:13.0770 4344	Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
11:20:13.0770 4344	Filetrace - ok
11:20:13.0895 4344	FLEXnet Licensing Service (bb0667b0171b632b97ea759515476f07) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
11:20:13.0911 4344	FLEXnet Licensing Service - ok
11:20:13.0957 4344	flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
11:20:13.0957 4344	flpydisk - ok
11:20:13.0989 4344	FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
11:20:13.0989 4344	FltMgr - ok
11:20:14.0051 4344	FontCache       (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
11:20:14.0098 4344	FontCache - ok
11:20:14.0160 4344	FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
11:20:14.0160 4344	FontCache3.0.0.0 - ok
11:20:14.0207 4344	FsDepends       (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
11:20:14.0207 4344	FsDepends - ok
11:20:14.0254 4344	Fs_Rec          (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
11:20:14.0254 4344	Fs_Rec - ok
11:20:14.0301 4344	fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
11:20:14.0301 4344	fvevol - ok
11:20:14.0347 4344	gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
11:20:14.0347 4344	gagp30kx - ok
11:20:14.0394 4344	GEARAspiWDM     (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
11:20:14.0394 4344	GEARAspiWDM - ok
11:20:14.0457 4344	gpsvc           (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
11:20:14.0503 4344	gpsvc - ok
11:20:14.0581 4344	GREGService     (0191dee9b9eb7902af2cf4f67301095d) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
11:20:14.0581 4344	GREGService - ok
11:20:14.0628 4344	gusvc           (c1b577b2169900f4cf7190c39f085794) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
11:20:14.0628 4344	gusvc - ok
11:20:14.0675 4344	hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
11:20:14.0675 4344	hcw85cir - ok
11:20:14.0722 4344	HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
11:20:14.0753 4344	HdAudAddService - ok
11:20:14.0784 4344	HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
11:20:14.0800 4344	HDAudBus - ok
11:20:14.0800 4344	HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
11:20:14.0800 4344	HidBatt - ok
11:20:14.0815 4344	HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
11:20:14.0815 4344	HidBth - ok
11:20:14.0847 4344	HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
11:20:14.0847 4344	HidIr - ok
11:20:14.0878 4344	hidserv         (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
11:20:14.0893 4344	hidserv - ok
11:20:14.0909 4344	HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
11:20:14.0909 4344	HidUsb - ok
11:20:14.0925 4344	hkmsvc          (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
11:20:14.0925 4344	hkmsvc - ok
11:20:14.0956 4344	HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
11:20:14.0956 4344	HomeGroupListener - ok
11:20:14.0987 4344	HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
11:20:15.0003 4344	HomeGroupProvider - ok
11:20:15.0034 4344	HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
11:20:15.0034 4344	HpSAMD - ok
11:20:15.0081 4344	HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
11:20:15.0112 4344	HTTP - ok
11:20:15.0127 4344	hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
11:20:15.0127 4344	hwpolicy - ok
11:20:15.0143 4344	i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
11:20:15.0159 4344	i8042prt - ok
11:20:15.0205 4344	iaStor          (d7921d5a870b11cc1adab198a519d50a) C:\Windows\system32\drivers\iaStor.sys
11:20:15.0221 4344	iaStor - ok
11:20:15.0283 4344	iaStorV         (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
11:20:15.0315 4344	iaStorV - ok
11:20:15.0424 4344	idsvc           (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
11:20:15.0455 4344	idsvc - ok
11:20:15.0954 4344	igfx            (553228e67639f52c9bd86362c0c64f85) C:\Windows\system32\DRIVERS\igdkmd64.sys
11:20:16.0235 4344	igfx - ok
11:20:16.0344 4344	iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
11:20:16.0344 4344	iirsp - ok
11:20:16.0407 4344	IKEEXT          (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
11:20:16.0485 4344	IKEEXT - ok
11:20:16.0641 4344	IntcAzAudAddService (16c324e22208e6e8336c3f2da14cfe2d) C:\Windows\system32\drivers\RTKVHD64.sys
11:20:16.0734 4344	IntcAzAudAddService - ok
11:20:16.0875 4344	IntcDAud        (fc727061c0f47c8059e88e05d5c8e381) C:\Windows\system32\DRIVERS\IntcDAud.sys
11:20:16.0890 4344	IntcDAud - ok
11:20:16.0906 4344	intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
11:20:16.0921 4344	intelide - ok
11:20:16.0953 4344	intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
11:20:16.0953 4344	intelppm - ok
11:20:16.0984 4344	IPBusEnum       (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
11:20:16.0984 4344	IPBusEnum - ok
11:20:16.0999 4344	IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:20:17.0031 4344	IpFilterDriver - ok
11:20:17.0031 4344	IPMIDRV         (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
11:20:17.0046 4344	IPMIDRV - ok
11:20:17.0077 4344	IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
11:20:17.0077 4344	IPNAT - ok
11:20:17.0218 4344	iPod Service    (ee4c2a137c7088911a8919effc9812e7) C:\Program Files\iPod\bin\iPodService.exe
11:20:17.0265 4344	iPod Service - ok
11:20:17.0296 4344	IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
11:20:17.0296 4344	IRENUM - ok
11:20:17.0327 4344	isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
11:20:17.0327 4344	isapnp - ok
11:20:17.0343 4344	iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
11:20:17.0374 4344	iScsiPrt - ok
11:20:17.0405 4344	kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
11:20:17.0405 4344	kbdclass - ok
11:20:17.0421 4344	kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
11:20:17.0421 4344	kbdhid - ok
11:20:17.0483 4344	KeyIso          (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
11:20:17.0483 4344	KeyIso - ok
11:20:17.0514 4344	KSecDD          (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
11:20:17.0514 4344	KSecDD - ok
11:20:17.0530 4344	KSecPkg         (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
11:20:17.0545 4344	KSecPkg - ok
11:20:17.0577 4344	ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
11:20:17.0577 4344	ksthunk - ok
11:20:17.0639 4344	KtmRm           (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
11:20:17.0655 4344	KtmRm - ok
11:20:17.0686 4344	L1C             (6dd5383c9413aae3113faf89e345663d) C:\Windows\system32\DRIVERS\L1C62x64.sys
11:20:17.0701 4344	L1C - ok
11:20:17.0748 4344	LanmanServer    (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
11:20:17.0764 4344	LanmanServer - ok
11:20:17.0795 4344	LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
11:20:17.0811 4344	LanmanWorkstation - ok
11:20:17.0873 4344	Live Updater Service (6bcee9c766815bfff89de7d81af34ce1) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
11:20:17.0889 4344	Live Updater Service - ok
11:20:17.0935 4344	lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
11:20:17.0935 4344	lltdio - ok
11:20:17.0998 4344	lltdsvc         (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
11:20:18.0013 4344	lltdsvc - ok
11:20:18.0029 4344	lmhosts         (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
11:20:18.0045 4344	lmhosts - ok
11:20:18.0138 4344	LMS             (2ed1786b7542cda261029f6b526edf44) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
11:20:18.0154 4344	LMS - ok
11:20:18.0185 4344	LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
11:20:18.0201 4344	LSI_FC - ok
11:20:18.0232 4344	LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
11:20:18.0232 4344	LSI_SAS - ok
11:20:18.0247 4344	LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
11:20:18.0247 4344	LSI_SAS2 - ok
11:20:18.0294 4344	LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
11:20:18.0310 4344	LSI_SCSI - ok
11:20:18.0341 4344	luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
11:20:18.0341 4344	luafv - ok
11:20:18.0403 4344	MBAMProtector   (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
11:20:18.0403 4344	MBAMProtector - ok
11:20:18.0481 4344	MBAMService     (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
11:20:18.0528 4344	MBAMService - ok
11:20:18.0575 4344	Mcx2Svc         (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
11:20:18.0575 4344	Mcx2Svc - ok
11:20:18.0622 4344	megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
11:20:18.0622 4344	megasas - ok
11:20:18.0669 4344	MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
11:20:18.0684 4344	MegaSR - ok
11:20:18.0731 4344	MEIx64          (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
11:20:18.0731 4344	MEIx64 - ok
11:20:18.0762 4344	MMCSS           (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
11:20:18.0762 4344	MMCSS - ok
11:20:18.0793 4344	Modem           (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
11:20:18.0793 4344	Modem - ok
11:20:18.0825 4344	monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
11:20:18.0825 4344	monitor - ok
11:20:18.0856 4344	mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
11:20:18.0856 4344	mouclass - ok
11:20:18.0871 4344	mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
11:20:18.0871 4344	mouhid - ok
11:20:18.0918 4344	mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
11:20:18.0918 4344	mountmgr - ok
11:20:19.0027 4344	MozillaMaintenance (d9378fedbdb9895444ca07c761136106) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
11:20:19.0027 4344	MozillaMaintenance - ok
11:20:19.0105 4344	MpFilter        (94c66ededcdb6a126880472f9a704d8e) C:\Windows\system32\DRIVERS\MpFilter.sys
11:20:19.0105 4344	MpFilter - ok
11:20:19.0152 4344	mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
11:20:19.0168 4344	mpio - ok
11:20:19.0183 4344	mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
11:20:19.0183 4344	mpsdrv - ok
11:20:19.0293 4344	MpsSvc          (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
11:20:19.0355 4344	MpsSvc - ok
11:20:19.0371 4344	MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
11:20:19.0386 4344	MRxDAV - ok
11:20:19.0417 4344	mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
11:20:19.0417 4344	mrxsmb - ok
11:20:19.0449 4344	mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:20:19.0464 4344	mrxsmb10 - ok
11:20:19.0495 4344	mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:20:19.0495 4344	mrxsmb20 - ok
11:20:19.0527 4344	msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
11:20:19.0527 4344	msahci - ok
11:20:19.0542 4344	msdsm           (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
11:20:19.0558 4344	msdsm - ok
11:20:19.0589 4344	MSDTC           (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
11:20:19.0605 4344	MSDTC - ok
11:20:19.0620 4344	Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
11:20:19.0620 4344	Msfs - ok
11:20:19.0636 4344	mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
11:20:19.0651 4344	mshidkmdf - ok
11:20:19.0651 4344	msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
11:20:19.0651 4344	msisadrv - ok
11:20:19.0683 4344	MSiSCSI         (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
11:20:19.0683 4344	MSiSCSI - ok
11:20:19.0683 4344	msiserver - ok
11:20:19.0729 4344	MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
11:20:19.0729 4344	MSKSSRV - ok
11:20:19.0839 4344	MsMpSvc         (59faaf2c83c8169ea20f9e335e418907) c:\Program Files\Microsoft Security Client\MsMpEng.exe
11:20:19.0839 4344	MsMpSvc - ok
11:20:19.0839 4344	MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
11:20:19.0854 4344	MSPCLOCK - ok
11:20:19.0854 4344	MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
11:20:19.0854 4344	MSPQM - ok
11:20:19.0901 4344	MsRPC           (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
11:20:19.0932 4344	MsRPC - ok
11:20:19.0948 4344	mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
11:20:19.0948 4344	mssmbios - ok
11:20:19.0963 4344	MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
11:20:19.0963 4344	MSTEE - ok
11:20:19.0979 4344	MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
11:20:19.0979 4344	MTConfig - ok
11:20:19.0995 4344	Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
11:20:19.0995 4344	Mup - ok
11:20:20.0057 4344	napagent        (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
11:20:20.0073 4344	napagent - ok
11:20:20.0135 4344	NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
11:20:20.0151 4344	NativeWifiP - ok
11:20:20.0229 4344	NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
11:20:20.0291 4344	NDIS - ok
11:20:20.0322 4344	NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
11:20:20.0322 4344	NdisCap - ok
11:20:20.0353 4344	NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
11:20:20.0353 4344	NdisTapi - ok
11:20:20.0369 4344	Ndisuio         (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
11:20:20.0369 4344	Ndisuio - ok
11:20:20.0400 4344	NdisWan         (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
11:20:20.0400 4344	NdisWan - ok
11:20:20.0416 4344	NDProxy         (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
11:20:20.0416 4344	NDProxy - ok
11:20:20.0447 4344	NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
11:20:20.0447 4344	NetBIOS - ok
11:20:20.0478 4344	NetBT           (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
