| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Malwarebytes findet Exploit.Drop.GSA und Mitteilung über 100 €-Zahlung VerschlüsselungstrojanerWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
22.12.2012, 20:11
| #1 |
 |  Malwarebytes findet Exploit.Drop.GSA und Mitteilung über 100 €-Zahlung Verschlüsselungstrojaner Hallo an alle mit der ganz herzlichen Bitte um Hilfe. Auf meinem Rechner sind der Admin, ich selbst und ein Mitbenutzer registriert. Mein Mitbenutzer teilte mir heute mit, daß er gestern eine rätselhafte Meldung vom angeblichen Bundesamt für Verfassungsschutz bekommen hat, er habe eine Straftat begangen und müsse 100 € zahlen, um sich zu entschulden. Er konnte allerdings seine Benutzeroberfläche heute normal benutzen, und ich merke weder als Admin noch als ich selbst als Benutzer was. Avast fand auf c:\users\...\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30\1edd2ede-765014a7 Win32-Malware-gen und meldete erfolgreich gelöscht. Dann habe ich Malwarebytes heruntergeladen und laufen lassen mit Quickscan. Dort fand sich der Exploit.Drop.GSA in C:\ProgramData\dsgsdgdsgdsdsgw.pad Es erfolgte keine Aktion, löschen oder Quarantäne oder so wurde gar nicht erst angeboten. Nochmaliger Versuch schien Malwarebytes lahmzulegen, denn der Quickscan dauerte plötzlich nur 48 Sekunden, natürlich ohne Fund. Dann habe ich den Defogger und OTL installiert. Habe ich von OTL zwei TXT-Files, die ich hier hoffentlich in richtiger Form beigefügt habe. Ich bitte ganz herzlich um Hilfe, Angkor.  Anhang 47735 Anhang 47736 |
|
22.12.2012, 21:42
| #2 | ||
| /// Winkelfunktion /// TB-Süch-Tiger™   | Malwarebytes findet Exploit.Drop.GSA und Mitteilung über 100 €-Zahlung Verschlüsselungstrojaner Hallo und
__________________ Zitat:
Schön und wo sind die Logs dazu?  Solche Angaben reichen nicht, bitte poste die vollständigen Angaben/Logs der Virenscanner siehe http://www.trojaner-board.de/125889-...tml#post941520 Bitte alles nach Möglichkeit hier in CODE-Tags posten.
__________________ |
|
23.12.2012, 08:26
| #3 |
| | Malwarebytes findet Exploit.Drop.GSA und Mitteilung über 100 €-Zahlung Verschlüsselungstrojaner Ich dachte, ich hätte gestern geantwortet, aber meine Antwort findet sich nicht mehr. Also nochmal:
__________________Für AVAST habe ich kein Logfile, weil dort nur eingetragen wird in eine Liste, welche Befälle sich gefunden haben. Den Text habe ich einfach abgeschrieben. Hier das Logfile von Malwarebytes: Code:
ATTFilter Malwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Datenbank Version: v2012.12.22.05 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 MaRa :: MALACHIAS [Administrator] 22.12.2012 19:06:44 mbam-log-2012-12-22 (19-16-05).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 247876 Laufzeit: 7 Minute(n), 28 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\ProgramData\dsgsdgdsgdsgw.pad (Exploit.Drop.GSA) -> Keine Aktion durchgeführt. (Ende) Code:
ATTFilter OTL logfile created on: 12/22/2012 7:31:42 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\MaRa\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3.93 Gb Total Physical Memory | 2.49 Gb Available Physical Memory | 63.42% Memory free 7.85 Gb Paging File | 6.21 Gb Available in Paging File | 79.14% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 451.11 Gb Total Space | 394.95 Gb Free Space | 87.55% Space Free | Partition Type: NTFS Computer Name: MALACHIAS | User Name: MaRa | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/12/22 19:29:59 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\MaRa\Desktop\OTL.exe PRC - [2012/10/30 23:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe PRC - [2012/10/30 23:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe PRC - [2012/07/27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011/01/05 11:31:34 | 000,399,416 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\sua.exe PRC - [2011/01/05 11:31:32 | 000,988,216 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\PSIA.exe PRC - [2011/01/05 11:31:32 | 000,291,896 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\psi_tray.exe PRC - [2010/05/20 23:01:30 | 011,312,128 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin PRC - [2010/05/20 23:01:26 | 011,318,784 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe ========== Modules (No Company Name) ========== MOD - [2010/05/04 14:36:28 | 000,970,752 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll ========== Services (SafeList) ========== SRV:64bit: - File not found [Disabled | Unknown] -- C:\Program Files\Alwil Software\Avast5\afwServ.exe -- (avast! Firewall) SRV:64bit: - [2012/10/30 23:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus) SRV:64bit: - [2012/09/14 06:48:43 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE) SRV:64bit: - [2010/01/22 08:01:12 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV - [2012/12/13 15:42:20 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012/11/29 09:26:17 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012/07/27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011/01/05 11:31:34 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\sua.exe -- (Secunia Update Agent) SRV - [2011/01/05 11:31:32 | 000,988,216 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\PSIA.exe -- (Secunia PSI Agent) SRV - [2010/09/01 14:52:56 | 000,066,112 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012/10/30 23:51:56 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi) DRV:64bit: - [2012/10/30 23:51:55 | 000,984,144 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx) DRV:64bit: - [2012/10/30 23:51:55 | 000,370,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP) DRV:64bit: - [2012/10/30 23:51:55 | 000,071,600 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt) DRV:64bit: - [2012/10/30 23:51:53 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk) DRV:64bit: - [2012/10/15 17:59:28 | 000,054,072 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr) DRV:64bit: - [2012/03/07 01:02:45 | 000,028,504 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswKbd.sys -- (aswKbd) DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011/07/22 17:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS -- (SASDIFSV) DRV:64bit: - [2011/07/12 22:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS -- (SASKUTIL) DRV:64bit: - [2010/11/20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010/11/20 14:32:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010/11/20 14:32:46 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2010/11/20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010/09/01 09:30:58 | 000,017,976 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\psi_mf.sys -- (PSI) DRV:64bit: - [2010/01/22 08:13:24 | 006,233,088 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag) DRV:64bit: - [2010/01/22 07:07:56 | 000,161,280 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2009/10/15 10:23:20 | 000,117,760 | ---- | M] (ELAN Microelectronic Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD) DRV:64bit: - [2009/10/05 02:34:00 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2009/09/30 08:34:32 | 000,121,872 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV:64bit: - [2009/09/04 06:39:08 | 000,062,464 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C) DRV:64bit: - [2009/08/06 22:24:14 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2009/07/20 10:29:40 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr) DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/06/10 21:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH) DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009/05/13 02:07:20 | 000,015,928 | ---- | M] (ASUS) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATK64AMD.sys -- (MTsensor) DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 08 D7 9A 8D DE F8 CA 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: wrc@avast.com:7.0.1466 FF - prefs.js..extensions.enabledItems: https-everywhere@eff.org:0.9.2 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.10.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.10.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll File not found FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2012/11/09 23:31:21 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/12/22 13:47:45 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/12/22 13:47:45 | 000,000,000 | ---D | M] [2010/05/21 13:12:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MaRa\AppData\Roaming\mozilla\Extensions [2012/05/29 08:10:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MaRa\AppData\Roaming\mozilla\Firefox\Profiles\747svujy.default\extensions [2011/12/17 09:02:55 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\MaRa\AppData\Roaming\mozilla\Firefox\Profiles\747svujy.