MyCity » Ambulanta -> Arhiva Ambulante » Kako da otklonim Sirefef.A.61 trojanca ? Pomoć

Kako da otklonim Sirefef.A.61 trojanca ? Pomoć

Napisano na dan: 12.1.2013

Kako da otklonim Sirefef.A.61 trojanca ? Pomoć

Sledeća strana

Pagination

Odgovori

zoccy Poslao: 12 Jan 2013 18:10 Idi na vrh
offline zoccy Novi MyCity građanin Pridružio: 11 Jan 2013 Poruke: 3	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Pozdrav svima u forumu. Imam već četiri dana problem na računaru sa trojancem pod nazivom TR/Sirefef.A.61. Naime, instaliran anti virus Avira ga prepozna i svaki minut - dva izbacuje obaveštenje da ga imam na računaru i kada kliknem da ga izbriše neuspeva, pa tako stalno iznova.Avira napiše da detektuje file C:\$Recycle.Bin\S-1-5-18\$xxxxxx (ovo x su razna slova i brojevi). Probao sam i ručno da ga izbrišem po uputstvu na blog.teesupport.com/can...anually-delete-trsirefef-a-61/ ali ništa od tih fajlova nisam pronašao na disku, niti odgovarajuće zapise u registry-u. Pokušao sam sa emsisoft anti-malware programom - ne uspeva ga ukloniti,probao sam i OSAM skener i uopšte ga nije detektovao.Postoji li neko rešenje ? Unapred hvala. Napomena: Gmer3 nisam stavio u att. jer sam dobio prazan ekran za tu etapu skeniranja. ************************************************************* DDS (Ver_2012-11-05.02) - NTFS_x86 Internet Explorer: 8.0.7601.17514 Run by 68codex at 19:42:25 on 2013-01-11 #Option Extended Search is enabled. #Option Whitelisting is disabled. Microsoft Windows 7 Starter 6.1.7601.1.1252.49.1031.18.1013.167 [GMT 1:00] . AV: AntiVir Desktop Enabled/Updated {090F9C29-64CE-6C6F-379C-5901B49A85B7} SP: Windows Defender Disabled/Updated {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: AntiVir Desktop Enabled/Updated {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A} . ============== Running Processes ================ . C:\windows\system32\wininit.exe C:\windows\system32\lsm.exe C:\Program Files\Emsisoft Anti-Malware\a2service.exe C:\windows\System32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe C:\windows\SYSTEM32\Rezip.exe C:\Program Files\Avira\AntiVir Desktop\avshadow.exe C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe C:\windows\system32\conhost.exe C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\windows\system32\taskhost.exe C:\windows\system32\Dwm.exe C:\windows\Explorer.EXE C:\windows\system32\taskeng.exe C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe C:\windows\System32\rundll32.exe C:\windows\system32\igfxext.exe C:\windows\system32\igfxsrvc.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\windows\system32\igfxsrvc.exe C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Real\RealPlayer\Update\realsched.exe C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\windows\system32\SearchIndexer.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\McAfee Security Scan\3.0.285\SSScheduler.exe C:\Program Files\OpenOffice.org 3\program\soffice.exe C:\Program Files\OpenOffice.org 3\program\soffice.bin C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Users\68codex\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\68codex\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\68codex\AppData\Local\Google\Chrome\Application\chrome.exe C:\Program Files\Avira\AntiVir Desktop\avscan.exe C:\Users\68codex\AppData\Local\Google\Chrome\Application\chrome.exe C:\totalcmd\TOTALCMD.EXE C:\windows\system32\conhost.exe C:\windows\system32\wbem\wmiprvse.exe C:\windows\system32\svchost.exe -k DcomLaunch C:\windows\system32\svchost.exe -k RPCSS C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\windows\system32\svchost.exe -k netsvcs C:\windows\system32\svchost.exe -k LocalService C:\windows\system32\svchost.exe -k NetworkService C:\windows\system32\svchost.exe -k LocalServiceNoNetwork C:\windows\system32\svchost.exe -k imgsvc C:\windows\system32\svchost.exe -k bthsvcs C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.de/ uLocal Page = c:\windows\system32\blank.htm uWindow Title = Windows Internet Explorer bereitgestellt von Vodafone D2 GmbH uSearch Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 uDefault_Page_URL = hxxp://www.vodafonelive.de mStart Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 mLocal Page = c:\windows\system32\blank.htm mSearch Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 mDefault_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157 mDefault_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 uProxyOverride = <local> uURLSearchHooks: Microsoft Url Search Hook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - c:\windows\system32\ieframe.dll mWinlogon: Shell = explorer.exe mWinlogon: Userinit = c:\windows\system32\userinit.exe, BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll uRun: [Google Update] "c:\users\68codex\appdata\local\google\update\GoogleUpdate.exe" /c uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun mRun: [IgfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot mRun: [MobileConnect] c:\program files\vodafone\vodafone mobile connect\bin\MobileConnect.exe /silent mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [emsisoft anti-malware] "c:\program files\emsisoft anti-malware\a2guard.exe" /d=60 StartupFolder: c:\users\68codex\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\3.0.285\SSScheduler.exe mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableInstallerDetection = dword:1 mPolicies-System: EnableSecureUIAPaths = dword:1 mPolicies-System: EnableUIADesktopToggle = dword:0 mPolicies-System: EnableVirtualization = dword:1 mPolicies-System: PromptOnSecureDesktop = dword:1 mPolicies-System: ValidateAdminCodeSignatures = dword:0 mPolicies-System: dontdisplaylastusername = dword:0 mPolicies-System: scforceoption = dword:0 mPolicies-System: shutdownwithoutlogon = dword:1 mPolicies-System: undockwithoutlogon = dword:1 mPolicies-System: FilterAdministratorToken = dword:0 IE: Bild an &Bluetooth-Gerät senden... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm IE: Nach Microsoft E&xel exportieren - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: Seite an &Bluetooth-Gerät senden... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm LSP: %SystemRoot%\system32\mswsock.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab TCP: Interfaces\{6CB44DBC-6166-496D-B83D-F8183DC7BE4B} : NameServer = 139.7.30.126 139.7.30.125 TCP: Interfaces\{E793A022-ED28-46DF-8C3E-86340F53F248} : NameServer = 192.168.0.1 Filter: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - Filter: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - c:\windows\system32\urlmon.dll Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - c:\windows\system32\urlmon.dll Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office12\MSOXMLMF.DLL Handler: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - c:\windows\system32\mshtml.dll Handler: cdl - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - c:\windows\system32\urlmon.dll Handler: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - c:\windows\system32\MSVidCtl.dll Handler: file - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - c:\windows\system32\urlmon.dll Handler: ftp - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - c:\windows\system32\urlmon.dll Handler: http - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - c:\windows\system32\urlmon.dll Handler: https - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - c:\windows\system32\urlmon.dll Handler: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - c:\windows\system32\itss.dll Handler: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - c:\windows\system32\mshtml.dll Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - c:\program files\windows live\messenger\msgrapp.dll Handler: local - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - c:\windows\system32\urlmon.dll Handler: mailto - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - c:\windows\system32\mshtml.dll Handler: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} - c:\windows\system32\inetcomm.dll Handler: mk - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - c:\windows\system32\urlmon.dll Handler: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - c:\program files\common files\microsoft shared\help\hxds.dll Handler: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - c:\windows\system32\itss.dll Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - c:\program files\windows live\messenger\msgrapp.dll Handler: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - c:\program files\common files\microsoft shared\web components\11\OWC11.DLL Handler: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - c:\windows\system32\mshtml.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll Handler: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - c:\windows\system32\MSVidCtl.dll Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - c:\windows\system32\mshtml.dll Handler: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - c:\program files\windows live\mail\mailcomm.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll Name-Space Handler: mk\* - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - c:\windows\system32\itss.dll Notify: igfxcui - igfxdev.dll SSODL: WebCheck - <orphaned> SecurityProviders: SecurityProviders = credssp.dll LSA: Authentication Packages = msv1_0 LSA: Notification Packages = scecli LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg pku2u livessp SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 winsrv:ConServerDllInitialization,2 sxssrv,4 mASetup: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - c:\windows\system32\unregmp2.exe /ShowWMP mASetup: >{26923b43-4d38-484f-9b9e-de460746276c} - c:\windows\system32\ie4uinit.exe -UserIconConfig mASetup: >{3492182F-DD96-4A52-A533-D46D25B02994} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP mASetup: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - c:\windows\system32\regsvr32.exe /s /n /i:/userinstall c:\windows\system32\themeui.dll mASetup: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "c:\program files\windows mail\WinMail.exe" OCInstallUserConfigOE mASetup: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - c:\windows\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI mASetup: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll mASetup: {89820200-ECBD-11cf-8B85-00AA005B4383} - c:\windows\system32\ie4uinit.exe -BaseSettings mASetup: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\windows\system32\rundll32.exe c:\windows\system32\mscories.dll,Install CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - c:\windows\system32\shell32.dll . ============= SERVICES / DRIVERS =============== . R0 ACPI;Microsoft ACPI-Treiber;c:\windows\system32\drivers\acpi.sys [2011-6-21 274304] R0 amdxata;amdxata;c:\windows\system32\drivers\amdxata.sys [2011-4-28 22400] R0 atapi;IDE-Kanal;c:\windows\system32\drivers\atapi.sys [2009-7-14 21584] R0 CLFS;Gemeinsames Protokoll (CLFS);c:\windows\system32\clfs.sys [2009-7-14 249408] R0 CNG;CNG;c:\windows\system32\drivers\cng.sys [2012-7-11 369336] R0 Compbatt;Microsoft Composite Battery-Treiber;c:\windows\system32\drivers\compbatt.sys [2009-7-14 19024] R0 Disk;Laufwerktreiber;c:\windows\system32\drivers\disk.sys [2009-7-14 57424] R0 FileInfo;File Information FS MiniFilter;c:\windows\system32\drivers\fileinfo.sys [2009-7-14 58448] R0 FltMgr;FltMgr;c:\windows\system32\drivers\fltMgr.sys [2009-7-14 198208] R0 fvevol;Filtertreiber der Bitlocker-Laufwerkverschlüsselung;c:\windows\system32\drivers\fvevol.sys [2011-6-21 194800] R0 hwpolicy;Hardware Policy Driver;c:\windows\system32\drivers\hwpolicy.sys [2011-6-21 14208] R0 iaStor;Intel AHCI Controller;c:\windows\system32\drivers\iaStor.sys [2010-3-29 330264] R0 KSecDD;KSecDD;c:\windows\system32\drivers\ksecdd.sys [2012-7-11 67440] R0 KSecPkg;KSecPkg;c:\windows\system32\drivers\ksecpkg.sys [2012-7-11 134000] R0 mountmgr;Bereitstellungspunkt-Manager;c:\windows\system32\drivers\mountmgr.sys [2011-6-21 78208] R0 msahci;msahci;c:\windows\system32\drivers\msahci.sys [2011-6-21 28032] R0 msisadrv;msisadrv;c:\windows\system32\drivers\msisadrv.sys [2009-7-14 13888] R0 Mup;Mup;c:\windows\system32\drivers\mup.sys [2009-7-14 49728] R0 NDIS;NDIS-Systemtreiber;c:\windows\system32\drivers\ndis.sys [2012-9-12 712048] R1 A2DDA;A2 Direct Disk Access Support Driver;c:\program files\emsisoft anti-malware\a2ddax86.sys [2013-1-8 17904] R1 AFD;Ancillary Function Driver for Winsock;c:\windows\system32\drivers\afd.sys [2011-6-16 338944] R1 avipbb;avipbb;c:\windows\system32\drivers\avipbb.sys [2010-12-27 138192] R1 Beep;Beep;c:\windows\system32\drivers\beep.sys [2009-7-14 6144] R1 blbdrive;blbdrive;c:\windows\system32\drivers\blbdrive.sys [2009-7-14 35328] R1 DfsC;DFS Namespace Client Driver;c:\windows\system32\drivers\dfsc.sys [2011-6-21 78336] R1 discache;System Attribute Cache;c:\windows\system32\drivers\discache.sys [2009-7-14 32256] R1 Msfs;Msfs;c:\windows\system32\drivers\msfs.sys [2009-7-14 22528] R1 mssmbios;Microsoft-Systemverwaltungs-BIOS-Treiber;c:\windows\system32\drivers\mssmbios.sys [2009-7-14 28240] R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-12-27 66616] R2 lltdio;Link-Layer Topology Discovery Mapper I/O Driver;c:\windows\system32\drivers\lltdio.sys [2009-7-14 48128] R2 luafv;UAC-Dateivirtualisierung;c:\windows\system32\drivers\luafv.sys [2009-7-14 86528] R3 bowser;Browsersupporttreiber;c:\windows\system32\drivers\bowser.sys [2011-4-15 69632] R3 BthEnum;Bluetooth-Anforderungsblocktreiber;c:\windows\system32\drivers\bthenum.sys [2009-7-14 34816] R3 BTHMODEM;Serieller Kommunikationstreiber für Bluetooth;c:\windows\system32\drivers\bthmodem.sys [2009-7-14 56320] R3 BthPan;Bluetooth-Gerät (PAN);c:\windows\system32\drivers\bthpan.sys [2009-7-14 93696] R3 BTHUSB;USB-Treiber für Bluetooth-Funkgerät;c:\windows\system32\drivers\BTHUSB.SYS [2011-7-13 60416] R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-3-30 43944] R3 btwaudio;Bluetooth-Audiogerät;c:\windows\system32\drivers\btwaudio.sys [2010-4-3 86056] R3 btwavdt;Bluetooth AVDT Service;c:\windows\system32\drivers\btwavdt.sys [2010-4-3 108072] R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2010-4-3 29472] R3 btwrchid;btwrchid;c:\windows\system32\drivers\btwrchid.sys [2010-4-3 18472] R3 CmBatt;Treiber für Microsoft-ACPI-Kontrollmethodenkompatiblen Akku;c:\windows\system32\drivers\CmBatt.sys [2009-7-14 14080] R3 CompositeBus;Busenumeratortreiber für Verbundgeräte;c:\windows\system32\drivers\CompositeBus.sys [2011-6-21 31232] R3 DXGKrnl;LDDM Graphics Subsystem;c:\windows\system32\drivers\dxgkrnl.sys [2011-2-10 728448] R3 HDAudBus;Microsoft-UAA-Bustreiber für High Definition Audio;c:\windows\system32\drivers\hdaudbus.sys [2011-6-21 108544] R3 HTTP;HTTP;c:\windows\system32\drivers\http.sys [2011-6-21 513536] R3 i8042prt;i8042-Tastatur- und PS/2-Mausanschluss-Treiber;c:\windows\system32\drivers\i8042prt.sys [2009-7-14 80896] R3 igfx;igfx;c:\windows\system32\drivers\igdkmd32.sys [2010-3-30 4805120] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM);c:\windows\system32\drivers\RTKVHDA.sys [2012-5-31 2977248] R3 intelppm;Intel-Prozessortreiber;c:\windows\system32\drivers\intelppm.sys [2009-7-14 53760] R3 kbdclass;Tastaturklassentreiber;c:\windows\system32\drivers\kbdclass.sys [2009-7-14 42576] R3 Modem;Modem;c:\windows\system32\drivers\modem.sys [2009-7-14 31744] R3 monitor;Microsoft Monitor-Klassenfunktionstreiber-Dienst;c:\windows\system32\drivers\monitor.sys [2009-7-14 23552] R3 mouclass;Mausklassentreiber;c:\windows\system32\drivers\mouclass.sys [2009-7-14 41552] R3 mrxsmb;SMB-Miniredirector-Wrapper und -Modul;c:\windows\system32\drivers\mrxsmb.sys [2011-6-16 123904] R3 mrxsmb10;SMB 1.x-Miniredirector;c:\windows\system32\drivers\mrxsmb10.sys [2011-8-12 223744] R3 mrxsmb20;SMB 2.0-Miniredirector;c:\windows\system32\drivers\mrxsmb20.sys [2011-6-16 96768] R3 MSPCLOCK;Microsoft Proxy für Streaming