11:20:20.0494 4344	NetBT - ok
11:20:20.0556 4344	Netlogon        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
11:20:20.0556 4344	Netlogon - ok
11:20:20.0603 4344	Netman          (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
11:20:20.0634 4344	Netman - ok
11:20:20.0759 4344	NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
11:20:20.0775 4344	NetMsmqActivator - ok
11:20:20.0790 4344	NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
11:20:20.0790 4344	NetPipeActivator - ok
11:20:20.0853 4344	netprofm        (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
11:20:20.0884 4344	netprofm - ok
11:20:20.0899 4344	NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
11:20:20.0899 4344	NetTcpActivator - ok
11:20:20.0899 4344	NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
11:20:20.0899 4344	NetTcpPortSharing - ok
11:20:20.0962 4344	nfrd960         (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
11:20:20.0962 4344	nfrd960 - ok
11:20:21.0009 4344	NisDrv          (91b4e0273d2f6c24ef845f2b41311289) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
11:20:21.0024 4344	NisDrv - ok
11:20:21.0149 4344	NisSrv          (10a43829a9e606af3eef25a1c1665923) c:\Program Files\Microsoft Security Client\NisSrv.exe
11:20:21.0180 4344	NisSrv - ok
11:20:21.0243 4344	NlaSvc          (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
11:20:21.0274 4344	NlaSvc - ok
11:20:21.0274 4344	Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
11:20:21.0274 4344	Npfs - ok
11:20:21.0305 4344	nsi             (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
11:20:21.0305 4344	nsi - ok
11:20:21.0321 4344	nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
11:20:21.0321 4344	nsiproxy - ok
11:20:21.0445 4344	Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
11:20:21.0492 4344	Ntfs - ok
11:20:21.0617 4344	NTI IScheduleSvc (773eed20bbf50809437373c0285bfa5e) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
11:20:21.0617 4344	NTI IScheduleSvc - ok
11:20:21.0742 4344	NTIDrvr         (ee3ba1024594d5d09e314f206b94069e) C:\Windows\system32\drivers\NTIDrvr.sys
11:20:21.0757 4344	NTIDrvr - ok
11:20:21.0773 4344	Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
11:20:21.0773 4344	Null - ok
11:20:21.0820 4344	nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
11:20:21.0820 4344	nvraid - ok
11:20:21.0835 4344	nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
11:20:21.0851 4344	nvstor - ok
11:20:21.0867 4344	nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
11:20:21.0867 4344	nv_agp - ok
11:20:21.0991 4344	odserv          (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
11:20:22.0007 4344	odserv - ok
11:20:22.0038 4344	ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
11:20:22.0038 4344	ohci1394 - ok
11:20:22.0085 4344	ose             (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
11:20:22.0101 4344	ose - ok
11:20:22.0147 4344	p2pimsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
11:20:22.0163 4344	p2pimsvc - ok
11:20:22.0225 4344	p2psvc          (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
11:20:22.0241 4344	p2psvc - ok
11:20:22.0288 4344	Parport         (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
11:20:22.0288 4344	Parport - ok
11:20:22.0335 4344	partmgr         (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
11:20:22.0350 4344	partmgr - ok
11:20:22.0366 4344	PcaSvc          (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
11:20:22.0381 4344	PcaSvc - ok
11:20:22.0413 4344	pci             (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
11:20:22.0428 4344	pci - ok
11:20:22.0459 4344	pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
11:20:22.0459 4344	pciide - ok
11:20:22.0491 4344	pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
11:20:22.0506 4344	pcmcia - ok
11:20:22.0537 4344	pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
11:20:22.0537 4344	pcw - ok
11:20:22.0584 4344	PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
11:20:22.0631 4344	PEAUTH - ok
11:20:22.0709 4344	PerfHost        (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
11:20:22.0709 4344	PerfHost - ok
11:20:22.0771 4344	pjdcoemi        (37de5c89d49d8842c29504a7377c8bdc) C:\Windows\system32\drivers\pjdcoemi.sys
11:20:22.0803 4344	pjdcoemi - ok
11:20:22.0881 4344	pla             (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
11:20:22.0943 4344	pla - ok
11:20:22.0990 4344	PlugPlay        (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
11:20:23.0005 4344	PlugPlay - ok
11:20:23.0021 4344	PNRPAutoReg     (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
11:20:23.0021 4344	PNRPAutoReg - ok
11:20:23.0068 4344	PNRPsvc         (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
11:20:23.0068 4344	PNRPsvc - ok
11:20:23.0161 4344	Point64         (4f0878fd62d5f7444c5f1c4c66d9d293) C:\Windows\system32\DRIVERS\point64.sys
11:20:23.0161 4344	Point64 - ok
11:20:23.0224 4344	PolicyAgent     (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
11:20:23.0255 4344	PolicyAgent - ok
11:20:23.0302 4344	Power           (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
11:20:23.0317 4344	Power - ok
11:20:23.0349 4344	PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
11:20:23.0349 4344	PptpMiniport - ok
11:20:23.0364 4344	Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
11:20:23.0380 4344	Processor - ok
11:20:23.0427 4344	ProfSvc         (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
11:20:23.0442 4344	ProfSvc - ok
11:20:23.0489 4344	ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
11:20:23.0489 4344	ProtectedStorage - ok
11:20:23.0536 4344	Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
11:20:23.0536 4344	Psched - ok
11:20:23.0567 4344	PSI             (fb46e9a827a8799ebd7bfa9128c91f37) C:\Windows\system32\DRIVERS\psi_mf.sys
11:20:23.0567 4344	PSI - ok
11:20:23.0661 4344	ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
11:20:23.0707 4344	ql2300 - ok
11:20:23.0817 4344	ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
11:20:23.0817 4344	ql40xx - ok
11:20:23.0863 4344	QWAVE           (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
11:20:23.0895 4344	QWAVE - ok
11:20:23.0910 4344	QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
11:20:23.0910 4344	QWAVEdrv - ok
11:20:23.0926 4344	RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
11:20:23.0926 4344	RasAcd - ok
11:20:23.0973 4344	RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
11:20:23.0973 4344	RasAgileVpn - ok
11:20:24.0004 4344	RasAuto         (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
11:20:24.0004 4344	RasAuto - ok
11:20:24.0035 4344	Rasl2tp         (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
11:20:24.0035 4344	Rasl2tp - ok
11:20:24.0066 4344	RasMan          (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
11:20:24.0097 4344	RasMan - ok
11:20:24.0113 4344	RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
11:20:24.0113 4344	RasPppoe - ok
11:20:24.0144 4344	RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
11:20:24.0144 4344	RasSstp - ok
11:20:24.0175 4344	rdbss           (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
11:20:24.0191 4344	rdbss - ok
11:20:24.0207 4344	rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
11:20:24.0207 4344	rdpbus - ok
11:20:24.0238 4344	RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
11:20:24.0238 4344	RDPCDD - ok
11:20:24.0269 4344	RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
11:20:24.0269 4344	RDPENCDD - ok
11:20:24.0285 4344	RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
11:20:24.0285 4344	RDPREFMP - ok
11:20:24.0331 4344	RDPWD           (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
11:20:24.0347 4344	RDPWD - ok
11:20:24.0378 4344	rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
11:20:24.0394 4344	rdyboost - ok
11:20:24.0441 4344	RemoteAccess    (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
11:20:24.0456 4344	RemoteAccess - ok
11:20:24.0472 4344	RemoteRegistry  (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
11:20:24.0503 4344	RemoteRegistry - ok
11:20:24.0534 4344	RFCOMM          (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
11:20:24.0550 4344	RFCOMM - ok
11:20:24.0565 4344	RpcEptMapper    (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
11:20:24.0565 4344	RpcEptMapper - ok
11:20:24.0597 4344	RpcLocator      (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
11:20:24.0612 4344	RpcLocator - ok
11:20:24.0643 4344	RpcSs           (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
11:20:24.0659 4344	RpcSs - ok
11:20:24.0753 4344	RSPCIESTOR      (85b325723f67ef80927326fd7eb1cc10) C:\Windows\system32\DRIVERS\RtsPStor.sys
11:20:24.0768 4344	RSPCIESTOR - ok
11:20:24.0815 4344	rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
11:20:24.0815 4344	rspndr - ok
11:20:24.0862 4344	SamSs           (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
11:20:24.0862 4344	SamSs - ok
11:20:24.0893 4344	sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
11:20:24.0893 4344	sbp2port - ok
11:20:24.0940 4344	SCardSvr        (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
11:20:24.0955 4344	SCardSvr - ok
11:20:24.0971 4344	scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
11:20:24.0971 4344	scfilter - ok
11:20:25.0049 4344	Schedule        (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
11:20:25.0111 4344	Schedule - ok
11:20:25.0143 4344	SCPolicySvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
11:20:25.0143 4344	SCPolicySvc - ok
11:20:25.0158 4344	SDRSVC          (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
11:20:25.0189 4344	SDRSVC - ok
11:20:25.0252 4344	secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
11:20:25.0252 4344	secdrv - ok
11:20:25.0283 4344	seclogon        (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
11:20:25.0299 4344	seclogon - ok
11:20:25.0423 4344	Secunia PSI Agent (5b66db4877bbac9f7493aa8d84421e49) C:\Program Files (x86)\SecuniaPSI\PSIA.exe
11:20:25.0470 4344	Secunia PSI Agent - ok
11:20:25.0533 4344	Secunia Update Agent (0e88fdf474f2cdd370a4a6ce77d018f0) C:\Program Files (x86)\SecuniaPSI\sua.exe
11:20:25.0548 4344	Secunia Update Agent - ok
11:20:25.0657 4344	SENS            (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
11:20:25.0657 4344	SENS - ok
11:20:25.0689 4344	SensrSvc        (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
11:20:25.0689 4344	SensrSvc - ok
11:20:25.0735 4344	Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
11:20:25.0735 4344	Serenum - ok
11:20:25.0767 4344	Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
11:20:25.0767 4344	Serial - ok
11:20:25.0782 4344	sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
11:20:25.0782 4344	sermouse - ok
11:20:25.0845 4344	SessionEnv      (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
11:20:25.0860 4344	SessionEnv - ok
11:20:25.0876 4344	sffdisk         (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
11:20:25.0891 4344	sffdisk - ok
11:20:25.0907 4344	sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
11:20:25.0907 4344	sffp_mmc - ok
11:20:25.0907 4344	sffp_sd         (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
11:20:25.0923 4344	sffp_sd - ok
11:20:25.0923 4344	sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
11:20:25.0923 4344	sfloppy - ok
11:20:25.0969 4344	ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
11:20:25.0985 4344	ShellHWDetection - ok
11:20:26.0001 4344	SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
11:20:26.0001 4344	SiSRaid2 - ok
11:20:26.0032 4344	SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
11:20:26.0032 4344	SiSRaid4 - ok
11:20:26.0047 4344	Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
11:20:26.0047 4344	Smb - ok
11:20:26.0094 4344	SNMPTRAP        (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
11:20:26.0094 4344	SNMPTRAP - ok
11:20:26.0110 4344	spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
11:20:26.0110 4344	spldr - ok
11:20:26.0157 4344	Spooler         (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
11:20:26.0188 4344	Spooler - ok
11:20:26.0359 4344	sppsvc          (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
11:20:26.0453 4344	sppsvc - ok
11:20:26.0547 4344	sppuinotify     (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
11:20:26.0562 4344	sppuinotify - ok
11:20:26.0640 4344	srv             (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
11:20:26.0656 4344	srv - ok
11:20:26.0703 4344	srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
11:20:26.0718 4344	srv2 - ok
11:20:26.0749 4344	srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
11:20:26.0749 4344	srvnet - ok
11:20:26.0812 4344	SSDPSRV         (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
11:20:26.0827 4344	SSDPSRV - ok
11:20:26.0843 4344	SstpSvc         (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
11:20:26.0843 4344	SstpSvc - ok
11:20:26.0921 4344	ssudmdm         (78cd64791f8634cf7b582fd085e57c4b) C:\Windows\system32\DRIVERS\ssudmdm.sys
11:20:26.0937 4344	ssudmdm - ok
11:20:26.0968 4344	stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
11:20:26.0968 4344	stexstor - ok
11:20:27.0046 4344	stisvc          (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