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012/12/05 09:54:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012/11/09 23:31:21 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF [2012/11/29 09:26:57 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012/11/29 10:19:31 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012/11/29 10:19:31 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012/11/29 10:19:31 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012/11/29 10:19:32 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012/11/29 10:19:31 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012/11/29 10:19:31 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll (AVAST Software) O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll (AVAST Software) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4 - HKLM..\Run: [avast] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKCU..\Run: [ccleaner] C:\Program Files (x86)\CCleaner\CCleaner.exe (Piriform Ltd) O4 - HKCU..\Run: [Personal ID] C:\coolspot AG\Personal ID\pid.exe (coolspot AG, Düsseldorf) O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com) O4 - HKLM..\RunOnce: [InnoSetupRegFile.0000000001] C:\Windows\is-SFJ2M.exe () O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - Startup: C:\Users\MaRa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\MaRa\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\MaRa\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Free YouTube Download - C:\Users\MaRa\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\MaRa\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Java Plug-in 1.7.0_04) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Java Plug-in 10.9.2) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CD3BA6CA-6BCB-4CBB-819B-8E0DA3BDDB09}: DhcpNameServer = 192.168.2.1 192.168.2.1 O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012/12/22 19:31:04 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\MaRa\Desktop\OTL.exe [2012/12/22 19:29:59 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\MaRa\Documents\OTL.exe [2012/12/22 19:03:20 | 000,000,000 | ---D | C] -- C:\Program Files\Java [2012/12/22 18:27:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012/12/22 18:27:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012/12/22 18:27:03 | 010,524,080 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\MaRa\Documents\mbam-setup-1.65.0.1400.exe [2012/12/22 18:23:12 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\MaRa\Documents\HiJackThis204.exe ========== Files - Modified Within 30 Days ========== [2012/12/22 19:29:59 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\MaRa\Documents\OTL.exe [2012/12/22 19:29:59 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\MaRa\Desktop\OTL.exe [2012/12/22 19:29:07 | 000,000,000 | ---- | M] () -- C:\Users\MaRa\defogger_reenable [2012/12/22 19:27:53 | 000,050,477 | ---- | M] () -- C:\Users\MaRa\Documents\Defogger.exe [2012/12/22 18:42:08 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012/12/22 18:28:05 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012/12/22 18:27:05 | 010,524,080 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\MaRa\Documents\mbam-setup-1.65.0.1400.exe [2012/12/22 18:23:12 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\MaRa\Documents\HiJackThis204.exe [2012/12/22 17:12:19 | 000,010,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/12/22 17:12:19 | 000,010,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/12/22 15:12:11 | 001,544,704 | ---- | M] () -- C:\Windows\is-SFJ2M.exe [2012/12/22 15:12:11 | 000,025,599 | ---- | M] () -- C:\Windows\is-SFJ2M.msg [2012/12/22 15:12:11 | 000,001,744 | ---- | M] () -- C:\Users\Public\Desktop\CDBurnerXP.lnk [2012/12/22 15:12:11 | 000,000,291 | ---- | M] () -- C:\Windows\is-SFJ2M.lst [2012/12/22 13:46:16 | 000,001,019 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012/12/22 13:29:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/12/22 13:28:59 | 3161,874,432 | -HS- | M] () -- C:\hiberfil.sys [2012/12/22 03:20:54 | 095,023,320 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.pad [2012/12/22 01:43:26 | 000,002,914 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.js [2012/12/21 09:23:32 | 000,289,296 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012/12/08 17:11:41 | 001,472,002 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012/12/08 17:11:41 | 000,643,866 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012/12/08 17:11:41 | 000,607,190 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012/12/08 17:11:41 | 000,126,394 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012/12/08 17:11:41 | 000,103,568 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012/12/05 09:54:09 | 000,001,149 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk ========== Files Created - No Company Name ========== [2012/12/22 19:29:07 | 000,000,000 | ---- | C] () -- C:\Users\MaRa\defogger_reenable [2012/12/22 19:27:53 | 000,050,477 | ---- | C] () -- C:\Users\MaRa\Documents\Defogger.exe [2012/12/22 18:27:36 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012/12/22 15:12:11 | 001,544,704 | ---- | C] () -- C:\Windows\is-SFJ2M.exe [2012/12/22 15:12:11 | 000,025,599 | ---- | C] () -- C:\Windows\is-SFJ2M.msg [2012/12/22 15:12:11 | 000,000,291 | ---- | C] () -- C:\Windows\is-SFJ2M.lst [2012/12/22 01:43:26 | 000,002,914 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.js [2012/12/22 01:43:20 | 095,023,320 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.pad [2011/10/08 10:45:18 | 000,000,062 | ---- | C] () -- C:\Windows\wininit.ini [2011/10/08 10:36:32 | 000,000,303 | ---- | C] () -- C:\Windows\SIERRA.INI [2009/07/29 06:21:06 | 000,024,576 | ---- | C] () -- C:\ProgramData\SetWallpaper.exe [2009/07/29 06:21:06 | 000,000,223 | ---- | C] () -- C:\ProgramData\setwallpaper.cmd ========== ZeroAccess Check ========== [2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2011/01/15 10:05:47 | 000,000,000 | ---D | M] -- C:\Users\MaRa\AppData\Roaming\Canneverbe Limited [2011/12/17 09:02:59 | 000,000,000 | ---D | M] -- C:\Users\MaRa\AppData\Roaming\DVDVideoSoft [2011/12/17 09:02:54 | 000,000,000 | ---D | M] -- C:\Users\MaRa\AppData\Roaming\DVDVideoSoftIEHelpers [2011/12/22 10:22:31 | 000,000,000 | ---D | M] -- C:\Users\MaRa\AppData\Roaming\OpenCandy [2011/06/13 11:39:26 | 000,000,000 | ---D | M] -- C:\Users\MaRa\AppData\Roaming\OpenOffice.org [2011/01/24 11:11:02 | 000,000,000 | ---D | M] -- C:\Users\MaRa\AppData\Roaming\Opera [2012/04/10 10:57:16 | 000,000,000 | ---D | M] -- C:\Users\MaRa\AppData\Roaming\Orbit ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 12/22/2012 7:31:42 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\MaRa\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3.93 Gb Total Physical Memory | 2.49 Gb Available Physical Memory | 63.42% Memory free
7.85 Gb Paging File | 6.21 Gb Available in Paging File | 79.14% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.11 Gb Total Space | 394.95 Gb Free Space | 87.55% Space Free | Partition Type: NTFS
Computer Name: MALACHIAS | User Name: MaRa | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DisableUnicastResponsesToMulticastBroadcast" = 0
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1
"DoNotAllowExceptions" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0033C1FE-3E33-45B1-8D3A-58006A43CAB3}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{04E9A204-65F3-43DD-9BA0-A8ADDDB9D68E}" = lport=139 | protocol=6 | dir=in | app=system |
"{182095C2-CCCA-40C8-9CEE-40A455E43177}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{21B5FDEB-8022-4880-806D-224BD52B1AA2}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{26163EBB-C9CA-4924-9447-6A18504A4365}" = rport=139 | protocol=6 | dir=out | app=system |
"{454C78A8-7439-4877-B0B3-C4DF6461787F}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{62FA2505-6D18-47D1-86E1-B30916C934BD}" = lport=138 | protocol=17 | dir=in | app=system |
"{681336DF-96B3-4D7F-BEC6-0D17EE79577C}" = rport=10243 | protocol=6 | dir=out | app=system |
"{7D16EB24-8D1A-42F9-BB7A-CA38258C5B04}" = lport=445 | protocol=6 | dir=in | app=system |
"{877754AD-BB4B-4A58-82D8-A1F03D2393FB}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{8A97087D-D83D-40C5-899C-59BA4A62DD40}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{90D0F5C0-5858-425A-9A3E-262F2EBE1CD0}" = lport=2869 | protocol=6 | dir=in | app=system |
