| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: System der automatischen Informationskontrolle - Computer gesperrtWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
29.10.2012, 08:46
| #106 |
 |  System der automatischen Informationskontrolle - Computer gesperrt Hey Marius! Also, hab schon mal den Screenshot gemacht, allerdings weiß ich nicht auf welchem Pfad sich das befindet (es gibt ja hier z.B. beim MSE keine log-datei).. habe dir nochmals den Link mit dem attachment gepostet: http://www.trojaner-board.de/attachm...errt-virus.jpg lg, Golderto |
|
29.10.2012, 08:55
| #107 |
| /// Malwareteam    | System der automatischen Informationskontrolle - Computer gesperrt unter vista findest du die Logfiles von MSE hier:
__________________Code:
ATTFilter C:\ProgramData\Microsoft\Microsoft Antimalware\Support
__________________ |
|
29.10.2012, 09:20
| #108 |
| | System der automatischen Informationskontrolle - Computer gesperrtCode:
ATTFilter --------------------------------------------------------------------------------
Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094) Service Log
Started On 10-22-2012 10:35:10
************************************************************
2012-10-22T08:35:10.553Z Trace session started - MpWppTracing-10222012-103510-00000003-ffffffff.bin**********Cache stats************
No. Of buckets -> 12800
Each Bucket has max capacity of -> 1 entries
number of Entries is 0
Number of invalid entries is 0
Number of Inserts issued is 0
Number of replaces issued is 0
Number of Insert failures is 0
Number of lookups is 0
Number of misses is 0
Number of false fast lookups is 0
Number of invalidations is 0
Number of maintenance invalidations is 0
Current File Size is 311296
Journal ID = 1c90dcdc370cfe9
Trusted image state = 1 USN = 0
Setup boot count = 0
2012-10-22T08:35:10.600Z Verifying RTP plugin...
2012-10-22T08:35:10.662Z verified!
2012-10-22T08:35:10.725Z Verifying Nis plugin...
2012-10-22T08:35:10.740Z verified!
2012-10-22T08:35:11.193Z Initializing Nis plugin state...
2012-10-22T08:35:11.193Z Nis initialized!
2012-10-22T08:35:11.193Z Loading engine...
2012-10-22T08:35:11.193Z CSignatureStatus: changed to DUE_REPORTED
2012-10-22T08:35:11.193Z loaded!
2012-10-22T08:35:11.193Z Verifying license file...
2012-10-22T08:35:11.208Z verified!
2012-10-22T08:35:11.208Z Product supports installmode: 1
2012-10-22T08:35:11.224Z Task(-GenuineCheck -RestrictPrivileges) launched
2012-10-22T08:35:11.239Z Auto purger task is scheduled to run in 600000(ms) from now with period 86400000(ms)
Product Version: 4.1.522.0
Service Version: 4.1.522.0
Engine Version: 0.0.0.0
AS Signature Version: 0.0.0.0
AV Signature Version: 0.0.0.0
************************************************************
2012-10-22T08:35:11.411Z WAT report: machine genuine, state(1) error(0x0)
2012-10-22T08:35:14.266Z IWscAVStatus::UpdateStatus() succceeded writing instance with state (1) and up-to-date state(0)
2012-10-22T08:35:14.281Z IWscASStatus::UpdateStatus() succceeded writing instance with state (1) and up-to-date state(0)
2012-10-22T08:35:15.327Z Task(SignaturesUpdateService -UnmanagedUpdate) launched
2012-10-22T08:35:16.294Z IWscAVStatus::UpdateStatus() succceeded writing instance with state (1) and up-to-date state(0)
2012-10-22T08:35:16.294Z IWscASStatus::UpdateStatus() succceeded writing instance with state (1) and up-to-date state(0)
2012-10-22T08:35:18.306Z IWscAVStatus::UpdateStatus() succceeded writing instance with state (1) and up-to-date state(0)
2012-10-22T08:35:18.306Z IWscASStatus::UpdateStatus() succceeded writing instance with state (1) and up-to-date state(0)
2012-10-22T08:35:20.319Z IWscAVStatus::UpdateStatus() succceeded writing instance with state (1) and up-to-date state(0)
2012-10-22T08:35:20.319Z IWscASStatus::UpdateStatus() succceeded writing instance with state (1) and up-to-date state(0)
2012-10-22T08:36:11.245Z Calling MpUpdateStart with update options = 257
2012-10-22T08:36:11.245Z Task(SignaturesUpdateService -ScheduleJob -UnmanagedUpdate) launched
2012-10-22T08:36:13.959Z Calling MpUpdateStart with update options = 17
2012-10-22T08:36:13.959Z Task(SignaturesUpdateService -ScheduleJob -HttpDownload -RestrictPrivileges) launched
2012-10-22T08:40:33.789Z Verifying engine and signature files (source: 0) ...
2012-10-22T08:40:34.101Z verified!
2012-10-22T08:40:37.330Z Initializing SQM in engine...
2012-10-22T08:40:37.330Z SQM initialized in the engine successfully
2012-10-22T08:40:37.345Z CSignatureStatus: back to good
2012-10-22T08:40:37.345Z Initializing RTP plugin state...
2012-10-22T08:40:37.345Z initialized!
****************************RTP Perf Log***************************
RTP Start:N/A
Last Perf:N/A
First RTP Scan:N/A
Plugin States: AV:2 AS:2 RTP:2 OA:2 BM:2
Process Exclusions:
Path Exclusions:
Ext Exclusions:
Worker Threads:
AM:19
Async:4
Cache Flushes:
RTP:0
System File Cache:
Hits:0
Misses:0
BM Queue:0,0,0
Proc:0,0,0
File:0,0,0
Plugin Queue:0,0,0
Threat:0,0,0
Susp:0,0,0
Unknown:0,0,0
Error:0,0,0
Request Queue:1,1,0
SetEngine:1,1,0
SetState:0,0,0
SetUser:0,1,0
Config:0,0,0
ProcExcl:0,0,0
FilterReload:0,0,0
FilterUnload:0,0,0
MpFilter:
Scans:0
Pending:0
RegSize:0
AsyncQNotif:0
AsyncQMissed:0
AsyncQTotalSent:0
AsyncQCurrent:0
BMFlags:0
ServiceMaj:0
ServiceMin:0
ProcBitmap:0
NumInstance:9
TotalStreamCon:713
TotalBitmap:84944
NTFS Cache Statistics:
TotalMisses:10443
TotalHits:0
InstanceCacheHits:0
CSVFS Cache Statistics (Type:GenericTable, Policy:WriteBack):
TotalMisses:0
TotalHits:0
InstanceCacheInserts:0
InstanceCacheUpdates:0
InstanceCacheDeletes:0
InstanceCacheHits:0
InstanceCacheMisses:0
InstanceCacheOverflows:0
REFS Cache Statistics (Type:GenericTable, Policy:WriteBack):
TotalMisses:0
TotalHits:0
InstanceCacheInserts:0
InstanceCacheUpdates:0
InstanceCacheDeletes:0
InstanceCacheHits:0
InstanceCacheMisses:0
InstanceCacheOverflows:0
**************************END RTP Perf Log*************************
Signature updated on 10-22-2012 10:40:37
Product Version: 4.1.522.0
Service Version: 4.1.522.0
Engine Version: 1.1.8904.0
AS Signature Version: 1.139.293.0
AV Signature Version: 1.139.293.0
************************************************************
2012-10-22T08:40:37.392Z Process scan (poststartupscan) started.
Signature updated via MMPC on 10-22-2012 10:40:37
************************************************************
2012-10-22T08:40:39.373Z IWscAVStatus::UpdateStatus() succceeded writing instance with state (1) and up-to-date state(1)
2012-10-22T08:40:39.373Z IWscASStatus::UpdateStatus() succceeded writing instance with state (1) and up-to-date state(1)
2012-10-22T08:40:41.401Z IWscAVStatus::UpdateStatus() succceeded writing instance with state (1) and up-to-date state(1)
2012-10-22T08:40:41.401Z IWscASStatus::UpdateStatus() succceeded writing instance with state (1) and up-to-date state(1)
Signature updated via MMPC on 10-22-2012 10:40:42
************************************************************
2012-10-22T08:40:43.429Z IWscAVStatus::UpdateStatus() succceeded writing instance with state (1) and up-to-date state(1)
2012-10-22T08:40:43.429Z IWscASStatus::UpdateStatus() succceeded writing instance with state (1) and up-to-date state(1)
2012-10-22T08:40:45.442Z IWscAVStatus::UpdateStatus() succceeded writing instance with state (1) and up-to-date state(1)
2012-10-22T08:40:45.442Z IWscASStatus::UpdateStatus() succceeded writing instance with state (1) and up-to-date state(1)
2012-10-22T08:40:47.454Z IWscAVStatus::UpdateStatus() succceeded writing instance with state (1) and up-to-date state(1)
2012-10-22T08:40:47.454Z IWscASStatus::UpdateStatus() succceeded writing instance with state (1) and up-to-date state(1)
2012-10-22T08:40:49.482Z IWscAVStatus::UpdateStatus() succceeded writing instance with state (1) and up-to-date state(1)
2012-10-22T08:40:49.482Z IWscASStatus::UpdateStatus() succceeded writing instance with state (1) and up-to-date state(1)
2012-10-22T08:40:51.510Z IWscAVStatus::UpdateStatus() succceeded writing instance with state (1) and up-to-date state(1)
2012-10-22T08:40:51.510Z IWscASStatus::UpdateStatus() succceeded writing instance with state (1) and up-to-date state(1)
2012-10-22T08:40:53.523Z IWscAVStatus::UpdateStatus() succceeded writing instance with state (1) and up-to-date state(1)
2012-10-22T08:40:53.523Z IWscASStatus::UpdateStatus() succceeded writing instance with state (1) and up-to-date state(1)
2012-10-22T08:43:43.645Z Process scan (poststartupscan) completed.
2012-10-22T08:45:11.239Z AutoPurgeWorker triggered with dwWork=0x3
2012-10-22T08:45:11.239Z Product supports installmode: 1
2012-10-22T08:45:11.239Z Task(-GenuineCheck -RestrictPrivileges) launched
2012-10-22T08:45:11.239Z Detection State: Finished(0) Failed(0) CriticalFailed(0) Additional Actions(0)
--------------------------------------------------------------------------------
Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094) Service Log
Started On 10-22-2012 15:54:34
************************************************************
2012-10-22T13:54:34.323Z Trace session started - MpWppTracing-10222012-155434-00000003-ffffffff.bin**********Cache stats************
No. Of buckets -> 96938
Each Bucket has max capacity of -> 1 entries
number of Entries is 80096
Number of invalid entries is 0
Number of Inserts issued is 434798
Number of replaces issued is 0
Number of Insert failures is 52
Number of lookups is 661131
Number of misses is 404763
Number of false fast lookups is 55789
Number of invalidations is 1
Number of maintenance invalidations is 0
Current File Size is 2330624
Journal ID = 1c90dcdc370cfe9
Trusted image state = 1 USN = 0
Setup boot count = 0
2012-10-22T13:54:34.906Z Verifying RTP plugin...
2012-10-22T13:54:34.906Z verified!
2012-10-22T13:54:35.052Z Verifying Nis plugin...
2012-10-22T13:54:35.052Z verified!
2012-10-22T13:54:35.093Z Loading engine...
2012-10-22T13:54:35.097Z Initializing Nis plugin state...
2012-10-22T13:54:35.097Z Nis initialized!
2012-10-22T13:54:35.108Z Verifying engine and signature files (source: 1) ...
2012-10-22T13:54:35.147Z verified!
2012-10-22T13:54:40.028Z Initializing SQM in engine...
2012-10-22T13:54:40.029Z SQM initialized in the engine successfully
2012-10-22T13:54:40.514Z CSignatureStatus: back to good
2012-10-22T13:54:40.514Z Initializing RTP plugin state...
2012-10-22T13:54:40.514Z initialized!
2012-10-22T13:54:40.514Z loaded!
****************************RTP Perf Log***************************
RTP Start:N/A
Last Perf:(null)
First RTP Scan:N/A
Plugin States: AV:2 AS:2 RTP:2 OA:2 BM:2
Process Exclusions:
Path Exclusions:
Ext Exclusions:
Worker Threads:
AM:19
Async:4
Cache Flushes:
RTP:0
System File Cache:
Hits:0
Misses:0
BM Queue:0,0,0
Proc:0,0,0
File:0,0,0
Plugin Queue:0,0,0
Threat:0,0,0
Susp:0,0,0
Unknown:0,0,0
Error:0,0,0
Request Queue:2,2,0
SetEngine:1,1,0
SetState:1,1,0
SetUser:0,0,0
Config:0,0,0
ProcExcl:0,0,0
FilterReload:0,0,0
FilterUnload:0,0,0
MpFilter:
Scans:0
Pending:0
RegSize:0
AsyncQNotif:0
AsyncQMissed:0
AsyncQTotalSent:2576
AsyncQCurrent:0
BMFlags:0
ServiceMaj:0
ServiceMin:0
ProcBitmap:0
NumInstance:4
TotalStreamCon:742
TotalBitmap:84944
NTFS Cache Statistics:
TotalMisses:4922
TotalHits:0
InstanceCacheHits:0
CSVFS Cache Statistics (Type:GenericTable, Policy:WriteBack):
TotalMisses:0
TotalHits:0
InstanceCacheInserts:0
InstanceCacheUpdates:0
InstanceCacheDeletes:0
InstanceCacheHits:0
InstanceCacheMisses:0
InstanceCacheOverflows:0
REFS Cache Statistics (Type:GenericTable, Policy:WriteBack):
TotalMisses:0
TotalHits:0
InstanceCacheInserts:0
InstanceCacheUpdates:0
InstanceCacheDeletes:0
InstanceCacheHits:0
InstanceCacheMisses:0
InstanceCacheOverflows:0
**************************END RTP Perf Log*************************
2012-10-22T13:54:40.546Z Verifying license file...
2012-10-22T13:54:40.546Z verified!
2012-10-22T13:54:40.546Z Product supports installmode: 1
2012-10-22T13:54:40.577Z Task(-GenuineCheck -RestrictPrivileges) launched
2012-10-22T13:54:40.717Z Auto purger task is scheduled to run in 600000(ms) from now with period 86400000(ms)
Product Version: 4.1.522.0
Service Version: 4.1.522.0
Engine Version: 1.1.8904.0
AS Signature Version: 1.139.293.0
AV Signature Version: 1.139.293.0
************************************************************
2012-10-22T13:54:40.967Z WAT report: machine genuine, state(1) error(0x0)
2012-10-22T13:55:34.451Z Process scan (poststartupscan) started.
2012-10-22T13:55:35.122Z Process scan (poststartupscan) completed.
2012-10-22T13:59:14.037Z IWscAVStatus::UpdateStatus() succceeded writing instance with state (1) and up-to-date state(1)
2012-10-22T13:59:14.052Z IWscASStatus::UpdateStatus() succceeded writing instance with state (1) and up-to-date state(1)
2012-10-22T14:04:40.810Z AutoPurgeWorker triggered with dwWork=0x3
2012-10-22T14:04:40.810Z Product supports installmode: 1
2012-10-22T14:04:41.403Z Task(SignatureUpdate -ScheduleJob -RestrictPrivileges) is scheduled to run in 86400000(ms) from now with period 86400000(ms)
2012-10-22T14:04:41.403Z Task(Scan -ScheduleJob -RestrictPrivileges -ScanType 2) is scheduled to run in 86400000(ms) from now with period 36700328(ms)
2012-10-22T14:04:43.353Z Task(-GenuineCheck -RestrictPrivileges) launched
2012-10-22T14:04:43.633Z WAT report: machine genuine, state(1) error(0x0)
2012-10-22T14:04:58.095Z Detection State: Finished(0) Failed(0) CriticalFailed(1) Additional Actions(0)
--------------------------------------------------------------------------------
Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094) Service Log
Started On 10-22-2012 16:26:10
************************************************************
2012-10-22T14:26:10.290Z Trace session started - MpWppTracing-10222012-162610-00000003-ffffffff.bin**********Cache stats************
No. Of buckets -> 96938
Each Bucket has max capacity of -> 1 entries
number of Entries is 80105
Number of invalid entries is 0
Number of Inserts issued is 434811
Number of replaces issued is 0
Number of Insert failures is 52
Number of lookups is 686944
Number of misses is 409249
Number of false fast lookups is 56650
Number of invalidations is 4
Number of maintenance invalidations is 0
Current File Size is 2330624
Journal ID = 1c90dcdc370cfe9
Trusted image state = 1 USN = 0
Setup boot count = 0
2012-10-22T14:26:10.461Z Verifying RTP plugin...
2012-10-22T14:26:10.461Z verified!
2012-10-22T14:26:10.586Z Verifying Nis plugin...
2012-10-22T14:26:10.586Z verified!
2012-10-22T14:26:10.617Z Initializing Nis plugin state...
2012-10-22T14:26:10.617Z Nis initialized!
2012-10-22T14:26:10.617Z Loading engine...
2012-10-22T14:26:10.633Z Verifying engine and signature files (source: 1) ...
2012-10-22T14:26:10.664Z verified!
2012-10-22T14:26:16.318Z Initializing SQM in engine...
2012-10-22T14:26:16.318Z SQM initialized in the engine successfully
2012-10-22T14:26:16.443Z CSignatureStatus: back to good
2012-10-22T14:26:16.443Z Initializing RTP plugin state...
2012-10-22T14:26:16.443Z initialized!
****************************RTP Perf Log***************************
RTP Start:N/A
Last Perf:(null)
First RTP Scan:N/A
Plugin States: AV:2 AS:2 RTP:2 OA:2 BM:2
Process Exclusions:
Path Exclusions:
Ext Exclusions:
Worker Threads:
AM:19
Async:4
Cache Flushes:
RTP:0
System File Cache:
Hits:0
Misses:0
BM Queue:0,0,0
Proc:0,0,0
File:0,0,0
Plugin Queue:0,0,0
Threat:0,0,0
Susp:0,0,0
Unknown:0,0,0
Error:0,0,0
Request Queue:1,1,0
SetEngine:1,1,0
SetState:0,0,0
SetUser:0,0,0
Config:0,0,0
ProcExcl:0,0,0
FilterReload:0,0,0
FilterUnload:0,0,0
MpFilter:
Scans:0
Pending:0
RegSize:0
AsyncQNotif:0
AsyncQMissed:0
AsyncQTotalSent:2578
AsyncQCurrent:0
BMFlags:0
ServiceMaj:0
ServiceMin:0
ProcBitmap:0
NumInstance:4
TotalStreamCon:940
TotalBitmap:84944
NTFS Cache Statistics:
TotalMisses:12496
TotalHits:0
InstanceCacheHits:0
CSVFS Cache Statistics (Type:GenericTable, Policy:WriteBack):
TotalMisses:0
TotalHits:0
InstanceCacheInserts:0
InstanceCacheUpdates:0
InstanceCacheDeletes:0
InstanceCacheHits:0
InstanceCacheMisses:0
InstanceCacheOverflows:0
REFS Cache Statistics (Type:GenericTable, Policy:WriteBack):
TotalMisses:0
TotalHits:0
InstanceCacheInserts:0
InstanceCacheUpdates:0
InstanceCacheDeletes:0
InstanceCacheHits:0
InstanceCacheMisses:0
InstanceCacheOverflows:0
**************************END RTP Perf Log*************************
2012-10-22T14:26:16.443Z loaded!
2012-10-22T14:26:16.474Z Verifying license file...
2012-10-22T14:26:16.474Z verified!