11:20:27.0093 4344	stisvc - ok
11:20:27.0108 4344	swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
11:20:27.0108 4344	swenum - ok
11:20:27.0171 4344	swprv           (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
11:20:27.0202 4344	swprv - ok
11:20:27.0327 4344	SynTP           (b0c7d4dcf4800df2f2145b500d0161e8) C:\Windows\system32\DRIVERS\SynTP.sys
11:20:27.0389 4344	SynTP - ok
11:20:27.0592 4344	SysMain         (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
11:20:27.0670 4344	SysMain - ok
11:20:27.0826 4344	TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
11:20:27.0826 4344	TabletInputService - ok
11:20:27.0873 4344	TapiSrv         (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
11:20:27.0888 4344	TapiSrv - ok
11:20:27.0904 4344	TBS             (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
11:20:27.0919 4344	TBS - ok
11:20:28.0091 4344	Tcpip           (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
11:20:28.0169 4344	Tcpip - ok
11:20:28.0403 4344	TCPIP6          (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
11:20:28.0419 4344	TCPIP6 - ok
11:20:28.0543 4344	tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
11:20:28.0543 4344	tcpipreg - ok
11:20:28.0559 4344	TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
11:20:28.0559 4344	TDPIPE - ok
11:20:28.0590 4344	TDTCP           (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
11:20:28.0606 4344	TDTCP - ok
11:20:28.0637 4344	tdx             (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
11:20:28.0637 4344	tdx - ok
11:20:28.0855 4344	TeamViewer7     (3e85bdd019e3db66d9471dad7fd6a887) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
11:20:28.0949 4344	TeamViewer7 - ok
11:20:29.0058 4344	TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
11:20:29.0058 4344	TermDD - ok
11:20:29.0136 4344	TermService     (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
11:20:29.0167 4344	TermService - ok
11:20:29.0199 4344	Themes          (9201be2bab8a9ff8e20d8439ae3bb04d) C:\Windows\system32\themeservice.dll
11:20:29.0245 4344	Themes - ok
11:20:29.0277 4344	THREADORDER     (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
11:20:29.0277 4344	THREADORDER - ok
11:20:29.0339 4344	totrsdiy        (37de5c89d49d8842c29504a7377c8bdc) C:\Windows\system32\drivers\totrsdiy.sys
11:20:29.0370 4344	totrsdiy - ok
11:20:29.0401 4344	TrkWks          (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
11:20:29.0401 4344	TrkWks - ok
11:20:29.0464 4344	TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
11:20:29.0479 4344	TrustedInstaller - ok
11:20:29.0495 4344	tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
11:20:29.0511 4344	tssecsrv - ok
11:20:29.0542 4344	TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
11:20:29.0542 4344	TsUsbFlt - ok
11:20:29.0557 4344	TsUsbGD         (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
11:20:29.0573 4344	TsUsbGD - ok
11:20:29.0604 4344	tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
11:20:29.0604 4344	tunnel - ok
11:20:29.0620 4344	uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
11:20:29.0635 4344	uagp35 - ok
11:20:29.0682 4344	UBHelper        (a17d5e1a6df4eab0a480f2c490de4c9d) C:\Windows\system32\drivers\UBHelper.sys
11:20:29.0682 4344	UBHelper - ok
11:20:29.0729 4344	udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
11:20:29.0745 4344	udfs - ok
11:20:29.0776 4344	UI0Detect       (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
11:20:29.0776 4344	UI0Detect - ok
11:20:29.0791 4344	uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
11:20:29.0791 4344	uliagpkx - ok
11:20:29.0823 4344	umbus           (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
11:20:29.0823 4344	umbus - ok
11:20:29.0838 4344	UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
11:20:29.0838 4344	UmPass - ok
11:20:29.0916 4344	UnlockerDriver5 (9dc07e73a4abb9acf692113b36a5009f) C:\Program Files\Unlocker\UnlockerDriver5.sys
11:20:29.0916 4344	UnlockerDriver5 - ok
11:20:30.0119 4344	UNS             (7e5e1603d0ff2d240ae70295c5c3fefc) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
11:20:30.0213 4344	UNS - ok
11:20:30.0306 4344	Update-Service - ok
11:20:30.0353 4344	upnphost        (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
11:20:30.0384 4344	upnphost - ok
11:20:30.0431 4344	usbccgp         (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
11:20:30.0431 4344	usbccgp - ok
11:20:30.0462 4344	usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
11:20:30.0478 4344	usbcir - ok
11:20:30.0509 4344	usbehci         (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
11:20:30.0509 4344	usbehci - ok
11:20:30.0556 4344	usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
11:20:30.0587 4344	usbhub - ok
11:20:30.0603 4344	usbohci         (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
11:20:30.0603 4344	usbohci - ok
11:20:30.0634 4344	usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
11:20:30.0634 4344	usbprint - ok
11:20:30.0665 4344	usbscan         (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
11:20:30.0665 4344	usbscan - ok
11:20:30.0696 4344	USBSTOR         (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
11:20:30.0696 4344	USBSTOR - ok
11:20:30.0727 4344	usbuhci         (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
11:20:30.0727 4344	usbuhci - ok
11:20:30.0759 4344	usbvideo        (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
11:20:30.0759 4344	usbvideo - ok
11:20:30.0805 4344	usb_rndisx      (70d05ee263568a742d14e1876df80532) C:\Windows\system32\DRIVERS\usb8023x.sys
11:20:30.0805 4344	usb_rndisx - ok
11:20:30.0821 4344	UxSms           (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
11:20:30.0837 4344	UxSms - ok
11:20:30.0883 4344	VaultSvc        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
11:20:30.0883 4344	VaultSvc - ok
11:20:30.0961 4344	VBoxDrv         (c30f3d43ceb6f79ade9b805387e5f63c) C:\Windows\system32\DRIVERS\VBoxDrv.sys
11:20:30.0977 4344	VBoxDrv - ok
11:20:31.0008 4344	VBoxNetAdp      (8acf22b86ce4e85c23e3e9513bf45c37) C:\Windows\system32\DRIVERS\VBoxNetAdp.sys
11:20:31.0024 4344	VBoxNetAdp - ok
11:20:31.0039 4344	VBoxNetFlt      (7b657669c53a0e6583f07ebaa303d9ea) C:\Windows\system32\DRIVERS\VBoxNetFlt.sys
11:20:31.0039 4344	VBoxNetFlt - ok
11:20:31.0071 4344	VBoxUSBMon      (cf3ee68cd9723e9f21e3198a0f690400) C:\Windows\system32\DRIVERS\VBoxUSBMon.sys
11:20:31.0071 4344	VBoxUSBMon - ok
11:20:31.0086 4344	vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
11:20:31.0086 4344	vdrvroot - ok
11:20:31.0149 4344	vds             (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
11:20:31.0180 4344	vds - ok
11:20:31.0211 4344	vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
11:20:31.0211 4344	vga - ok
11:20:31.0242 4344	VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
11:20:31.0242 4344	VgaSave - ok
11:20:31.0273 4344	vhdmp           (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
11:20:31.0289 4344	vhdmp - ok
11:20:31.0305 4344	viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
11:20:31.0305 4344	viaide - ok
11:20:31.0336 4344	volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
11:20:31.0336 4344	volmgr - ok
11:20:31.0367 4344	volmgrx         (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
11:20:31.0383 4344	volmgrx - ok
11:20:31.0398 4344	volsnap         (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
11:20:31.0414 4344	volsnap - ok
11:20:31.0445 4344	vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
11:20:31.0461 4344	vsmraid - ok
11:20:31.0554 4344	VSS             (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
11:20:31.0601 4344	VSS - ok
11:20:31.0710 4344	vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
11:20:31.0710 4344	vwifibus - ok
11:20:31.0741 4344	vwififlt        (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
11:20:31.0741 4344	vwififlt - ok
11:20:31.0788 4344	vwifimp         (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
11:20:31.0788 4344	vwifimp - ok
11:20:31.0851 4344	W32Time         (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
11:20:31.0882 4344	W32Time - ok
11:20:31.0913 4344	WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
11:20:31.0913 4344	WacomPen - ok
11:20:31.0929 4344	WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
11:20:31.0944 4344	WANARP - ok
11:20:31.0960 4344	Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
11:20:31.0960 4344	Wanarpv6 - ok
11:20:32.0053 4344	WatAdminSvc     (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
11:20:32.0116 4344	WatAdminSvc - ok
11:20:32.0209 4344	wbengine        (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
11:20:32.0272 4344	wbengine - ok
11:20:32.0365 4344	WbioSrvc        (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
11:20:32.0381 4344	WbioSrvc - ok
11:20:32.0412 4344	wcncsvc         (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
11:20:32.0428 4344	wcncsvc - ok
11:20:32.0443 4344	WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
11:20:32.0459 4344	WcsPlugInService - ok
11:20:32.0490 4344	Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
11:20:32.0490 4344	Wd - ok
11:20:32.0537 4344	Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
11:20:32.0568 4344	Wdf01000 - ok
11:20:32.0584 4344	WdiServiceHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
11:20:32.0584 4344	WdiServiceHost - ok
11:20:32.0599 4344	WdiSystemHost   (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
11:20:32.0599 4344	WdiSystemHost - ok
11:20:32.0646 4344	WebClient       (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
11:20:32.0662 4344	WebClient - ok
11:20:32.0693 4344	Wecsvc          (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
11:20:32.0709 4344	Wecsvc - ok
11:20:32.0724 4344	wercplsupport   (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
11:20:32.0724 4344	wercplsupport - ok
11:20:32.0771 4344	WerSvc          (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
11:20:32.0771 4344	WerSvc - ok
11:20:32.0849 4344	WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
11:20:32.0849 4344	WfpLwf - ok
11:20:32.0865 4344	WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
11:20:32.0865 4344	WIMMount - ok
11:20:32.0880 4344	WinHttpAutoProxySvc - ok
11:20:32.0943 4344	Winmgmt         (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
11:20:32.0958 4344	Winmgmt - ok
11:20:33.0083 4344	WinRM           (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
11:20:33.0130 4344	WinRM - ok
11:20:33.0255 4344	WinUsb          (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
11:20:33.0270 4344	WinUsb - ok
11:20:33.0348 4344	Wlansvc         (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
11:20:33.0379 4344	Wlansvc - ok
11:20:33.0473 4344	wlcrasvc        (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
11:20:33.0473 4344	wlcrasvc - ok
11:20:33.0629 4344	wlidsvc         (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
11:20:33.0691 4344	wlidsvc - ok
11:20:33.0801 4344	WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
11:20:33.0816 4344	WmiAcpi - ok
11:20:33.0879 4344	wmiApSrv        (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
11:20:33.0894 4344	wmiApSrv - ok
11:20:33.0957 4344	WMPNetworkSvc - ok
11:20:33.0988 4344	WPCSvc          (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
11:20:33.0988 4344	WPCSvc - ok
11:20:34.0019 4344	WPDBusEnum      (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
11:20:34.0019 4344	WPDBusEnum - ok
11:20:34.0050 4344	ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
11:20:34.0050 4344	ws2ifsl - ok
11:20:34.0050 4344	WSearch - ok
11:20:34.0191 4344	wuauserv        (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
11:20:34.0269 4344	wuauserv - ok
11:20:34.0378 4344	WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
11:20:34.0393 4344	WudfPf - ok
11:20:34.0425 4344	WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
11:20:34.0440 4344	WUDFRd - ok
11:20:34.0487 4344	wudfsvc         (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
11:20:34.0503 4344	wudfsvc - ok
11:20:34.0534 4344	WwanSvc         (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
11:20:34.0549 4344	WwanSvc - ok
11:20:34.0659 4344	MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
11:20:34.0830 4344	\Device\Harddisk0\DR0 - ok
11:20:35.0205 4344	MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
11:20:35.0314 4344	\Device\Harddisk1\DR1 - ok
11:20:35.0329 4344	Boot (0x1200)   (ac5db4b66a4c509054b8a7ed6df0c99c) \Device\Harddisk0\DR0\Partition0
11:20:35.0329 4344	\Device\Harddisk0\DR0\Partition0 - ok
11:20:35.0361 4344	Boot (0x1200)   (64f51fccd4f72a0dd2e4450eb4fbc777) \Device\Harddisk0\DR0\Partition1
11:20:35.0361 4344	\Device\Harddisk0\DR0\Partition1 - ok
11:20:35.0361 4344	Boot (0x1200)   (d14a14fbc7a4ca1d38c81792d916a205) \Device\Harddisk1\DR1\Partition0
11:20:35.0376 4344	\Device\Harddisk1\DR1\Partition0 - ok
11:20:35.0376 4344	============================================================
11:20:35.0376 4344	Scan finished
11:20:35.0376 4344	============================================================
11:20:35.0376 4792	Detected object count: 0
11:20:35.0376 4792	Actual detected object count: 0
11:20:44.0300 2652	Deinitialize success
         