Clock;c:\windows\system32\drivers\mspclock.sys [2009-7-14 5888] R3 MSPQM;Microsoft Proxy für Streaming Quality Manager;c:\windows\system32\drivers\mspqm.sys [2009-7-14 5504] R3 NativeWifiP;NativeWiFi Filter;c:\windows\system32\drivers\nwifi.sys [2009-7-14 267264] S1 cdrom;CD-ROM-Laufwerktreiber;c:\windows\system32\drivers\cdrom.sys [2011-6-21 108544] S3 1394ohci;OHCI-konformer 1394-Hostcontroller;c:\windows\system32\drivers\1394ohci.sys [2011-6-21 164864] S3 a2acc;a2acc;c:\program files\emsisoft anti-malware\a2accx86.sys [2013-1-8 54072] S3 AcpiPmi;ACPI-Energieanzeigetreiber;c:\windows\system32\drivers\acpipmi.sys [2011-6-21 10240] S3 adp94xx;adp94xx;c:\windows\system32\drivers\adp94xx.sys [2009-6-10 422976] S3 adpahci;adpahci;c:\windows\system32\drivers\adpahci.sys [2009-7-13 297552] S3 adpu320;adpu320;c:\windows\system32\drivers\adpu320.sys [2009-7-13 146512] S3 agp440;Intel AGP-Bus-Filter;c:\windows\system32\drivers\AGP440.sys [2009-7-14 53312] S3 aic78xx;aic78xx;c:\windows\system32\drivers\djsvs.sys [2009-6-10 70720] S3 aliide;aliide;c:\windows\system32\drivers\aliide.sys [2009-7-14 14400] S3 amdagp;AMD AGP-Bus-Filtertreiber;c:\windows\system32\drivers\AMDAGP.SYS [2009-7-14 53312] S3 amdide;amdide;c:\windows\system32\drivers\amdide.sys [2009-7-14 14912] S3 AmdK8;AMD K8 Processor Driver;c:\windows\system32\drivers\amdk8.sys [2009-7-14 55296] S3 AmdPPM;AMD Processor Driver;c:\windows\system32\drivers\amdppm.sys [2009-7-14 52736] S3 amdsata;amdsata;c:\windows\system32\drivers\amdsata.sys [2011-4-28 80256] S3 amdsbs;amdsbs;c:\windows\system32\drivers\amdsbs.sys [2009-6-10 159312] S3 AppID;Anwendungs-ID-Treiber;c:\windows\system32\drivers\appid.sys [2011-6-21 50176] S3 arc;arc;c:\windows\system32\drivers\arc.sys [2009-7-13 76368] S3 arcsas;arcsas;c:\windows\system32\drivers\arcsas.sys [2009-7-13 86608] S3 AsyncMac;Asynchroner RAS -Medientreiber;c:\windows\system32\drivers\asyncmac.sys [2009-7-14 17920] S3 athr;Atheros Extensible Wireless LAN device driver;c:\windows\system32\drivers\athr.sys [2010-3-30 1227776] S3 b06bdrv;Broadcom NetXtreme II VBD;c:\windows\system32\drivers\bxvbdx.sys [2009-6-10 430080] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888] S3 BrFiltLo;Brother USB Mass-Storage Lower Filter Driver;c:\windows\system32\drivers\BrFiltLo.sys [2009-7-14 13568] S3 BrFiltUp;Brother USB Mass-Storage Upper Filter Driver;c:\windows\system32\drivers\BrFiltUp.sys [2009-7-14 5248] S3 Brserid;Brother MFC Serial Port Interface Driver (WDM);c:\windows\system32\drivers\BrSerId.sys [2009-7-14 272128] S3 BrSerWdm;Brother WDM Serial driver;c:\windows\system32\drivers\BrSerWdm.sys [2009-7-14 62336] S3 BrUsbMdm;Brother MFC USB Fax Only Modem;c:\windows\system32\drivers\BrUsbMdm.sys [2009-7-14 12160] S3 BrUsbSer;Brother MFC USB Serial WDM Driver;c:\windows\system32\drivers\BrUsbSer.sys [2009-7-14 11904] S3 BTHPORT;Bluetooth-Porttreiber;c:\windows\system32\drivers\bthport.sys [2012-8-15 393728] S3 circlass;Consumer IR Devices;c:\windows\system32\drivers\circlass.sys [2009-7-14 37888] S3 cmdide;cmdide;c:\windows\system32\drivers\cmdide.sys [2009-7-14 15952] S3 drmkaud;Microsoft Trusted Audio Drivers;c:\windows\system32\drivers\drmkaud.sys [2009-7-14 5120] S3 ebdrv;Broadcom NetXtreme II 10 GigE VBD;c:\windows\system32\drivers\evbdx.sys [2009-6-10 3100160] S3 elxstor;elxstor;c:\windows\system32\drivers\elxstor.sys [2009-6-10 453712] S3 ErrDev;Microsoft-Hardwarefehler-Gerätetreiber;c:\windows\system32\drivers\errdev.sys [2009-7-14 7168] S3 exfat;exFAT File System Driver;c:\windows\system32\drivers\exfat.sys [2009-7-14 142336] S3 fastfat;FAT12/16/32 File System Driver;c:\windows\system32\drivers\fastfat.sys [2009-7-14 148480] S3 fdc;Floppy Disk Controller Driver;c:\windows\system32\drivers\fdc.sys [2009-7-14 25088] S3 Filetrace;Filetrace;c:\windows\system32\drivers\filetrace.sys [2009-7-14 28160] S3 flpydisk;Floppy Disk Driver;c:\windows\system32\drivers\flpydisk.sys [2009-7-14 19968] S3 FsDepends;File System Dependency Minifilter;c:\windows\system32\drivers\fsdepends.sys [2009-7-14 46160] S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2012-11-13 49664] S3 gagp30kx;Microsoft Generic AGPv3.0 Filter for K8 Processor Platforms;c:\windows\system32\drivers\GAGP30KX.SYS [2009-7-14 57936] S3 hcw85cir;Hauppauge Consumer Infrared Receiver;c:\windows\system32\drivers\hcw85cir.sys [2009-7-13 26624] S3 HdAudAddService;Microsoft 1.1 UAA-Funktionstreiber für High Definition Audio-Dienst;c:\windows\system32\drivers\HdAudio.sys [2011-6-21 304128] S3 HidBatt;HID UPS Battery Driver;c:\windows\system32\drivers\hidbatt.sys [2009-7-14 21504] S3 HidBth;Microsoft Bluetooth HID Miniport;c:\windows\system32\drivers\hidbth.sys [2009-7-14 91136] S3 HidIr;Microsoft Infrared HID Driver;c:\windows\system32\drivers\hidir.sys [2009-7-14 37888] S3 HidUsb;Microsoft HID Class-Treiber;c:\windows\system32\drivers\hidusb.sys [2011-6-21 24064] S3 HpSAMD;HpSAMD;c:\windows\system32\drivers\HpSAMD.sys [2009-7-13 67152] S3 iaStorV;Intel RAID-Controller Windows 7;c:\windows\system32\drivers\iaStorV.sys [2011-4-28 332160] S3 iirsp;iirsp;c:\windows\system32\drivers\iirsp.sys [2009-7-13 41040] S3 intelide;intelide;c:\windows\system32\drivers\intelide.sys [2009-7-14 15424] S3 IpFilterDriver;Filtertreiber für IP-Datenverkehr;c:\windows\system32\drivers\ipfltdrv.sys [2009-7-14 58880] S3 