"{9A6FB10A-94FD-4018-94DD-46F6C64FF5AA}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9BCB39E6-7799-44AA-9970-5CB49538941E}" = lport=10243 | protocol=6 | dir=in | app=system |
"{9BEE6A93-AC58-4DBC-BE7C-B53A62FAC20F}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A0ECCDD3-12E1-4237-A700-3BA30A5D4E80}" = rport=138 | protocol=17 | dir=out | app=system |
"{C2A8DF8F-A45E-4966-B5A4-848E60BD1D72}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E16511CF-A0A5-4D80-94C0-5213BA65C13B}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E329FAA8-E16B-4A41-9CC6-2436897B94F0}" = lport=137 | protocol=17 | dir=in | app=system |
"{F03FB3DF-03D7-4546-A384-3B252A7856B7}" = rport=137 | protocol=17 | dir=out | app=system |
"{F0E71657-2E3E-4D6F-A838-0BB95BF66AA6}" = rport=445 | protocol=6 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{129CC343-0A1C-4E2B-9B82-B7550324F7A9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{12DBD817-EC69-471C-83FF-41C936905428}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{22EB8E8B-A420-42DB-95CD-B4A3FB0F2BE9}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{292C9E49-A3F2-4E64-8B5A-91DDCB62FE14}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{469CE90A-8563-437B-AC95-98442B4318E9}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4D1D54D5-E6A4-4A49-9B58-0C0B6A53B42A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{4F8836DD-22C5-4014-92E5-BCAE7E05ED41}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{741E58AF-CB3D-4F9B-AAC3-3CC437EF7EA8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8AF748FD-71FB-44BF-86FE-0CBC23B4D816}" = protocol=6 | dir=out | app=system |
"{98A3DDF5-D6EB-41D8-B2AC-C95DD9657969}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{A21454CF-8A59-4841-8CC1-0BF9846E1FCA}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{AEFD7496-175E-459E-A2F5-4F870B45874C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{B232E1E1-CF78-4D7A-AE90-37A206496DFF}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{B26285C1-D881-4885-AB98-F55273B9732F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D7E85CAD-A797-46CA-8E05-04DF769F3679}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{DC97B838-ED74-45D7-85C4-93EA5C7C5B03}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{EF61730A-157A-4200-A78F-B1E8B2B314AF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{EF77DDD3-8706-45D2-AFD1-C03C2CA187A2}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{EF7E5B88-D92E-4F6F-B8F3-AA6733D34AEC}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{F2F5798A-177A-440A-B797-5315A575DA13}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{FC4D0FFB-C243-4780-94A8-CF1E3ED1F775}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{51204649-1A67-4E9B-88C0-FC00A3FA40E8}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe |
"TCP Query User{8C7A2A34-123E-4956-850A-4D0A3F47A3F4}C:\program files (x86)\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"UDP Query User{8A95485B-3A86-469E-BBCB-828EA485AD15}C:\program files (x86)\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"UDP Query User{D69C0900-3895-4A88-881B-173C21A3F50F}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{26A24AE4-039D-4CA4-87B4-2F86417010FF}" = Java 7 Update 10 (64-bit)
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{489F2C5A-83B9-79D5-714C-1DEF32A898E5}" = ATI AVIVO64 Codecs
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{AA5A2780-10FC-913C-B8AA-FE42DFDBAA42}" = ccc-utility64
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{D0528577-31BF-2ABC-D7FC-E443EBF8B40A}" = ATI Catalyst Install Manager
"CCleaner" = CCleaner
"Elantech" = ETDWare PS/2-x64 7.0.5.9_WHQL
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{182A1405-9660-F35E-4910-2F4804EF9CD1}" = Catalyst Control Center Core Implementation
"{1E9165D4-D1BB-A8FF-4D81-4769904075BE}" = CCC Help Spanish
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2271DC83-BDCA-B742-0F66-51C548D83878}" = CCC Help Hungarian
"{2458E345-90BF-A135-A9F6-7B79E5A1B034}" = Catalyst Control Center Graphics Full New
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{2801377C-AED0-9DF8-8C13-DE5B8A255E01}" = CCC Help Italian
"{2944D228-BD9D-293C-9207-36F3F83200C7}" = Catalyst Control Center Graphics Full Existing
"{2BE54333-0A35-B568-B9B6-BBAC93363F07}" = CCC Help Polish
"{321CA409-D308-D275-FD2E-07745286F7B1}" = CCC Help Portuguese
"{394B8A28-0984-B687-DC3D-600A83E3D8AB}" = ccc-core-static
"{3C168069-602E-D4DE-AAEA-C83395FD7CBB}" = CCC Help German
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{507BF84D-922E-367A-1B91-2C92A8626627}" = CCC Help Finnish
"{56670C91-F1BA-86BC-0AAE-8605B726EF2F}" = CCC Help Russian
"{57CB36B6-4884-535F-9379-34560046C912}" = CCC Help Dutch
"{698E45C8-5054-554F-51CB-68847E4B0BA5}" = CCC Help Greek
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{719C5E05-B9B2-EBBB-766D-2A1245147DF9}" = Catalyst Control Center Graphics Previews Common
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77498F29-4EFE-159E-DB0E-8E36C3E2B473}" = CCC Help Danish
"{788A7564-40B9-4993-78AF-1852D423781E}" = CCC Help Chinese Traditional
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{91D02903-7EDB-2A1F-C19F-8EBB335BA708}" = CCC Help Chinese Standard
"{929CE49F-1CA7-4CF3-A9A1-6D757443C63F}" = Microsoft Games for Windows - LIVE Redistributable
"{95F1EE6A-2C0E-5CE9-8042-287E11DFA089}" = Catalyst Control Center InstallProxy
"{9933221A-32B7-75A8-A496-713191B260CC}" = CCC Help Norwegian
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C28D1FA-B33F-AA17-9A87-FA556C5B6C2D}" = CCC Help English
"{9C976EB6-3C08-3B82-0162-26513153E347}" = CCC Help French
"{9EC8C2B7-74F5-EEDC-E3F2-3E13564ABF8D}" = Catalyst Control Center Graphics Light
"{A0306AD8-1D8C-A5BB-6311-81A42370EEB9}" = Catalyst Control Center Graphics Previews Vista
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB3C268A-E54B-4F6D-BF97-2DFCEEFA94F5}" = Catalyst Control Center - Branding
"{AB77649D-25F2-EC99-67CD-A1B2F9862199}" = CCC Help Turkish
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{B0474B6D-9508-9D4F-694A-9C78F06BB037}" = CCC Help Swedish
"{B5529701-E380-06B7-14A8-D24EC95B5CD2}" = CCC Help Japanese
"{BA32FA50-7D3C-F111-9E79-619774EDB517}" = Catalyst Control Center Localization All
"{BD9CA010-1B74-B806-F4B7-C2175EE3AC2C}" = CCC Help Korean
"{BEFBEDDF-1417-4C8A-92FB-F003C0D41199}" = OpenOffice.org 3.2
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{F5E5DFE5-37AC-61A7-1A57-6741C243C96F}" = CCC Help Czech
"{F722209B-739E-40E4-ADB1-062BD032A0DB}" = Personal ID
"{F92CDFEB-DB96-4589-B88C-BE181D153445}" = Moorhuhn WE AYCS
"{FF250E8C-2925-C0C8-71EF-C456BE470759}" = CCC Help Thai
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"avast" = avast! Free Antivirus
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"Free Studio_is1" = Free Studio version 5.3.2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"Mozilla Firefox 17.0.1 (x86 de)" = Mozilla Firefox 17.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Opera 12.12.1707" = Opera 12.12
"Rocks'n'Diamonds_is1" = Rocks'n'Diamonds 3.3.0.1
"Secunia PSI" = Secunia PSI (2.0.0.2001)
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"DrKawashima" = Dr Kawashima
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 11/24/2012 11:56:16 AM | Computer Name = Malachias | Source = Microsoft-Windows-CAPI2 | ID = 257
Description = Vom Kryptografiedienst konnte die Katalogdatenbank nicht initialisiert
werden. "ESENT"-Fehler: -1032.
Error - 11/24/2012 11:56:26 AM | Computer Name = Malachias | Source = ESENT | ID = 490
Description = Catalog Database (1136) Catalog Database: Versuch, Datei "C:\Windows\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb"
für den Lese-/Schreibzugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der
Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet
wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien.
Error - 11/24/2012 11:56:26 AM | Computer Name = Malachias | Source = Microsoft-Windows-CAPI2 | ID = 257
Description = Vom Kryptografiedienst konnte die Katalogdatenbank nicht initialisiert
werden. "ESENT"-Fehler: -1032.
Error - 12/12/2012 8:29:03 AM | Computer Name = Malachias | Source = ESENT | ID = 490
Description = Catalog Database (1128) Catalog Database: Versuch, Datei "C:\Windows\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb"
für den Lese-/Schreibzugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der
Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet
wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien.