2012-10-22T14:26:16.474Z Product supports installmode: 1
2012-10-22T14:26:16.490Z Task(-GenuineCheck -RestrictPrivileges) launched
2012-10-22T14:26:16.661Z Auto purger task is scheduled to run in 600000(ms) from now with period 86400000(ms)
Product Version: 4.1.522.0
Service Version: 4.1.522.0
Engine Version: 1.1.8904.0
AS Signature Version: 1.139.293.0
AV Signature Version: 1.139.293.0
************************************************************
2012-10-22T14:26:16.973Z WAT report: machine genuine, state(1) error(0x0)
2012-10-22T14:27:10.403Z Process scan (poststartupscan) started.
2012-10-22T14:27:20.216Z Process scan (poststartupscan) completed.
2012-10-22T14:30:18.695Z IWscAVStatus::UpdateStatus() succceeded writing instance with state (1) and up-to-date state(1)
2012-10-22T14:30:18.710Z IWscASStatus::UpdateStatus() succceeded writing instance with state (1) and up-to-date state(1)
2012-10-22T14:36:16.655Z Task(SignatureUpdate -ScheduleJob -RestrictPrivileges) is scheduled to run in 86400000(ms) from now with period 86400000(ms)
2012-10-22T14:36:16.655Z Task(Scan -ScheduleJob -RestrictPrivileges -ScanType 2) is scheduled to run in 86400000(ms) from now with period 32198757(ms)
2012-10-22T14:36:16.670Z AutoPurgeWorker triggered with dwWork=0x3
2012-10-22T14:36:16.670Z Product supports installmode: 1
2012-10-22T14:36:16.670Z Task(-GenuineCheck -RestrictPrivileges) launched
2012-10-22T14:36:16.826Z WAT report: machine genuine, state(1) error(0x0)
2012-10-22T14:36:18.012Z Detection State: Finished(0) Failed(0) CriticalFailed(1) Additional Actions(0)
--------------------------------------------------------------------------------
Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094) Service Log
Started On 10-23-2012 07:55:28
************************************************************
2012-10-23T05:55:28.395Z Trace session started - MpWppTracing-10232012-075528-00000003-ffffffff.bin**********Cache stats************
No. Of buckets -> 96938
Each Bucket has max capacity of -> 1 entries
number of Entries is 80117
Number of invalid entries is 0
Number of Inserts issued is 434841
Number of replaces issued is 0
Number of Insert failures is 55
Number of lookups is 711246
Number of misses is 423738
Number of false fast lookups is 58604
Number of invalidations is 17
Number of maintenance invalidations is 0
Current File Size is 2330624
Journal ID = 1c90dcdc370cfe9
Trusted image state = 1 USN = 0
Setup boot count = 0
2012-10-23T05:55:28.972Z Verifying RTP plugin...
2012-10-23T05:55:28.972Z verified!
2012-10-23T05:55:29.065Z Verifying Nis plugin...
2012-10-23T05:55:29.065Z verified!
2012-10-23T05:55:29.097Z Initializing Nis plugin state...
2012-10-23T05:55:29.097Z Nis initialized!
2012-10-23T05:55:29.097Z Loading engine...
2012-10-23T05:55:29.112Z Verifying engine and signature files (source: 1) ...
2012-10-23T05:55:29.123Z verified!
2012-10-23T05:55:31.430Z Initializing SQM in engine...
2012-10-23T05:55:31.430Z SQM initialized in the engine successfully
2012-10-23T05:55:31.565Z CSignatureStatus: back to good
2012-10-23T05:55:31.565Z Initializing RTP plugin state...
2012-10-23T05:55:31.565Z initialized!
2012-10-23T05:55:31.565Z loaded!
****************************RTP Perf Log***************************
RTP Start:N/A
Last Perf:N/A
First RTP Scan:N/A
Plugin States: AV:2 AS:2 RTP:2 OA:2 BM:2
Process Exclusions:
Path Exclusions:
Ext Exclusions:
Worker Threads:
AM:19
Async:4
Cache Flushes:
RTP:0
System File Cache:
Hits:0
Misses:0
BM Queue:0,0,0
Proc:0,0,0
File:0,0,0
Plugin Queue:0,0,0
Threat:0,0,0
Susp:0,0,0
Unknown:0,0,0
Error:0,0,0
Request Queue:2,2,0
SetEngine:1,1,0
SetState:1,1,0
SetUser:0,0,0
Config:0,0,0
ProcExcl:0,0,0
FilterReload:0,0,0
FilterUnload:0,0,0
MpFilter:
Scans:0
Pending:0
RegSize:0
AsyncQNotif:0
AsyncQMissed:0
AsyncQTotalSent:2576
AsyncQCurrent:0
BMFlags:0
ServiceMaj:0
ServiceMin:0
ProcBitmap:0
NumInstance:4
TotalStreamCon:760
TotalBitmap:84944
NTFS Cache Statistics:
TotalMisses:4841
TotalHits:0
InstanceCacheHits:0
CSVFS Cache Statistics (Type:GenericTable, Policy:WriteBack):
TotalMisses:0
TotalHits:0
InstanceCacheInserts:0
InstanceCacheUpdates:0
InstanceCacheDeletes:0
InstanceCacheHits:0
InstanceCacheMisses:0
InstanceCacheOverflows:0
REFS Cache Statistics (Type:GenericTable, Policy:WriteBack):
TotalMisses:0
TotalHits:0
InstanceCacheInserts:0
InstanceCacheUpdates:0
InstanceCacheDeletes:0
InstanceCacheHits:0
InstanceCacheMisses:0
InstanceCacheOverflows:0
**************************END RTP Perf Log*************************
2012-10-23T05:55:31.606Z Verifying license file...
2012-10-23T05:55:31.606Z verified!
2012-10-23T05:55:31.606Z Product supports installmode: 1
2012-10-23T05:55:31.648Z Task(-GenuineCheck -RestrictPrivileges) launched
2012-10-23T05:55:31.709Z Auto purger task is scheduled to run in 600000(ms) from now with period 86400000(ms)
Product Version: 4.1.522.0
Service Version: 4.1.522.0
Engine Version: 1.1.8904.0
AS Signature Version: 1.139.318.0
AV Signature Version: 1.139.318.0
************************************************************
2012-10-23T05:55:32.085Z WAT report: machine genuine, state(1) error(0x0)
2012-10-23T05:56:28.909Z Process scan (poststartupscan) started.
2012-10-23T05:56:29.524Z Process scan (poststartupscan) completed.
2012-10-23T05:59:58.241Z IWscAVStatus::UpdateStatus() succceeded writing instance with state (1) and up-to-date state(1)
2012-10-23T05:59:58.241Z IWscASStatus::UpdateStatus() succceeded writing instance with state (1) and up-to-date state(1)
2012-10-23T06:05:31.735Z AutoPurgeWorker triggered with dwWork=0x3
2012-10-23T06:05:31.735Z Product supports installmode: 1
2012-10-23T06:05:31.735Z Task(-GenuineCheck -RestrictPrivileges) launched
2012-10-23T06:05:31.905Z Task(SignatureUpdate -ScheduleJob -RestrictPrivileges) is scheduled to run in 86400000(ms) from now with period 86400000(ms)
2012-10-23T06:05:31.905Z Task(Scan -ScheduleJob -RestrictPrivileges -ScanType 2) is scheduled to run in 86400000(ms) from now with period 65238574(ms)
2012-10-23T06:05:31.965Z WAT report: machine genuine, state(1) error(0x0)
2012-10-23T06:05:32.955Z Detection State: Finished(0) Failed(0) CriticalFailed(1) Additional Actions(0)
2012-10-23T06:05:32.975Z Trace buffers written: 5, events lost: 0, buffers lost: 0, days: 0
2012-10-23T06:05:32.975Z Task(-UploadSQM -RestrictPrivileges) launched
2012-10-23T06:06:56.213Z Task(SignaturesUpdateService -UnmanagedUpdate) launched
2012-10-23T06:07:10.597Z Verifying engine and signature files (source: 0) ...
2012-10-23T06:07:10.628Z verified!
2012-10-23T06:07:24.600Z Initializing SQM in engine...
2012-10-23T06:07:24.600Z SQM initialized in the engine successfully
2012-10-23T06:07:24.620Z Initializing RTP plugin state...
****************************RTP Perf Log***************************
RTP Start:10-23-2012 07:55:31
Last Perf:10-23-2012 07:55:31
First RTP Scan:10-23-2012 07:55:31
Plugin States: AV:1 AS:1 RTP:1 OA:1 BM:1
Process Exclusions:
Path Exclusions:
Ext Exclusions:
Worker Threads:
AM:19
Async:4
Cache Flushes:
RTP:1
System File Cache:
Hits:1049
Misses:1221
BM Queue:5,638,0
Proc:0,629,0
File:5,86,0
Plugin Queue:0,0,0
Threat:0,0,0
Susp:0,0,0
Unknown:0,0,0
Error:0,0,0
Request Queue:1,3,0
SetEngine:1,1,0
SetState:0,0,0
SetUser:0,0,0
Config:0,1,0
ProcExcl:0,1,0
FilterReload:0,0,0
FilterUnload:0,0,0
MpFilter:
Scans:3663
Pending:1
RegSize:8200
AsyncQNotif:0
AsyncQMissed:0
AsyncQTotalSent:843112
AsyncQCurrent:0
BMFlags:3
ServiceMaj:0
ServiceMin:0
ProcBitmap:0
NumInstance:4
TotalStreamCon:2860
TotalBitmap:84944
NTFS Cache Statistics:
TotalMisses:7540
TotalHits:54531
InstanceCacheHits:7
CSVFS Cache Statistics (Type:GenericTable, Policy:WriteBack):
TotalMisses:0
TotalHits:0
InstanceCacheInserts:0
InstanceCacheUpdates:0
InstanceCacheDeletes:0
InstanceCacheHits:0
InstanceCacheMisses:0
InstanceCacheOverflows:0
REFS Cache Statistics (Type:GenericTable, Policy:WriteBack):
TotalMisses:0
TotalHits:0
InstanceCacheInserts:0
InstanceCacheUpdates:0
InstanceCacheDeletes:0
InstanceCacheHits:0
InstanceCacheMisses:0
InstanceCacheOverflows:0
**************************END RTP Perf Log*************************
2012-10-23T06:07:24.620Z initialized!
Signature updated on 10-23-2012 08:07:24
Product Version: 4.1.522.0
Service Version: 4.1.522.0
Engine Version: 1.1.8904.0
AS Signature Version: 1.139.385.0
AV Signature Version: 1.139.385.0
************************************************************
2012-10-23T06:07:24.630Z Process scan (postsignatureupdatescan) started.
Signature updated via MMPC on 10-23-2012 08:07:24
************************************************************
2012-10-23T06:07:26.633Z IWscAVStatus::UpdateStatus() succceeded writing instance with state (1) and up-to-date state(1)
2012-10-23T06:07:26.648Z IWscASStatus::UpdateStatus() succceeded writing instance with state (1) and up-to-date state(1)
2012-10-23T06:07:32.764Z Process scan (postsignatureupdatescan) completed.
2012-10-23T07:07:19.011Z Task(SpyNetService -RestrictPrivileges -AccessKey 4413D719-F2FE-902F-2EAA-E22D05A43BA6) launched
2012-10-23T07:07:21.289Z DETECTIONEVENT Trojan:WinNT/Sirefef.J file:C:\TDSSKiller_Quarantine\12.10.2012_09.17.18\rtkt0000\svc0000\tsk0000.dta;file:C:\TDSSKiller_Quarantine\12.10.2012_09.17.18\rtkt0001\svc0000\tsk0000.dta;
2012-10-23T07:07:21.289Z DETECTION_ADD Trojan:WinNT/Sirefef.J file:C:\TDSSKiller_Quarantine\12.10.2012_09.17.18\rtkt0000\svc0000\tsk0000.dta
2012-10-23T07:07:21.289Z DETECTION_ADD Trojan:WinNT/Sirefef.J file:C:\TDSSKiller_Quarantine\12.10.2012_09.17.18\rtkt0001\svc0000\tsk0000.dta
Begin Full Scan
Scan ID:{2D094BEA-5F35-40EB-B03A-2A5B0052E553}
Scan Source:2
Start Time:10-23-2012 08:07:59
End Time:10-23-2012 09:07:21
Result Count:1
Threat Name:Trojan:WinNT/Sirefef.J
ID:2147651153
Severity:5
Number of Resources:2
Resource Schema:file
Resource Path:C:\TDSSKiller_Quarantine\12.10.2012_09.17.18\rtkt0001\svc0000\tsk0000.dta
Extended Info:198428502597201
Resource Schema:file
Resource Path:C:\TDSSKiller_Quarantine\12.10.2012_09.17.18\rtkt0000\svc0000\tsk0000.dta
Extended Info:198428502597201
End Scan
************************************************************
Begin Resource Scan
Scan ID:{E976D93E-5D94-4988-878C-11C593D1B6EF}
Scan Source:6
Start Time:10-23-2012 09:09:32
End Time:10-23-2012 09:09:43
Explicit resource to scan
Resource Schema:file
Resource Path:C:\TDSSKiller_Quarantine\12.10.2012_09.17.18\rtkt0000\svc0000\tsk0000.dta
Explicit resource to scan
Resource Schema:file
Resource Path:C:\TDSSKiller_Quarantine\12.10.2012_09.17.18\rtkt0001\svc0000\tsk0000.dta
Result Count:1
Threat Name:Trojan:WinNT/Sirefef.J
ID:2147651153
Severity:5
Number of Resources:2
Resource Schema:file
Resource Path:C:\TDSSKiller_Quarantine\12.10.2012_09.17.18\rtkt0001\svc0000\tsk0000.dta
Extended Info:198428502597201
Resource Schema:file
Resource Path:C:\TDSSKiller_Quarantine\12.10.2012_09.17.18\rtkt0000\svc0000\tsk0000.dta
Extended Info:198428502597201
End Scan
************************************************************
Beginning threat actions
Start time:10-23-2012 09:09:43
Threat Name:Trojan:WinNT/Sirefef.J
Threat ID:2147651153
Action:remove
!ERROR
Resource action complete:Removal
Schema:file
Path:\\?\C:\TDSSKiller_Quarantine\12.10.2012_09.17.18\rtkt0001\svc0000\tsk0000.dta
Threat ID:2147651153
Resource refcount:1
Result:1260
!ERROR
Resource action complete:Removal
Schema:file
Path:\\?\C:\TDSSKiller_Quarantine\12.10.2012_09.17.18\rtkt0000\svc0000\tsk0000.dta
Threat ID:2147651153
Resource refcount:1
Result:1260
!ERROR
Finished threat ID:2147651153
Threat result:1260
Threat status flags:1
Finished threat actions
End time:10-23-2012 09:09:43
Result:0
Beginning threat actions
Start time:10-23-2012 09:09:43
Threat Name:Trojan:WinNT/Sirefef.J
Threat ID:2147651153
Action:quarantine
Resource action complete:Quarantine
Schema:file
Path:\\?\C:\TDSSKiller_Quarantine\12.10.2012_09.17.18\rtkt0001\svc0000\tsk0000.dta
Threat ID:2147651153
Resource refcount:1
Result:0
Resource action complete:Quarantine
Schema:file
Path:\\?\C:\TDSSKiller_Quarantine\12.10.2012_09.17.18\rtkt0000\svc0000\tsk0000.dta
Threat ID:2147651153
Resource refcount:1
Result:0
!ERROR
Resource action complete:Removal
Schema:file
Path:\\?\C:\TDSSKiller_Quarantine\12.10.2012_09.17.18\rtkt0001\svc0000\tsk0000.dta
Threat ID:2147651153
Resource refcount:1
Result:1260
!ERROR
Resource action complete:Removal
Schema:file
Path:\\?\C:\TDSSKiller_Quarantine\12.10.2012_09.17.18\rtkt0000\svc0000\tsk0000.dta
Threat ID:2147651153
Resource refcount:1
Result:1260
Action restore successful on file:\\?\C:\TDSSKiller_Quarantine\12.10.2012_09.17.18\rtkt0001\svc0000\tsk0000.dta
Restored resource
Schema:file
Path:\\?\C:\TDSSKiller_Quarantine\12.10.2012_09.17.18\rtkt0001\svc0000\tsk0000.dta
Result:0
Action restore successful on file:\\?\C:\TDSSKiller_Quarantine\12.10.2012_09.17.18\rtkt0000\svc0000\tsk0000.dta
Restored resource
Schema:file
Path:\\?\C:\TDSSKiller_Quarantine\12.10.2012_09.17.18\rtkt0000\svc0000\tsk0000.dta
Result:0
!ERROR
Finished threat ID:2147651153
Threat result:1260
Threat status flags:1
Finished threat actions
End time:10-23-2012 09:09:43
Result:0
DSS Timeout:Received results after timeout
Begin Resource Scan
Scan ID:{5C8B6562-4853-47BB-B844-4CFD2F87AC94}
Scan Source:7
Start Time:10-23-2012 09:09:49
End Time:10-23-2012 09:10:17
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:C:\Users\media\Desktop\ComboFix.exe
Explicit resource to scan
Resource Schema:webfile
Resource Path:C:\Users\media\Desktop\ComboFix.exe|hxxp://download.bleepingcomputer.com/sUBs/ComboFix.exe
Result Count:1
Known File
Number of Resources:43
Resource Schema:file
Resource Path:C:\Users\media\Desktop\ComboFix.exe->(UPX)->(nsis-6-zip.3XE)
Extended Info:35874228808723
Resource Schema:file
Resource Path:C:\Users\media\Desktop\ComboFix.exe->(UPX)->(nsis-6-VBR.pif)->vbr_78.dat
Extended Info:35872938128285
Resource Schema:file
Resource Path:C:\Users\media\Desktop\ComboFix.exe->(UPX)->(nsis-6-VBR.pif)->vbr_77.dat
Extended Info:35872938128285
Resource Schema:file
Resource Path:C:\Users\media\Desktop\ComboFix.exe->(UPX)->(nsis-6-VBR.pif)->vbr_76.dat
Extended Info:35872938128285
Resource Schema:file
Resource Path:C:\Users\media\Desktop\ComboFix.exe->(UPX)->(nsis-6-VBR.pif)->vbr_75.dat
Extended Info:35872938128285
Resource Schema:file
Resource Path:C:\Users\media\Desktop\ComboFix.exe->(UPX)->(nsis-6-VBR.pif)->vbr_74.dat
Extended Info:35872938128285
Resource Schema:file
Resource Path:C:\Users\media\Desktop\ComboFix.exe->(UPX)->(nsis-6-VBR.pif)->vbr_73.dat
Extended Info:35872938128285
Resource Schema:file
Resource Path:C:\Users\media\Desktop\ComboFix.exe->(UPX)->(nsis-6-VBR.pif)->vbr_72.dat
Extended Info:35872938128285
Resource Schema:file
Resource Path:C:\Users\media\Desktop\ComboFix.exe->(UPX)->(nsis-6-VBR.pif)->vbr_71.dat
Extended Info:35872938128285
Resource Schema:file
Resource Path:C:\Users\media\Desktop\ComboFix.exe->(UPX)->(nsis-6-VBR.pif)->vbr_70.dat
Extended Info:35872938128285
Resource Schema:file
Resource Path:C:\Users\media\Desktop\ComboFix.exe->(UPX)->(nsis-6-VBR.pif)->vbr_2062.dat
Extended Info:35872938128285
Resource Schema:file
Resource Path:C:\Users\media\Desktop\ComboFix.exe->(UPX)->(nsis-6-VBR.pif)->vbr_2061.dat
Extended Info:35872938128285
Resource Schema:file