IPMIDRV;IPMIDRV;c:\windows\system32\drivers\IPMIDrv.sys [2011-6-21 65536] S3 IPNAT;IP Network Address Translator;c:\windows\system32\drivers\ipnat.sys [2009-7-14 101888] S3 IRENUM;IR Bus Enumerator;c:\windows\system32\drivers\irenum.sys [2009-7-14 13824] S3 isapnp;isapnp;c:\windows\system32\drivers\isapnp.sys [2009-7-14 46656] S3 iScsiPrt;iScsiPort-Treiber;c:\windows\system32\drivers\msiscsi.sys [2011-6-21 233344] S3 kbdhid;Tastatur-HID-Treiber;c:\windows\system32\drivers\kbdhid.sys [2011-6-21 28160] S3 LSI_FC;LSI_FC;c:\windows\system32\drivers\lsi_fc.sys [2009-7-13 95824] S3 LSI_SAS;LSI_SAS;c:\windows\system32\drivers\lsi_sas.sys [2009-7-13 89168] S3 LSI_SAS2;LSI_SAS2;c:\windows\system32\drivers\lsi_sas2.sys [2009-7-13 54864] S3 LSI_SCSI;LSI_SCSI;c:\windows\system32\drivers\lsi_scsi.sys [2009-7-13 96848] S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2009-8-18 9216] S3 megasas;megasas;c:\windows\system32\drivers\megasas.sys [2009-6-10 30800] S3 MegaSR;MegaSR;c:\windows\system32\drivers\MegaSR.sys [2009-7-13 235584] S3 mouhid;Maus-HID-Treiber;c:\windows\system32\drivers\mouhid.sys [2009-7-14 26112] S3 mpio;Microsoft Multipfad-Bustreiber;c:\windows\system32\drivers\mpio.sys [2011-6-21 130432] S3 mpsdrv;Windows-Firewallautorisierungstreiber;c:\windows\system32\drivers\mpsdrv.sys [2009-7-14 60416] S3 MRxDAV;Redirector-Treiber für WebDav-Client;c:\windows\system32\drivers\mrxdav.sys [2011-6-21 115712] S3 msdsm;Microsoft Multipfadgeräte-spezifisches Modul;c:\windows\system32\drivers\msdsm.sys [2011-6-21 116096] S3 mshidkmdf;Pass-through HID to KMDF Filter Driver;c:\windows\system32\drivers\mshidkmdf.sys [2009-7-14 4096] S3 MSKSSRV;Microsoft Streaming Service Proxy;c:\windows\system32\drivers\mskssrv.sys [2009-7-14 8320] S3 MsRPC;MsRPC;c:\windows\system32\drivers\msrpc.sys [2009-7-14 162896] S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung;c:\windows\system32\drivers\mstee.sys [2009-7-14 6144] S3 MTConfig;Microsoft Input Configuration Driver;c:\windows\system32\drivers\MTConfig.sys [2009-7-14 12288] S4 cdfs;CD/DVD File System Reader;c:\windows\system32\drivers\cdfs.sys [2009-7-14 70656] S4 crcdisk;Crcdisk Filter Driver;c:\windows\system32\drivers\crcdisk.sys [2009-7-14 22096] . =============== File Associations =============== . FileExt: .bat: batfile="%1" %* FileExt: .cmd: cmdfile="%1" %* FileExt: .com: comfile="%1" %* FileExt: .exe: exefile="%1" %* FileExt: .pif: piffile="%1" %* FileExt: .scr: scrfile="%1" /S FileExt: .reg: regfile=regedit.exe "%1" FileExt: .txt: txtfile=c:\windows\system32\NOTEPAD.EXE %1 FileExt: .chm: chm.file="c:\windows\hh.exe" %1 FileExt: .ini: inifile=c:\windows\system32\NOTEPAD.EXE %1 FileExt: .inf: inffile=c:\windows\system32\NOTEPAD.EXE %1 ShellExec: AcroRD32.exe: Read="c:\program files\adobe\reader 9.0\reader\AcroRd32.exe" "%1" ShellExec: iexplore.exe: open="c:\program files\internet explorer\iexplore.exe" %1 ShellExec: MovieMaker.exe: Open="c:\program files\windows live\photo gallery\MovieMaker.exe" "%1" ShellExec: mspaint.exe: edit="c:\windows\system32\mspaint.exe" "%1" ShellExec: notepad.exe: edit=c:\windows\system32\NOTEPAD.EXE %1 ShellExec: notepad.exe: open=c:\windows\system32\NOTEPAD.EXE %1 ShellExec: ois.exe: Edit=c:\progra~1\micros~2\office12\OIS.EXE /shellEdit "%1" ShellExec: ois.exe: Open=c:\progra~1\micros~2\office12\OIS.EXE /shellOpen "%1" ShellExec: ois.exe: Preview=c:\progra~1\micros~2\office12\OIS.EXE /shellPreview "%1" ShellExec: photoviewer.dll: open=c:\windows\system32\rundll32.exe "c:\program files\windows photo viewer\PhotoViewer.dll", ImageView_Fullscreen %1 ShellExec: photoviewer.dll: print=c:\windows\system32\rundll32.exe "c:\program files\windows photo viewer\PhotoViewer.dll", ImageView_Fullscreen %1 ShellExec: RealPlay.exe: open="c:\program files\real\realplayer\realplay.exe" "%1" ShellExec: vlc.exe: Open="c:\program files\videolan\vlc\vlc.exe" --started-from-file "%1" ShellExec: Winword.exe: edit="c:\program files\microsoft office\office12\WINWORD.EXE" /n /dde ShellExec: WLXPhotoViewer.dll: open="c:\program files\windows live\photo gallery\WLXPhotoGallery.exe" /LaunchPhotoViewer /v "%1" ShellExec: wmplayer.exe: open="c:\program files\windows media player\wmplayer.exe" /Open "%L" ShellExec: wmplayer.exe: play="c:\program files\windows media player\wmplayer.exe" /Play "%L" ShellExec: wordpad.exe: open="c:\program files\windows nt\accessories\WORDPAD.EXE" "%1" . =============== Created Last 60 ================ . 2013-01-09 12:59:53 626688 ----a-w- c:\windows\system32\usp10.dll 2013-01-09 12:59:51 2345984 ----a-w- c:\windows\system32\win32k.sys 2013-01-09 12:59:48 492032 ----a-w- c:\windows\system32\win32spl.dll 2013-01-09 12:59:25 1389568 ----a-w- c:\windows\system32\msxml6.dll 2013-01-09 12:59:13 293376 ----a-w- c:\windows\system32\KernelBase.dll 2013-01-09 12:59:11 868352 ----a-w- c:\windows\system32\kernel32.dll 2013-01-09 12:59:11 271360 ----a-w- c:\windows\system32\conhost.exe 2013-01-09 12:59:11 169984 ----a-w- c:\windows\system32\winsrv.dll 2013-01-09 12:59:10 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll 2013-01-09 12:59:10 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2013-01-09 12:59:10 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll 2013-01-09 12:59:10 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2013-01-09 12:59:10 