Liebe Grüße
Sandra
__________________

Alt 09.06.2012, 11:32   #4
Larusso
/// Selecta Jahrusso
 
Sirefef und weitere auf Win7 64-bit - Standard

Sirefef und weitere auf Win7 64-bit



[code]
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.
__________________
mfg, Daniel

ASAP & UNITE Member
Alliance of Security Analysis Professionals
Unified Network of Instructors and Trusted Eliminators

Lerne, zurück zu schlagen und unterstütze uns!
TB Akademie

Alt 09.06.2012, 11:33   #5
Larusso
/// Selecta Jahrusso
 
Sirefef und weitere auf Win7 64-bit - Standard

Sirefef und weitere auf Win7 64-bit



Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
mfg, Daniel

ASAP & UNITE Member
Alliance of Security Analysis Professionals
Unified Network of Instructors and Trusted Eliminators

Lerne, zurück zu schlagen und unterstütze uns!
TB Akademie

Alt 09.06.2012, 12:30   #6
poldikater
 
Sirefef und weitere auf Win7 64-bit - Standard

Sirefef und weitere auf Win7 64-bit



Hi,
combofix hat keine Meldungen gebracht, dafür meinen Desktop zerschossen (schwarzer Bildschirm) - hab dann neu gestartet, dann ist alles was ich gestartet habe, eingefroren, jetzt läuft alles wieder normal (meine Security Progs sind noch alle deaktiviert)
combofix hat weder unter C:\ noch am Desktop eine logdatei angelegt.
LG

Alt 09.06.2012, 12:32   #7
Larusso
/// Selecta Jahrusso
 
Sirefef und weitere auf Win7 64-bit - Standard

Sirefef und weitere auf Win7 64-bit



Gehe in den abgesicherten Modus (Link bitte unbedingt anklicken & lesen!) von windows
  • Starte den Rechner neu auf.
  • Sobald du den Rechner das erste mal piepen hörst, drücke die F8 Taste. ( Dies kann von System zu System variieren )
  • Windows wird dir ein Auswahlmenu geben anstatt sich normal zu starten.
  • Wähle hier Abgesicherter Modus und drücke Enter.



Starte bitte Combofix erneut
__________________
mfg, Daniel

ASAP & UNITE Member
Alliance of Security Analysis Professionals
Unified Network of Instructors and Trusted Eliminators

Lerne, zurück zu schlagen und unterstütze uns!
TB Akademie

Alt 09.06.2012, 14:09   #8
poldikater
 
Sirefef und weitere auf Win7 64-bit - Standard

Sirefef und weitere auf Win7 64-bit



Hallo, leider noch immer keine log-Datei, die so heißt. Dafür kommt mir mein Rechner sehr schnell vor *g*
Combofix öffnet eine art bash-Fenster, da läuft dann ein scan durch, dann schließt sich das programm, ohne dass ich was bestätigen muss, und leider keine log-Datei.
Ich glaub ich steig wieder auf Linux um

Alt 09.06.2012, 15:17   #9
Larusso
/// Selecta Jahrusso
 
Sirefef und weitere auf Win7 64-bit - Standard

Sirefef und weitere auf Win7 64-bit



Hy.

Sieh mal bitte unter C:\Qoobox nach, ob da eine Combofix.txt ist
__________________
mfg, Daniel

ASAP & UNITE Member
Alliance of Security Analysis Professionals
Unified Network of Instructors and Trusted Eliminators

Lerne, zurück zu schlagen und unterstütze uns!
TB Akademie

Alt 09.06.2012, 15:49   #10
poldikater
 
Sirefef und weitere auf Win7 64-bit - Standard

Sirefef und weitere auf Win7 64-bit



Das Verzeichnis gibts leider nicht - ich hab auch schon das LW durchsucht nach der Datei...

Alt 09.06.2012, 15:58   #11
Larusso
/// Selecta Jahrusso
 
Sirefef und weitere auf Win7 64-bit - Standard

Sirefef und weitere auf Win7 64-bit



Na dann müssen wir anders ran.
Scheint die neue Version zu sein.


Downloade dir bitte Farbar's Recovery Scan Tool x64 und speichere diese auf einen USB Stick.

Schließe den USB Stick an das infizierte System an

Du musst das System nun in die System Reparatur Option booten.

Über den Boot Manager
  • Starte den Rechner neu auf.
  • Während dem Hochfahren drücke mehrmals die F8 Taste
  • Wähle nun Computer reparieren.
  • Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".

Mit Windows CD/DVD
  • Lege die Windows CD in dein Laufwerk.
  • Starte den Rechner neu auf und starte von der CD
  • Wähle die Spracheinstellungen und klicke "Weiter".
  • Klicke auf Computerreparaturoptionen !!
  • Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".


Wähle in den Reparaturoptionen Eingabeaufforderung
  • Gib nun bitte notepad ein und drücke Enter.
  • Im öffnenden Textdokument --> Datei --> Speichern unter und wähle Computer
    Hier wird dir der Laufwerksbuchstabe deines USB Sticks angezeigt.
  • Schließe Notepad wieder
  • Gib nun bitte folgenden Befehl ein.
    e:\frst64.exe
    Hinweis: e steht für den Laufwerksbuchstaben deines USB Sticks. Gegebenfalls anpassen.
  • Akzeptiere den Disclaimer mit Yes und klicke Scan
Das Tool erstellt eine FRST.txt auf deinem USB Stick. Poste den Inhalt bitte hier.
__________________
mfg, Daniel

ASAP & UNITE Member
Alliance of Security Analysis Professionals
Unified Network of Instructors and Trusted Eliminators

Lerne, zurück zu schlagen und unterstütze uns!
TB Akademie

Alt 09.06.2012, 16:25   #12
poldikater
 
Sirefef und weitere auf Win7 64-bit - Standard

Sirefef und weitere auf Win7 64-bit



Servus Daniel - hier der log:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool Version: 09-06-2012 01
Ran by SYSTEM at 09-06-2012 16:19:04
Running from H:\
Windows 7 Home Premium  Service Pack 1 (X64) OS Language: German Standard 
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [167960 2010-12-29] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [391704 2010-12-29] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [418328 2010-12-29] (Intel Corporation)
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2531624 2010-12-16] (Synaptics Incorporated)
HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [11775592 2011-01-12] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE4  [2186856 2011-01-09] (Realtek Semiconductor)
HKLM\...\Run: [AthBtTray] "C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe" [379552 2011-01-20] (Atheros Commnucations)
HKLM\...\Run: [Power Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [1796200 2011-02-22] (Acer Incorporated)
HKLM\...\Run: [itype] "c:\Program Files\Microsoft IntelliType Pro\itype.exe" [1873256 2011-08-10] (Microsoft Corporation)
HKLM\...\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2417032 2011-08-01] (Microsoft Corporation)
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1271168 2012-03-26] (Microsoft Corporation)
HKLM-x32\...\Run: [BackupManagerTray] "C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" -h -k [297280 2011-02-15] (NTI Corporation)
HKLM-x32\...\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe [1081424 2011-03-14] (Dritek System Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [37296 2012-03-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Spy Protector] C:\Program Files (x86)\Security Task Manager\SpyProtector.exe /autostart [140616 2010-11-09] (Neuber Software - www.neuber.com)
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Tcpip\Parameters: [DhcpNameServer] 80.237.176.196
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\SecuniaPSI\psi_tray.exe (Secunia)

==================== Services (Whitelisted) ======

2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [76448 2011-01-20] (Atheros Commnucations)
2 Dnscache; C:\Windows\System32\pouazns6k.dll [354304 2012-06-02] (Parental Solutions Inc.)
2 DsiWMIService; C:\Program Files (x86)\Launch Manager\dsiwmis.exe [352336 2011-03-14] (Dritek System Inc.)
2 ePowerSvc; C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [873064 2011-02-22] (Acer Incorporated)
2 GREGService; C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [23584 2010-01-08] (Acer Incorporated)
2 Live Updater Service; C:\Program Files\Acer\Acer Updater\UpdaterService.exe [244624 2011-01-31] (Acer Incorporated)
2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [12600 2012-03-26] (Microsoft Corporation)
3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [291696 2012-03-26] (Microsoft Corporation)
2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [257344 2011-02-15] (NTI Corporation)
2 Secunia PSI Agent; "C:\Program Files (x86)\SecuniaPSI\PSIA.exe" --start-service [994360 2011-10-13] (Secunia)
2 Secunia Update Agent; "C:\Program Files (x86)\SecuniaPSI\sua.exe" --start-service [399416 2011-10-13] (Secunia)
2 UNS; "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe" [2656280 2010-12-20] (Intel Corporation)
2 Update-Service; C:\Windows\SysWow64\UpdSvc.dll [114000 2011-12-06] (Joosoft.com GmbH)
2 WinDefend; C:\Program Files (x86)\Windows Defender\mpsvc.dll [x]