Resource Path:C:\Users\media\Desktop\ComboFix.exe->(UPX)->(nsis-6-VBR.pif)->vbr_2060.dat
Extended Info:35872938128285
Resource Schema:file
Resource Path:C:\Users\media\Desktop\ComboFix.exe->(UPX)->(nsis-6-VBR.pif)->vbr_2059.dat
Extended Info:35872938128285
Resource Schema:file
Resource Path:C:\Users\media\Desktop\ComboFix.exe->(UPX)->(nsis-6-VBR.pif)->vbr_2058.dat
Extended Info:35872938128285
Resource Schema:file
Resource Path:C:\Users\media\Desktop\ComboFix.exe->(UPX)->(nsis-6-VBR.pif)->vbr_2057.dat
Extended Info:35872938128285
Resource Schema:file
Resource Path:C:\Users\media\Desktop\ComboFix.exe->(UPX)->(nsis-6-tail.3XE)
Extended Info:35872753132949
Resource Schema:file
Resource Path:C:\Users\media\Desktop\ComboFix.exe->(UPX)->(nsis-6-swxcacls.3XE)
Extended Info:35873857938707
Resource Schema:file
Resource Path:C:\Users\media\Desktop\ComboFix.exe->(UPX)->(nsis-6-swsc.3XE)
Extended Info:35872419590621
Resource Schema:file
Resource Path:C:\Users\media\Desktop\ComboFix.exe->(UPX)->(nsis-6-swreg.3XE)
Extended Info:35875489031665
Resource Schema:file
Resource Path:C:\Users\media\Desktop\ComboFix.exe->(UPX)->(nsis-6-streamtools.zip)->SF.exe
Extended Info:35872676068749
Resource Schema:file
Resource Path:C:\Users\media\Desktop\ComboFix.exe->(UPX)->(nsis-6-sed.3XE)
Extended Info:35874606311326
Resource Schema:file
Resource Path:C:\Users\media\Desktop\ComboFix.exe->(UPX)->(nsis-6-s0rt.3XE)
Extended Info:35872142884299
Resource Schema:file
Resource Path:C:\Users\media\Desktop\ComboFix.exe->(UPX)->(nsis-6-pev.3XE)
Extended Info:35874998851487
Resource Schema:file
Resource Path:C:\Users\media\Desktop\ComboFix.exe->(UPX)->(nsis-6-NirCmd.chm)->/$WWKeywordLinks/Property
Extended Info:35871963681930
Resource Schema:file
Resource Path:C:\Users\media\Desktop\ComboFix.exe->(UPX)->(nsis-6-NirCmd.chm)->/$WWAssociativeLinks/Property
Extended Info:35871963681930
Resource Schema:file
Resource Path:C:\Users\media\Desktop\ComboFix.exe->(UPX)->(nsis-6-NirCmd.chm)->/$FIftiMain
Extended Info:35872925223583
Resource Schema:file
Resource Path:C:\Users\media\Desktop\ComboFix.exe->(UPX)->(nsis-6-NirCmd.chm)->/#ITBITS
Extended Info:35872925223583
Resource Schema:file
Resource Path:C:\Users\media\Desktop\ComboFix.exe->(UPX)->(nsis-6-mynul.dat)
Extended Info:35872925223583
Resource Schema:file
Resource Path:C:\Users\media\Desktop\ComboFix.exe->(UPX)->(nsis-6-hidec.3XE)
Extended Info:35871981075714
Resource Schema:file
Resource Path:C:\Users\media\Desktop\ComboFix.exe->(UPX)->(nsis-6-gsar.3XE)
Extended Info:35875104298964
Resource Schema:file
Resource Path:C:\Users\media\Desktop\ComboFix.exe->(UPX)->(nsis-6-grep.3XE)
Extended Info:35872805577254
Resource Schema:file
Resource Path:C:\Users\media\Desktop\ComboFix.exe->(UPX)->(nsis-6-extract.3XE)
Extended Info:35872707659250
Resource Schema:file
Resource Path:C:\Users\media\Desktop\ComboFix.exe->(UPX)->(nsis-6-ERUNT.3XE)
Extended Info:35873461929661
Resource Schema:file
Resource Path:C:\Users\media\Desktop\ComboFix.exe->(UPX)->(nsis-6-ERDNT.e_e)
Extended Info:35873508591023
Resource Schema:file
Resource Path:C:\Users\media\Desktop\ComboFix.exe->(UPX)->(nsis-6-dumphive.3XE)
Extended Info:35874902857435
Resource Schema:file
Resource Path:C:\Users\media\Desktop\ComboFix.exe->(UPX)->(nsis-6-ComboFix-Download.3XE)
Extended Info:35872282556998
Resource Schema:file
Resource Path:C:\Users\media\Desktop\ComboFix.exe->(UPX)->(nsis-6-catchme.3XE)
Extended Info:35872804174618
Resource Schema:file
Resource Path:C:\Users\media\Desktop\ComboFix.exe->(UPX)->(nsis-6-$(PLUGINSDIR)\UserInfo.dll)
Extended Info:35874870804651
Resource Schema:file
Resource Path:C:\Users\media\Desktop\ComboFix.exe->(UPX)->(nsis-6-$(PLUGINSDIR)\System.dll)
Extended Info:35874742221692
Resource Schema:file
Resource Path:C:\Users\media\Desktop\ComboFix.exe->(UPX)->(nsis-6-$(PLUGINSDIR)\NSISdl.dll)
Extended Info:35875207094384
Resource Schema:file
Resource Path:C:\Users\media\Desktop\ComboFix.exe->(UPX)->(nsis-6-$(PLUGINSDIR)\nsExec.dll)
Extended Info:35875531514441
Resource Schema:file
Resource Path:C:\Users\media\Desktop\ComboFix.exe->(UPX)->(nsis-6-$(PLUGINSDIR)\Banner.dll)
Extended Info:35874548950418
End Scan
************************************************************
BEGIN BM detection
GUID:{4F6E7B59-6760-254A-D194A59A11D8E775}
DetectionName:Behavior:Win32/CreateSuspiciousProgramName
SignatureID:23860401911995
ProcessID:9888
SessionID:1
CreationTime:10-23-2012 09:10:22
ImagePath:C:\Users\media\Desktop\ComboFix.exe
TargetFileName:C:\32788R22FWJFW\iexplore.exe
END BM detection
DSS Timeout:Received results after timeout
Begin Resource Scan
Scan ID:{F786B52D-70AA-4B89-AB7D-76F8294A9B55}
Scan Source:7
Start Time:10-23-2012 09:10:33
End Time:10-23-2012 09:10:33
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:C:\32788R22FWJFW\catchme.3XE->(UPX)
Result Count:1
Known File
Number of Resources:1
Resource Schema:file
Resource Path:C:\32788R22FWJFW\catchme.3XE
Extended Info:35872804174618
End Scan
************************************************************
BEGIN BM detection
GUID:{EE6A2914-080A-16A5-1B495C08718A3108}
DetectionName:Behavior:Win32/CreateSuspiciousProgramName
SignatureID:23860401911995
ProcessID:9964
SessionID:1
CreationTime:10-23-2012 09:10:38
ImagePath:C:\32788R22FWJFW\cmd.3XE
TargetFileName:C:\ComboFix\en-US\iexplore.exe
END BM detection
DSS Timeout:Received results after timeout
Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094) Log
Stopped On 10-23-2012 09:20:58 (Exit Code = 0x0)
************************************************************
****************************RTP Perf Log***************************
RTP Start:10-23-2012 08:07:24
Last Perf:10-23-2012 08:07:24
First RTP Scan:10-23-2012 08:07:24
Plugin States: AV:1 AS:1 RTP:1 OA:1 BM:1
Process Exclusions:
Path Exclusions:
Ext Exclusions:
Worker Threads:
AM:19
Async:4
Cache Flushes:
RTP:1
System File Cache:
Hits:3474
Misses:2000
BM Queue:7,9534,0
Proc:2,9533,0
File:5,343,0
Plugin Queue:0,1,0
Threat:0,1,0
Susp:0,1,0
Unknown:0,0,0
Error:0,0,0
Request Queue:1,2,0
SetEngine:1,1,0
SetState:0,1,0
SetUser:0,0,0
Config:0,1,0
ProcExcl:0,1,0
FilterReload:0,0,0
FilterUnload:0,0,0
MpFilter:
Scans:19656
Pending:0
RegSize:9664
AsyncQNotif:0
AsyncQMissed:0
AsyncQTotalSent:7521086
AsyncQCurrent:0
BMFlags:3
ServiceMaj:0
ServiceMin:0
ProcBitmap:0
NumInstance:4
TotalStreamCon:12123
TotalBitmap:84944
NTFS Cache Statistics:
TotalMisses:364592
TotalHits:98685
InstanceCacheHits:47
CSVFS Cache Statistics (Type:GenericTable, Policy:WriteBack):
TotalMisses:0
TotalHits:0
InstanceCacheInserts:0
InstanceCacheUpdates:0
InstanceCacheDeletes:0
InstanceCacheHits:0
InstanceCacheMisses:0
InstanceCacheOverflows:0
REFS Cache Statistics (Type:GenericTable, Policy:WriteBack):
TotalMisses:0
TotalHits:0
InstanceCacheInserts:0
InstanceCacheUpdates:0
InstanceCacheDeletes:0
InstanceCacheHits:0
InstanceCacheMisses:0
InstanceCacheOverflows:0
**************************END RTP Perf Log*************************
--------------------------------------------------------------------------------
Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094) Service Log
Started On 10-23-2012 09:22:06
************************************************************
2012-10-23T07:22:06.809Z Trace session started - MpWppTracing-10232012-092206-00000003-ffffffff.bin**********Cache stats************
No. Of buckets -> 96938
Each Bucket has max capacity of -> 1 entries
number of Entries is 80120
Number of invalid entries is 0
Number of Inserts issued is 434858
Number of replaces issued is 0
Number of Insert failures is 58
Number of lookups is 730530
Number of misses is 433538
Number of false fast lookups is 60215
Number of invalidations is 28
Number of maintenance invalidations is 0
Current File Size is 2330624
Journal ID = 1c90dcdc370cfe9
Trusted image state = 1 USN = 0
Setup boot count = 0
2012-10-23T07:22:06.934Z Verifying RTP plugin...
2012-10-23T07:22:06.934Z verified!
2012-10-23T07:22:06.996Z Verifying Nis plugin...
2012-10-23T07:22:06.996Z verified!
2012-10-23T07:22:07.215Z Initializing Nis plugin state...
2012-10-23T07:22:07.215Z Nis initialized!
2012-10-23T07:22:07.215Z Loading engine...
2012-10-23T07:22:07.215Z Verifying engine and signature files (source: 1) ...
2012-10-23T07:22:07.246Z verified!
2012-10-23T07:22:10.689Z Initializing SQM in engine...
2012-10-23T07:22:10.689Z SQM initialized in the engine successfully
2012-10-23T07:22:10.744Z CSignatureStatus: back to good
2012-10-23T07:22:10.744Z Initializing RTP plugin state...
2012-10-23T07:22:10.744Z initialized!
****************************RTP Perf Log***************************
RTP Start:N/A
Last Perf:(null)
First RTP Scan:N/A
Plugin States: AV:2 AS:2 RTP:2 OA:2 BM:2
Process Exclusions:
Path Exclusions:
Ext Exclusions:
Worker Threads:
AM:19
Async:4
Cache Flushes:
RTP:0
System File Cache:
Hits:0
Misses:0
BM Queue:0,0,0
Proc:0,0,0
File:0,0,0
Plugin Queue:0,0,0
Threat:0,0,0
Susp:0,0,0
Unknown:0,0,0
Error:0,0,0
Request Queue:1,1,0
SetEngine:1,1,0
SetState:0,0,0
SetUser:0,0,0
Config:0,0,0
ProcExcl:0,0,0
FilterReload:0,0,0
FilterUnload:0,0,0
MpFilter:
Scans:0
Pending:0
RegSize:0
AsyncQNotif:0
AsyncQMissed:0
AsyncQTotalSent:2576
AsyncQCurrent:0
BMFlags:0
ServiceMaj:0
ServiceMin:0
ProcBitmap:0
NumInstance:4
TotalStreamCon:750
TotalBitmap:84944
NTFS Cache Statistics:
TotalMisses:4006
TotalHits:0
InstanceCacheHits:0
CSVFS Cache Statistics (Type:GenericTable, Policy:WriteBack):
TotalMisses:0
TotalHits:0
InstanceCacheInserts:0
InstanceCacheUpdates:0
InstanceCacheDeletes:0
InstanceCacheHits:0
InstanceCacheMisses:0
InstanceCacheOverflows:0
REFS Cache Statistics (Type:GenericTable, Policy:WriteBack):
TotalMisses:0
TotalHits:0
InstanceCacheInserts:0
InstanceCacheUpdates:0
InstanceCacheDeletes:0
InstanceCacheHits:0
InstanceCacheMisses:0
InstanceCacheOverflows:0
**************************END RTP Perf Log*************************
2012-10-23T07:22:10.745Z loaded!
2012-10-23T07:22:10.781Z Verifying license file...
2012-10-23T07:22:10.781Z verified!
2012-10-23T07:22:10.781Z Product supports installmode: 1
2012-10-23T07:22:10.799Z Task(-GenuineCheck -RestrictPrivileges) launched
2012-10-23T07:22:11.183Z Auto purger task is scheduled to run in 600000(ms) from now with period 86400000(ms)
Product Version: 4.1.522.0
Service Version: 4.1.522.0
Engine Version: 1.1.8904.0
AS Signature Version: 1.139.385.0
AV Signature Version: 1.139.385.0
************************************************************
2012-10-23T07:22:13.779Z WAT report: machine genuine, state(1) error(0x0)
2012-10-23T07:23:06.950Z Process scan (poststartupscan) started.
2012-10-23T07:23:07.886Z Process scan (poststartupscan) completed.
2012-10-23T07:26:34.437Z IWscAVStatus::UpdateStatus() succceeded writing instance with state (1) and up-to-date state(1)
2012-10-23T07:26:34.453Z IWscASStatus::UpdateStatus() succceeded writing instance with state (1) and up-to-date state(1)
2012-10-23T07:32:11.226Z AutoPurgeWorker triggered with dwWork=0x3
2012-10-23T07:32:11.226Z Product supports installmode: 1
2012-10-23T07:32:11.226Z Task(-GenuineCheck -RestrictPrivileges) launched
2012-10-23T07:32:11.382Z Task(SignatureUpdate -ScheduleJob -RestrictPrivileges) is scheduled to run in 86400000(ms) from now with period 86400000(ms)
2012-10-23T07:32:11.382Z Task(Scan -ScheduleJob -RestrictPrivileges -ScanType 2) is scheduled to run in 86400000(ms) from now with period 59038413(ms)
2012-10-23T07:32:11.428Z WAT report: machine genuine, state(1) error(0x0)
2012-10-23T07:32:13.098Z Detection State: Finished(0) Failed(0) CriticalFailed(1) Additional Actions(0)
--------------------------------------------------------------------------------
Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094) Service Log
Started On 10-23-2012 20:17:33
************************************************************
2012-10-23T18:17:33.967Z Trace session started - MpWppTracing-10232012-201733-00000003-ffffffff.bin**********Cache stats************
No. Of buckets -> 96938
Each Bucket has max capacity of -> 1 entries
number of Entries is 80116
Number of invalid entries is 0
Number of Inserts issued is 434878
Number of replaces issued is 0
Number of Insert failures is 58
Number of lookups is 741732
Number of misses is 440305
Number of false fast lookups is 61375
Number of invalidations is 51
Number of maintenance invalidations is 0
Current File Size is 2330624
Journal ID = 1c90dcdc370cfe9
Trusted image state = 1 USN = 0
Setup boot count = 0
2012-10-23T18:17:34.014Z Verifying RTP plugin...
2012-10-23T18:17:34.014Z verified!
2012-10-23T18:17:34.263Z Verifying Nis plugin...
2012-10-23T18:17:34.263Z verified!
2012-10-23T18:17:34.263Z Initializing Nis plugin state...
2012-10-23T18:17:34.263Z Nis initialized!
2012-10-23T18:17:34.263Z Loading engine...
2012-10-23T18:17:34.279Z Verifying engine and signature files (source: 1) ...
2012-10-23T18:17:34.294Z verified!
2012-10-23T18:17:37.370Z Initializing SQM in engine...
2012-10-23T18:17:37.370Z SQM initialized in the engine successfully
2012-10-23T18:17:37.405Z CSignatureStatus: back to good
2012-10-23T18:17:37.405Z Initializing RTP plugin state...
****************************RTP Perf Log***************************
RTP Start:N/A
Last Perf:N/A
First RTP Scan:N/A
Plugin States: AV:2 AS:2 RTP:2 OA:2 BM:2
Process Exclusions:
Path Exclusions:
Ext Exclusions:
Worker Threads:
AM:19
Async:4
Cache Flushes:
RTP:0
System File Cache:
Hits:0
Misses:0
BM Queue:0,0,0
Proc:0,0,0
File:0,0,0
Plugin Queue:0,0,0
Threat:0,0,0
Susp:0,0,0
Unknown:0,0,0
Error:0,0,0
Request Queue:1,1,0
SetEngine:1,1,0
SetState:0,0,0
SetUser:0,0,0
Config:0,0,0
ProcExcl:0,0,0
FilterReload:0,0,0
FilterUnload:0,0,0
MpFilter:
Scans:0
Pending:0
RegSize:0
AsyncQNotif:0
AsyncQMissed:0
AsyncQTotalSent:2578
AsyncQCurrent:0
BMFlags:0
ServiceMaj:0
ServiceMin:0
ProcBitmap:0
NumInstance:4
TotalStreamCon:705
TotalBitmap:84944
NTFS Cache Statistics:
TotalMisses:3441
TotalHits:0
InstanceCacheHits:0
CSVFS Cache Statistics (Type:GenericTable, Policy:WriteBack):
TotalMisses:0
TotalHits:0
InstanceCacheInserts:0
InstanceCacheUpdates:0
InstanceCacheDeletes:0
InstanceCacheHits:0
InstanceCacheMisses:0
InstanceCacheOverflows:0
REFS Cache Statistics (Type:GenericTable, Policy:WriteBack):
TotalMisses:0
TotalHits:0
InstanceCacheInserts:0
InstanceCacheUpdates:0
InstanceCacheDeletes:0
InstanceCacheHits:0
InstanceCacheMisses:0
InstanceCacheOverflows:0
**************************END RTP Perf Log*************************
2012-10-23T18:17:37.405Z initialized!
2012-10-23T18:17:37.405Z loaded!
2012-10-23T18:17:37.411Z Verifying license file...
2012-10-23T18:17:37.411Z verified!
2012-10-23T18:17:37.411Z Product supports installmode: 1
2012-10-23T18:17:37.441Z Task(-GenuineCheck -RestrictPrivileges) launched
2012-10-23T18:17:37.444Z Auto purger task is scheduled to run in 600000(ms) from now with period 86400000(ms)
Product Version: 4.1.522.0
Service Version: 4.1.522.0
Engine Version: 1.1.8904.0
AS Signature Version: 1.139.385.0
AV Signature Version: 1.139.385.0
************************************************************
2012-10-23T18:17:39.862Z WAT report: machine genuine, state(1) error(0x0)
2012-10-23T18:18:33.980Z Process scan (poststartupscan) started.
2012-10-23T18:18:35.252Z Process scan (poststartupscan) completed.