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2013-01-09 12:59:09 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll 2013-01-09 12:59:09 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2013-01-09 12:59:09 4096 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll 2013-01-09 12:59:09 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2013-01-09 12:59:09 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2013-01-09 12:59:09 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2013-01-09 12:59:09 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2013-01-09 12:59:09 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll 2013-01-09 12:59:09 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2013-01-09 12:59:09 3584 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2013-01-09 12:59:09 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll 2013-01-09 12:59:09 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll 2013-01-09 12:59:09 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll 2013-01-09 12:59:09 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll 2013-01-09 12:59:09 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll 2013-01-09 12:59:09 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll 2013-01-09 12:59:09 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2013-01-09 12:59:09 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll 2013-01-09 12:59:09 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2013-01-09 12:59:08 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2013-01-09 12:59:08 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll 2013-01-09 12:59:08 3072 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2013-01-09 12:59:07 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll 2013-01-09 12:58:16 49152 ----a-w- c:\windows\system32\taskhost.exe 2013-01-09 12:58:14 220160 ----a-w- c:\windows\system32\ncrypt.dll 2013-01-09 12:58:07 45568 ----a-w- c:\windows\system32\oflc-nz.rs 2013-01-09 12:58:06 46592 ----a-w- c:\windows\system32\fpb.rs 2013-01-09 12:58:06 44544 ----a-w- c:\windows\system32\pegibbfc.rs 2013-01-09 12:58:06 43520 ----a-w- c:\windows\system32\csrr.rs 2013-01-09 12:58:06 40960 ----a-w- c:\windows\system32\cob-au.rs 2013-01-09 12:58:06 30720 ----a-w- c:\windows\system32\usk.rs 2013-01-09 12:58:06 2576384 ----a-w- c:\windows\system32\gameux.dll 2013-01-09 12:58:06 21504 ----a-w- c:\windows\system32\grb.rs 2013-01-09 12:58:06 20480 ----a-w- c:\windows\system32\pegi.rs 2013-01-09 12:58:06 20480 ----a-w- c:\windows\system32\pegi-pt.rs 2013-01-09 12:58:06 15360 ----a-w- c:\windows\system32\djctq.rs 2013-01-09 12:58:05 308736 ----a-w- c:\windows\system32\Wpc.dll 2013-01-09 12:58:03 55296 ----a-w- c:\windows\system32\cero.rs 2013-01-09 12:58:03 51712 ----a-w- c:\windows\system32\esrb.rs 2013-01-09 12:58:03 23552 ----a-w- c:\windows\system32\oflc.rs 2013-01-09 12:58:03 20480 ----a-w- c:\windows\system32\pegi-fi.rs 2013-01-08 19:33:00 -------- d-----w- c:\program files\Emsisoft Anti-Malware 2013-01-07 19:00:05 6812136 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{2bd40f9f-7cf7-4a39-8fc2-2938a09e475a}\mpengine.dll 2012-12-21 06:44:32 295424 ----a-w- c:\windows\system32\atmfd.dll 2012-12-21 06:44:31 34304 ----a-w- c:\windows\system32\atmlib.dll 2012-12-16 15:48:05 -------- d-----w- c:\program files\common files\Skype 2012-12-16 15:48:02 -------- d-----r- c:\program files\Skype 2012-12-12 15:54:29 376832 ----a-w- c:\windows\system32\dpnet.dll 2012-12-12 15:54:09 6028800 ----a-w- c:\windows\system32\mshtml.dll 2012-12-12 15:54:07 11020800 ----a-w- c:\windows\system32\ieframe.dll 2012-12-12 15:54:06 1231872 ----a-w- c:\windows\system32\urlmon.dll 2012-12-12 15:54:05 981504 ----a-w- c:\windows\system32\wininet.dll 2012-12-12 15:54:05 860672 ----a-w- c:\program files\internet explorer\iedvtool.dll 2012-12-12 15:54:04 759296 ----a-w- c:\program files\common files\microsoft shared\vgx\VGX.dll 2012-12-12 15:54:03 627712 ----a-w- c:\windows\system32\msfeeds.dll 2012-12-12 15:54:03 525312 ----a-w- c:\program files\internet explorer\jsdbgui.dll 2012-12-12 15:54:02 2073600 ----a-w- c:\windows\system32\iertutil.dll 2012-12-12 15:54:02 176640 ----a-w- c:\windows\system32\ieui.dll 2012-12-12 15:54:01 67584 ----a-w- c:\windows\system32\mshtmled.dll 2012-12-12 15:54:00 48128 ----a-w- c:\windows\system32\jsproxy.dll 2012-12-12 15:54:00 163328 ----a-w- c:\program files\internet explorer\ieproxy.dll 2012-12-12 15:54:00 132096 ----a-w- c:\windows\system32\url.dll 2012-12-12 15:53:59 1638912 ----a-w- c:\windows\system32\mshtml.tlb 2012-12-12 15:53:37 2048 ----a-w- c:\windows\system32\tzres.dll 2012-11-18 13:24:22 -------- d-----w- c:\programdata\McAfee Security Scan 2012-11-18 13:24:18 -------- d-----w- c:\programdata\McAfee 2012-11-18 13:24:11 -------- d-----w- c:\program files\McAfee Security Scan 2012-11-16 22:38:44 -------- d-----w- c:\users\68codex\appdata\roaming\Windows Live Writer 2012-11-16 22:38:44 -------- d-----w- c:\users\68codex\appdata\local\Windows Live Writer 2012-11-16 19:06:19 9728 ----a-w- c:\windows\system32\Wdfres.dll 2012-11-16 19:06:19 526952 ----a-w- c:\windows\system32\drivers\Wdf01000.sys 2012-11-16 19:06:19 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys 2012-11-16 19:04:47 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys 2012-11-16 