========================== Drivers (Whitelisted) =============

3 AthBTPort; C:\Windows\System32\DRIVERS\btath_flt.sys [36000 2011-01-20] (Atheros)
3 BTATH_A2DP; C:\Windows\System32\Drivers\BTATH_A2DP.sys [298144 2011-01-20] (Atheros)
3 BTATH_BUS; C:\Windows\System32\Drivers\BTATH_BUS.sys [28832 2011-01-20] (Atheros)
3 BTATH_HCRP; C:\Windows\System32\Drivers\BTATH_HCRP.sys [201376 2011-01-20] (Atheros)
3 BTATH_LWFLT; C:\Windows\System32\Drivers\BTATH_LWFLT.sys [55456 2011-01-20] (Atheros)
3 BTATH_RCP; C:\Windows\System32\Drivers\BTATH_RCP.sys [154272 2011-01-20] (Atheros)
3 BtFilter; C:\Windows\System32\Drivers\BtFilter.sys [279200 2011-01-20] (Atheros)
3 NTIDrvr; C:\Windows\System32\Drivers\NTIDrvr.sys [18432 2011-03-09] (NTI Corporation)
3 UBHelper; C:\Windows\System32\Drivers\UBHelper.sys [17408 2011-03-09] (NTI Corporation)

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-06-09 16:19 - 2012-06-09 16:19 - 00000000 ____D C:\FRST
2012-06-09 06:13 - 2012-06-09 06:14 - 01399435 ____A C:\Users\sandra\Downloads\FRST64.exe
2012-06-09 05:55 - 2012-06-09 06:07 - 673229715 ____A C:\Users\sandra\Downloads\Secrets of the Dark 2 Eclipse Mountain CE.rar
2012-06-09 03:54 - 2012-06-09 04:00 - 00269820 ____A C:\Windows\ntbtlog.txt
2012-06-09 02:15 - 2012-06-09 03:56 - 00000000 ___SD C:\32788R22FWJFW
2012-06-09 02:07 - 2012-06-09 02:07 - 04538510 ____R (Swearware) C:\Users\sandra\Desktop\ComboFix.exe
2012-06-09 01:20 - 2012-06-09 01:20 - 00133168 ____A C:\TDSSKiller.2.7.36.0_09.06.2012_11.20.02_log.txt
2012-06-09 01:18 - 2012-06-09 01:18 - 02127960 ____A (Kaspersky Lab ZAO) C:\Users\sandra\Desktop\tdsskiller.exe
2012-06-08 08:53 - 2012-06-08 08:53 - 00002006 ____A C:\Users\sandra\Desktop\Rite of Passage - The Perfect Show Collector's Edition.lnk
2012-06-08 07:38 - 2012-06-08 07:38 - 00034934 ____A C:\Users\sandra\Downloads\OTL.zip
2012-06-08 07:35 - 2012-06-08 07:35 - 00114350 ____A C:\Users\sandra\Downloads\Extras.Txt
2012-06-08 07:34 - 2012-06-08 07:34 - 00098090 ____A C:\Users\sandra\Downloads\OTL.Txt
2012-06-08 07:30 - 2012-06-08 07:30 - 00595456 ____A (OldTimer Tools) C:\Users\sandra\Downloads\OTL.exe
2012-06-08 07:26 - 2012-06-08 07:26 - 00000474 ____A C:\Users\sandra\Downloads\defogger_disable.log
2012-06-08 07:26 - 2012-06-08 07:26 - 00000000 ____A C:\Users\sandra\defogger_reenable
2012-06-08 07:25 - 2012-06-08 07:25 - 00050477 ____A C:\Users\sandra\Downloads\Defogger.exe
2012-06-07 11:15 - 2012-06-09 02:10 - 00000000 ____D C:\Program Files (x86)\Emsisoft Anti-Malware
2012-06-07 11:15 - 2012-06-08 07:44 - 00000000 ____D C:\Users\sandra\Documents\Anti-Malware
2012-06-07 09:43 - 2012-06-07 09:45 - 00000000 ____D C:\Users\sandra\AppData\Roaming\ImgBurn
2012-06-07 09:32 - 2012-06-07 09:32 - 00000000 ____D C:\Program Files (x86)\ImgBurn
2012-06-07 09:30 - 2012-06-07 09:30 - 00000000 ____D C:\Users\sandra\AppData\Roaming\Malwarebytes
2012-06-07 09:29 - 2012-06-07 09:29 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-06-07 09:06 - 2012-06-07 09:06 - 00000000 ____D C:\TDSSKiller_Quarantine
2012-06-07 08:37 - 2012-06-07 08:40 - 00000000 ____D C:\Users\sandra\AppData\Local\ElevatedDiagnostics
2012-06-07 08:25 - 2012-06-07 08:25 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-06-07 08:25 - 2012-06-07 08:25 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2012-06-05 08:34 - 2012-06-08 10:01 - 00000000 ____D C:\Users\sandra\AppData\Roaming\TOMI3
2012-06-05 08:33 - 2012-06-05 08:33 - 00000000 ____D C:\Users\sandra\AppData\Roaming\Persha Studia
2012-06-05 08:32 - 2012-06-05 08:32 - 00000000 ____D C:\Users\All Users\Dying for Daylight
2012-06-05 02:43 - 2012-06-05 02:43 - 00001039 ____A C:\Users\sandra\Desktop\TeslasTower_TheWardenclyffeMystery.exe - Verknüpfung.lnk
2012-06-03 01:46 - 2012-06-03 01:46 - 00000000 ____D C:\Windows\SysWOW64\1049
2012-06-02 06:08 - 2012-06-02 06:08 - 00354304 ____A (Parental Solutions Inc.) C:\Windows\System32\pouazns6k.dll
2012-05-25 10:33 - 2012-05-25 10:33 - 00000000 ____A C:\Users\sandra\AppData\Roaming\BrgNm.txt
2012-05-19 02:12 - 2012-05-22 12:23 - 00000000 ____D C:\Users\sandra\Desktop\tmp
2012-05-17 05:22 - 2012-05-17 05:22 - 00114904 ____A C:\Users\sandra\AppData\Local\GDIPFONTCACHEV1.DAT
2012-05-17 05:21 - 2012-06-09 04:01 - 00003454 ____A C:\Windows\setupact.log
2012-05-17 05:21 - 2012-06-09 03:54 - 00035716 ____A C:\Windows\PFRO.log
2012-05-17 05:21 - 2012-05-17 05:21 - 00461552 ____A C:\Windows\System32\FNTCACHE.DAT
2012-05-17 05:21 - 2012-05-17 05:21 - 00000000 ____A C:\Windows\setuperr.log
2012-05-15 08:41 - 2012-05-15 08:41 - 00000000 ____D C:\Windows\SysWOW64\1093
2012-05-11 17:01 - 2012-05-11 17:01 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2012-05-11 17:01 - 2012-05-11 17:01 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight

============ 3 Months Modified Files and Folders =============

2012-06-09 16:19 - 2012-06-09 16:19 - 00000000 ____D C:\FRST
2012-06-09 06:15 - 2011-07-08 00:57 - 01486038 ____A C:\Windows\WindowsUpdate.log
2012-06-09 06:14 - 2012-06-09 06:13 - 01399435 ____A C:\Users\sandra\Downloads\FRST64.exe
2012-06-09 06:12 - 2011-07-08 10:48 - 00702508 ____A C:\Windows\System32\perfh007.dat
2012-06-09 06:12 - 2011-07-08 10:48 - 00150172 ____A C:\Windows\System32\perfc007.dat
2012-06-09 06:12 - 2009-07-13 21:13 - 01627732 ____A C:\Windows\System32\PerfStringBackup.INI
2012-06-09 06:10 - 2011-12-06 09:32 - 00000000 ____D C:\Users\sandra\AppData\Roaming\BitTorrent
2012-06-09 06:07 - 2012-06-09 05:55 - 673229715 ____A C:\Users\sandra\Downloads\Secrets of the Dark 2 Eclipse Mountain CE.rar
2012-06-09 05:42 - 2012-03-30 05:59 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-06-09 04:08 - 2009-07-13 20:45 - 00016976 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-06-09 04:08 - 2009-07-13 20:45 - 00016976 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-06-09 04:01 - 2012-05-17 05:21 - 00003454 ____A C:\Windows\setupact.log
2012-06-09 04:01 - 2011-12-06 05:22 - 00000000 ____D C:\Users\All Users\clear.fi
2012-06-09 04:01 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-06-09 04:00 - 2012-06-09 03:54 - 00269820 ____A C:\Windows\ntbtlog.txt
2012-06-09 03:56 - 2012-06-09 02:15 - 00000000 ___SD C:\32788R22FWJFW
2012-06-09 03:54 - 2012-05-17 05:21 - 00035716 ____A C:\Windows\PFRO.log
2012-06-09 02:20 - 2012-03-21 22:46 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2012-06-09 02:20 - 2009-07-13 21:08 - 00020246 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-06-09 02:12 - 2011-12-06 05:47 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-06-09 02:10 - 2012-06-07 11:15 - 00000000 ____D C:\Program Files (x86)\Emsisoft Anti-Malware
2012-06-09 02:09 - 2011-12-06 09:57 - 00000000 ____D C:\Program Files (x86)\SecuniaPSI
2012-06-09 02:07 - 2012-06-09 02:07 - 04538510 ____R (Swearware) C:\Users\sandra\Desktop\ComboFix.exe
2012-06-09 01:20 - 2012-06-09 01:20 - 00133168 ____A C:\TDSSKiller.2.7.36.0_09.06.2012_11.20.02_log.txt
2012-06-09 01:18 - 2012-06-09 01:18 - 02127960 ____A (Kaspersky Lab ZAO) C:\Users\sandra\Desktop\tdsskiller.exe
2012-06-08 10:01 - 2012-06-05 08:34 - 00000000 ____D C:\Users\sandra\AppData\Roaming\TOMI3
2012-06-08 08:53 - 2012-06-08 08:53 - 00002006 ____A C:\Users\sandra\Desktop\Rite of Passage - The Perfect Show Collector's Edition.lnk
2012-06-08 08:51 - 2011-12-06 13:38 - 00000000 ____D C:\Spiele
2012-06-08 07:44 - 2012-06-07 11:15 - 00000000 ____D C:\Users\sandra\Documents\Anti-Malware
2012-06-08 07:38 - 2012-06-08 07:38 - 00034934 ____A C:\Users\sandra\Downloads\OTL.zip
2012-06-08 07:35 - 2012-06-08 07:35 - 00114350 ____A C:\Users\sandra\Downloads\Extras.Txt
2012-06-08 07:34 - 2012-06-08 07:34 - 00098090 ____A C:\Users\sandra\Downloads\OTL.Txt
2012-06-08 07:30 - 2012-06-08 07:30 - 00595456 ____A (OldTimer Tools) C:\Users\sandra\Downloads\OTL.exe
2012-06-08 07:26 - 2012-06-08 07:26 - 00000474 ____A C:\Users\sandra\Downloads\defogger_disable.log
2012-06-08 07:26 - 2012-06-08 07:26 - 00000000 ____A C:\Users\sandra\defogger_reenable
2012-06-08 07:26 - 2011-12-06 09:24 - 00000000 ____D C:\users\sandra
2012-06-08 07:25 - 2012-06-08 07:25 - 00050477 ____A C:\Users\sandra\Downloads\Defogger.exe
2012-06-07 21:28 - 2012-02-24 09:20 - 00000000 ____D C:\Users\sandra\AppData\Roaming\E0168
2012-06-07 11:21 - 2011-12-07 16:22 - 02125824 ____A C:\Users\sandra\s-1-5-21-3302248352-1844511566-3404724950-1000.rrr
2012-06-07 10:24 - 2011-05-09 00:55 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2012-06-07 10:15 - 2012-04-15 09:27 - 00000000 ____D C:\Users\All Users\Deadtime Stories
2012-06-07 10:08 - 2011-07-08 01:09 - 00000035 ____A C:\Users\Public\Documents\AtherosServiceConfig.ini
2012-06-07 09:45 - 2012-06-07 09:43 - 00000000 ____D C:\Users\sandra\AppData\Roaming\ImgBurn
2012-06-07 09:32 - 2012-06-07 09:32 - 00000000 ____D C:\Program Files (x86)\ImgBurn
2012-06-07 09:30 - 2012-06-07 09:30 - 00000000 ____D C:\Users\sandra\AppData\Roaming\Malwarebytes
2012-06-07 09:29 - 2012-06-07 09:29 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-06-07 09:06 - 2012-06-07 09:06 - 00000000 ____D C:\TDSSKiller_Quarantine
2012-06-07 08:40 - 2012-06-07 08:37 - 00000000 ____D C:\Users\sandra\AppData\Local\ElevatedDiagnostics
2012-06-07 08:25 - 2012-06-07 08:25 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-06-07 08:25 - 2012-06-07 08:25 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2012-06-07 08:25 - 2011-12-06 11:00 - 01650254 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-06-07 08:25 - 2011-12-06 11:00 - 00001912 ____A C:\Windows\epplauncher.mif
2012-06-07 08:16 - 2012-03-23 08:09 - 00000000 ____D C:\Users\sandra\AppData\Roaming\QuickScan
2012-06-07 08:14 - 2012-04-28 00:18 - 00000000 ____D C:\Program Files (x86)\MyTomTom 3
2012-06-07 08:04 - 2011-12-07 14:26 - 00000000 ____D C:\Users\All Users\SecTaskMan
2012-06-07 06:22 - 2011-12-06 09:24 - 00000000 ____D C:\Users\sandra\AppData\Local\VirtualStore
2012-06-05 08:33 - 2012-06-05 08:33 - 00000000 ____D C:\Users\sandra\AppData\Roaming\Persha Studia
2012-06-05 08:32 - 2012-06-05 08:32 - 00000000 ____D C:\Users\All Users\Dying for Daylight
2012-06-05 02:43 - 2012-06-05 02:43 - 00001039 ____A C:\Users\sandra\Desktop\TeslasTower_TheWardenclyffeMystery.exe - Verknüpfung.lnk
2012-06-03 01:46 - 2012-06-03 01:46 - 00000000 ____D C:\Windows\SysWOW64\1049
2012-06-02 06:08 - 2012-06-02 06:08 - 00354304 ____A (Parental Solutions Inc.) C:\Windows\System32\pouazns6k.dll
2012-05-31 11:38 - 2011-12-06 13:28 - 00000000 ____D C:\Users\sandra\Documents\daten
2012-05-27 11:02 - 2011-12-19 13:52 - 00000000 ____D C:\Users\sandra\AppData\Local\CrashDumps
2012-05-25 10:33 - 2012-05-25 10:33 - 00000000 ____A C:\Users\sandra\AppData\Roaming\BrgNm.txt
2012-05-22 12:52 - 2011-12-07 16:18 - 00000000 ____D C:\Users\sandra\AppData\Roaming\vlc
2012-05-22 12:23 - 2012-05-19 02:12 - 00000000 ____D C:\Users\sandra\Desktop\tmp
2012-05-22 12:22 - 2011-12-09 13:25 - 00000000 ____D C:\Users\sandra\AppData\Roaming\Audacity
2012-05-21 11:10 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF
2012-05-17 05:22 - 2012-05-17 05:22 - 00114904 ____A C:\Users\sandra\AppData\Local\GDIPFONTCACHEV1.DAT
2012-05-17 05:21 - 2012-05-17 05:21 - 00461552 ____A C:\Windows\System32\FNTCACHE.DAT
2012-05-17 05:21 - 2012-05-17 05:21 - 00000000 ____A C:\Windows\setuperr.log
2012-05-17 05:13 - 2011-12-07 16:22 - 00000000 ____D C:\Users\sandra\AppData\Roaming\Registry Mechanic
2012-05-17 05:13 - 2009-07-13 21:32 - 00000000 ____D C:\Windows\Downloaded Program Files
2012-05-17 05:06 - 2011-12-06 09:33 - 00000000 ____D C:\Program Files (x86)\BitTorrent
2012-05-15 08:41 - 2012-05-15 08:41 - 00000000 ____D C:\Windows\SysWOW64\1093
2012-05-11 17:01 - 2012-05-11 17:01 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2012-05-11 17:01 - 2012-05-11 17:01 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2012-05-11 06:15 - 2012-03-30 05:59 - 00419488 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-05-11 06:15 - 2011-12-07 14:39 - 00070304 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-05-10 17:13 - 2011-12-06 10:07 - 57848688 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-05-10 17:13 - 2011-12-06 09:12 - 00000000 ____D C:\Users\All Users\Microsoft Help
2012-05-10 17:00 - 2010-11-20 23:17 - 00000000 ____D C:\Program Files\Windows Journal
2012-05-10 09:55 - 2012-01-08 11:27 - 00000000 ____D C:\Users\All Users\Elephant Games
2012-05-06 11:05 - 2012-05-06 11:05 - 00466456 ____A (Creative Labs) C:\Windows\System32\wrap_oal.dll
2012-05-06 11:05 - 2012-05-06 11:05 - 00444952 ____A (Creative Labs) C:\Windows\SysWOW64\wrap_oal.dll
2012-05-06 11:05 - 2012-05-06 11:05 - 00122904 ____A (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\System32\OpenAL32.dll
2012-05-06 11:05 - 2012-05-06 11:05 - 00109080 ____A (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\SysWOW64\OpenAL32.dll
2012-05-06 11:05 - 2012-05-06 11:05 - 00000000 ____D C:\Program Files (x86)\OpenAL
2012-05-06 03:26 - 2012-05-06 03:26 - 00167936 ____A (www.ipauly.com) C:\Program Files (x86)\BOOTICE_0.9.EXE
2012-05-05 02:50 - 2011-12-06 06:26 - 00000000 ____D C:\Users\sandra\Documents\Bluetooth Folder
2012-05-05 02:41 - 2011-12-06 09:54 - 00000000 ____D C:\Program Files (x86)\Picasa3
2012-05-05 02:40 - 2011-12-06 09:55 - 00000000 ____D C:\Users\sandra\AppData\Local\Google
2012-05-04 12:13 - 2012-02-25 13:29 - 00000000 ____D C:\Program Files\CCleaner
2012-04-30 09:20 - 2012-04-30 09:20 - 00000000 ____D C:\Users\All Users\DailyMagic
2012-04-28 00:18 - 2012-04-28 00:18 - 00000000 ____D C:\Users\sandra\AppData\Local\TomTom
2012-04-28 00:18 - 2012-04-28 00:18 - 00000000 ____D C:\Program Files (x86)\TomTom International B.V
2012-04-24 22:31 - 2012-04-24 22:31 - 00000000 ____D C:\Windows\SysWOW64\1009
2012-04-22 08:21 - 2012-04-22 08:21 - 00000000 ____D C:\Users\All Users\Meridian93
2012-04-21 06:42 - 2012-02-04 04:47 - 00000000 ____D C:\Users\sandra\AppData\Roaming\Mp3tag
2012-04-21 06:38 - 2011-12-06 09:54 - 00000000 ____D C:\Program Files (x86)\Mp3tag
2012-04-18 10:12 - 2012-04-18 10:12 - 00000000 ____D C:\Windows\SysWOW64\1044
2012-04-15 10:54 - 2012-04-15 10:04 - 00000000 ____D C:\Users\sandra\AppData\Local\Deadtime Stories
2012-04-15 09:27 - 2012-02-13 07:18 - 00001892 ____A C:\Windows\wininit.ini
2012-04-06 05:55 - 2012-04-06 05:55 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_WinUsb_01007.Wdf
2012-04-04 10:12 - 2012-04-04 09:05 - 00000000 ____D C:\Users\sandra\.gimp-2.6
2012-04-04 09:36 - 2012-04-04 09:09 - 00000000 ____D C:\Users\sandra\AppData\Roaming\gtk-2.0
2012-04-04 09:21 - 2012-04-04 09:21 - 00000000 ____D C:\Users\sandra\.thumbnails
2012-04-04 09:05 - 2012-04-04 09:05 - 00000000 ____D C:\Users\sandra\Documents\gegl-0.0
2012-04-03 10:57 - 2012-04-03 10:53 - 00000000 ____D C:\Program Files (x86)\phase5
2012-03-31 03:10 - 2012-03-31 03:10 - 00000000 ____D C:\Program Files (x86)\Visual CertExam Suite
2012-03-31 03:05 - 2012-03-31 03:04 - 00000000 ____D C:\Users\All Users\Visual CertExam Suite
2012-03-30 22:05 - 2012-05-09 20:21 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-03-30 20:39 - 2012-05-09 20:21 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-03-30 20:39 - 2012-05-09 20:21 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-03-30 19:10 - 2012-05-09 20:21 - 03146240 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-03-30 05:41 - 2012-03-30 05:41 - 00000000 ____D C:\Program Files (x86)\Mighty Uninstaller
2012-03-30 03:35 - 2012-05-09 20:21 - 01918320 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-03-29 05:39 - 2012-03-29 05:39 - 00000237 ____A C:\user.js
2012-03-29 05:39 - 2012-03-29 05:39 - 00000000 ____D C:\Users\sandra\AppData\Roaming\Media Finder
2012-03-29 05:39 - 2012-03-29 05:39 - 00000000 ____D C:\Users\sandra\AppData\Local\Babylon
2012-03-29 05:39 - 2012-03-29 05:39 - 00000000 ____D C:\Users\All Users\Babylon
2012-03-23 08:24 - 2012-03-23 08:24 - 00860667 ____A C:\Users\sandra\AppData\Local\census.cache
2012-03-23 08:23 - 2012-03-23 08:23 - 00097634 ____A C:\Users\sandra\AppData\Local\ars.cache
2012-03-22 11:12 - 2012-03-22 11:12 - 04435968 ____A (Google Inc.) C:\Windows\SysWOW64\GPhotos.scr
2012-03-21 22:47 - 2012-03-21 22:47 - 00000000 ____D C:\Users\All Users\Mozilla
2012-03-20 10:44 - 2012-03-20 10:44 - 00203888 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\MpFilter.sys
2012-03-20 10:44 - 2012-03-20 10:44 - 00098688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\NisDrvWFP.sys
2012-03-18 12:06 - 2012-03-18 12:03 - 00000000 ____D C:\Users\All Users\Floodlight Games
2012-03-16 23:58 - 2012-05-09 20:21 - 00075120 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys
2012-03-16 11:48 - 2012-03-16 11:48 - 00000000 ____D C:\Windows\SysWOW64\2097
2012-03-15 13:36 - 2012-03-15 13:36 - 00000000 ____A C:\Users\sandra\AppData\Roaming\OhgVE.txt
2012-03-15 13:36 - 2012-03-15 13:36 - 00000000 ____A C:\Users\sandra\AppData\Roaming\NbarN.txt
2012-03-12 00:40 - 2012-03-11 10:20 - 00000000 ____D C:\Program Files (x86)\FinanzmanagerV8