2012-10-23T18:21:59.881Z IWscAVStatus::UpdateStatus() succceeded writing instance with state (1) and up-to-date state(1)
2012-10-23T18:21:59.888Z IWscASStatus::UpdateStatus() succceeded writing instance with state (1) and up-to-date state(1)
2012-10-23T18:27:37.445Z AutoPurgeWorker triggered with dwWork=0x3
2012-10-23T18:27:37.445Z Product supports installmode: 1
2012-10-23T18:27:37.446Z Task(-GenuineCheck -RestrictPrivileges) launched
2012-10-23T18:27:37.625Z Task(SignatureUpdate -ScheduleJob -RestrictPrivileges) is scheduled to run in 86400000(ms) from now with period 86400000(ms)
2012-10-23T18:27:37.625Z Task(Scan -ScheduleJob -RestrictPrivileges -ScanType 2) is scheduled to run in 86400000(ms) from now with period 21747215(ms)
2012-10-23T18:27:37.645Z WAT report: machine genuine, state(1) error(0x0)
2012-10-23T18:27:39.909Z Detection State: Finished(0) Failed(0) CriticalFailed(1) Additional Actions(0)
--------------------------------------------------------------------------------
Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094) Service Log
Started On 10-24-2012 16:20:55
************************************************************
2012-10-24T14:20:55.308Z Trace session started - MpWppTracing-10242012-162055-00000003-ffffffff.bin**********Cache stats************
No. Of buckets -> 96938
Each Bucket has max capacity of -> 1 entries
number of Entries is 80115
Number of invalid entries is 0
Number of Inserts issued is 434897
Number of replaces issued is 0
Number of Insert failures is 58
Number of lookups is 749821
Number of misses is 446985
Number of false fast lookups is 62319
Number of invalidations is 71
Number of maintenance invalidations is 0
Current File Size is 2330624
Journal ID = 1c90dcdc370cfe9
Trusted image state = 1 USN = 0
Setup boot count = 0
2012-10-24T14:20:55.355Z Verifying RTP plugin...
2012-10-24T14:20:55.355Z verified!
2012-10-24T14:20:55.542Z Verifying Nis plugin...
2012-10-24T14:20:55.542Z verified!
2012-10-24T14:20:55.558Z Initializing Nis plugin state...
2012-10-24T14:20:55.558Z Nis initialized!
2012-10-24T14:20:55.558Z Loading engine...
2012-10-24T14:20:55.558Z Verifying engine and signature files (source: 1) ...
2012-10-24T14:20:55.589Z verified!
2012-10-24T14:20:57.952Z Initializing SQM in engine...
2012-10-24T14:20:57.953Z SQM initialized in the engine successfully
2012-10-24T14:20:59.396Z CSignatureStatus: back to good
2012-10-24T14:20:59.396Z Initializing RTP plugin state...
****************************RTP Perf Log***************************
RTP Start:N/A
Last Perf:(null)
First RTP Scan:N/A
Plugin States: AV:2 AS:2 RTP:2 OA:2 BM:2
Process Exclusions:
Path Exclusions:
Ext Exclusions:
Worker Threads:
AM:19
Async:4
Cache Flushes:
RTP:0
System File Cache:
Hits:0
Misses:0
BM Queue:0,0,0
Proc:0,0,0
File:0,0,0
Plugin Queue:0,0,0
Threat:0,0,0
Susp:0,0,0
Unknown:0,0,0
Error:0,0,0
Request Queue:1,1,0
SetEngine:1,1,0
SetState:0,0,0
SetUser:0,0,0
Config:0,0,0
ProcExcl:0,0,0
FilterReload:0,0,0
FilterUnload:0,0,0
MpFilter:
Scans:0
Pending:0
RegSize:0
AsyncQNotif:0
AsyncQMissed:0
AsyncQTotalSent:2578
AsyncQCurrent:0
BMFlags:0
ServiceMaj:0
ServiceMin:0
ProcBitmap:0
NumInstance:4
TotalStreamCon:703
TotalBitmap:84944
NTFS Cache Statistics:
TotalMisses:3481
TotalHits:0
InstanceCacheHits:0
CSVFS Cache Statistics (Type:GenericTable, Policy:WriteBack):
TotalMisses:0
TotalHits:0
InstanceCacheInserts:0
InstanceCacheUpdates:0
InstanceCacheDeletes:0
InstanceCacheHits:0
InstanceCacheMisses:0
InstanceCacheOverflows:0
REFS Cache Statistics (Type:GenericTable, Policy:WriteBack):
TotalMisses:0
TotalHits:0
InstanceCacheInserts:0
InstanceCacheUpdates:0
InstanceCacheDeletes:0
InstanceCacheHits:0
InstanceCacheMisses:0
InstanceCacheOverflows:0
**************************END RTP Perf Log*************************
2012-10-24T14:20:59.399Z initialized!
2012-10-24T14:20:59.399Z loaded!
2012-10-24T14:20:59.434Z Verifying license file...
2012-10-24T14:20:59.434Z verified!
2012-10-24T14:20:59.434Z Product supports installmode: 1
2012-10-24T14:20:59.764Z Task(-GenuineCheck -RestrictPrivileges) launched
2012-10-24T14:20:59.766Z Auto purger task is scheduled to run in 600000(ms) from now with period 86400000(ms)
Product Version: 4.1.522.0
Service Version: 4.1.522.0
Engine Version: 1.1.8904.0
AS Signature Version: 1.139.385.0
AV Signature Version: 1.139.385.0
************************************************************
2012-10-24T14:21:01.523Z WAT report: machine genuine, state(1) error(0x0)
2012-10-24T14:21:55.356Z Process scan (poststartupscan) started.
2012-10-24T14:21:56.448Z Process scan (poststartupscan) completed.
2012-10-24T14:25:24.940Z IWscAVStatus::UpdateStatus() succceeded writing instance with state (1) and up-to-date state(1)
2012-10-24T14:25:24.940Z IWscASStatus::UpdateStatus() succceeded writing instance with state (1) and up-to-date state(1)
2012-10-24T14:30:59.811Z AutoPurgeWorker triggered with dwWork=0x3
2012-10-24T14:30:59.811Z Product supports installmode: 1
2012-10-24T14:30:59.920Z Task(SignatureUpdate -ScheduleJob -RestrictPrivileges) is scheduled to run in 86400000(ms) from now with period 86400000(ms)
2012-10-24T14:30:59.920Z Task(Scan -ScheduleJob -RestrictPrivileges -ScanType 2) is scheduled to run in 86400000(ms) from now with period 32764695(ms)
2012-10-24T14:30:59.982Z Task(-GenuineCheck -RestrictPrivileges) launched
2012-10-24T14:31:00.247Z WAT report: machine genuine, state(1) error(0x0)
2012-10-24T14:31:03.071Z Detection State: Finished(0) Failed(0) CriticalFailed(1) Additional Actions(0)
--------------------------------------------------------------------------------
Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094) Service Log
Started On 10-24-2012 20:09:14
************************************************************
2012-10-24T18:09:14.702Z Trace session started - MpWppTracing-10242012-200914-00000003-ffffffff.bin**********Cache stats************
No. Of buckets -> 96938
Each Bucket has max capacity of -> 1 entries
number of Entries is 80120
Number of invalid entries is 0
Number of Inserts issued is 434911
Number of replaces issued is 0
Number of Insert failures is 61
Number of lookups is 760033
Number of misses is 454429
Number of false fast lookups is 63527
Number of invalidations is 80
Number of maintenance invalidations is 0
Current File Size is 2330624
Journal ID = 1c90dcdc370cfe9
Trusted image state = 1 USN = 0
Setup boot count = 0
2012-10-24T18:09:14.733Z Verifying RTP plugin...
2012-10-24T18:09:14.733Z verified!
2012-10-24T18:09:14.858Z Verifying Nis plugin...
2012-10-24T18:09:14.858Z verified!
2012-10-24T18:09:14.904Z Initializing Nis plugin state...
2012-10-24T18:09:14.904Z Nis initialized!
2012-10-24T18:09:14.904Z Loading engine...
2012-10-24T18:09:14.904Z Verifying engine and signature files (source: 1) ...
2012-10-24T18:09:14.936Z verified!
2012-10-24T18:09:17.354Z Initializing SQM in engine...
2012-10-24T18:09:17.354Z SQM initialized in the engine successfully
2012-10-24T18:09:17.400Z CSignatureStatus: back to good
2012-10-24T18:09:17.400Z Initializing RTP plugin state...
****************************RTP Perf Log***************************
RTP Start:N/A
Last Perf:N/A
First RTP Scan:N/A
Plugin States: AV:2 AS:2 RTP:2 OA:2 BM:2
Process Exclusions:
Path Exclusions:
Ext Exclusions:
Worker Threads:
AM:19
Async:4
Cache Flushes:
RTP:0
System File Cache:
Hits:0
Misses:0
BM Queue:0,0,0
Proc:0,0,0
File:0,0,0
Plugin Queue:0,0,0
Threat:0,0,0
Susp:0,0,0
Unknown:0,0,0
Error:0,0,0
Request Queue:1,1,0
SetEngine:1,1,0
SetState:0,0,0
SetUser:0,0,0
Config:0,0,0
ProcExcl:0,0,0
FilterReload:0,0,0
FilterUnload:0,0,0
MpFilter:
Scans:0
Pending:0
RegSize:0
AsyncQNotif:0
AsyncQMissed:0
AsyncQTotalSent:0
AsyncQCurrent:0
BMFlags:0
ServiceMaj:0
ServiceMin:0
ProcBitmap:0
NumInstance:4
TotalStreamCon:699
TotalBitmap:84944
NTFS Cache Statistics:
TotalMisses:2889
TotalHits:0
InstanceCacheHits:0
CSVFS Cache Statistics (Type:GenericTable, Policy:WriteBack):
TotalMisses:0
TotalHits:0
InstanceCacheInserts:0
InstanceCacheUpdates:0
InstanceCacheDeletes:0
InstanceCacheHits:0
InstanceCacheMisses:0
InstanceCacheOverflows:0
REFS Cache Statistics (Type:GenericTable, Policy:WriteBack):
TotalMisses:0
TotalHits:0
InstanceCacheInserts:0
InstanceCacheUpdates:0
InstanceCacheDeletes:0
InstanceCacheHits:0
InstanceCacheMisses:0
InstanceCacheOverflows:0
**************************END RTP Perf Log*************************
2012-10-24T18:09:17.400Z initialized!
2012-10-24T18:09:17.400Z loaded!
2012-10-24T18:09:17.400Z Verifying license file...
2012-10-24T18:09:17.400Z verified!
2012-10-24T18:09:17.400Z Product supports installmode: 1
2012-10-24T18:09:17.416Z Task(-GenuineCheck -RestrictPrivileges) launched
2012-10-24T18:09:17.416Z Auto purger task is scheduled to run in 600000(ms) from now with period 86400000(ms)
Product Version: 4.1.522.0
Service Version: 4.1.522.0
Engine Version: 1.1.8904.0
AS Signature Version: 1.139.500.0
AV Signature Version: 1.139.500.0
************************************************************
2012-10-24T18:09:20.348Z WAT report: machine genuine, state(1) error(0x0)
2012-10-24T18:10:14.705Z Process scan (poststartupscan) started.
2012-10-24T18:10:15.414Z Process scan (poststartupscan) completed.
2012-10-24T18:13:38.298Z IWscAVStatus::UpdateStatus() succceeded writing instance with state (1) and up-to-date state(1)
2012-10-24T18:13:38.305Z IWscASStatus::UpdateStatus() succceeded writing instance with state (1) and up-to-date state(1)
2012-10-24T18:19:17.387Z AutoPurgeWorker triggered with dwWork=0x3
2012-10-24T18:19:17.387Z Product supports installmode: 1
2012-10-24T18:19:17.388Z Task(-GenuineCheck -RestrictPrivileges) launched
2012-10-24T18:19:17.565Z Task(SignatureUpdate -ScheduleJob -RestrictPrivileges) is scheduled to run in 86400000(ms) from now with period 86400000(ms)
2012-10-24T18:19:17.565Z Task(Scan -ScheduleJob -RestrictPrivileges -ScanType 2) is scheduled to run in 86400000(ms) from now with period 19123361(ms)
2012-10-24T18:19:17.630Z WAT report: machine genuine, state(1) error(0x0)
2012-10-24T18:19:18.751Z Detection State: Finished(0) Failed(0) CriticalFailed(1) Additional Actions(0)
--------------------------------------------------------------------------------
Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094) Service Log
Started On 10-25-2012 08:04:14
************************************************************
2012-10-25T06:04:14.404Z Trace session started - MpWppTracing-10252012-080414-00000003-ffffffff.bin**********Cache stats************
No. Of buckets -> 96938
Each Bucket has max capacity of -> 1 entries
number of Entries is 80123
Number of invalid entries is 0
Number of Inserts issued is 434917
Number of replaces issued is 0
Number of Insert failures is 61
Number of lookups is 768713
Number of misses is 461558
Number of false fast lookups is 64587
Number of invalidations is 81
Number of maintenance invalidations is 0
Current File Size is 2330624
Journal ID = 1c90dcdc370cfe9
Trusted image state = 1 USN = 0
Setup boot count = 0
2012-10-25T06:04:14.435Z Verifying RTP plugin...
2012-10-25T06:04:14.435Z verified!
2012-10-25T06:04:14.466Z Verifying Nis plugin...
2012-10-25T06:04:14.466Z verified!
2012-10-25T06:04:14.544Z Initializing Nis plugin state...
2012-10-25T06:04:14.544Z Nis initialized!
2012-10-25T06:04:14.544Z Loading engine...
2012-10-25T06:04:14.622Z Verifying engine and signature files (source: 1) ...
2012-10-25T06:04:14.653Z verified!
2012-10-25T06:04:17.290Z Initializing SQM in engine...
2012-10-25T06:04:17.290Z SQM initialized in the engine successfully
2012-10-25T06:04:17.850Z CSignatureStatus: back to good
2012-10-25T06:04:17.850Z Initializing RTP plugin state...
****************************RTP Perf Log***************************
RTP Start:N/A
Last Perf:N/A
First RTP Scan:N/A
Plugin States: AV:2 AS:2 RTP:2 OA:2 BM:2
Process Exclusions:
Path Exclusions:
Ext Exclusions:
Worker Threads:
AM:19
Async:4
Cache Flushes:
RTP:0
System File Cache:
Hits:0
Misses:0
BM Queue:0,0,0
Proc:0,0,0
File:0,0,0
Plugin Queue:0,0,0
Threat:0,0,0
Susp:0,0,0
Unknown:0,0,0
Error:0,0,0
Request Queue:1,1,0
SetEngine:1,1,0
SetState:0,0,0
SetUser:0,0,0
Config:0,0,0
ProcExcl:0,0,0
FilterReload:0,0,0
FilterUnload:0,0,0
MpFilter:
Scans:0
Pending:0
RegSize:0
AsyncQNotif:0
AsyncQMissed:0
AsyncQTotalSent:574
AsyncQCurrent:0
BMFlags:0
ServiceMaj:0
ServiceMin:0
ProcBitmap:0
NumInstance:4
TotalStreamCon:707
TotalBitmap:84944
NTFS Cache Statistics:
TotalMisses:3119
TotalHits:0
InstanceCacheHits:0
CSVFS Cache Statistics (Type:GenericTable, Policy:WriteBack):
TotalMisses:0
TotalHits:0
InstanceCacheInserts:0
InstanceCacheUpdates:0
InstanceCacheDeletes:0
InstanceCacheHits:0
InstanceCacheMisses:0
InstanceCacheOverflows:0
REFS Cache Statistics (Type:GenericTable, Policy:WriteBack):
TotalMisses:0
TotalHits:0
InstanceCacheInserts:0
InstanceCacheUpdates:0
InstanceCacheDeletes:0
InstanceCacheHits:0
InstanceCacheMisses:0
InstanceCacheOverflows:0
**************************END RTP Perf Log*************************
2012-10-25T06:04:17.850Z initialized!
2012-10-25T06:04:17.851Z loaded!
2012-10-25T06:04:17.856Z Verifying license file...
2012-10-25T06:04:17.856Z verified!
2012-10-25T06:04:17.856Z Product supports installmode: 1
2012-10-25T06:04:17.861Z Task(-GenuineCheck -RestrictPrivileges) launched
2012-10-25T06:04:17.864Z Auto purger task is scheduled to run in 600000(ms) from now with period 86400000(ms)
Product Version: 4.1.522.0
Service Version: 4.1.522.0
Engine Version: 1.1.8904.0
AS Signature Version: 1.139.500.0
AV Signature Version: 1.139.500.0
************************************************************
2012-10-25T06:04:20.255Z WAT report: machine genuine, state(1) error(0x0)
2012-10-25T06:05:14.433Z Process scan (poststartupscan) started.
2012-10-25T06:05:15.416Z Process scan (poststartupscan) completed.
2012-10-25T06:08:40.663Z IWscAVStatus::UpdateStatus() succceeded writing instance with state (1) and up-to-date state(1)
2012-10-25T06:08:40.679Z IWscASStatus::UpdateStatus() succceeded writing instance with state (1) and up-to-date state(1)
Begin Resource Scan
Scan ID:{67C9E11A-6F62-4C05-8B01-979870D28196}
Scan Source:7
Start Time:10-25-2012 08:10:19
End Time:10-25-2012 08:10:20
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:C:\32788R22FWJFW\catchme.3XE->(UPX)
Result Count:1
Known File
Number of Resources:1
Resource Schema:file
Resource Path:C:\32788R22FWJFW\catchme.3XE
Extended Info:35872804174618
End Scan
************************************************************
BEGIN BM detection
GUID:{30769DF4-798B-FA1E-4D5641AF0129556D}
DetectionName:Behavior:Win32/CreateSuspiciousProgramName
SignatureID:23860401911995
ProcessID:4996
SessionID:1
CreationTime:10-25-2012 08:10:22
ImagePath:C:\Users\media\Desktop\ComboFix.exe
TargetFileName:C:\32788R22FWJFW\iexplore.exe
END BM detection
BEGIN BM detection
GUID:{549260C0-729A-4C79-23ACEE819AE69627}
DetectionName:Behavior:Win32/CreateSuspiciousProgramName
SignatureID:23860401911995
ProcessID:5400
SessionID:1
CreationTime:10-25-2012 08:11:04
ImagePath:C:\Users\media\Desktop\ComboFix.exe
TargetFileName:C:\32788R22FWJFW\iexplore.exe
END BM detection
BEGIN BM detection
GUID:{8F7D90FB-7832-7901-B27B771FB4A9D251}
DetectionName:Behavior:Win32/CreateSuspiciousProgramName
SignatureID:23860401911995
ProcessID:3120
SessionID:1
CreationTime:10-25-2012 08:11:21
ImagePath:C:\32788R22FWJFW\cmd.3XE
TargetFileName:C:\ComboFix\en-US\iexplore.exe
END BM detection
2012-10-25T06:14:17.905Z AutoPurgeWorker triggered with dwWork=0x3
2012-10-25T06:14:17.905Z Product supports installmode: 1
2012-10-25T06:14:17.905Z Task(-GenuineCheck -RestrictPrivileges) launched
2012-10-25T06:14:18.076Z WAT report: machine genuine, state(1) error(0x0)
2012-10-25T06:14:18.310Z Task(SignatureUpdate -ScheduleJob -RestrictPrivileges) is scheduled to run in 86400000(ms) from now with period 86400000(ms)
2012-10-25T06:14:18.310Z Task(Scan -ScheduleJob -RestrictPrivileges -ScanType 2) is scheduled to run in 86400000(ms) from now with period 64461677(ms)
2012-10-25T06:14:23.926Z Detection State: Finished(0) Failed(0) CriticalFailed(1) Additional Actions(0)
--------------------------------------------------------------------------------
Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094) Service Log
Started On 10-25-2012 18:08:20
************************************************************
2012-10-25T16:08:20.870Z Trace session started - MpWppTracing-10252012-180820-00000003-ffffffff.bin**********Cache stats************
No. Of buckets -> 96938
Each Bucket has max capacity of -> 1 entries
number of Entries is 80124
Number of invalid entries is 0
Number of Inserts issued is 434920
Number of replaces issued is 0
Number of Insert failures is 61
Number of lookups is 784300
Number of misses is 472246
Number of false fast lookups is 66159
Number of invalidations is 83
Number of maintenance invalidations is 0
Current File Size is 2330624
Journal ID = 1c90dcdc370cfe9
Trusted image state = 1 USN = 0
Setup boot count = 0
2012-10-25T16:08:20.901Z Verifying RTP plugin...