19:04:46 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys 2012-11-16 19:04:44 73216 ----a-w- c:\windows\system32\WUDFSvc.dll 2012-11-16 19:04:44 172032 ----a-w- c:\windows\system32\WUDFPlatform.dll 2012-11-16 19:04:42 38912 ----a-w- c:\windows\system32\WUDFCoinstaller.dll 2012-11-16 19:04:42 196608 ----a-w- c:\windows\system32\WUDFHost.exe 2012-11-16 19:04:41 613888 ----a-w- c:\windows\system32\WUDFx.dll 2012-11-16 17:03:02 156672 ----a-w- c:\windows\system32\ncsi.dll 2012-11-16 17:03:01 499712 ----a-w- c:\windows\system32\iphlpsvc.dll 2012-11-16 17:03:01 175104 ----a-w- c:\windows\system32\netcorehc.dll 2012-11-16 17:03:01 1293680 ----a-w- c:\windows\system32\drivers\tcpip.sys 2012-11-16 17:03:00 242176 ----a-w- c:\windows\system32\nlasvc.dll 2012-11-16 17:02:59 52224 ----a-w- c:\windows\system32\nlaapi.dll 2012-11-16 17:02:59 35328 ----a-w- c:\windows\system32\drivers\tcpipreg.sys 2012-11-16 17:02:58 18944 ----a-w- c:\windows\system32\netevent.dll 2012-11-16 16:51:59 78336 ----a-w- c:\windows\system32\synceng.dll 2012-11-16 16:51:48 44032 ----a-w- c:\windows\system32\dhcpcsvc6.dll 2012-11-16 16:51:48 193536 ----a-w- c:\windows\system32\dhcpcore6.dll 2012-11-16 09:45:14 1365552 ----a-w- c:\program files\common files\microsoft shared\office11\msxml5.dll 2012-11-14 00:48:19 -------- d-----w- c:\users\68codex\Tracing 2012-11-13 22:06:42 -------- d-----w- c:\windows\de 2012-11-13 22:06:14 49664 ----a-w- c:\windows\system32\drivers\fssfltr.sys 2012-11-13 22:06:14 -------- dc----w- c:\windows\system32\DRVSTORE 2012-11-13 21:59:55 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll 2012-11-13 21:59:54 527192 ----a-w- c:\windows\system32\XAudio2_7.dll 2012-11-13 21:59:54 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll 2012-11-13 21:59:53 248672 ----a-w- c:\windows\system32\d3dx11_43.dll 2012-11-13 21:59:09 453456 ----a-w- c:\windows\system32\d3dx10_42.dll 2012-11-13 21:57:53 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll 2012-11-13 21:56:54 5659096 ----a-w- c:\program files\common files\windows live\.cache\7841c9751cdc1e903\skydrivesetup.exe 2012-11-13 21:56:54 -------- d-----w- c:\program files\Microsoft SkyDrive 2012-11-13 21:56:48 -------- d-----r- c:\users\68codex\SkyDrive 2012-11-13 21:55:54 -------- d-----w- c:\programdata\Microsoft SkyDrive 2012-11-13 21:54:48 89944 ----a-w- c:\program files\common files\windows live\.cache\7d14e76a1cdc1e904\DSETUP.dll 2012-11-13 21:54:48 537432 ----a-w- c:\program files\common files\windows live\.cache\7d14e76a1cdc1e904\DXSETUP.exe 2012-11-13 21:54:48 1801048 ----a-w- c:\program files\common files\windows live\.cache\7d14e76a1cdc1e904\dsetup32.dll 2012-11-13 21:54:32 94040 ----a-w- c:\program files\common files\windows live\.cache\734020c01cdc1e902\DSETUP.dll 2012-11-13 21:54:32 525656 ----a-w- c:\program files\common files\windows live\.cache\734020c01cdc1e902\DXSETUP.exe 2012-11-13 21:54:32 1691480 ----a-w- c:\program files\common files\windows live\.cache\734020c01cdc1e902\dsetup32.dll 2012-11-13 21:54:24 537432 ----a-w- c:\program files\common files\windows live\.cache\6ec843811cdc1e901\DXSETUP.exe 2012-11-13 21:54:23 89944 ----a-w- c:\program files\common files\windows live\.cache\6ec843811cdc1e901\DSETUP.dll 2012-11-13 21:54:23 1801048 ----a-w- c:\program files\common files\windows live\.cache\6ec843811cdc1e901\dsetup32.dll 2012-11-13 21:53:30 -------- d-----w- c:\users\68codex\appdata\local\Windows Live . ==================== Find6M ==================== . 2013-01-09 13:44:36 65273848 ----a-w- c:\windows\system32\MRT.exe 2013-01-08 20:00:06 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-01-08 20:00:06 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-10-16 07:39:52 561664 ----a-w- c:\windows\apppatch\AcLayers.dll 2012-09-12 15:07:44 58368 ----a-w- c:\windows\system32\sirenacm.dll 2012-09-12 14:57:44 322048 ----a-w- c:\windows\WLXPGSS.SCR 2012-08-31 17:18:09 1211760 ----a-w- c:\windows\system32\drivers\ntfs.sys 2012-08-30 17:12:02 3968880 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-08-30 17:12:02 3914096 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-08-24 16:57:48 172544 ----a-w- c:\windows\system32\wintrust.dll 2012-08-22 17:16:46 712048 ----a-w- c:\windows\system32\drivers\ndis.sys 2012-08-22 17:16:46 240496 ----a-w- c:\windows\system32\drivers\netio.sys 2012-08-22 17:16:36 187760 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS 2012-08-21 20:12:27 245760 ----a-w- c:\windows\system32\OxpsConverter.exe 2012-08-10 23:56:14 542208 ----a-w- c:\windows\system32\kerberos.dll 2012-08-02 16:57:20 490496 ----a-w- c:\windows\system32\d3d10level9.dll 2012-07-26 18:08:06 862664 ----a-w- c:\windows\system32\msvcr110.dll 2012-07-26 18:08:06 534480 ----a-w- c:\windows\system32\msvcp110.dll 2012-07-26 18:08:06 251864 ----a-w- c:\windows\system32\vccorlib110.dll 2012-07-26 18:08:06 153536 ----a-w- c:\windows\system32\atl110.dll 2012-07-26 18:08:06 115656 ----a-w- c:\windows\system32\vcomp110.dll 2012-07-26 05:26:30 2560 ----a-w- c:\windows\system32\drivers\de-de\wdf01000.sys.mui 2012-07-17 13:49:00 209648 ----a-w- c:\windows\system32\LIVESSP.DLL . ============= FINISH: 19:46:41,13 =============== ************************************************************************ mycity.rs/must-login.png mycity.rs/must-login.png mycity.rs/must-login.png