Error - 12/12/2012 8:29:03 AM | Computer Name = Malachias | Source = Microsoft-Windows-CAPI2 | ID = 257
Description = Vom Kryptografiedienst konnte die Katalogdatenbank nicht initialisiert
werden. "ESENT"-Fehler: -1032.
Error - 12/16/2012 8:02:08 AM | Computer Name = Malachias | Source = ESENT | ID = 490
Description = Catalog Database (1124) Catalog Database: Versuch, Datei "C:\Windows\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb"
für den Lese-/Schreibzugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der
Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet
wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien.
Error - 12/16/2012 8:02:08 AM | Computer Name = Malachias | Source = Microsoft-Windows-CAPI2 | ID = 257
Description = Vom Kryptografiedienst konnte die Katalogdatenbank nicht initialisiert
werden. "ESENT"-Fehler: -1032.
Error - 12/21/2012 2:19:12 PM | Computer Name = Malachias | Source = ESENT | ID = 490
Description = Catalog Database (1132) Catalog Database: Versuch, Datei "C:\Windows\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb"
für den Lese-/Schreibzugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der
Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet
wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien.
Error - 12/21/2012 2:19:12 PM | Computer Name = Malachias | Source = Microsoft-Windows-CAPI2 | ID = 257
Description = Vom Kryptografiedienst konnte die Katalogdatenbank nicht initialisiert
werden. "ESENT"-Fehler: -1032.
Error - 12/21/2012 9:09:31 PM | Computer Name = Malachias | Source = ESENT | ID = 490
Description = wuaueng.dll (328) SUS20ClientDataStore: Versuch, Datei "C:\Windows\SoftwareDistribution\DataStore\DataStore.edb"
für den Lese-/Schreibzugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der
Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet
wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien.
[ Media Center Events ]
Error - 7/4/2010 5:17:19 PM | Computer Name = Malachias | Source = MCUpdate | ID = 0
Description = 23:17:19 - Fehler beim Herstellen der Internetverbindung. 23:17:19
- Serververbindung konnte nicht hergestellt werden..
Error - 7/4/2010 5:17:28 PM | Computer Name = Malachias | Source = MCUpdate | ID = 0
Description = 23:17:24 - Fehler beim Herstellen der Internetverbindung. 23:17:24
- Serververbindung konnte nicht hergestellt werden..
Error - 3/20/2011 7:05:57 PM | Computer Name = Malachias | Source = MCUpdate | ID = 0
Description = 00:05:50 - MCEClientUX konnte nicht abgerufen werden (Fehler: Die
zugrunde liegende Verbindung wurde geschlossen: Für den geschützten SSL/TLS-Kanal
konnte keine Vertrauensstellung hergestellt werden..)
Error - 4/30/2011 4:33:33 PM | Computer Name = Malachias | Source = MCUpdate | ID = 0
Description = 22:33:33 - Fehler beim Herstellen der Internetverbindung. 22:33:33
- Serververbindung konnte nicht hergestellt werden..
Error - 4/30/2011 4:33:43 PM | Computer Name = Malachias | Source = MCUpdate | ID = 0
Description = 22:33:39 - Fehler beim Herstellen der Internetverbindung. 22:33:39
- Serververbindung konnte nicht hergestellt werden..
Error - 5/17/2011 2:37:54 AM | Computer Name = Malachias | Source = MCUpdate | ID = 0
Description = 08:37:54 - Directory konnte nicht abgerufen werden (Fehler: Timeout
für Vorgang überschritten)
Error - 5/17/2011 2:39:20 AM | Computer Name = Malachias | Source = MCUpdate | ID = 0
Description = 08:39:15 - Broadband konnte nicht abgerufen werden (Fehler: Die zugrunde
liegende Verbindung wurde geschlossen: Unbekannter Fehler beim Empfangen..)
Error - 3/21/2012 7:12:14 AM | Computer Name = Malachias | Source = MCUpdate | ID = 0
Description = 12:12:14 - Fehler beim Herstellen der Internetverbindung. 12:12:14
- Serververbindung konnte nicht hergestellt werden..
Error - 3/21/2012 7:12:23 AM | Computer Name = Malachias | Source = MCUpdate | ID = 0
Description = 12:12:19 - Fehler beim Herstellen der Internetverbindung. 12:12:19
- Serververbindung konnte nicht hergestellt werden..
[ System Events ]
Error - 12/14/2012 3:25:05 PM | Computer Name = Malachias | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Windows Update" wurde mit folgendem Fehler beendet: %%-2147467243
Error - 12/19/2012 1:53:36 PM | Computer Name = Malachias | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?19.?12.?2012 um 18:51:58 unerwartet heruntergefahren.
Error - 12/21/2012 6:11:18 AM | Computer Name = Malachias | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Windows Update" wurde mit folgendem Fehler beendet: %%-2147467243
Error - 12/21/2012 2:26:19 PM | Computer Name = Malachias | Source = Service Control Manager | ID = 7022
Description = Der Dienst "Windows Update" wurde nicht richtig gestartet.
Error - 12/21/2012 8:46:08 PM | Computer Name = Malachias | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?22.?12.?2012 um 01:44:40 unerwartet heruntergefahren.
Error - 12/21/2012 8:52:05 PM | Computer Name = Malachias | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?22.?12.?2012 um 01:50:01 unerwartet heruntergefahren.
Error - 12/21/2012 8:59:12 PM | Computer Name = Malachias | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?22.?12.?2012 um 01:57:59 unerwartet heruntergefahren.
Error - 12/21/2012 9:07:17 PM | Computer Name = Malachias | Source = Service Control Manager | ID = 7022
Description = Der Dienst "Windows Update" wurde nicht richtig gestartet.
Error - 12/22/2012 2:32:00 AM | Computer Name = Malachias | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?22.?12.?2012 um 03:20:35 unerwartet heruntergefahren.
Error - 12/22/2012 8:37:10 AM | Computer Name = Malachias | Source = Service Control Manager | ID = 7022
Description = Der Dienst "Windows Update" wurde nicht richtig gestartet.
< End of report >
|
|
23.12.2012, 18:31
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Malwarebytes findet Exploit.Drop.GSA und Mitteilung über 100 €-Zahlung Verschlüsselungstrojaner Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Note: Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards. 1. aswMBR Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop. Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehlalarm!
Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button. 2. TDSS-Killer Download TDSS-Killer auf Desktop siehe => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
23.12.2012, 21:47
| #5 |
| | Malwarebytes findet Exploit.Drop.GSA und Mitteilung über 100 €-Zahlung Verschlüsselungstrojaner Hallo Cosinus, habe alles gemacht wie von Dir beauftragt. Hier das Logfile von aswMBR: Code:
ATTFilter aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-12-23 20:51:15
-----------------------------
20:51:15.658 OS Version: Windows x64 6.1.7601 Service Pack 1
20:51:15.658 Number of processors: 8 586 0x1E05
20:51:15.658 ComputerName: MALACHIAS UserName: MaRa
20:51:17.174 Initialize success
20:51:20.639 AVAST engine defs: 12122300
20:53:04.177 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
20:53:04.177 Disk 0 Vendor: ST950032 0002 Size: 476940MB BusType: 3
20:53:04.239 Disk 0 MBR read successfully
20:53:04.255 Disk 0 MBR scan
20:53:04.255 Disk 0 Windows VISTA default MBR code
20:53:04.270 Disk 0 Partition 1 00 1C Hidd FAT32 LBA MSDOS5.0 14997 MB offset 2048
20:53:04.286 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 461940 MB offset 30717952
20:53:04.301 Disk 0 scanning C:\Windows\system32\drivers
20:53:13.336 Service scanning
20:53:30.574 Modules scanning
20:53:30.590 Disk 0 trace - called modules:
20:53:30.652 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll
20:53:30.668 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004dbe790]
20:53:31.198 3 CLASSPNP.SYS[fffff880013ac43f] -> nt!IofCallDriver -> [0xfffffa8004b37e40]
20:53:31.198 5 ACPI.sys[fffff88000f867a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004b94050]
20:53:32.368 AVAST engine scan C:\Windows
20:53:34.693 AVAST engine scan C:\Windows\system32
20:55:44.409 AVAST engine scan C:\Windows\system32\drivers
20:55:56.531 AVAST engine scan C:\Users\MaRa
20:56:24.036 AVAST engine scan C:\ProgramData
20:58:04.157 Scan finished successfully
21:01:10.375 Disk 0 MBR has been saved successfully to "C:\Users\MaRa\Desktop\MBR.dat"
21:01:10.546 The log file has been saved successfully to "C:\Users\MaRa\Desktop\aswMBR.txt"
Code:
ATTFilter 21:33:05.0757 1288 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
21:33:05.0944 1288 ============================================================
21:33:05.0944 1288 Current date / time: 2012/12/23 21:33:05.0944
21:33:05.0944 1288 SystemInfo:
21:33:05.0944 1288
21:33:05.0944 1288 OS Version: 6.1.7601 ServicePack: 1.0
21:33:05.0944 1288 Product type: Workstation
21:33:05.0944 1288 ComputerName: MALACHIAS
21:33:05.0944 1288 UserName: MaRa
21:33:05.0944 1288 Windows directory: C:\Windows
21:33:05.0944 1288 System windows directory: C:\Windows
21:33:05.0944 1288 Running under WOW64
21:33:05.0944 1288 Processor architecture: Intel x64
21:33:05.0944 1288 Number of processors: 8
21:33:05.0944 1288 Page size: 0x1000
21:33:05.0944 1288 Boot type: Normal boot
21:33:05.0944 1288 ============================================================
21:33:06.0615 1288 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:33:06.0630 1288 ============================================================
21:33:06.0630 1288 \Device\Harddisk0\DR0:
21:33:06.0630 1288 MBR partitions:
21:33:06.0630 1288 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1D4B800, BlocksNum 0x3863A000
21:33:06.0630 1288 ============================================================
21:33:06.0677 1288 C: <-> \Device\Harddisk0\DR0\Partition1
21:33:06.0677 1288 ============================================================
21:33:06.0677 1288 Initialize success
21:33:06.0677 1288 ============================================================
21:33:50.0375 2228 ============================================================
21:33:50.0375 2228 Scan started
21:33:50.0375 2228 Mode: Manual; SigCheck; TDLFS;
21:33:50.0375 2228 ============================================================
21:33:50.0827 2228 ================ Scan system memory ========================
21:33:50.0827 2228 System memory - ok
21:33:50.0827 2228 ================ Scan services =============================
21:33:50.0921 2228 [ 581D88B25C4D4121824FED2CA38E562F ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
21:33:50.0968 2228 !SASCORE - ok
21:33:51.0124 2228 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
21:33:51.0170 2228 1394ohci - ok
21:33:51.0233 2228 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
21:33:51.0264 2228 ACPI - ok
21:33:51.0295 2228 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
21:33:51.0311 2228 AcpiPmi - ok
21:33:51.0420 2228 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
21:33:51.0451 2228 AdobeARMservice - ok
21:33:51.0576 2228 [ 95CE557D16A75606CCC2D7F3B0B0BCCB ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
21:33:51.0607 2228 AdobeFlashPlayerUpdateSvc - ok
21:33:51.0654 2228 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
21:33:51.0701 2228 adp94xx - ok
21:33:51.0748 2228 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
21:33:51.0779 2228 adpahci - ok
21:33:51.0826 2228 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
21:33:51.0857 2228 adpu320 - ok
21:33:51.0888 2228 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
21:33:51.0935 2228 AeLookupSvc - ok
21:33:51.0982 2228 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
21:33:52.0013 2228 AFD - ok
21:33:52.0044 2228 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
21:33:52.0060 2228 agp440 - ok
21:33:52.0075 2228 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
21:33:52.0091 2228 ALG - ok
21:33:52.0122 2228 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
21:33:52.0138 2228 aliide - ok
21:33:52.0169 2228 [ 3D90CF67DB75823A8480E56BBCD2E028 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
21:33:52.0184 2228 AMD External Events Utility - ok
21:33:52.0200 2228 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
21:33:52.0200 2228 amdide - ok
21:33:52.0247 2228 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
21:33:52.0262 2228 AmdK8 - ok
21:33:52.0418 2228 [ 52679612D742BF74CA1BA6AB86DDF431 ] amdkmdag C:\Windows\system32\DRIVERS\atipmdag.sys
21:33:52.0590 2228 amdkmdag - ok
21:33:52.0621 2228 [ 414E0788920A8C856032BE2CBF29F984 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
21:33:52.0637 2228 amdkmdap - ok
21:33:52.0668 2228 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
21:33:52.0668 2228 AmdPPM - ok
21:33:52.0684 2228 [ 6EC6D772EAE38DC17C14AED9B178D24B ] amdsata C:\Windows\system32\drivers\amdsata.sys
21:33:52.0699 2228 amdsata - ok
21:33:52.0730 2228 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
21:33:52.0746 2228 amdsbs - ok
21:33:52.0762 2228 [ 1142A21DB581A84EA5597B03A26EBAA0 ] amdxata C:\Windows\system32\drivers\amdxata.sys
21:33:52.0777 2228 amdxata - ok
21:33:52.0808 2228 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
21:33:52.0840 2228 AppID - ok
21:33:52.0855 2228 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
21:33:52.0886 2228 AppIDSvc - ok
21:33:52.0902 2228 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
21:33:52.0933 2228 Appinfo - ok
21:33:52.0949 2228 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
21:33:52.0964 2228 arc - ok
21:33:52.0980 2228 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
21:33:52.0996 2228 arcsas - ok
21:33:52.0996 2228 ASUSProcObsrv - ok
21:33:53.0042 2228 [ 4FCAEF0C5BE7629AEB878998E0FE959B ] aswFsBlk C:\Windows\system32\drivers\aswFsBlk.sys
21:33:53.0074 2228 aswFsBlk - ok
21:33:53.0152 2228 [ 316271CC32FDFFFCDB30677684906D5E ] aswKbd C:\Windows\system32\drivers\aswKbd.sys
21:33:53.0167 2228 aswKbd - ok
21:33:53.0214 2228 [ B50CDD87772D6A11CB90924AAD399DF8 ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys
21:33:53.0230 2228 aswMonFlt - ok
21:33:53.0276 2228 [ 57768C7DB4681F2510F247F82EF31D4F ] aswRdr C:\Windows\System32\Drivers\aswrdr2.sys
21:33:53.0308 2228 aswRdr - ok
21:33:53.0354 2228 [ E71D826A1F3CE9C9DE3E77F2D02AFFBF ] aswSnx C:\Windows\system32\drivers\aswSnx.sys
21:33:53.0386 2228 aswSnx - ok
21:33:53.0417 2228 [ 538A32E2C99BF073D4CA76C30BEDAA60 ] aswSP C:\Windows\system32\drivers\aswSP.sys
21:33:53.0432 2228 aswSP - ok
21:33:53.0448 2228 [ 6EDC79D73745FD44C41B55B2D13D0B70 ] aswTdi C:\Windows\system32\drivers\aswTdi.sys
21:33:53.0448 2228 aswTdi - ok
21:33:53.0479 2228 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
21:33:53.0510 2228 AsyncMac - ok
21:33:53.0542 2228 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
21:33:53.0542 2228 atapi - ok
21:33:53.0620 2228 [ 0ACC06FCF46F64ED4F11E57EE461C1F4 ] athr C:\Windows\system32\DRIVERS\athrx.sys
21:33:53.0698 2228 athr - ok
21:33:53.0760 2228 [ FB7602C5C508BE281368AAE0B61B51C6 ] AtiHdmiService C:\Windows\system32\drivers\AtiHdmi.sys
21:33:53.0776 2228 AtiHdmiService - ok
21:33:53.0822 2228 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
21:33:53.0885 2228 AudioEndpointBuilder - ok
21:33:53.0947 2228 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
21:33:53.0978 2228 AudioSrv - ok
21:33:54.0072 2228 [ 8FA553E9AE69808D99C164733A0F9590 ] avast! Antivirus C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