2012-10-25T16:08:20.901Z verified!
2012-10-25T16:08:20.964Z Verifying Nis plugin...
2012-10-25T16:08:20.964Z verified!
2012-10-25T16:08:20.964Z Initializing Nis plugin state...
2012-10-25T16:08:20.964Z Nis initialized!
2012-10-25T16:08:20.964Z Loading engine...
2012-10-25T16:08:21.042Z Verifying engine and signature files (source: 1) ...
2012-10-25T16:08:21.057Z verified!
2012-10-25T16:08:23.720Z Initializing SQM in engine...
2012-10-25T16:08:23.720Z SQM initialized in the engine successfully
2012-10-25T16:08:24.426Z CSignatureStatus: back to good
2012-10-25T16:08:24.426Z Initializing RTP plugin state...
****************************RTP Perf Log***************************
RTP Start:N/A
Last Perf:N/A
First RTP Scan:N/A
Plugin States: AV:2 AS:2 RTP:2 OA:2 BM:2
Process Exclusions:
Path Exclusions:
Ext Exclusions:
Worker Threads:
AM:19
Async:4
Cache Flushes:
RTP:0
System File Cache:
Hits:0
Misses:0
BM Queue:0,0,0
Proc:0,0,0
File:0,0,0
Plugin Queue:0,0,0
Threat:0,0,0
Susp:0,0,0
Unknown:0,0,0
Error:0,0,0
Request Queue:1,1,0
SetEngine:1,1,0
SetState:0,0,0
SetUser:0,0,0
Config:0,0,0
ProcExcl:0,0,0
FilterReload:0,0,0
FilterUnload:0,0,0
MpFilter:
Scans:0
Pending:0
RegSize:0
AsyncQNotif:0
AsyncQMissed:0
AsyncQTotalSent:2578
AsyncQCurrent:0
BMFlags:0
ServiceMaj:0
ServiceMin:0
ProcBitmap:0
NumInstance:4
TotalStreamCon:728
TotalBitmap:84944
NTFS Cache Statistics:
TotalMisses:3271
TotalHits:0
InstanceCacheHits:0
CSVFS Cache Statistics (Type:GenericTable, Policy:WriteBack):
TotalMisses:0
TotalHits:0
InstanceCacheInserts:0
InstanceCacheUpdates:0
InstanceCacheDeletes:0
InstanceCacheHits:0
InstanceCacheMisses:0
InstanceCacheOverflows:0
REFS Cache Statistics (Type:GenericTable, Policy:WriteBack):
TotalMisses:0
TotalHits:0
InstanceCacheInserts:0
InstanceCacheUpdates:0
InstanceCacheDeletes:0
InstanceCacheHits:0
InstanceCacheMisses:0
InstanceCacheOverflows:0
**************************END RTP Perf Log*************************
2012-10-25T16:08:24.427Z initialized!
2012-10-25T16:08:24.427Z loaded!
2012-10-25T16:08:25.401Z Verifying license file...
2012-10-25T16:08:25.401Z verified!
2012-10-25T16:08:25.401Z Product supports installmode: 1
2012-10-25T16:08:25.407Z Task(-GenuineCheck -RestrictPrivileges) launched
2012-10-25T16:08:25.410Z Auto purger task is scheduled to run in 600000(ms) from now with period 86400000(ms)
Product Version: 4.1.522.0
Service Version: 4.1.522.0
Engine Version: 1.1.8904.0
AS Signature Version: 1.139.500.0
AV Signature Version: 1.139.500.0
************************************************************
2012-10-25T16:08:26.719Z WAT report: machine genuine, state(1) error(0x0)
2012-10-25T16:09:20.903Z Process scan (poststartupscan) started.
2012-10-25T16:09:21.511Z Process scan (poststartupscan) completed.
2012-10-25T16:12:51.751Z IWscAVStatus::UpdateStatus() succceeded writing instance with state (1) and up-to-date state(1)
2012-10-25T16:12:51.757Z IWscASStatus::UpdateStatus() succceeded writing instance with state (1) and up-to-date state(1)
2012-10-25T16:18:25.410Z AutoPurgeWorker triggered with dwWork=0x3
2012-10-25T16:18:25.410Z Product supports installmode: 1
2012-10-25T16:18:25.411Z Task(-GenuineCheck -RestrictPrivileges) launched
2012-10-25T16:18:25.605Z Task(SignatureUpdate -ScheduleJob -RestrictPrivileges) is scheduled to run in 86400000(ms) from now with period 86400000(ms)
2012-10-25T16:18:25.605Z Task(Scan -ScheduleJob -RestrictPrivileges -ScanType 2) is scheduled to run in 86400000(ms) from now with period 26310543(ms)
2012-10-25T16:18:25.657Z WAT report: machine genuine, state(1) error(0x0)
2012-10-25T16:18:27.672Z Detection State: Finished(0) Failed(0) CriticalFailed(1) Additional Actions(0)
--------------------------------------------------------------------------------
Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094) Service Log
Started On 10-26-2012 10:29:12
************************************************************
2012-10-26T08:29:12.683Z Trace session started - MpWppTracing-10262012-102912-00000003-ffffffff.bin**********Cache stats************
No. Of buckets -> 96938
Each Bucket has max capacity of -> 1 entries
number of Entries is 80140
Number of invalid entries is 0
Number of Inserts issued is 434965
Number of replaces issued is 0
Number of Insert failures is 64
Number of lookups is 795254
Number of misses is 480431
Number of false fast lookups is 67465
Number of invalidations is 108
Number of maintenance invalidations is 0
Current File Size is 2330624
Journal ID = 1c90dcdc370cfe9
Trusted image state = 1 USN = 0
Setup boot count = 0
2012-10-26T08:29:12.979Z Verifying RTP plugin...
2012-10-26T08:29:12.979Z verified!
2012-10-26T08:29:13.026Z Verifying Nis plugin...
2012-10-26T08:29:13.026Z verified!
2012-10-26T08:29:13.354Z Initializing Nis plugin state...
2012-10-26T08:29:13.354Z Nis initialized!
2012-10-26T08:29:13.354Z Loading engine...
2012-10-26T08:29:13.354Z Verifying engine and signature files (source: 1) ...
2012-10-26T08:29:13.385Z verified!
2012-10-26T08:29:16.224Z Initializing SQM in engine...
2012-10-26T08:29:16.224Z SQM initialized in the engine successfully
2012-10-26T08:29:16.928Z CSignatureStatus: back to good
2012-10-26T08:29:16.928Z Initializing RTP plugin state...
2012-10-26T08:29:16.928Z initialized!
2012-10-26T08:29:16.928Z loaded!
2012-10-26T08:29:16.933Z Verifying license file...
2012-10-26T08:29:16.933Z verified!
2012-10-26T08:29:16.933Z Product supports installmode: 1
2012-10-26T08:29:16.938Z Task(-GenuineCheck -RestrictPrivileges) launched
****************************RTP Perf Log***************************
RTP Start:N/A
Last Perf:(null)
First RTP Scan:N/A
Plugin States: AV:2 AS:2 RTP:2 OA:2 BM:2
Process Exclusions:
Path Exclusions:
Ext Exclusions:
Worker Threads:
AM:19
Async:4
Cache Flushes:
RTP:0
System File Cache:
Hits:0
Misses:0
BM Queue:0,0,0
Proc:0,0,0
File:0,0,0
Plugin Queue:0,0,0
Threat:0,0,0
Susp:0,0,0
Unknown:0,0,0
Error:0,0,0
Request Queue:2,2,0
SetEngine:1,1,0
SetState:1,1,0
SetUser:0,0,0
Config:0,0,0
ProcExcl:0,0,0
FilterReload:0,0,0
FilterUnload:0,0,0
MpFilter:
Scans:0
Pending:0
RegSize:0
AsyncQNotif:0
AsyncQMissed:0
AsyncQTotalSent:2578
AsyncQCurrent:0
BMFlags:0
ServiceMaj:0
ServiceMin:0
ProcBitmap:0
NumInstance:4
TotalStreamCon:718
TotalBitmap:84944
NTFS Cache Statistics:
TotalMisses:3300
TotalHits:0
InstanceCacheHits:0
CSVFS Cache Statistics (Type:GenericTable, Policy:WriteBack):
TotalMisses:0
TotalHits:0
InstanceCacheInserts:0
InstanceCacheUpdates:0
InstanceCacheDeletes:0
InstanceCacheHits:0
InstanceCacheMisses:0
InstanceCacheOverflows:0
REFS Cache Statistics (Type:GenericTable, Policy:WriteBack):
TotalMisses:0
TotalHits:0
InstanceCacheInserts:0
InstanceCacheUpdates:0
InstanceCacheDeletes:0
InstanceCacheHits:0
InstanceCacheMisses:0
InstanceCacheOverflows:0
**************************END RTP Perf Log*************************
2012-10-26T08:29:16.942Z Auto purger task is scheduled to run in 600000(ms) from now with period 86400000(ms)
Product Version: 4.1.522.0
Service Version: 4.1.522.0
Engine Version: 1.1.8904.0
AS Signature Version: 1.139.572.0
AV Signature Version: 1.139.572.0
************************************************************
2012-10-26T08:29:18.643Z WAT report: machine genuine, state(1) error(0x0)
2012-10-26T08:30:12.964Z Process scan (poststartupscan) started.
2012-10-26T08:30:14.197Z Process scan (poststartupscan) completed.
2012-10-26T08:33:43.672Z IWscAVStatus::UpdateStatus() succceeded writing instance with state (1) and up-to-date state(1)
2012-10-26T08:33:43.681Z IWscASStatus::UpdateStatus() succceeded writing instance with state (1) and up-to-date state(1)
2012-10-26T08:39:16.943Z AutoPurgeWorker triggered with dwWork=0x3
2012-10-26T08:39:16.943Z Product supports installmode: 1
2012-10-26T08:39:16.944Z Task(-GenuineCheck -RestrictPrivileges) launched
2012-10-26T08:39:17.188Z Task(SignatureUpdate -ScheduleJob -RestrictPrivileges) is scheduled to run in 86400000(ms) from now with period 86400000(ms)
2012-10-26T08:39:17.188Z Task(Scan -ScheduleJob -RestrictPrivileges -ScanType 2) is scheduled to run in 86400000(ms) from now with period 55271848(ms)
2012-10-26T08:39:17.222Z WAT report: machine genuine, state(1) error(0x0)
2012-10-26T08:39:20.593Z Detection State: Finished(0) Failed(0) CriticalFailed(1) Additional Actions(0)
--------------------------------------------------------------------------------
Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094) Service Log
Started On 10-26-2012 11:15:03
************************************************************
2012-10-26T09:15:03.906Z Trace session started - MpWppTracing-10262012-111503-00000003-ffffffff.bin**********Cache stats************
No. Of buckets -> 96938
Each Bucket has max capacity of -> 1 entries
number of Entries is 80142
Number of invalid entries is 0
Number of Inserts issued is 434968
Number of replaces issued is 0
Number of Insert failures is 64
Number of lookups is 801336
Number of misses is 485044
Number of false fast lookups is 68172
Number of invalidations is 109
Number of maintenance invalidations is 0
Current File Size is 2330624
Journal ID = 1c90dcdc370cfe9
Trusted image state = 1 USN = 0
Setup boot count = 0
2012-10-26T09:15:03.937Z Verifying RTP plugin...
2012-10-26T09:15:03.937Z verified!
2012-10-26T09:15:03.953Z Verifying Nis plugin...
2012-10-26T09:15:03.953Z verified!
2012-10-26T09:15:03.953Z Initializing Nis plugin state...
2012-10-26T09:15:03.953Z Nis initialized!
2012-10-26T09:15:03.953Z Loading engine...
2012-10-26T09:15:03.953Z Verifying engine and signature files (source: 1) ...
2012-10-26T09:15:03.984Z verified!
2012-10-26T09:15:08.689Z Initializing SQM in engine...
2012-10-26T09:15:08.690Z SQM initialized in the engine successfully
2012-10-26T09:15:08.728Z CSignatureStatus: back to good
2012-10-26T09:15:08.728Z Initializing RTP plugin state...
****************************RTP Perf Log***************************
RTP Start:N/A
Last Perf:N/A
First RTP Scan:N/A
Plugin States: AV:2 AS:2 RTP:2 OA:2 BM:2
Process Exclusions:
Path Exclusions:
Ext Exclusions:
Worker Threads:
AM:19
Async:4
Cache Flushes:
RTP:0
System File Cache:
Hits:0
Misses:0
BM Queue:0,0,0
Proc:0,0,0
File:0,0,0
Plugin Queue:0,0,0
Threat:0,0,0
Susp:0,0,0
Unknown:0,0,0
Error:0,0,0
Request Queue:1,1,0
SetEngine:1,1,0
SetState:0,0,0
SetUser:0,0,0
Config:0,0,0
ProcExcl:0,0,0
FilterReload:0,0,0
FilterUnload:0,0,0
MpFilter:
Scans:0
Pending:0
RegSize:0
AsyncQNotif:0
AsyncQMissed:0
AsyncQTotalSent:2576
AsyncQCurrent:0
BMFlags:0
ServiceMaj:0
ServiceMin:0
ProcBitmap:0
NumInstance:4
TotalStreamCon:756
TotalBitmap:84944
NTFS Cache Statistics:
TotalMisses:4737
TotalHits:0
InstanceCacheHits:0
CSVFS Cache Statistics (Type:GenericTable, Policy:WriteBack):
TotalMisses:0
TotalHits:0
InstanceCacheInserts:0
InstanceCacheUpdates:0
InstanceCacheDeletes:0
InstanceCacheHits:0
InstanceCacheMisses:0
InstanceCacheOverflows:0
REFS Cache Statistics (Type:GenericTable, Policy:WriteBack):
TotalMisses:0
TotalHits:0
InstanceCacheInserts:0
InstanceCacheUpdates:0
InstanceCacheDeletes:0
InstanceCacheHits:0
InstanceCacheMisses:0
InstanceCacheOverflows:0
**************************END RTP Perf Log*************************
2012-10-26T09:15:08.728Z initialized!
2012-10-26T09:15:08.728Z loaded!
2012-10-26T09:15:08.749Z Verifying license file...
2012-10-26T09:15:08.749Z verified!
2012-10-26T09:15:08.749Z Product supports installmode: 1
2012-10-26T09:15:08.755Z Task(-GenuineCheck -RestrictPrivileges) launched
2012-10-26T09:15:08.757Z Auto purger task is scheduled to run in 600000(ms) from now with period 86400000(ms)
Product Version: 4.1.522.0
Service Version: 4.1.522.0
Engine Version: 1.1.8904.0
AS Signature Version: 1.139.572.0
AV Signature Version: 1.139.572.0
************************************************************
2012-10-26T09:15:08.987Z WAT report: machine genuine, state(1) error(0x0)
2012-10-26T09:16:03.925Z Process scan (poststartupscan) started.
2012-10-26T09:16:04.605Z Process scan (poststartupscan) completed.
2012-10-26T09:19:26.604Z IWscAVStatus::UpdateStatus() succceeded writing instance with state (1) and up-to-date state(1)
2012-10-26T09:19:26.620Z IWscASStatus::UpdateStatus() succceeded writing instance with state (1) and up-to-date state(1)
2012-10-26T09:25:08.790Z AutoPurgeWorker triggered with dwWork=0x3
2012-10-26T09:25:08.790Z Product supports installmode: 1
2012-10-26T09:25:08.790Z Task(-GenuineCheck -RestrictPrivileges) launched
2012-10-26T09:25:08.962Z Task(SignatureUpdate -ScheduleJob -RestrictPrivileges) is scheduled to run in 86400000(ms) from now with period 86400000(ms)
2012-10-26T09:25:08.962Z Task(Scan -ScheduleJob -RestrictPrivileges -ScanType 2) is scheduled to run in 86400000(ms) from now with period 51636817(ms)
2012-10-26T09:25:08.993Z WAT report: machine genuine, state(1) error(0x0)
2012-10-26T09:25:11.520Z Detection State: Finished(0) Failed(0) CriticalFailed(1) Additional Actions(0)
--------------------------------------------------------------------------------
Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094) Service Log
Started On 10-27-2012 10:17:10
************************************************************
2012-10-27T08:17:10.856Z Trace session started - MpWppTracing-10272012-101710-00000003-ffffffff.bin**********Cache stats************
No. Of buckets -> 96938
Each Bucket has max capacity of -> 1 entries
number of Entries is 80145
Number of invalid entries is 0
Number of Inserts issued is 434972
Number of replaces issued is 0
Number of Insert failures is 64
Number of lookups is 810639
Number of misses is 492710
Number of false fast lookups is 69271
Number of invalidations is 110
Number of maintenance invalidations is 0
Current File Size is 2330624
Journal ID = 1c90dcdc370cfe9
Trusted image state = 1 USN = 0
Setup boot count = 0
2012-10-27T08:17:10.903Z Verifying RTP plugin...
2012-10-27T08:17:10.903Z verified!
2012-10-27T08:17:10.918Z Verifying Nis plugin...
2012-10-27T08:17:10.918Z verified!
2012-10-27T08:17:10.918Z Initializing Nis plugin state...
2012-10-27T08:17:10.918Z Nis initialized!
2012-10-27T08:17:10.918Z Loading engine...
2012-10-27T08:17:10.918Z Verifying engine and signature files (source: 1) ...
2012-10-27T08:17:10.965Z verified!
2012-10-27T08:17:13.730Z Initializing SQM in engine...
2012-10-27T08:17:13.730Z SQM initialized in the engine successfully
2012-10-27T08:17:13.777Z CSignatureStatus: back to good
2012-10-27T08:17:13.777Z Initializing RTP plugin state...
****************************RTP Perf Log***************************
RTP Start:N/A
Last Perf:N/A
First RTP Scan:N/A
Plugin States: AV:2 AS:2 RTP:2 OA:2 BM:2
Process Exclusions:
Path Exclusions:
Ext Exclusions:
Worker Threads:
AM:19
Async:4
Cache Flushes:
RTP:0
System File Cache:
Hits:0
Misses:0
BM Queue:0,0,0
Proc:0,0,0
File:0,0,0
Plugin Queue:0,0,0
Threat:0,0,0
Susp:0,0,0
Unknown:0,0,0
Error:0,0,0
Request Queue:1,1,0
SetEngine:1,1,0
SetState:0,0,0
SetUser:0,0,0
Config:0,0,0
ProcExcl:0,0,0
FilterReload:0,0,0
FilterUnload:0,0,0
MpFilter:
Scans:0
Pending:0
RegSize:0
AsyncQNotif:0
AsyncQMissed:0
AsyncQTotalSent:574
AsyncQCurrent:0
BMFlags:0
ServiceMaj:0
ServiceMin:0
ProcBitmap:0
NumInstance:4
TotalStreamCon:735
TotalBitmap:84944
NTFS Cache Statistics:
TotalMisses:3276
TotalHits:0
InstanceCacheHits:0
CSVFS Cache Statistics (Type:GenericTable, Policy:WriteBack):
TotalMisses:0
TotalHits:0
InstanceCacheInserts:0
InstanceCacheUpdates:0
InstanceCacheDeletes:0
InstanceCacheHits:0
InstanceCacheMisses:0
InstanceCacheOverflows:0
REFS Cache Statistics (Type:GenericTable, Policy:WriteBack):
TotalMisses:0
TotalHits:0
InstanceCacheInserts:0
InstanceCacheUpdates:0
InstanceCacheDeletes:0
InstanceCacheHits:0
InstanceCacheMisses:0
InstanceCacheOverflows:0
**************************END RTP Perf Log*************************
2012-10-27T08:17:13.777Z initialized!
2012-10-27T08:17:13.778Z loaded!
2012-10-27T08:17:13.784Z Verifying license file...
2012-10-27T08:17:13.784Z verified!