Profil

TwinHeadedEagle Poslao: 12 Jan 2013 18:35 Idi na vrh
offline TwinHeadedEagle Anti Malware Fighter Rank 2 Research Engineer @MalwareBytes Pridružio: 09 Avg 2011 Poruke: 15877 Gde živiš: Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pozdrav, zoccy U toku rešavanja slučaja, molio bih te da se pridržavas sledećeg: Detaljno čitati moja uputstva ( ili uputstva kolega koji će me zamenjivati) i raditi isključivo po njima; Ne tražiti istovremeno pomoć na drugom mestu; Nemoj koristiti druge programe za uklanjanje malware-a, osim onih za koje budeš dobio uputstvo; Obavezno prijavi ukoliko neka od predloženih procedura nije protekla kako je navedeno; U toku intervencije ne koristiti USB memorijske uređaje, dok to ne budem zatražio; Uvek kopiraj ceo izveštaj u poruku, bez da ga attach-uješ, ukoliko nije tako zatraženo; Ukoliko ne odgovorim u roku od 24h, osveži temu novim post-om; Ukoliko se ne javiš u roku od 5 dana, zatvorićemo slučaj. Za vise informacija o pravilima Ambulante MyCity foruma: LINK Idi u Control Panel -> Programs and Features i deinstaliraj: Emsisoft Anti-Malware McAfee Security Scan Plus Preuzmi sUBs-ov ComboFix sa sljedeće adrese na Desktop: Bleeping Computer Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu); Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati fajl, odaberi Desktop i klikni Save. Kada preuzimanje programa bude završeno: deaktiviraj zaštitni softver (uputstvo); zatvori pokrenute programe; dvoklikom pokreni program ComboFix; u prozoru koji se otvori klikni "I Agree". U toku rada, ComboFix će:provjeriti postoji li novija verzija programa: klikni Yes ako bude ponuđeno preuzimanje iste.ako Recovery Console nije instalirana, ponuditi instalaciju: obavezno prihvati klikom na Yes i isprati postupak.postaviti/dati određeni broj upita/obaveštenja: prihvati klikom na Yes ili OK.po potrebi, restartovati Windows (više puta); na kraju rada, otvoriti Notepad sa izveštajem o skeniranju. Iskopiraj izvještaj koji je ComboFix napravio u temu na forumu: klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All; klikni desnim tasterom miša na obilježeni tekst i izaberi Copy; klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste. Napomena:Izvještaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt); Ukoliko nakon slanja poruke primjetiš da izvještaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje fajla C:\ComboFix.txt uz poruku.

Profil

zoccy Poslao: 16 Jan 2013 21:19 Idi na vrh
offline zoccy Novi MyCity građanin Pridružio: 11 Jan 2013 Poruke: 3	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Napisano: 13 Jan 2013 20:03 Moram vam se za sada javiti tek toliko da vas obavestim da je izgleda uspelo otklanjanje Sirefef.A.61 trojanca, ali sačekaću još dan-dva da to potvrdim definitivno. Inače, ovo radimo mom rođaku koji živi u Nemačkoj, pa pošto se čovek slabo razume u računare ja mu pomažem tako što objašnjavam korake koje ste naveli preko Skajpa. Od sinoć od kada smo odradili ComboFix Avira nije više prijavljivala postojanje navedenog trojanca.Desio mu se posle primenjivanja ovog programa neki poremećaj u podešavanjima mreže te se do danas kasno popodne mučio da nađe čoveka koji administrira mrežu u njegovoj zgradi kako bi mu popravio internet.Sve u svemu , javiću se u njegovo ime čim dođe čovek sebi i pošalje mi traženi log fajl od ComboFix-a kako bi ga objavio u temi. Dopuna: 16 Jan 2013 21:19 Pozdrav.Drago mi je da vam mogu potvrditi da je pomenuti trojanac definitivno uklonjen.Rođak kaže da ne može da pronađe log fajl,ali ja se sećam da je u vreme kada je pokrenuo ComboFix uredno bio snimljen.Verovatno ga je greškom uklonio zajedno sa starim logovima.Uglavnom,sistem mu je preživeo i zato veliko hvala za nesebičnu pomoć ljudima sa foruma!

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Kako da otklonim Sirefef.A.61 trojanca ? Pomoć

Ko je trenutno na forumu

Ukupno su 855 korisnika na forumu :: 66 registrovanih, 7 sakrivenih i 782 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: 8u47, A.R.Chafee.Jr., Apok, Arsenije, Batinas, dankisha, Dannyboy, darkangel, Denaya, Djokislav, Doca, Drug pukovnik, Duh sa sekirom, Džordžino, FileFinder, Georgius, hyla, Istman, kaptain, komkom, Kordon, Krusarac, kybonacci, laurusri, Lazarus, liman, lord sir giga, Malo Točeno, Milan A. Nikolic, mile1983, mile23, Miskohd, Neutral-M, Nixon, ObelixSRB, operniki, Paor, Ray1973, riva, Rocker, ruso, segax1, Sirius, Skywhaler, Snorks, Sr.Stat., srbijaiznadsvega, stalja, Steeeefan, Stuka76, styg, taz1cl, Toni, upitnik, uruk, Van, vathra, Visionary, VJ, Vlajman1957, W123, Warpig, YU-UKI, Zimbabwe, zixmix, |_MeD_|

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by