21:33:54.0103 2228 avast! Antivirus - ok
21:33:54.0119 2228 avast! Firewall - ok
21:33:54.0181 2228 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
21:33:54.0197 2228 AxInstSV - ok
21:33:54.0259 2228 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
21:33:54.0290 2228 b06bdrv - ok
21:33:54.0322 2228 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
21:33:54.0337 2228 b57nd60a - ok
21:33:54.0353 2228 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
21:33:54.0384 2228 BDESVC - ok
21:33:54.0400 2228 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
21:33:54.0462 2228 Beep - ok
21:33:54.0527 2228 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
21:33:54.0574 2228 BFE - ok
21:33:54.0636 2228 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
21:33:54.0745 2228 BITS - ok
21:33:54.0792 2228 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
21:33:54.0823 2228 blbdrive - ok
21:33:54.0870 2228 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
21:33:54.0917 2228 bowser - ok
21:33:54.0932 2228 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
21:33:54.0964 2228 BrFiltLo - ok
21:33:55.0026 2228 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
21:33:55.0057 2228 BrFiltUp - ok
21:33:55.0088 2228 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
21:33:55.0120 2228 Browser - ok
21:33:55.0135 2228 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
21:33:55.0151 2228 Brserid - ok
21:33:55.0166 2228 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
21:33:55.0182 2228 BrSerWdm - ok
21:33:55.0198 2228 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
21:33:55.0213 2228 BrUsbMdm - ok
21:33:55.0213 2228 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
21:33:55.0229 2228 BrUsbSer - ok
21:33:55.0260 2228 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
21:33:55.0276 2228 BTHMODEM - ok
21:33:55.0307 2228 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
21:33:55.0354 2228 bthserv - ok
21:33:55.0369 2228 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
21:33:55.0401 2228 cdfs - ok
21:33:55.0432 2228 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
21:33:55.0447 2228 cdrom - ok
21:33:55.0494 2228 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
21:33:55.0541 2228 CertPropSvc - ok
21:33:55.0572 2228 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
21:33:55.0603 2228 circlass - ok
21:33:55.0635 2228 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
21:33:55.0666 2228 CLFS - ok
21:33:55.0728 2228 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:33:55.0759 2228 clr_optimization_v2.0.50727_32 - ok
21:33:55.0822 2228 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
21:33:55.0837 2228 clr_optimization_v2.0.50727_64 - ok
21:33:55.0869 2228 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
21:33:55.0884 2228 CmBatt - ok
21:33:55.0900 2228 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
21:33:55.0915 2228 cmdide - ok
21:33:55.0947 2228 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
21:33:56.0009 2228 CNG - ok
21:33:56.0040 2228 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
21:33:56.0071 2228 Compbatt - ok
21:33:56.0118 2228 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
21:33:56.0149 2228 CompositeBus - ok
21:33:56.0165 2228 COMSysApp - ok
21:33:56.0181 2228 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
21:33:56.0212 2228 crcdisk - ok
21:33:56.0243 2228 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
21:33:56.0274 2228 CryptSvc - ok
21:33:56.0305 2228 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
21:33:56.0352 2228 DcomLaunch - ok
21:33:56.0383 2228 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
21:33:56.0415 2228 defragsvc - ok
21:33:56.0446 2228 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
21:33:56.0477 2228 DfsC - ok
21:33:56.0524 2228 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
21:33:56.0555 2228 Dhcp - ok
21:33:56.0571 2228 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
21:33:56.0602 2228 discache - ok
21:33:56.0633 2228 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
21:33:56.0649 2228 Disk - ok
21:33:56.0664 2228 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
21:33:56.0680 2228 Dnscache - ok
21:33:56.0727 2228 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
21:33:56.0773 2228 dot3svc - ok
21:33:56.0805 2228 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
21:33:56.0836 2228 DPS - ok
21:33:56.0867 2228 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
21:33:56.0898 2228 drmkaud - ok
21:33:56.0961 2228 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
21:33:57.0023 2228 DXGKrnl - ok
21:33:57.0054 2228 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
21:33:57.0085 2228 EapHost - ok
21:33:57.0195 2228 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
21:33:57.0304 2228 ebdrv - ok
21:33:57.0335 2228 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
21:33:57.0351 2228 EFS - ok
21:33:57.0413 2228 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
21:33:57.0475 2228 ehRecvr - ok
21:33:57.0507 2228 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
21:33:57.0522 2228 ehSched - ok
21:33:57.0569 2228 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
21:33:57.0616 2228 elxstor - ok
21:33:57.0631 2228 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
21:33:57.0647 2228 ErrDev - ok
21:33:57.0709 2228 esgiguard - ok
21:33:57.0756 2228 [ 3C38648375B7F3988691F53A7AAE10A9 ] ETD C:\Windows\system32\DRIVERS\ETD.sys
21:33:57.0787 2228 ETD - ok
21:33:57.0850 2228 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
21:33:57.0928 2228 EventSystem - ok
21:33:57.0943 2228 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
21:33:57.0975 2228 exfat - ok
21:33:58.0006 2228 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
21:33:58.0037 2228 fastfat - ok
21:33:58.0068 2228 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
21:33:58.0099 2228 Fax - ok
21:33:58.0115 2228 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
21:33:58.0131 2228 fdc - ok
21:33:58.0162 2228 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
21:33:58.0193 2228 fdPHost - ok
21:33:58.0193 2228 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
21:33:58.0224 2228 FDResPub - ok
21:33:58.0271 2228 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
21:33:58.0271 2228 FileInfo - ok
21:33:58.0287 2228 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
21:33:58.0318 2228 Filetrace - ok
21:33:58.0349 2228 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
21:33:58.0349 2228 flpydisk - ok
21:33:58.0396 2228 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
21:33:58.0427 2228 FltMgr - ok
21:33:58.0474 2228 [ B4447F606BB19FD8AD0BAFB59B90F5D9 ] FontCache C:\Windows\system32\FntCache.dll
21:33:58.0536 2228 FontCache - ok
21:33:58.0599 2228 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
21:33:58.0614 2228 FontCache3.0.0.0 - ok
21:33:58.0645 2228 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
21:33:58.0677 2228 FsDepends - ok
21:33:58.0692 2228 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
21:33:58.0708 2228 Fs_Rec - ok
21:33:58.0739 2228 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
21:33:58.0755 2228 fvevol - ok
21:33:58.0770 2228 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
21:33:58.0786 2228 gagp30kx - ok
21:33:58.0817 2228 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
21:33:58.0864 2228 gpsvc - ok
21:33:58.0942 2228 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:33:58.0973 2228 gupdate - ok
21:33:58.0973 2228 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:33:59.0004 2228 gupdatem - ok
21:33:59.0035 2228 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
21:33:59.0035 2228 hcw85cir - ok
21:33:59.0082 2228 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
21:33:59.0129 2228 HdAudAddService - ok
21:33:59.0160 2228 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
21:33:59.0176 2228 HDAudBus - ok
21:33:59.0191 2228 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
21:33:59.0207 2228 HidBatt - ok
21:33:59.0223 2228 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
21:33:59.0238 2228 HidBth - ok
21:33:59.0254 2228 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
21:33:59.0269 2228 HidIr - ok
21:33:59.0285 2228 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
21:33:59.0316 2228 hidserv - ok
21:33:59.0363 2228 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
21:33:59.0394 2228 HidUsb - ok
21:33:59.0410 2228 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
21:33:59.0457 2228 hkmsvc - ok
21:33:59.0488 2228 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
21:33:59.0503 2228 HomeGroupListener - ok
21:33:59.0519 2228 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
21:33:59.0535 2228 HomeGroupProvider - ok
21:33:59.0550 2228 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
21:33:59.0566 2228 HpSAMD - ok
21:33:59.0613 2228 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