2012-10-27T08:17:13.784Z Product supports installmode: 1
2012-10-27T08:17:13.806Z Task(-GenuineCheck -RestrictPrivileges) launched
2012-10-27T08:17:13.809Z Auto purger task is scheduled to run in 600000(ms) from now with period 86400000(ms)
Product Version: 4.1.522.0
Service Version: 4.1.522.0
Engine Version: 1.1.8904.0
AS Signature Version: 1.139.572.0
AV Signature Version: 1.139.572.0
************************************************************
2012-10-27T08:17:14.822Z WAT report: machine genuine, state(1) error(0x0)
2012-10-27T08:18:10.895Z Process scan (poststartupscan) started.
2012-10-27T08:18:11.487Z Process scan (poststartupscan) completed.
2012-10-27T08:21:41.684Z IWscAVStatus::UpdateStatus() succceeded writing instance with state (1) and up-to-date state(1)
2012-10-27T08:21:41.701Z IWscASStatus::UpdateStatus() succceeded writing instance with state (1) and up-to-date state(1)
2012-10-27T08:27:13.809Z AutoPurgeWorker triggered with dwWork=0x3
2012-10-27T08:27:13.809Z Product supports installmode: 1
2012-10-27T08:27:13.812Z Task(-GenuineCheck -RestrictPrivileges) launched
2012-10-27T08:27:13.932Z Task(SignatureUpdate -ScheduleJob -RestrictPrivileges) is scheduled to run in 86400000(ms) from now with period 86400000(ms)
2012-10-27T08:27:13.932Z Task(Scan -ScheduleJob -RestrictPrivileges -ScanType 2) is scheduled to run in 86400000(ms) from now with period 55972258(ms)
2012-10-27T08:27:14.082Z WAT report: machine genuine, state(1) error(0x0)
2012-10-27T08:27:30.103Z Detection State: Finished(0) Failed(0) CriticalFailed(1) Additional Actions(0)
--------------------------------------------------------------------------------
Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094) Service Log
Started On 10-27-2012 12:14:34
************************************************************
2012-10-27T10:14:34.968Z Trace session started - MpWppTracing-10272012-121434-00000003-ffffffff.bin**********Cache stats************
No. Of buckets -> 96938
Each Bucket has max capacity of -> 1 entries
number of Entries is 80146
Number of invalid entries is 0
Number of Inserts issued is 434974
Number of replaces issued is 0
Number of Insert failures is 64
Number of lookups is 818161
Number of misses is 498559
Number of false fast lookups is 70138
Number of invalidations is 111
Number of maintenance invalidations is 0
Current File Size is 2330624
Journal ID = 1c90dcdc370cfe9
Trusted image state = 1 USN = 0
Setup boot count = 0
2012-10-27T10:14:35.000Z Verifying RTP plugin...
2012-10-27T10:14:35.000Z verified!
2012-10-27T10:14:35.015Z Verifying Nis plugin...
2012-10-27T10:14:35.015Z verified!
2012-10-27T10:14:35.374Z Initializing Nis plugin state...
2012-10-27T10:14:35.374Z Nis initialized!
2012-10-27T10:14:35.374Z Loading engine...
2012-10-27T10:14:35.405Z Verifying engine and signature files (source: 1) ...
2012-10-27T10:14:35.405Z verified!
2012-10-27T10:14:39.724Z Initializing SQM in engine...
2012-10-27T10:14:39.725Z SQM initialized in the engine successfully
2012-10-27T10:14:39.736Z CSignatureStatus: back to good
2012-10-27T10:14:39.736Z Initializing RTP plugin state...
****************************RTP Perf Log***************************
RTP Start:N/A
Last Perf:N/A
First RTP Scan:N/A
Plugin States: AV:2 AS:2 RTP:2 OA:2 BM:2
Process Exclusions:
Path Exclusions:
Ext Exclusions:
Worker Threads:
AM:19
Async:4
Cache Flushes:
RTP:0
System File Cache:
Hits:0
Misses:0
BM Queue:0,0,0
Proc:0,0,0
File:0,0,0
Plugin Queue:0,0,0
Threat:0,0,0
Susp:0,0,0
Unknown:0,0,0
Error:0,0,0
Request Queue:1,1,0
SetEngine:1,1,0
SetState:0,0,0
SetUser:0,0,0
Config:0,0,0
ProcExcl:0,0,0
FilterReload:0,0,0
FilterUnload:0,0,0
MpFilter:
Scans:0
Pending:0
RegSize:0
AsyncQNotif:0
AsyncQMissed:0
AsyncQTotalSent:2576
AsyncQCurrent:0
BMFlags:0
ServiceMaj:0
ServiceMin:0
ProcBitmap:0
NumInstance:4
TotalStreamCon:759
TotalBitmap:84944
NTFS Cache Statistics:
TotalMisses:4865
TotalHits:0
InstanceCacheHits:0
CSVFS Cache Statistics (Type:GenericTable, Policy:WriteBack):
TotalMisses:0
TotalHits:0
InstanceCacheInserts:0
InstanceCacheUpdates:0
InstanceCacheDeletes:0
InstanceCacheHits:0
InstanceCacheMisses:0
InstanceCacheOverflows:0
REFS Cache Statistics (Type:GenericTable, Policy:WriteBack):
TotalMisses:0
TotalHits:0
InstanceCacheInserts:0
InstanceCacheUpdates:0
InstanceCacheDeletes:0
InstanceCacheHits:0
InstanceCacheMisses:0
InstanceCacheOverflows:0
**************************END RTP Perf Log*************************
2012-10-27T10:14:39.737Z initialized!
2012-10-27T10:14:39.737Z loaded!
2012-10-27T10:14:39.742Z Verifying license file...
2012-10-27T10:14:39.743Z verified!
2012-10-27T10:14:39.743Z Product supports installmode: 1
2012-10-27T10:14:39.824Z Task(-GenuineCheck -RestrictPrivileges) launched
2012-10-27T10:14:39.827Z Auto purger task is scheduled to run in 600000(ms) from now with period 86400000(ms)
Product Version: 4.1.522.0
Service Version: 4.1.522.0
Engine Version: 1.1.8904.0
AS Signature Version: 1.139.572.0
AV Signature Version: 1.139.572.0
************************************************************
2012-10-27T10:14:40.025Z WAT report: machine genuine, state(1) error(0x0)
2012-10-27T10:15:34.971Z Process scan (poststartupscan) started.
2012-10-27T10:15:35.646Z Process scan (poststartupscan) completed.
2012-10-27T10:18:56.175Z IWscAVStatus::UpdateStatus() succceeded writing instance with state (1) and up-to-date state(1)
2012-10-27T10:18:56.181Z IWscASStatus::UpdateStatus() succceeded writing instance with state (1) and up-to-date state(1)
2012-10-27T10:24:39.827Z AutoPurgeWorker triggered with dwWork=0x3
2012-10-27T10:24:39.827Z Product supports installmode: 1
2012-10-27T10:24:39.828Z Task(-GenuineCheck -RestrictPrivileges) launched
2012-10-27T10:24:39.984Z Task(SignatureUpdate -ScheduleJob -RestrictPrivileges) is scheduled to run in 86400000(ms) from now with period 86400000(ms)
2012-10-27T10:24:39.985Z Task(Scan -ScheduleJob -RestrictPrivileges -ScanType 2) is scheduled to run in 86400000(ms) from now with period 47274013(ms)
2012-10-27T10:24:40.059Z WAT report: machine genuine, state(1) error(0x0)
2012-10-27T10:24:42.626Z Detection State: Finished(0) Failed(0) CriticalFailed(1) Additional Actions(0)
--------------------------------------------------------------------------------
Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094) Service Log
Started On 10-27-2012 14:11:24
************************************************************
2012-10-27T12:11:24.388Z Trace session started - MpWppTracing-10272012-141124-00000003-ffffffff.bin**********Cache stats************
No. Of buckets -> 96938
Each Bucket has max capacity of -> 1 entries
number of Entries is 80151
Number of invalid entries is 0
Number of Inserts issued is 434986
Number of replaces issued is 0
Number of Insert failures is 67
Number of lookups is 825516
Number of misses is 503580
Number of false fast lookups is 70898
Number of invalidations is 118
Number of maintenance invalidations is 0
Current File Size is 2330624
Journal ID = 1c90dcdc370cfe9
Trusted image state = 1 USN = 0
Setup boot count = 0
2012-10-27T12:11:24.528Z Verifying RTP plugin...
2012-10-27T12:11:24.528Z verified!
2012-10-27T12:11:24.528Z Verifying Nis plugin...
2012-10-27T12:11:24.528Z verified!
2012-10-27T12:11:24.544Z Initializing Nis plugin state...
2012-10-27T12:11:24.544Z Nis initialized!
2012-10-27T12:11:24.544Z Loading engine...
2012-10-27T12:11:24.544Z Verifying engine and signature files (source: 1) ...
2012-10-27T12:11:24.591Z verified!
2012-10-27T12:11:27.598Z Initializing SQM in engine...
2012-10-27T12:11:27.598Z SQM initialized in the engine successfully
2012-10-27T12:11:27.637Z CSignatureStatus: back to good
2012-10-27T12:11:27.637Z Initializing RTP plugin state...
****************************RTP Perf Log***************************
RTP Start:N/A
Last Perf:N/A
First RTP Scan:N/A
Plugin States: AV:2 AS:2 RTP:2 OA:2 BM:2
Process Exclusions:
Path Exclusions:
Ext Exclusions:
Worker Threads:
AM:19
Async:4
Cache Flushes:
RTP:0
System File Cache:
Hits:0
Misses:0
BM Queue:0,0,0
Proc:0,0,0
File:0,0,0
Plugin Queue:0,0,0
Threat:0,0,0
Susp:0,0,0
Unknown:0,0,0
Error:0,0,0
Request Queue:1,1,0
SetEngine:1,1,0
SetState:0,0,0
SetUser:0,0,0
Config:0,0,0
ProcExcl:0,0,0
FilterReload:0,0,0
FilterUnload:0,0,0
MpFilter:
Scans:0
Pending:0
RegSize:0
AsyncQNotif:0
AsyncQMissed:0
AsyncQTotalSent:2578
AsyncQCurrent:0
BMFlags:0
ServiceMaj:0
ServiceMin:0
ProcBitmap:0
NumInstance:4
TotalStreamCon:707
TotalBitmap:84944
NTFS Cache Statistics:
TotalMisses:3260
TotalHits:0
InstanceCacheHits:0
CSVFS Cache Statistics (Type:GenericTable, Policy:WriteBack):
TotalMisses:0
TotalHits:0
InstanceCacheInserts:0
InstanceCacheUpdates:0
InstanceCacheDeletes:0
InstanceCacheHits:0
InstanceCacheMisses:0
InstanceCacheOverflows:0
REFS Cache Statistics (Type:GenericTable, Policy:WriteBack):
TotalMisses:0
TotalHits:0
InstanceCacheInserts:0
InstanceCacheUpdates:0
InstanceCacheDeletes:0
InstanceCacheHits:0
InstanceCacheMisses:0
InstanceCacheOverflows:0
**************************END RTP Perf Log*************************
2012-10-27T12:11:27.637Z initialized!
2012-10-27T12:11:27.638Z loaded!
2012-10-27T12:11:27.651Z Verifying license file...
2012-10-27T12:11:27.651Z verified!
2012-10-27T12:11:27.651Z Product supports installmode: 1
2012-10-27T12:11:27.689Z Task(-GenuineCheck -RestrictPrivileges) launched
2012-10-27T12:11:27.692Z Auto purger task is scheduled to run in 600000(ms) from now with period 86400000(ms)
Product Version: 4.1.522.0
Service Version: 4.1.522.0
Engine Version: 1.1.8904.0
AS Signature Version: 1.139.712.0
AV Signature Version: 1.139.712.0
************************************************************
2012-10-27T12:11:28.689Z WAT report: machine genuine, state(1) error(0x0)
2012-10-27T12:12:24.464Z Process scan (poststartupscan) started.
2012-10-27T12:12:25.167Z Process scan (poststartupscan) completed.
2012-10-27T12:15:47.719Z IWscAVStatus::UpdateStatus() succceeded writing instance with state (1) and up-to-date state(1)
2012-10-27T12:15:47.726Z IWscASStatus::UpdateStatus() succceeded writing instance with state (1) and up-to-date state(1)
2012-10-27T12:21:27.693Z AutoPurgeWorker triggered with dwWork=0x3
2012-10-27T12:21:27.693Z Product supports installmode: 1
2012-10-27T12:21:27.694Z Task(-GenuineCheck -RestrictPrivileges) launched
2012-10-27T12:21:27.891Z Task(SignatureUpdate -ScheduleJob -RestrictPrivileges) is scheduled to run in 86400000(ms) from now with period 86400000(ms)
2012-10-27T12:21:27.891Z Task(Scan -ScheduleJob -RestrictPrivileges -ScanType 2) is scheduled to run in 86400000(ms) from now with period 43207260(ms)
2012-10-27T12:21:27.925Z WAT report: machine genuine, state(1) error(0x0)
2012-10-27T12:21:31.131Z Detection State: Finished(0) Failed(0) CriticalFailed(1) Additional Actions(0)
--------------------------------------------------------------------------------
Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094) Service Log
Started On 10-27-2012 20:33:24
************************************************************
2012-10-27T18:33:24.684Z Trace session started - MpWppTracing-10272012-203324-00000003-ffffffff.bin**********Cache stats************
No. Of buckets -> 96938
Each Bucket has max capacity of -> 1 entries
number of Entries is 80160
Number of invalid entries is 0
Number of Inserts issued is 434995
Number of replaces issued is 0
Number of Insert failures is 67
Number of lookups is 832882
Number of misses is 509488
Number of false fast lookups is 71764
Number of invalidations is 118
Number of maintenance invalidations is 0
Current File Size is 2330624
Journal ID = 1c90dcdc370cfe9
Trusted image state = 1 USN = 0
Setup boot count = 0
2012-10-27T18:33:24.778Z Verifying RTP plugin...
2012-10-27T18:33:24.778Z verified!
2012-10-27T18:33:24.778Z Verifying Nis plugin...
2012-10-27T18:33:24.794Z verified!
2012-10-27T18:33:24.794Z Initializing Nis plugin state...
2012-10-27T18:33:24.794Z Nis initialized!
2012-10-27T18:33:24.794Z Loading engine...
2012-10-27T18:33:24.794Z Verifying engine and signature files (source: 1) ...
2012-10-27T18:33:24.856Z verified!
2012-10-27T18:33:27.757Z Initializing SQM in engine...
2012-10-27T18:33:27.757Z SQM initialized in the engine successfully
2012-10-27T18:33:29.796Z CSignatureStatus: back to good
2012-10-27T18:33:29.796Z Initializing RTP plugin state...
2012-10-27T18:33:29.796Z initialized!
2012-10-27T18:33:29.796Z loaded!
****************************RTP Perf Log***************************
RTP Start:N/A
Last Perf:(null)
First RTP Scan:N/A
Plugin States: AV:2 AS:2 RTP:2 OA:2 BM:2
Process Exclusions:
Path Exclusions:
Ext Exclusions:
Worker Threads:
AM:19
Async:4
Cache Flushes:
RTP:0
System File Cache:
Hits:0
Misses:0
BM Queue:0,0,0
Proc:0,0,0
File:0,0,0
Plugin Queue:0,0,0
Threat:0,0,0
Susp:0,0,0
Unknown:0,0,0
Error:0,0,0
Request Queue:2,2,0
SetEngine:1,1,0
SetState:1,1,0
SetUser:0,0,0
Config:0,0,0
ProcExcl:0,0,0
FilterReload:0,0,0
FilterUnload:0,0,0
MpFilter:
Scans:0
Pending:0
RegSize:0
AsyncQNotif:0
AsyncQMissed:0
AsyncQTotalSent:2578
AsyncQCurrent:0
BMFlags:0
ServiceMaj:0
ServiceMin:0
ProcBitmap:0
NumInstance:4
TotalStreamCon:755
TotalBitmap:84944
NTFS Cache Statistics:
TotalMisses:4860
TotalHits:0
InstanceCacheHits:0
CSVFS Cache Statistics (Type:GenericTable, Policy:WriteBack):
TotalMisses:0
TotalHits:0
InstanceCacheInserts:0
InstanceCacheUpdates:0
InstanceCacheDeletes:0
InstanceCacheHits:0
InstanceCacheMisses:0
InstanceCacheOverflows:0
REFS Cache Statistics (Type:GenericTable, Policy:WriteBack):
TotalMisses:0
TotalHits:0
InstanceCacheInserts:0
InstanceCacheUpdates:0
InstanceCacheDeletes:0
InstanceCacheHits:0
InstanceCacheMisses:0
InstanceCacheOverflows:0
**************************END RTP Perf Log*************************
2012-10-27T18:33:30.456Z Verifying license file...
2012-10-27T18:33:30.456Z verified!
2012-10-27T18:33:30.456Z Product supports installmode: 1
2012-10-27T18:33:30.462Z Task(-GenuineCheck -RestrictPrivileges) launched
2012-10-27T18:33:30.466Z Auto purger task is scheduled to run in 600000(ms) from now with period 86400000(ms)
Product Version: 4.1.522.0
Service Version: 4.1.522.0
Engine Version: 1.1.8904.0
AS Signature Version: 1.139.712.0
AV Signature Version: 1.139.712.0
************************************************************
2012-10-27T18:33:30.688Z WAT report: machine genuine, state(1) error(0x0)
2012-10-27T18:34:24.749Z Process scan (poststartupscan) started.
2012-10-27T18:34:25.373Z Process scan (poststartupscan) completed.
2012-10-27T18:37:56.132Z IWscAVStatus::UpdateStatus() succceeded writing instance with state (1) and up-to-date state(1)
2012-10-27T18:37:56.147Z IWscASStatus::UpdateStatus() succceeded writing instance with state (1) and up-to-date state(1)
2012-10-27T18:43:30.502Z AutoPurgeWorker triggered with dwWork=0x3
2012-10-27T18:43:30.502Z Product supports installmode: 1
2012-10-27T18:43:30.502Z Task(-GenuineCheck -RestrictPrivileges) launched
2012-10-27T18:43:30.689Z Task(SignatureUpdate -ScheduleJob -RestrictPrivileges) is scheduled to run in 86400000(ms) from now with period 86400000(ms)
2012-10-27T18:43:30.689Z Task(Scan -ScheduleJob -RestrictPrivileges -ScanType 2) is scheduled to run in 86400000(ms) from now with period 19804398(ms)
2012-10-27T18:43:30.705Z WAT report: machine genuine, state(1) error(0x0)
2012-10-27T18:43:34.215Z Detection State: Finished(0) Failed(0) CriticalFailed(1) Additional Actions(0)
--------------------------------------------------------------------------------
Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094) Service Log
Started On 10-28-2012 09:20:18
************************************************************
2012-10-28T08:20:18.639Z Trace session started - MpWppTracing-10282012-092018-00000003-ffffffff.bin**********Cache stats************
No. Of buckets -> 96938
Each Bucket has max capacity of -> 1 entries
number of Entries is 80166
Number of invalid entries is 0
Number of Inserts issued is 435018
Number of replaces issued is 0
Number of Insert failures is 70
Number of lookups is 846278
Number of misses is 516658
Number of false fast lookups is 73011
Number of invalidations is 135
Number of maintenance invalidations is 0
Current File Size is 2330624
Journal ID = 1c90dcdc370cfe9
Trusted image state = 1 USN = 0
Setup boot count = 0
2012-10-28T08:20:18.717Z Verifying RTP plugin...
2012-10-28T08:20:18.717Z verified!
2012-10-28T08:20:18.733Z Verifying Nis plugin...
2012-10-28T08:20:18.733Z verified!
2012-10-28T08:20:18.733Z Initializing Nis plugin state...
2012-10-28T08:20:18.733Z Nis initialized!