ZeroAccess:
C:\Windows\Installer\{ce099c72-c4e1-bfe6-1767-79315802bb67}
C:\Windows\Installer\{ce099c72-c4e1-bfe6-1767-79315802bb67}\@
C:\Windows\Installer\{ce099c72-c4e1-bfe6-1767-79315802bb67}\L
C:\Windows\Installer\{ce099c72-c4e1-bfe6-1767-79315802bb67}\U
C:\Windows\Installer\{ce099c72-c4e1-bfe6-1767-79315802bb67}\L\00000004.@
C:\Windows\Installer\{ce099c72-c4e1-bfe6-1767-79315802bb67}\L\00000008.@
C:\Windows\Installer\{ce099c72-c4e1-bfe6-1767-79315802bb67}\U\00000004.@
C:\Windows\Installer\{ce099c72-c4e1-bfe6-1767-79315802bb67}\U\00000008.@
C:\Windows\Installer\{ce099c72-c4e1-bfe6-1767-79315802bb67}\U\000000cb.@
C:\Windows\Installer\{ce099c72-c4e1-bfe6-1767-79315802bb67}\U\80000000.@
C:\Windows\Installer\{ce099c72-c4e1-bfe6-1767-79315802bb67}\U\80000032.@
C:\Windows\Installer\{ce099c72-c4e1-bfe6-1767-79315802bb67}\U\80000064.@

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe
[2011-12-06 09:59] - [2011-12-06 11:28] - 2871808 ____A (Microsoft Corporation) 5ABE1764163E19A6F83A5574B7184231

C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0329216 ____A (Microsoft Corporation) 50BEA589F7D7958BDD2528A8F69D05CC

C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ====================== 

Percentage of memory in use: 17%
Total physical RAM: 3946.73 MB
Available physical RAM: 3245.82 MB
Total Pagefile: 3944.93 MB
Available Pagefile: 3230.47 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: (Notebook_SP) (Fixed) (Total:450.66 GB) (Free:365.99 GB) NTFS
2 Drive e: (PQSERVICE) (Fixed) (Total:15 GB) (Free:1.04 GB) NTFS
4 Drive g: (HDD_ext) (Fixed) (Total:232.88 GB) (Free:26.99 GB) NTFS
5 Drive h: () (Removable) (Total:0.96 GB) (Free:0.95 GB) FAT32
6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
7 Drive y: (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

  Datentr„ger ###  Status         Gr”áe    Frei     Dyn  GPT
  ---------------  -------------  -------  -------  ---  ---
  Datentr„ger 0    Online          465 GB      0 B         
  Datentr„ger 1    Online          232 GB  1024 KB         
  Datentr„ger 2    Online          981 MB      0 B         

Partitions of Disk 0:
===============

  Partition ###  Typ               GrӇe    Offset
  -------------  ----------------  -------  -------
  Partition 1    Wiederherstellun    15 GB  1024 KB
  Partition 2    Prim„r             100 MB    15 GB
  Partition 3    Prim„r             450 GB    15 GB

======================================================================================================

Disk: 0
Partition 1
Typ      : 27
Versteckt: Ja
Aktiv    : Nein

  Volume ###  Bst  Bezeichnung  DS     Typ         GrӇe    Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 3     E   PQSERVICE    NTFS   Partition     15 GB  Fehlerfre  Versteck

======================================================================================================

Disk: 0
Partition 2
Typ      : 07
Versteckt: Nein
Aktiv    : Ja

  Volume ###  Bst  Bezeichnung  DS     Typ         GrӇe    Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 1     Y   SYSTEM RESE  NTFS   Partition    100 MB  Fehlerfre          

======================================================================================================

Disk: 0
Partition 3
Typ      : 07
Versteckt: Nein
Aktiv    : Nein

  Volume ###  Bst  Bezeichnung  DS     Typ         GrӇe    Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 2     C   Notebook_SP  NTFS   Partition    450 GB  Fehlerfre          

======================================================================================================

Partitions of Disk 1:
===============

  Partition ###  Typ               GrӇe    Offset
  -------------  ----------------  -------  -------
  Partition 1    Prim„r             232 GB    31 KB

======================================================================================================

Disk: 1
Partition 1
Typ      : 07
Versteckt: Nein
Aktiv    : Ja

  Volume ###  Bst  Bezeichnung  DS     Typ         GrӇe    Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 4     G   HDD_ext      NTFS   Partition    232 GB  Fehlerfre          

======================================================================================================

Partitions of Disk 2:
===============

  Partition ###  Typ               GrӇe    Offset
  -------------  ----------------  -------  -------
  Partition 1    Prim„r             980 MB    31 KB

======================================================================================================

Disk: 2
Partition 1
Typ      : 0C
Versteckt: Nein
Aktiv    : Nein

  Volume ###  Bst  Bezeichnung  DS     Typ         GrӇe    Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 5     H                FAT32  Wechselmed   980 MB  Fehlerfre          

======================================================================================================

==========================================================

Last Boot: 2012-06-07 22:40

======================= End Of Log ==========================
         
Da steht irgendwas mit "ZeroAccess" - kann es das sein?

Geändert von poldikater (09.06.2012 um 16:29 Uhr) Grund: Nachtrag

Alt 09.06.2012, 17:51   #13
Larusso
/// Selecta Jahrusso
 
Sirefef und weitere auf Win7 64-bit - Standard

Sirefef und weitere auf Win7 64-bit



Drücke bitte die + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument
Code:
ATTFilter
C:\Windows\Installer\{ce099c72-c4e1-bfe6-1767-79315802bb67}
         
Speichere diese bitte als Fixlist.txt auf deinem USB Stick.
  • Starte deinen Rechner erneut in die Reparaturoptionen
  • Starte nun die FRST.exe erneut und klicke den Fix Button.
Das Tool erstellt eine Fixlog.txt auf deinem USB Stick. Poste den Inhalt bitte hier.



Starte bitte Combofix sofort nach dem Neustart erneut und poste die Logfile hier.
__________________
mfg, Daniel

ASAP & UNITE Member
Alliance of Security Analysis Professionals
Unified Network of Instructors and Trusted Eliminators

Lerne, zurück zu schlagen und unterstütze uns!
TB Akademie

Alt 09.06.2012, 18:29   #14
poldikater
 
Sirefef und weitere auf Win7 64-bit - Standard

Sirefef und weitere auf Win7 64-bit



es hat funktioniert - combofix hat ein update gemacht und dann ging's!

fixlog.txt:
Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 09-06-2012 01
Ran by SYSTEM at 2012-06-09 18:04:24 Run:1
Running from H:\

==============================================

C:\Windows\Installer\{ce099c72-c4e1-bfe6-1767-79315802bb67} moved successfully.