21:33:59.0675 2228 HTTP - ok
21:33:59.0706 2228 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
21:33:59.0706 2228 hwpolicy - ok
21:33:59.0753 2228 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
21:33:59.0800 2228 i8042prt - ok
21:33:59.0847 2228 [ BBB3B6DF1ABB0FE35802EDE85CC1C011 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
21:33:59.0862 2228 iaStor - ok
21:33:59.0925 2228 [ 3DF4395A7CF8B7A72A5F4606366B8C2D ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
21:33:59.0956 2228 iaStorV - ok
21:34:00.0003 2228 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
21:34:00.0065 2228 idsvc - ok
21:34:00.0081 2228 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
21:34:00.0096 2228 iirsp - ok
21:34:00.0205 2228 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
21:34:00.0299 2228 IKEEXT - ok
21:34:00.0330 2228 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
21:34:00.0346 2228 intelide - ok
21:34:00.0361 2228 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
21:34:00.0377 2228 intelppm - ok
21:34:00.0408 2228 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
21:34:00.0439 2228 IPBusEnum - ok
21:34:00.0455 2228 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:34:00.0486 2228 IpFilterDriver - ok
21:34:00.0533 2228 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
21:34:00.0595 2228 iphlpsvc - ok
21:34:00.0611 2228 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
21:34:00.0642 2228 IPMIDRV - ok
21:34:00.0673 2228 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
21:34:00.0736 2228 IPNAT - ok
21:34:00.0767 2228 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
21:34:00.0814 2228 IRENUM - ok
21:34:00.0845 2228 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
21:34:00.0861 2228 isapnp - ok
21:34:00.0907 2228 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
21:34:00.0954 2228 iScsiPrt - ok
21:34:00.0970 2228 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
21:34:00.0985 2228 kbdclass - ok
21:34:01.0017 2228 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
21:34:01.0032 2228 kbdhid - ok
21:34:01.0048 2228 [ E63EF8C3271D014F14E2469CE75FECB4 ] kbfiltr C:\Windows\system32\DRIVERS\kbfiltr.sys
21:34:01.0048 2228 kbfiltr - ok
21:34:01.0063 2228 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
21:34:01.0079 2228 KeyIso - ok
21:34:01.0110 2228 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
21:34:01.0110 2228 KSecDD - ok
21:34:01.0141 2228 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
21:34:01.0157 2228 KSecPkg - ok
21:34:01.0188 2228 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
21:34:01.0219 2228 ksthunk - ok
21:34:01.0251 2228 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
21:34:01.0282 2228 KtmRm - ok
21:34:01.0329 2228 [ B4A3A05B0F9C81D098B96AB6AA915042 ] L1C C:\Windows\system32\DRIVERS\L1C62x64.sys
21:34:01.0360 2228 L1C - ok
21:34:01.0407 2228 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
21:34:01.0438 2228 LanmanServer - ok
21:34:01.0469 2228 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
21:34:01.0500 2228 LanmanWorkstation - ok
21:34:01.0516 2228 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
21:34:01.0547 2228 lltdio - ok
21:34:01.0594 2228 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
21:34:01.0656 2228 lltdsvc - ok
21:34:01.0687 2228 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
21:34:01.0719 2228 lmhosts - ok
21:34:01.0734 2228 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
21:34:01.0750 2228 LSI_FC - ok
21:34:01.0781 2228 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
21:34:01.0781 2228 LSI_SAS - ok
21:34:01.0797 2228 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
21:34:01.0812 2228 LSI_SAS2 - ok
21:34:01.0828 2228 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
21:34:01.0843 2228 LSI_SCSI - ok
21:34:01.0859 2228 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
21:34:01.0875 2228 luafv - ok
21:34:01.0906 2228 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
21:34:01.0921 2228 Mcx2Svc - ok
21:34:01.0937 2228 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
21:34:01.0953 2228 megasas - ok
21:34:01.0968 2228 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
21:34:01.0984 2228 MegaSR - ok
21:34:01.0999 2228 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
21:34:02.0046 2228 MMCSS - ok
21:34:02.0046 2228 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
21:34:02.0077 2228 Modem - ok
21:34:02.0109 2228 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
21:34:02.0140 2228 monitor - ok
21:34:02.0171 2228 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\drivers\mouclass.sys
21:34:02.0187 2228 mouclass - ok
21:34:02.0187 2228 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
21:34:02.0202 2228 mouhid - ok
21:34:02.0233 2228 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
21:34:02.0249 2228 mountmgr - ok
21:34:02.0343 2228 [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
21:34:02.0358 2228 MozillaMaintenance - ok
21:34:02.0389 2228 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
21:34:02.0405 2228 mpio - ok
21:34:02.0436 2228 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
21:34:02.0467 2228 mpsdrv - ok
21:34:02.0514 2228 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
21:34:02.0592 2228 MpsSvc - ok
21:34:02.0623 2228 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
21:34:02.0639 2228 MRxDAV - ok
21:34:02.0655 2228 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
21:34:02.0670 2228 mrxsmb - ok
21:34:02.0717 2228 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:34:02.0748 2228 mrxsmb10 - ok
21:34:02.0764 2228 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:34:02.0779 2228 mrxsmb20 - ok
21:34:02.0811 2228 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
21:34:02.0826 2228 msahci - ok
21:34:02.0842 2228 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
21:34:02.0857 2228 msdsm - ok
21:34:02.0873 2228 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
21:34:02.0889 2228 MSDTC - ok
21:34:02.0904 2228 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
21:34:02.0982 2228 Msfs - ok
21:34:03.0013 2228 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
21:34:03.0045 2228 mshidkmdf - ok
21:34:03.0060 2228 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
21:34:03.0091 2228 msisadrv - ok
21:34:03.0123 2228 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
21:34:03.0154 2228 MSiSCSI - ok
21:34:03.0154 2228 msiserver - ok
21:34:03.0201 2228 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
21:34:03.0247 2228 MSKSSRV - ok
21:34:03.0263 2228 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
21:34:03.0294 2228 MSPCLOCK - ok
21:34:03.0310 2228 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
21:34:03.0341 2228 MSPQM - ok
21:34:03.0357 2228 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
21:34:03.0403 2228 MsRPC - ok
21:34:03.0403 2228 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
21:34:03.0419 2228 mssmbios - ok
21:34:03.0435 2228 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
21:34:03.0466 2228 MSTEE - ok
21:34:03.0481 2228 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
21:34:03.0481 2228 MTConfig - ok
21:34:03.0497 2228 [ 032D35C996F21D19A205A7C8F0B76F3C ] MTsensor C:\Windows\system32\DRIVERS\ATK64AMD.sys
21:34:03.0513 2228 MTsensor - ok
21:34:03.0544 2228 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
21:34:03.0544 2228 Mup - ok
21:34:03.0575 2228 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
21:34:03.0622 2228 napagent - ok
21:34:03.0669 2228 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
21:34:03.0684 2228 NativeWifiP - ok
21:34:03.0747 2228 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\Windows\system32\drivers\ndis.sys
21:34:03.0825 2228 NDIS - ok
21:34:03.0856 2228 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
21:34:03.0903 2228 NdisCap - ok
21:34:03.0918 2228 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
21:34:03.0949 2228 NdisTapi - ok
21:34:03.0981 2228 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
21:34:04.0012 2228 Ndisuio - ok
21:34:04.0059 2228 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
21:34:04.0090 2228 NdisWan - ok
21:34:04.0121 2228 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
21:34:04.0137 2228 NDProxy - ok
21:34:04.0168 2228 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
21:34:04.0199 2228 NetBIOS - ok
21:34:04.0230 2228 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
21:34:04.0261 2228 NetBT - ok
21:34:04.0277 2228 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
21:34:04.0277 2228 Netlogon - ok
21:34:04.0324 2228 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
21:34:04.0386 2228 Netman - ok
21:34:04.0433 2228 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
21:34:04.0480 2228 netprofm - ok
21:34:04.0495 2228 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:34:04.0511 2228 NetTcpPortSharing - ok
21:34:04.0542 2228 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