2012-10-28T08:20:18.733Z Loading engine...
2012-10-28T08:20:18.733Z Verifying engine and signature files (source: 1) ...
2012-10-28T08:20:18.780Z verified!
2012-10-28T08:20:21.198Z Initializing SQM in engine...
2012-10-28T08:20:21.198Z SQM initialized in the engine successfully
2012-10-28T08:20:21.260Z CSignatureStatus: back to good
2012-10-28T08:20:21.260Z Initializing RTP plugin state...
****************************RTP Perf Log***************************
RTP Start:N/A
Last Perf:N/A
First RTP Scan:N/A
Plugin States: AV:2 AS:2 RTP:2 OA:2 BM:2
Process Exclusions:
Path Exclusions:
Ext Exclusions:
Worker Threads:
AM:19
Async:4
Cache Flushes:
RTP:0
System File Cache:
Hits:0
Misses:0
BM Queue:0,0,0
Proc:0,0,0
File:0,0,0
Plugin Queue:0,0,0
Threat:0,0,0
Susp:0,0,0
Unknown:0,0,0
Error:0,0,0
Request Queue:1,1,0
SetEngine:1,1,0
SetState:0,0,0
SetUser:0,0,0
Config:0,0,0
ProcExcl:0,0,0
FilterReload:0,0,0
FilterUnload:0,0,0
MpFilter:
Scans:0
Pending:0
RegSize:0
AsyncQNotif:0
AsyncQMissed:0
AsyncQTotalSent:0
AsyncQCurrent:0
BMFlags:0
ServiceMaj:0
ServiceMin:0
ProcBitmap:0
NumInstance:4
TotalStreamCon:722
TotalBitmap:84944
NTFS Cache Statistics:
TotalMisses:2810
TotalHits:0
InstanceCacheHits:0
CSVFS Cache Statistics (Type:GenericTable, Policy:WriteBack):
TotalMisses:0
TotalHits:0
InstanceCacheInserts:0
InstanceCacheUpdates:0
InstanceCacheDeletes:0
InstanceCacheHits:0
InstanceCacheMisses:0
InstanceCacheOverflows:0
REFS Cache Statistics (Type:GenericTable, Policy:WriteBack):
TotalMisses:0
TotalHits:0
InstanceCacheInserts:0
InstanceCacheUpdates:0
InstanceCacheDeletes:0
InstanceCacheHits:0
InstanceCacheMisses:0
InstanceCacheOverflows:0
**************************END RTP Perf Log*************************
2012-10-28T08:20:21.260Z initialized!
2012-10-28T08:20:21.260Z loaded!
2012-10-28T08:20:21.276Z Verifying license file...
2012-10-28T08:20:21.276Z verified!
2012-10-28T08:20:21.276Z Product supports installmode: 1
2012-10-28T08:20:21.729Z Task(-GenuineCheck -RestrictPrivileges) launched
2012-10-28T08:20:21.729Z Auto purger task is scheduled to run in 600000(ms) from now with period 86400000(ms)
Product Version: 4.1.522.0
Service Version: 4.1.522.0
Engine Version: 1.1.8904.0
AS Signature Version: 1.139.745.0
AV Signature Version: 1.139.745.0
************************************************************
2012-10-28T08:20:22.849Z WAT report: machine genuine, state(1) error(0x0)
2012-10-28T08:21:18.716Z Process scan (poststartupscan) started.
2012-10-28T08:21:19.418Z Process scan (poststartupscan) completed.
2012-10-28T08:24:41.868Z IWscAVStatus::UpdateStatus() succceeded writing instance with state (1) and up-to-date state(1)
2012-10-28T08:24:41.875Z IWscASStatus::UpdateStatus() succceeded writing instance with state (1) and up-to-date state(1)
2012-10-28T08:30:21.715Z AutoPurgeWorker triggered with dwWork=0x3
2012-10-28T08:30:21.715Z Product supports installmode: 1
2012-10-28T08:30:21.716Z Task(-GenuineCheck -RestrictPrivileges) launched
2012-10-28T08:30:21.880Z Task(SignatureUpdate -ScheduleJob -RestrictPrivileges) is scheduled to run in 86400000(ms) from now with period 86400000(ms)
2012-10-28T08:30:21.880Z Task(Scan -ScheduleJob -RestrictPrivileges -ScanType 2) is scheduled to run in 86400000(ms) from now with period 60049860(ms)
2012-10-28T08:30:21.924Z WAT report: machine genuine, state(1) error(0x0)
2012-10-28T08:30:25.897Z Detection State: Finished(0) Failed(0) CriticalFailed(1) Additional Actions(0)
--------------------------------------------------------------------------------
Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094) Service Log
Started On 10-28-2012 19:47:29
************************************************************
2012-10-28T18:47:29.234Z Trace session started - MpWppTracing-10282012-194729-00000003-ffffffff.bin**********Cache stats************
No. Of buckets -> 96938
Each Bucket has max capacity of -> 1 entries
number of Entries is 80167
Number of invalid entries is 0
Number of Inserts issued is 435019
Number of replaces issued is 0
Number of Insert failures is 70
Number of lookups is 856124
Number of misses is 523122
Number of false fast lookups is 74122
Number of invalidations is 135
Number of maintenance invalidations is 0
Current File Size is 2330624
Journal ID = 1c90dcdc370cfe9
Trusted image state = 1 USN = 0
Setup boot count = 0
2012-10-28T18:47:29.296Z Verifying RTP plugin...
2012-10-28T18:47:29.296Z verified!
2012-10-28T18:47:29.530Z Verifying Nis plugin...
2012-10-28T18:47:29.530Z verified!
2012-10-28T18:47:29.546Z Initializing Nis plugin state...
2012-10-28T18:47:29.546Z Nis initialized!
2012-10-28T18:47:29.546Z Loading engine...
2012-10-28T18:47:29.546Z Verifying engine and signature files (source: 1) ...
2012-10-28T18:47:29.546Z verified!
2012-10-28T18:47:30.995Z Initializing SQM in engine...
2012-10-28T18:47:30.995Z SQM initialized in the engine successfully
2012-10-28T18:47:31.030Z CSignatureStatus: back to good
2012-10-28T18:47:31.030Z Initializing RTP plugin state...
****************************RTP Perf Log***************************
RTP Start:N/A
Last Perf:N/A
First RTP Scan:N/A
Plugin States: AV:2 AS:2 RTP:2 OA:2 BM:2
Process Exclusions:
Path Exclusions:
Ext Exclusions:
Worker Threads:
AM:19
Async:4
Cache Flushes:
RTP:0
System File Cache:
Hits:0
Misses:0
BM Queue:0,0,0
Proc:0,0,0
File:0,0,0
Plugin Queue:0,0,0
Threat:0,0,0
Susp:0,0,0
Unknown:0,0,0
Error:0,0,0
Request Queue:1,1,0
SetEngine:1,1,0
SetState:0,0,0
SetUser:0,0,0
Config:0,0,0
ProcExcl:0,0,0
FilterReload:0,0,0
FilterUnload:0,0,0
MpFilter:
Scans:0
Pending:0
RegSize:0
AsyncQNotif:0
AsyncQMissed:0
AsyncQTotalSent:2290
AsyncQCurrent:0
BMFlags:0
ServiceMaj:0
ServiceMin:0
ProcBitmap:0
NumInstance:5
TotalStreamCon:731
TotalBitmap:84944
NTFS Cache Statistics:
TotalMisses:3358
TotalHits:0
InstanceCacheHits:0
CSVFS Cache Statistics (Type:GenericTable, Policy:WriteBack):
TotalMisses:0
TotalHits:0
InstanceCacheInserts:0
InstanceCacheUpdates:0
InstanceCacheDeletes:0
InstanceCacheHits:0
InstanceCacheMisses:0
InstanceCacheOverflows:0
REFS Cache Statistics (Type:GenericTable, Policy:WriteBack):
TotalMisses:0
TotalHits:0
InstanceCacheInserts:0
InstanceCacheUpdates:0
InstanceCacheDeletes:0
InstanceCacheHits:0
InstanceCacheMisses:0
InstanceCacheOverflows:0
**************************END RTP Perf Log*************************
2012-10-28T18:47:31.031Z initialized!
2012-10-28T18:47:31.031Z loaded!
2012-10-28T18:47:31.152Z Verifying license file...
2012-10-28T18:47:31.152Z verified!
2012-10-28T18:47:31.152Z Product supports installmode: 1
2012-10-28T18:47:31.640Z Task(-GenuineCheck -RestrictPrivileges) launched
2012-10-28T18:47:31.644Z Auto purger task is scheduled to run in 600000(ms) from now with period 86400000(ms)
Product Version: 4.1.522.0
Service Version: 4.1.522.0
Engine Version: 1.1.8904.0
AS Signature Version: 1.139.745.0
AV Signature Version: 1.139.745.0
************************************************************
2012-10-28T18:47:32.859Z WAT report: machine genuine, state(1) error(0x0)
2012-10-28T18:48:29.229Z Process scan (poststartupscan) started.
2012-10-28T18:48:29.945Z Process scan (poststartupscan) completed.
2012-10-28T18:51:46.038Z IWscAVStatus::UpdateStatus() succceeded writing instance with state (1) and up-to-date state(1)
2012-10-28T18:51:46.044Z IWscASStatus::UpdateStatus() succceeded writing instance with state (1) and up-to-date state(1)
2012-10-28T18:57:31.645Z AutoPurgeWorker triggered with dwWork=0x3
2012-10-28T18:57:31.645Z Product supports installmode: 1
2012-10-28T18:57:31.646Z Task(-GenuineCheck -RestrictPrivileges) launched
2012-10-28T18:57:31.830Z Task(SignatureUpdate -ScheduleJob -RestrictPrivileges) is scheduled to run in 86400000(ms) from now with period 86400000(ms)
2012-10-28T18:57:31.830Z Task(Scan -ScheduleJob -RestrictPrivileges -ScanType 2) is scheduled to run in 86400000(ms) from now with period 21239157(ms)
2012-10-28T18:57:31.885Z WAT report: machine genuine, state(1) error(0x0)
2012-10-28T18:57:36.527Z Detection State: Finished(0) Failed(0) CriticalFailed(1) Additional Actions(0)
--------------------------------------------------------------------------------
Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094) Service Log
Started On 10-29-2012 08:30:41
************************************************************
2012-10-29T07:30:41.296Z Trace session started - MpWppTracing-10292012-083041-00000003-ffffffff.bin**********Cache stats************
No. Of buckets -> 96938
Each Bucket has max capacity of -> 1 entries
number of Entries is 80169
Number of invalid entries is 0
Number of Inserts issued is 435021
Number of replaces issued is 0
Number of Insert failures is 70
Number of lookups is 863562
Number of misses is 528933
Number of false fast lookups is 74949
Number of invalidations is 135
Number of maintenance invalidations is 0
Current File Size is 2330624
Journal ID = 1c90dcdc370cfe9
Trusted image state = 1 USN = 0
Setup boot count = 0
2012-10-29T07:30:41.639Z Verifying RTP plugin...
2012-10-29T07:30:41.639Z verified!
2012-10-29T07:30:41.733Z Verifying Nis plugin...
2012-10-29T07:30:41.733Z verified!
2012-10-29T07:30:41.733Z Initializing Nis plugin state...
2012-10-29T07:30:41.733Z Nis initialized!
2012-10-29T07:30:41.733Z Loading engine...
2012-10-29T07:30:41.733Z Verifying engine and signature files (source: 1) ...
2012-10-29T07:30:41.748Z verified!
2012-10-29T07:30:43.681Z Initializing SQM in engine...
2012-10-29T07:30:43.682Z SQM initialized in the engine successfully
2012-10-29T07:30:43.693Z CSignatureStatus: back to good
2012-10-29T07:30:43.694Z Initializing RTP plugin state...
****************************RTP Perf Log***************************
RTP Start:N/A
Last Perf:N/A
First RTP Scan:N/A
Plugin States: AV:2 AS:2 RTP:2 OA:2 BM:2
Process Exclusions:
Path Exclusions:
Ext Exclusions:
Worker Threads:
AM:19
Async:4
Cache Flushes:
RTP:0
System File Cache:
Hits:0
Misses:0
BM Queue:0,0,0
Proc:0,0,0
File:0,0,0
Plugin Queue:0,0,0
Threat:0,0,0
Susp:0,0,0
Unknown:0,0,0
Error:0,0,0
Request Queue:1,1,0
SetEngine:1,1,0
SetState:0,0,0
SetUser:0,0,0
Config:0,0,0
ProcExcl:0,0,0
FilterReload:0,0,0
FilterUnload:0,0,0
MpFilter:
Scans:0
Pending:0
RegSize:0
AsyncQNotif:0
AsyncQMissed:0
AsyncQTotalSent:2578
AsyncQCurrent:0
BMFlags:0
ServiceMaj:0
ServiceMin:0
ProcBitmap:0
NumInstance:4
TotalStreamCon:726
TotalBitmap:84944
NTFS Cache Statistics:
TotalMisses:3427
TotalHits:0
InstanceCacheHits:0
CSVFS Cache Statistics (Type:GenericTable, Policy:WriteBack):
TotalMisses:0
TotalHits:0
InstanceCacheInserts:0
InstanceCacheUpdates:0
InstanceCacheDeletes:0
InstanceCacheHits:0
InstanceCacheMisses:0
InstanceCacheOverflows:0
REFS Cache Statistics (Type:GenericTable, Policy:WriteBack):
TotalMisses:0
TotalHits:0
InstanceCacheInserts:0
InstanceCacheUpdates:0
InstanceCacheDeletes:0
InstanceCacheHits:0
InstanceCacheMisses:0
InstanceCacheOverflows:0
**************************END RTP Perf Log*************************
2012-10-29T07:30:43.694Z initialized!
2012-10-29T07:30:43.694Z loaded!
2012-10-29T07:30:44.073Z Verifying license file...
2012-10-29T07:30:44.073Z verified!
2012-10-29T07:30:44.073Z Product supports installmode: 1
2012-10-29T07:30:44.081Z Task(-GenuineCheck -RestrictPrivileges) launched
2012-10-29T07:30:44.084Z Auto purger task is scheduled to run in 600000(ms) from now with period 86400000(ms)
Product Version: 4.1.522.0
Service Version: 4.1.522.0
Engine Version: 1.1.8904.0
AS Signature Version: 1.139.745.0
AV Signature Version: 1.139.745.0
************************************************************
2012-10-29T07:30:45.544Z WAT report: machine genuine, state(1) error(0x0)
2012-10-29T07:31:41.599Z Process scan (poststartupscan) started.
2012-10-29T07:31:42.264Z Process scan (poststartupscan) completed.
2012-10-29T07:35:02.298Z IWscAVStatus::UpdateStatus() succceeded writing instance with state (1) and up-to-date state(1)
2012-10-29T07:35:02.308Z IWscASStatus::UpdateStatus() succceeded writing instance with state (1) and up-to-date state(1)
2012-10-29T07:40:44.105Z AutoPurgeWorker triggered with dwWork=0x3
2012-10-29T07:40:44.105Z Product supports installmode: 1
2012-10-29T07:40:44.105Z Task(-GenuineCheck -RestrictPrivileges) launched
2012-10-29T07:40:44.285Z Task(SignatureUpdate -ScheduleJob -RestrictPrivileges) is scheduled to run in 86400000(ms) from now with period 86400000(ms)
2012-10-29T07:40:44.285Z Task(Scan -ScheduleJob -RestrictPrivileges -ScanType 2) is scheduled to run in 86400000(ms) from now with period 63137708(ms)
2012-10-29T07:40:44.395Z WAT report: machine genuine, state(1) error(0x0)
2012-10-29T07:40:49.555Z Detection State: Finished(0) Failed(0) CriticalFailed(0) Additional Actions(0)
|
|
29.10.2012, 09:54
| #109 |
| /// Malwareteam | System der automatischen Informationskontrolle - Computer gesperrt Okay, danke!
__________________ Kein Asylrecht für Trojaner!  Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
|
01.11.2012, 11:11
| #110 |
| | System der automatischen Informationskontrolle - Computer gesperrt Ok... naja das nächste Problem: Ich habe den Button Fix Windows Updates gedrückt, dann kommt folgende Meldung (Anhang)... ich sollte also entweder für das Produkt bezahllen, oder einen Aktivierungscode haben, da es bei 4205 Problemen anscheinend sonst nicht funktioniert  ...Was soll ich tun? Lg |
|
01.11.2012, 11:14
| #111 |
| | System der automatischen Informationskontrolle - Computer gesperrt Hier der Anhang.. |
|
05.11.2012, 14:13
| #112 |
| /// Malwareteam | System der automatischen Informationskontrolle - Computer gesperrt Seltsam, das ist nicht die software, zu der ich dir den Link geschickt habe! Hier nochmal! Und entferne bitte diesen PC-Fixer Mist! o.O
__________________ Kein Asylrecht für Trojaner! Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
|
08.11.2012, 14:44
| #113 |
| | System der automatischen Informationskontrolle - Computer gesperrt Hallo Marius! Sorry meine späte Antwort, aber ich konnte es nicht früher durchführen... Haben nun die richtige Datei heruntergeladen, aber wieder das gleiche Problem (siehe Anhang). Der Pc macht mir die Updates nicht... lg |
|
09.11.2012, 09:09
| #114 |
| /// Malwareteam | System der automatischen Informationskontrolle - Computer gesperrt Hallo golderto, mittlerweile kümmern sich mehrere Leute im hintergrund mit um dein Problem! Mach einmal folgendes: Downloade dir bitte dds ( von sUBs ) von einem der folgenden Downloadspiegel und speichere die Datei auf deinem Desktop. dds.com dds.scr dds.pif
__________________ Kein Asylrecht für Trojaner! Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
|
09.11.2012, 11:31
| #115 |
| | System der automatischen Informationskontrolle - Computer gesperrt Tut mir sehr leid - wollte euch eigentlich nicht so sehr viel Aufwand bereiten..  DDS.txt: Code:
ATTFilter DDS (Ver_2012-11-07.01) - NTFS_x86
Internet Explorer: 9.0.8112.16450 BrowserJavaVersion: 10.9.2
Run by media at 11:29:19 on 2012-11-09
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\rundll32.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\SysMonitor.exe
C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Windows\System32\nvraidservice.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\WUDFHost.exe
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
C:\Windows\system32\wbem\WmiPrvSE.exe
C:\Windows\system32\wbem\WmiPrvSE.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\alg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.vol.at/
mStart Page = hxxp://de.intl.acer.yahoo.com
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - c:\program files\microsoft lync\OCHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - c:\program files\windows live\companion\companioncore.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
BHO: WOT Helper: {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - c:\program files\wot\WOT.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: WOT: {71576546-354D-41C9-AAE8-31F2EC22BF0D} - c:\program files\wot\WOT.dll
TB: Acer eDataSecurity Management: {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - c:\acer\empowering technology\edatasecurity\x86\eDStoolbar.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
TB: WOT: {71576546-354D-41c9-AAE8-31F2EC22BF0D} - c:\program files\wot\WOT.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Acer Empowering Technology Monitor] c:\acer\empowering technology\SysMonitor.exe
mRun: [eDataSecurity Loader] c:\acer\empowering technology\edatasecurity\x86\eDSloader.exe
mRun: [PCMMediaSharing] c:\program files\acer arcade live\acer homemedia connect\kernel\dms\PCMMediaSharing.exe
mRun: [WarReg_PopUp] c:\acer\wr_popup\WarReg_PopUp.exe
mRun: [NVRaidService] c:\windows\system32\nvraidservice.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [Windows Mobile-based device management] c:\windows\windowsmobile\wmdSync.exe
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [Communicator] "c:\program files\microsoft lync\communicator.exe" /fromrunkey
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: An OneNote s&enden - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: Nach Microsoft &Excel exportieren - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - c:\program files\microsoft lync\OCHelper.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/uno1/GAME_UNO1.cab
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{62F73864-B521-4BFF-8E43-CC4685420CD7} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{65340EC2-C695-4F14-B466-1A10E68B8112} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{814F0606-50B9-4C44-9BF1-D7FB635D6347} : DHCPNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: skype4com - <Clsid value has no data>
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - c:\program files\wot\WOT.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\media\appdata\roaming\mozilla\firefox\profiles\n5rn3q93.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/calendar/render|hxxp://web-mail.uibk.ac.at
FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMeetingJoinPluginOC.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\media\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\users\media\appdata\roaming\move networks\plugins\071802000001\npqmp071802000001.dll
FF - plugin: c:\windows\system32\adobe\director\np32dsw_1167637.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_287.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
FF - ExtSQL: !HIDDEN! 2009-09-02 10:50; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
.