==== End of Fixlog ====
         
combofix.txt:
Code:
ATTFilter
ComboFix 12-06-09.01 - sandra 09.06.2012  18:10:21.1.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.43.1031.18.3947.2262 [GMT 2:00]
ausgeführt von:: c:\users\sandra\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\FullRemove.exe
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\SysWow64\C_0037.NLS
c:\windows\SysWow64\muzapp.exe
.
Infizierte Kopie von c:\windows\explorer.exe wurde gefunden und desinfiziert 
Kopie von - c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe wurde wiederhergestellt 
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-05-09 bis 2012-06-09  ))))))))))))))))))))))))))))))
.
.
2012-06-10 00:19 . 2012-06-10 00:19	--------	d-----w-	C:\FRST
2012-06-09 16:16 . 2012-06-09 16:16	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-06-08 15:44 . 2012-05-08 08:02	8955792	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F430A3C9-5BD8-4ED8-A707-59289F17293B}\mpengine.dll
2012-06-07 19:15 . 2012-06-09 10:10	--------	d-----w-	c:\program files (x86)\Emsisoft Anti-Malware
2012-06-07 17:43 . 2012-06-07 17:45	--------	d-----w-	c:\users\sandra\AppData\Roaming\ImgBurn
2012-06-07 17:32 . 2012-06-07 17:32	--------	d-----w-	c:\program files (x86)\ImgBurn
2012-06-07 17:30 . 2012-06-07 17:30	--------	d-----w-	c:\users\sandra\AppData\Roaming\Malwarebytes
2012-06-07 17:29 . 2012-06-07 17:29	--------	d-----w-	c:\programdata\Malwarebytes
2012-06-07 17:06 . 2012-06-07 17:06	--------	d-----w-	C:\TDSSKiller_Quarantine
2012-06-07 16:37 . 2012-06-07 16:40	--------	d-----w-	c:\users\sandra\AppData\Local\ElevatedDiagnostics
2012-06-07 16:27 . 2012-06-07 16:27	927800	------w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BB015A82-0430-4127-AD9D-9E18BDCA62D2}\gapaengine.dll
2012-06-07 16:27 . 2012-05-08 08:02	8955792	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-06-07 16:25 . 2012-06-07 16:25	--------	d-----w-	c:\program files (x86)\Microsoft Security Client
2012-06-07 16:25 . 2012-06-07 16:25	--------	d-----w-	c:\program files\Microsoft Security Client
2012-06-05 16:34 . 2012-06-08 18:01	--------	d-----w-	c:\users\sandra\AppData\Roaming\TOMI3
2012-06-05 16:33 . 2012-06-05 16:33	--------	d-----w-	c:\users\sandra\AppData\Roaming\Persha Studia
2012-06-05 16:32 . 2012-06-05 16:32	--------	d-----w-	c:\programdata\Dying for Daylight
2012-06-03 09:46 . 2012-06-03 09:46	--------	d-----w-	c:\windows\SysWow64\1049
2012-06-02 14:08 . 2012-06-02 14:08	354304	----a-w-	c:\windows\system32\pouazns6k.dll
2012-05-15 16:41 . 2012-05-15 16:41	--------	d-----w-	c:\windows\SysWow64\1093
2012-05-12 01:01 . 2012-05-12 01:01	--------	d-----w-	c:\program files\Microsoft Silverlight
2012-05-12 01:01 . 2012-05-12 01:01	--------	d-----w-	c:\program files (x86)\Microsoft Silverlight
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-11 14:15 . 2012-03-30 13:59	419488	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-11 14:15 . 2011-12-07 22:39	70304	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-06 19:05 . 2012-05-06 19:05	466456	----a-w-	c:\windows\system32\wrap_oal.dll
2012-05-06 19:05 . 2012-05-06 19:05	444952	----a-w-	c:\windows\SysWow64\wrap_oal.dll
2012-05-06 19:05 . 2012-05-06 19:05	122904	----a-w-	c:\windows\system32\OpenAL32.dll
2012-05-06 19:05 . 2012-05-06 19:05	109080	----a-w-	c:\windows\SysWow64\OpenAL32.dll
2012-05-06 11:26 . 2012-05-06 11:26	167936	----a-w-	c:\program files (x86)\BOOTICE_0.9.EXE
2012-03-31 06:05 . 2012-05-10 04:21	5559664	----a-w-	c:\windows\system32\ntoskrnl.exe
2012-03-31 04:39 . 2012-05-10 04:21	3968368	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2012-03-31 04:39 . 2012-05-10 04:21	3913072	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2012-03-31 03:10 . 2012-05-10 04:21	3146240	----a-w-	c:\windows\system32\win32k.sys
2012-03-30 11:35 . 2012-05-10 04:21	1918320	----a-w-	c:\windows\system32\drivers\tcpip.sys
2012-03-22 19:12 . 2012-03-22 19:12	4435968	----a-w-	c:\windows\SysWow64\GPhotos.scr
2012-03-20 18:44 . 2012-03-20 18:44	98688	----a-w-	c:\windows\system32\drivers\NisDrvWFP.sys
2012-03-20 18:44 . 2012-03-20 18:44	203888	----a-w-	c:\windows\system32\drivers\MpFilter.sys
2012-03-17 07:58 . 2012-05-10 04:21	75120	----a-w-	c:\windows\system32\drivers\partmgr.sys
2012-03-15 21:36 . 2012-03-15 21:41	1169224	----a-w-	c:\users\sandra\AppData\Roaming\Microsoft\6CEE\995u.exe
2012-03-15 21:36 . 2012-02-24 17:20	1169224	----a-w-	c:\users\sandra\AppData\Roaming\Microsoft\6CEE\995.exe
2011-12-04 16:41 . 2011-12-06 18:03	658944	----a-w-	c:\program files (x86)\Win7BootUpdater.exe
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2009-07-14 . 24ACB7E5BE595468E3B9AA488B9B4FCB . 328704 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[-] 2009-07-14 . 50BEA589F7D7958BDD2528A8F69D05CC . 329216 . . [6.1.7600.16385] .. c:\windows\system32\services.exe
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BackupManagerTray"="c:\program files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" [2011-02-15 297280]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2011-03-14 1081424]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"Spy Protector"="c:\program files (x86)\Security Task Manager\SpyProtector.exe" [2010-11-10 140616]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"IsMyWinLockerReboot"="msiexec.exe" [2010-11-21 73216]
.
c:\users\sandra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2012-2-26 98504]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Secunia PSI Tray.lnk - c:\program files (x86)\SecuniaPSI\psi_tray.exe [2011-10-14 291896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 253600]
R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [x]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [x]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [x]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [x]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [x]
R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-09 113120]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [x]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [x]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [x]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2011-01-20 76448]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2011-03-14 352336]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2011-02-22 873064]
S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe [2010-01-08 23584]
S2 Live Updater Service;Live Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2011-01-31 244624]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [2011-02-15 257344]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\SecuniaPSI\PSIA.exe [2011-10-14 994360]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\SecuniaPSI\sua.exe [2011-10-14 399416]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-01-19 3027840]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-20 2656280]
S2 Update-Service;Update-Service;c:\windows\System32\svchost.exe [2009-07-14 27136]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [x]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [x]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Update-Service-Installer-Service	REG_MULTI_SZ   	Update-Service-Installer-Service
Update-Service	REG_MULTI_SZ   	Update-Service
.
Inhalt des "geplante Tasks" Ordners
.
2012-06-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 13:59]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AD4DF010-E2FD-43CE-864A-6BD1EDC59AC2}]
2011-12-07 16:28	414720	----a-w-	c:\users\sandra\AppData\Roaming\Media Finder\Extensions\IEPlugin64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-12-30 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-12-30 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-12-30 418328]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-01-12 11775592]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-01-10 2186856]
"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2011-01-20 379552]
"Power Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2011-02-22 1796200]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-08-10 1873256]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com/ig
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://acer.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = http=127.0.0.1:52444
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Download with &Media Finder - c:\program files (x86)\Media Finder\hook.html
LSP: mswsock.dll
Trusted Zone: secunia.com
TCP: DhcpNameServer = 80.237.176.196
FF - ProfilePath - c:\users\sandra\AppData\Roaming\Mozilla\Firefox\Profiles\4krip5g8.default\
FF - prefs.js: browser.search.selectedEngine - hxxp://www.google.com/search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.type - 0
FF - user.js: extensions.BabylonToolbar_i.id - e016886c000000000000deaf78303f35
FF - user.js: extensions.BabylonToolbar_i.hardId - e016886c000000000000deaf78303f35
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15428
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1715:39
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=111015
FF - user.js: extensions.BabylonToolbar_i.babExt - 
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-Witches' Legacy - The Charleston Curse CE V21.0 - c:\spiele\Witches Legacy - The Charleston Curse CE\uninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Launch Manager\LMutilps32.exe
c:\program files (x86)\TeamViewer\Version7\TeamViewer.exe
c:\program files (x86)\TeamViewer\Version7\tv_w32.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-06-09  18:22:30 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-06-09 16:22
.
Vor Suchlauf: 13 Verzeichnis(se), 392.722.391.040 Bytes frei
Nach Suchlauf: 20 Verzeichnis(se), 392.340.054.016 Bytes frei
.
- - End Of File - - 5027AA4CB2AB7CFEF8374227E60107E9
         
Firewall geht wieder und Security Essentials auch!

Geändert von poldikater (09.06.2012 um 18:39 Uhr) Grund: Nachtrag

Alt 09.06.2012, 18:40   #15
Larusso
/// Selecta Jahrusso
 
Sirefef und weitere auf Win7 64-bit - Standard

Sirefef und weitere auf Win7 64-bit



Sieht schon mal ganz gut aus


Bevor wir uns an die Reste machen, brauche ich noch ein paar Details



Bitte lasse die Datei aus der Code-Box bei Virustotal überprüfen.
  • Klicke auf Durchsuchen
  • Kopiere nun folgendes in die Suchleiste.
    Code:
    ATTFilter
    C:\Windows\System32\pouazns6k.dll
             
  • und klicke auf Öffnen.
  • Klicke auf Send File.
Warte bitte bis die Datei vollständig hochgeladen wurde. Solltest Du folgende Meldung bekommen.
Zitat:
File already submitted: The file sent has already been analysed by VirusTotal in the past. This is same basic info regarding the sample itself and its last analysis:
klicke auf Reanalyse.
Warte bis unter Current status: Finished steht.

Kopiere den Link aus deiner Adresszeile und poste ihn hier.

Wiederhole diese Schritte bitte mit folgender Datei:
c:\users\sandra\AppData\Roaming\Microsoft\6CEE\995u.exe



Scan mit SystemLook

Lade SystemLook von jpshortstuff von einem der folgenden Spiegel herunter und speichere das Tool auf dem Desktop.

Download Mirror #1
  • Doppelklick auf die SystemLook.exe, um das Tool zu starten.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere den Inhalt der folgenden Codebox in das Textfeld des Tools:

    Code:
    ATTFilter
    :folderfind
    {ce099c72-c4e1-bfe6-1767-79315802bb67}
    :regfind
    {ce099c72-c4e1-bfe6-1767-79315802bb67}
             
  • Klicke nun auf den Button Look, um den Scan zu starten.
  • Wenn der Suchlauf beendet ist, wird sich Dein Editor mit den Ergebnissen öffnen, diese hier in den Thread posten.
  • Die Ergebnisse werden auf dem Desktop als SystemLook.txt gespeichert.
__________________
mfg, Daniel

ASAP & UNITE Member
Alliance of Security Analysis Professionals
Unified Network of Instructors and Trusted Eliminators

Lerne, zurück zu schlagen und unterstütze uns!
TB Akademie

Geändert von Larusso (09.06.2012 um 18:47 Uhr)

Antwort

Themen zu Sirefef und weitere auf Win7 64-bit
0x8007042c, acer, aktivieren, alureon, board, boot-cd, deaktiviert, emsisoft, essen, fehlercode, firewall, google, installieren, kaspersky, laptop, logfiles, meldung, ms security essentials, neu, nicht mehr, nichts, offline, removen, rootkit, schwere, schädling, sirefef, suche, tipps, win, win7, win7 64bit



Ähnliche Themen: Sirefef und weitere auf Win7 64-bit


  1. Win7: Explorer und weitere Win-Funktionen arbeiten nicht richtig + dll-Dateien-Fehler
    Log-Analyse und Auswertung - 04.01.2015 (13)
  2. Win7: Fund Rce.Gen3 in Quarantäne. Weitere Vorgehensweise
    Plagegeister aller Art und deren Bekämpfung - 17.09.2014 (7)
  3. WIN7: AVAST meldet Win32:Bprotect-D /-F /-H und weitere, Rechner läuft
    Log-Analyse und Auswertung - 05.06.2014 (12)
  4. Win7 (x64): Avira findet TR/Rogue.1022.51, danach massig Adware und weitere Trojaner
    Log-Analyse und Auswertung - 17.04.2014 (7)
  5. Win7 64 bit Anhang aus e-mail geöffnet; seitdem ungewollte popups und weitere Unregelmässigkeiten
    Log-Analyse und Auswertung - 08.04.2014 (13)
  6. Win7: Ständige Virenwarnungen in Bannern, mysearchial und weitere seltsame Seiten
    Log-Analyse und Auswertung - 26.03.2014 (11)
  7. Win7 32bit Advanced System Protector Befall und evt. weitere
    Log-Analyse und Auswertung - 15.11.2013 (14)
  8. Win32:Sirefef-ZT [trj] in System.exe + weitere Viren/Malware
    Plagegeister aller Art und deren Bekämpfung - 31.01.2013 (11)
  9. Sirefef.K.1 Trojan und weitere Trojaner gefunden
    Log-Analyse und Auswertung - 24.11.2012 (2)
  10. TR/Sirefef.16896 und TR/ATRAPS.Gen2 im Papierkorb-Verzeichnis (Win7 x64)
    Plagegeister aller Art und deren Bekämpfung - 23.09.2012 (5)
  11. sirefef.ah und sirefef.r auf Win7 (32bit) gefunden. Rechner fährt automatisch runter.
    Plagegeister aller Art und deren Bekämpfung - 06.08.2012 (37)
  12. TR/sirefef.A und weitere Variationen
    Plagegeister aller Art und deren Bekämpfung - 25.07.2012 (8)
  13. Win7/64: Sirefef.b, .w und .y gefunden, Teilerfolg schon erzielt
    Plagegeister aller Art und deren Bekämpfung - 06.07.2012 (21)
  14. Sirefef.Ak/W/M & komische Sounds Win7 64
    Plagegeister aller Art und deren Bekämpfung - 19.06.2012 (1)
  15. Win7 HomePremium 64bit Trojan:Win64/Sirefef.K +.E +.D
    Plagegeister aller Art und deren Bekämpfung - 10.01.2012 (53)
  16. Trojan:Win64/Sirefef.K, Sirefef.E und Sirefef.D kommen immer wieder
    Plagegeister aller Art und deren Bekämpfung - 04.01.2012 (1)
  17. TR/Sirefef.A.31 in C:\Users\***\AppData\Local\Temp\06263bf.cpl und weitere Trojaner
    Plagegeister aller Art und deren Bekämpfung - 11.06.2011 (13)

Zum Thema Sirefef und weitere auf Win7 64-bit - Liebe Community, nach viel google und Suche in eurem board (wonach ich dann einige eurer tipps und tricks und anti-malware-Progs ausprobiert habe) muss ich euch leider doch "bemühen": Ich hab - Sirefef und weitere auf Win7 64-bit...
Archiv
Du betrachtest: Sirefef und weitere auf Win7 64-bit auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.