============= SERVICES / DRIVERS ===============
.
R? BBSvc;Bing Bar Update Service
R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
R? fssfltr;fssfltr
R? fsssvc;Windows Live Family Safety Service
R? MSSQLServerADHelper100;SQL Server Hilfsdienst fr Active Directory
R? NisDrv;Microsoft Network Inspection System
R? NisSrv;Microsoft-Netzwerkinspektion
R? RsFx0103;RsFx0103 Driver
R? SkypeUpdate;Skype Updater
R? SQLAgent$MSSMLBIZ;SQL Server-Agent (MSSMLBIZ)
R? wlcrasvc;Windows Live Mesh remote connections service
R? WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0
S? Acer HomeMedia Connect Service;Acer HomeMedia Connect Service
S? FontCache;Windows-Dienst fr Schriftartencache
S? MpFilter;Microsoft Malware Protection Driver
S? MpKsldaec8ac3;MpKsldaec8ac3
.
=============== File Associations ===============
.
ShellExec: FRONTPG.EXE: edit=c:\progra~1\micros~2\office10\FRONTPG.EXE
.
=============== Created Last 30 ================
.
2012-11-09 10:26:31 29904 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{c8d8ab42-e9b9-4dee-b0ea-9e796d73a5eb}\MpKsldaec8ac3.sys
2012-11-08 13:16:48 -------- d-----w- c:\users\media\appdata\local\{D4190B11-A6F7-46CD-90A3-9AECAB2653F5}
2012-11-07 19:32:35 6918632 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{c8d8ab42-e9b9-4dee-b0ea-9e796d73a5eb}\mpengine.dll
2012-11-07 19:24:46 -------- d-----w- c:\users\media\appdata\local\{79E1CC80-E54E-47AD-A983-1E46672C0560}
2012-11-06 18:33:08 -------- d-----w- c:\users\media\appdata\local\{57B98D4D-BBE9-47E2-8288-597E15967CF0}
2012-11-05 19:37:07 -------- d-----w- c:\users\media\appdata\local\{E2F758FB-D5D6-4D96-B2D4-46104DA95FB5}
2012-11-05 19:31:28 6918632 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2012-11-05 07:36:43 -------- d-----w- c:\users\media\appdata\local\{AE63C76E-E64B-4270-9BF5-DF87D4F90AC2}
2012-11-04 13:28:17 -------- d-----w- c:\users\media\appdata\local\{382D699C-77AC-4CDA-96F5-12FB7F0C3329}
2012-11-03 10:22:23 -------- d-----w- c:\users\media\appdata\local\{C5308508-C857-45EB-8611-A3536A4E0805}
2012-11-02 12:02:26 -------- d-----w- c:\users\media\appdata\local\{C8905DBD-4DCB-4F01-BCCB-F796EE8E56DD}
2012-11-01 11:34:38 -------- d-----w- c:\users\media\appdata\local\{273D83BB-B592-44A6-A2FA-7D27895996EF}
2012-11-01 09:36:04 -------- d-----w- c:\users\media\appdata\roaming\DriverCure
2012-11-01 09:36:03 -------- d-----w- c:\users\media\appdata\roaming\SpeedyPC Software
2012-11-01 09:35:56 -------- d-----w- c:\programdata\SpeedyPC Software
2012-11-01 09:34:39 -------- d-----w- c:\users\media\appdata\local\{36ACAA1F-A7EF-452A-A4B7-83109FB20D78}
2012-10-31 19:08:26 -------- d-----w- c:\users\media\appdata\local\{F0E6F86E-8D7B-4B92-B76C-CF5FF8064CE6}
2012-10-30 18:00:34 -------- d-----w- c:\users\media\appdata\local\{FFDE5B68-D0E8-4EA1-AD00-2F8A412384BE}
2012-10-29 15:48:44 -------- d-----w- c:\users\media\appdata\local\{FA1699D8-19D9-45EE-BB07-45F61828F198}
2012-10-29 14:53:50 -------- d-----w- c:\users\media\appdata\local\{FCEEA711-147D-4ED0-B9D5-9E626663D851}
2012-10-28 22:18:17 -------- d-----w- c:\users\media\appdata\local\{3AC0E5A4-C774-442F-BA14-D87E01165AA2}
2012-10-28 10:17:53 -------- d-----w- c:\users\media\appdata\local\{53FB3B09-58A9-4912-B3F7-A3AC4B8566C4}
2012-10-27 22:17:29 -------- d-----w- c:\users\media\appdata\local\{AFDFAACB-D136-4E96-BC36-FFA99FD4EFEE}
2012-10-27 10:17:05 -------- d-----w- c:\users\media\appdata\local\{4EDC3E61-82D3-40E6-9FC9-FAD5466DC6A8}
2012-10-27 10:12:46 -------- d-----w- c:\users\media\appdata\local\{9CAEEB02-14D6-4250-997A-2CFA8CDB76C4}
2012-10-27 08:19:54 -------- d-----w- c:\users\media\appdata\local\{8AF71A62-63CF-4FC3-8E66-09FED92797C6}
2012-10-26 09:17:38 -------- d-----w- c:\users\media\appdata\local\{13CEE2CD-8F99-4E74-AA1D-52260B3D4400}
2012-10-25 16:11:05 -------- d-----w- c:\users\media\appdata\local\{59270966-1B54-463B-9495-D8B337849BA5}
2012-10-25 16:08:31 -------- d-sh--w- C:\$RECYCLE.BIN
2012-10-25 06:11:20 -------- d-s---w- C:\ComboFix
2012-10-24 14:23:35 -------- d-----w- c:\users\media\appdata\local\{4E626025-E3EC-447E-9E68-1C176A5EB837}
2012-10-23 18:20:13 -------- d-----w- c:\users\media\appdata\local\{D7970391-5730-4F69-A988-66D9B4BEEEBB}
2012-10-23 07:10:40 98816 ----a-w- c:\windows\sed.exe
2012-10-23 07:10:40 256000 ----a-w- c:\windows\PEV.exe
2012-10-23 07:10:40 208896 ----a-w- c:\windows\MBR.exe
2012-10-23 05:58:09 -------- d-----w- c:\users\media\appdata\local\{F12A65F6-CF8E-4BA5-9D44-8A2C54A07025}
2012-10-22 14:28:53 -------- d-----w- c:\users\media\appdata\local\{5FB8DAAF-8F51-433A-8C26-0C1E7DB4AF37}
2012-10-22 14:23:32 303616 ----a-w- C:\SetACL.exe
2012-10-22 14:23:22 290304 ----a-w- C:\subinacl.exe
2012-10-22 13:51:53 -------- d-sh--w- C:\found.000
2012-10-22 13:48:09 -------- d-----w- C:\Tweaking.com_Windows_Repair_Logs
2012-10-22 13:48:02 -------- d-----w- c:\program files\Tweaking.com
2012-10-22 09:09:33 -------- d-----w- c:\program files\WOT
2012-10-22 08:35:04 -------- d-----w- c:\program files\Microsoft Security Client
2012-10-22 08:33:49 -------- d-----w- c:\users\media\appdata\local\WinZip
2012-10-22 08:31:43 -------- d-----w- c:\users\media\appdata\local\Secunia PSI
2012-10-22 08:31:34 -------- d-----w- c:\program files\Secunia
2012-10-21 14:07:52 -------- d-----w- c:\users\media\appdata\local\{54DDDE6D-3AB4-43B2-A649-125F1037A35E}
2012-10-20 10:29:01 -------- d-----w- c:\users\media\appdata\local\{65455D25-FE97-4BEA-8820-4F99DEF3FDCA}
2012-10-19 20:47:50 -------- d-----w- c:\users\media\appdata\local\{8318ECDF-055D-49EC-B98E-1EA65EFA45E9}
2012-10-19 18:19:50 96224 ----a-w- c:\program files\mozilla firefox\webapprt-stub.exe
2012-10-19 18:19:50 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2012-10-19 18:19:50 157272 ----a-w- c:\program files\mozilla firefox\webapp-uninstaller.exe
2012-10-19 18:03:37 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-10-19 18:03:25 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-10-19 08:47:25 -------- d-----w- c:\users\media\appdata\local\{366095AF-98A3-46BC-ADD6-5118D4543317}
2012-10-18 15:44:34 -------- d-----w- c:\program files\ESET
2012-10-16 21:41:31 -------- d-----w- c:\users\media\appdata\local\{EA7C845C-B09D-4C82-9C40-6B6155BEFB4D}
2012-10-16 10:56:57 150392 ----a-w- C:\junction.exe
2012-10-16 10:26:20 -------- d-----w- c:\users\media\appdata\local\{E07739AA-7072-4466-9445-9E9F9E09A0BE}
2012-10-15 20:12:19 -------- d-----w- c:\users\media\appdata\local\{4AA2A1E7-847B-4A7E-A5DB-2BC56CBCDCB1}
2012-10-15 08:30:22 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2012-10-15 08:29:50 -------- d-----w- c:\program files\LSoft Technologies
2012-10-15 07:15:15 -------- d-----w- c:\users\media\appdata\local\{8C62B14F-495D-42C6-A5BF-AF05A4AE2F7E}
2012-10-14 14:47:18 -------- d-----w- c:\users\media\appdata\local\{C6A3EB50-A185-4214-A79F-87AA08281656}
2012-10-13 20:20:06 -------- d-----w- c:\users\media\appdata\local\{F11C2A5C-4B5F-455F-8D58-7F64716ECDE7}
2012-10-13 08:19:28 -------- d-----w- c:\users\media\appdata\local\{DEC86578-265F-4226-BE11-218391A0D6E2}
2012-10-12 10:52:25 -------- d-----w- c:\users\media\appdata\local\{BF1FA385-DC97-4B43-81DF-CD502D8D55A3}
2012-10-12 07:18:03 -------- d-----w- C:\TDSSKiller_Quarantine
.
==================== Find3M ====================
.
2012-10-22 14:06:01 185856 ----a-w- c:\windows\system32\drivers\netbt.sys
2012-10-22 08:31:10 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-22 08:31:10 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-19 18:03:18 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-09-29 18:54:26 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-30 20:03:50 99272 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-08-30 20:03:50 193552 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-08-24 06:59:17 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-08-24 06:51:27 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-08-24 06:51:02 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-24 06:47:26 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-08-24 06:47:12 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-08-24 06:43:58 2382848 ----a-w- c:\windows\system32\mshtml.tlb
.
============= FINISH: 11:30:04,57 ===============
Code:
ATTFilter . ==== Installed Programs ====================== . 32 Bit HP CIO Components Installer 7-Zip 9.20 Acer Arcade Live Main Page Acer DV Magician Acer DVDivine Acer eDataSecurity Management Acer Empowering Technology Acer ePerformance Management Acer eSettings Management Acer GameZone Console DTV 2.0.1.1 Acer HomeMedia Acer HomeMedia Connect Acer HomeMedia Trial Creator Acer ScreenSaver Acer SlideShow DVD Acer VideoMagician Active@ ISO Burner Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Reader X (10.1.4) - Deutsch Adobe Shockwave Player 11.6 AIO_CDB_Software AIO_Scan Alice Greenfingers ATI Catalyst Install Manager Azada Backspin Billiards Big Kahuna Reef Bing Bar BlackBerry Desktop Software 4.6 Bricks of Egypt BufferChm Business Contact Manager für Microsoft Outlook 2010 Business Contact Manager for Microsoft Outlook 2010 Cake Mania Chicken Invaders 3 Chuzzle Cisco Systems VPN Client 5.0.02.0090 Compatibility Pack for the 2007 Office system Copy CustomerResearchQFolder D3DX10 Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition Destinations DeviceManagementQFolder Diner Dash Flo on the Go DivX-Setup DocProc DocProcQFolder ESET Online Scanner v3 eSupportQFolder Fax HappyFoto-Designer 4.4 HappyFoto Bestellassistent (nur entfernen) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) HP Customer Participation Program 8.0 HP Imaging Device Functions 8.0 HP OCR Software 8.0 HP Photosmart Essential HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B HP Solution Center 8.0 HP Update HPProductAssistant HPSSupply Java 7 Update 9 Java Auto Updater Jewel Quest Solitaire Junk Mail filter update Kick N Rush LightScribe 1.4.142.1 Mahjong Escape Ancient China Mahjongg Artifacts Malwarebytes Anti-Malware Version 1.65.1.1000 MarketResearch Mesh Runtime Messenger Companion Microsoft .NET Framework 3.5 Language Pack SP1 - deu Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Application Error Reporting Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170) Microsoft Chart Controls for Microsoft .NET Framework 3.5 Language Pack - deu Microsoft Lync 2010 Microsoft Office 2010 Service Pack 1 (SP1) Microsoft Office Access MUI (German) 2010 Microsoft Office Excel MUI (German) 2010 Microsoft Office Groove MUI (German) 2010 Microsoft Office InfoPath MUI (German) 2010 Microsoft Office Live Add-in 1.3 Microsoft Office OneNote MUI (German) 2010 Microsoft Office Outlook MUI (German) 2010 Microsoft Office PowerPoint MUI (German) 2010 Microsoft Office Professional Plus 2010 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2010 Microsoft Office Proof (German) 2010 Microsoft Office Proof (Italian) 2010 Microsoft Office Proofing (German) 2010 Microsoft Office Publisher MUI (German) 2010 Microsoft Office Shared MUI (German) 2010 Microsoft Office Word MUI (German) 2010 Microsoft Office XP Professional mit FrontPage Microsoft Security Client Microsoft Security Essentials Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft SQL Server 2008 Microsoft SQL Server 2008 Browser Microsoft SQL Server 2008 Common Files Microsoft SQL Server 2008 Database Engine Services Microsoft SQL Server 2008 Database Engine Shared Microsoft SQL Server 2008 Native Client Microsoft SQL Server 2008 RsFx Driver Microsoft SQL Server VSS Writer Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Works Microsoft® Office Language Pack 2010 – Deutsch (Business Contact Manager für Microsoft Outlook 2010) Move Media Player Mozilla Firefox 16.0.2 (x86 de) Mozilla Maintenance Service MSVCRT MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB941833) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) Mystery Case Files - Huntsville Mystery Solitaire - Secret Island NTI Backup NOW! 4.7 NTI CD & DVD-Maker NVIDIA Drivers OGA Notifier 2.0.0048.0 PhotoScape Realtek High Definition Audio Driver Roxio Media Manager Sandlot Games Client Services 1.2.2 Scan Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2518870) Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition Security Update for Microsoft InfoPath 2010 (KB2553322) 32-Bit Edition Security Update for Microsoft InfoPath 2010 (KB2553431) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553091) Security Update for Microsoft Office 2010 (KB2553096) Security Update for Microsoft Office 2010 (KB2553260) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2589322) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition Security Update for Microsoft SharePoint Workspace 2010 (KB2566445) Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition Segoe UI Service Pack 1 für SQL Server 2008 (KB 968369) Skype™ 5.10 SolutionCenter Spelling Dictionaries Support For Adobe Reader 8 Sql Server Customer Experience Improvement Program Status Sudoku-Drucker 1.4 swMSM Tele2 Internet Toolbox TrayApp Turbo Pizza Tweaking.com - Windows Repair (All in One) Unity Web Player UnloadSupport Unterstützungsdateien für Microsoft SQL Server 2008-Setup Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft Office 2010 (KB2553065) Update for Microsoft Office 2010 (KB2553092) Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition Update for Microsoft Office 2010 (KB2553272) 32-Bit Edition Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition Update for Microsoft Office 2010 (KB2566458) Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition Update for Microsoft Office 2010 (KB2598289) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition VC80CRTRedist - 8.0.50727.4053 VLC media player 2.0.4 WebReg Windows Live Communications Platform Windows Live Essentials Windows Live Family Safety Windows Live Fotogalerie Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Mail Windows Live Mesh Windows Live Mesh ActiveX control for remote connections Windows Live Messenger Windows Live Messenger Companion Core Windows Live MIME IFilter Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live Remote Client Windows Live Remote Client Resources Windows Live Remote Service Windows Live Remote Service Resources Windows Live SOXE Windows Live SOXE Definitions Windows Live Sync Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources Windows Media Player Firefox Plugin WinRAR WinZip 17.0 WOT for Internet Explorer Zuma Deluxe . ==== End Of File =========================== |
|
09.11.2012, 12:08
| #116 |
| /// Malwareteam | System der automatischen Informationskontrolle - Computer gesperrt Gar kein Ding, wir lernen dadurch ebenfalls dazu und gerade dieser Schädling ist für seine Hartnäckigkeit bekannt! 
__________________ Kein Asylrecht für Trojaner! Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
|
10.11.2012, 17:58
| #117 |
| /// Malwareteam | System der automatischen Informationskontrolle - Computer gesperrt ]Downloade dir bitte Junction.zip und speichere diese auf deinem Desktop. Extrahiere den Inhalt von Junction.zip und speichere die junction.exe auf deinem Systemlaufwerk. ( Meistens C: ) Drücke bitte die  + R Taste und schreibe notepad in das Ausführen Fenster.Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter @echo off
cd \
echo Please wait
junction -s > log.txt
cls
echo.
echo WMI >> log.txt
sc qc winmgmt >> log.txt
sc query winmgmt >> log.txt
notepad log.txt
del %0
Wenn der Scan beendet wurde öffnet sich ein Textdokument ( log.txt ). Kopiere den Inhalt bitte hier in dein Thema. ( Auch zu finden unter C:\log.txt )
__________________ Kein Asylrecht für Trojaner! Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
|
15.11.2012, 08:22
| #118 |
| /// Malwareteam | System der automatischen Informationskontrolle - Computer gesperrt Hallo, benötigst Du noch weiterhin Hilfe ? Sollte ich innerhalb der nächsten 24 Stunden keine Antwort von dir erhalten, werde ich dein Thema aus meinen Abos nehmen und bekomme dadurch keine Nachricht über neue Antworten. Das Verschwinden der Symptome bedeutet nicht, dass dein System schon sauber ist
__________________ Kein Asylrecht für Trojaner! Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
|
19.11.2012, 08:27
| #119 |
| /// Malwareteam | System der automatischen Informationskontrolle - Computer gesperrt Fehlende Rückmeldung Dieses Thema wurde aus den Abos gelöscht. Somit bekomm ich keine Benachrichtigung über neue Antworten. PM an mich falls Du denoch weiter machen willst. Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner schon sauber ist. Jeder andere bitte hier klicken und einen eigenen Thread erstellen
__________________ Kein Asylrecht für Trojaner! Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
|
| Themen zu System der automatischen Informationskontrolle - Computer gesperrt |
| 32 bit, bho, bildschirm, bildschirm weiß, bingbar, computer, desktop, diner dash, document, error, excel, exploit.drop.2, fehler, firefox, flash player, home, install.exe, logfile, mozilla, officejet, outlook 2010, phishing, plug-in, popup, realtek, registry, sekunden, senden, server, siteadvisor, software, svchost.exe, system, trojan.agent.ge, trojan.tracur.s, usb, vista |
Linear-Darstellung