21:34:04.0558 2228 nfrd960 - ok
21:34:04.0605 2228 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
21:34:04.0651 2228 NlaSvc - ok
21:34:04.0698 2228 [ F44ADDBF29905CB19F52FC9FE6A0EFA1 ] nosGetPlusHelper C:\Program Files (x86)\NOS\bin\getPlus_Helper_3004.dll
21:34:04.0714 2228 nosGetPlusHelper - ok
21:34:04.0729 2228 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
21:34:04.0761 2228 Npfs - ok
21:34:04.0776 2228 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
21:34:04.0807 2228 nsi - ok
21:34:04.0854 2228 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
21:34:04.0917 2228 nsiproxy - ok
21:34:05.0073 2228 [ 05D78AA5CB5F3F5C31160BDB955D0B7C ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
21:34:05.0119 2228 Ntfs - ok
21:34:05.0151 2228 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
21:34:05.0182 2228 Null - ok
21:34:05.0213 2228 [ 5D9FD91F3D38DC9DA01E3CB5FA89CD48 ] nvraid C:\Windows\system32\drivers\nvraid.sys
21:34:05.0229 2228 nvraid - ok
21:34:05.0244 2228 [ F7CD50FE7139F07E77DA8AC8033D1832 ] nvstor C:\Windows\system32\drivers\nvstor.sys
21:34:05.0260 2228 nvstor - ok
21:34:05.0291 2228 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
21:34:05.0291 2228 nv_agp - ok
21:34:05.0307 2228 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
21:34:05.0322 2228 ohci1394 - ok
21:34:05.0338 2228 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
21:34:05.0369 2228 p2pimsvc - ok
21:34:05.0400 2228 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
21:34:05.0416 2228 p2psvc - ok
21:34:05.0447 2228 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
21:34:05.0478 2228 Parport - ok
21:34:05.0509 2228 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
21:34:05.0525 2228 partmgr - ok
21:34:05.0556 2228 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
21:34:05.0603 2228 PcaSvc - ok
21:34:05.0634 2228 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
21:34:05.0650 2228 pci - ok
21:34:05.0681 2228 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
21:34:05.0681 2228 pciide - ok
21:34:05.0712 2228 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
21:34:05.0743 2228 pcmcia - ok
21:34:05.0759 2228 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
21:34:05.0775 2228 pcw - ok
21:34:05.0790 2228 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
21:34:05.0821 2228 PEAUTH - ok
21:34:05.0899 2228 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
21:34:05.0931 2228 PerfHost - ok
21:34:06.0087 2228 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
21:34:06.0133 2228 pla - ok
21:34:06.0180 2228 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
21:34:06.0196 2228 PlugPlay - ok
21:34:06.0211 2228 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
21:34:06.0243 2228 PNRPAutoReg - ok
21:34:06.0258 2228 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
21:34:06.0274 2228 PNRPsvc - ok
21:34:06.0336 2228 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
21:34:06.0430 2228 PolicyAgent - ok
21:34:06.0461 2228 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
21:34:06.0492 2228 Power - ok
21:34:06.0523 2228 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
21:34:06.0555 2228 PptpMiniport - ok
21:34:06.0586 2228 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
21:34:06.0601 2228 Processor - ok
21:34:06.0633 2228 [ 5C78838B4D166D1A27DB3A8A820C799A ] ProfSvc C:\Windows\system32\profsvc.dll
21:34:06.0648 2228 ProfSvc - ok
21:34:06.0711 2228 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
21:34:06.0742 2228 ProtectedStorage - ok
21:34:06.0773 2228 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
21:34:06.0851 2228 Psched - ok
21:34:06.0882 2228 [ FB46E9A827A8799EBD7BFA9128C91F37 ] PSI C:\Windows\system32\DRIVERS\psi_mf.sys
21:34:06.0898 2228 PSI - ok
21:34:06.0976 2228 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
21:34:07.0085 2228 ql2300 - ok
21:34:07.0116 2228 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
21:34:07.0132 2228 ql40xx - ok
21:34:07.0163 2228 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
21:34:07.0179 2228 QWAVE - ok
21:34:07.0194 2228 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
21:34:07.0210 2228 QWAVEdrv - ok
21:34:07.0225 2228 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
21:34:07.0257 2228 RasAcd - ok
21:34:07.0288 2228 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
21:34:07.0319 2228 RasAgileVpn - ok
21:34:07.0335 2228 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
21:34:07.0366 2228 RasAuto - ok
21:34:07.0397 2228 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
21:34:07.0428 2228 Rasl2tp - ok
21:34:07.0459 2228 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
21:34:07.0491 2228 RasMan - ok
21:34:07.0506 2228 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
21:34:07.0537 2228 RasPppoe - ok
21:34:07.0553 2228 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
21:34:07.0584 2228 RasSstp - ok
21:34:07.0631 2228 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
21:34:07.0662 2228 rdbss - ok
21:34:07.0678 2228 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
21:34:07.0693 2228 rdpbus - ok
21:34:07.0709 2228 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
21:34:07.0740 2228 RDPCDD - ok
21:34:07.0756 2228 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
21:34:07.0787 2228 RDPENCDD - ok
21:34:07.0787 2228 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
21:34:07.0818 2228 RDPREFMP - ok
21:34:07.0849 2228 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
21:34:07.0881 2228 RDPWD - ok
21:34:07.0912 2228 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
21:34:07.0927 2228 rdyboost - ok
21:34:07.0959 2228 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
21:34:07.0990 2228 RemoteAccess - ok
21:34:08.0021 2228 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
21:34:08.0052 2228 RemoteRegistry - ok
21:34:08.0068 2228 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
21:34:08.0099 2228 RpcEptMapper - ok
21:34:08.0115 2228 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
21:34:08.0130 2228 RpcLocator - ok
21:34:08.0146 2228 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
21:34:08.0177 2228 RpcSs - ok
21:34:08.0208 2228 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
21:34:08.0239 2228 rspndr - ok
21:34:08.0255 2228 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
21:34:08.0271 2228 SamSs - ok
21:34:08.0333 2228 [ 3289766038DB2CB14D07DC84392138D5 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
21:34:08.0364 2228 SASDIFSV - ok
21:34:08.0395 2228 [ 58A38E75F3316A83C23DF6173D41F2B5 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
21:34:08.0411 2228 SASKUTIL - ok
21:34:08.0442 2228 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
21:34:08.0473 2228 sbp2port - ok
21:34:08.0489 2228 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
21:34:08.0520 2228 SCardSvr - ok
21:34:08.0551 2228 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
21:34:08.0567 2228 scfilter - ok
21:34:08.0629 2228 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
21:34:08.0692 2228 Schedule - ok
21:34:08.0723 2228 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
21:34:08.0739 2228 SCPolicySvc - ok
21:34:08.0785 2228 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
21:34:08.0817 2228 SDRSVC - ok
21:34:08.0848 2228 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
21:34:08.0879 2228 secdrv - ok
21:34:08.0910 2228 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
21:34:08.0941 2228 seclogon - ok
21:34:09.0082 2228 [ 456B0B5844575714DB0370742CBB7A88 ] Secunia PSI Agent C:\Program Files (x86)\Secunia\PSI\PSIA.exe
21:34:09.0129 2228 Secunia PSI Agent - ok
21:34:09.0160 2228 [ E5C9695967B022317BB1D96BC15CFDA0 ] Secunia Update Agent C:\Program Files (x86)\Secunia\PSI\sua.exe
21:34:09.0191 2228 Secunia Update Agent - ok
21:34:09.0222 2228 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
21:34:09.0316 2228 SENS - ok
21:34:09.0316 2228 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
21:34:09.0363 2228 SensrSvc - ok
21:34:09.0394 2228 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
21:34:09.0409 2228 Serenum - ok
21:34:09.0441 2228 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
21:34:09.0472 2228 Serial - ok
21:34:09.0519 2228 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
21:34:09.0550 2228 sermouse - ok
21:34:09.0581 2228 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
21:34:09.0612 2228 SessionEnv - ok
21:34:09.0628 2228 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
21:34:09.0643 2228 sffdisk - ok
21:34:09.0643 2228 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
21:34:09.0659 2228 sffp_mmc - ok
21:34:09.0675 2228 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
21:34:09.0690 2228 sffp_sd - ok
21:34:09.0706 2228 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
21:34:09.0721 2228 sfloppy - ok
21:34:09.0753 2228 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
21:34:09.0784 2228 SharedAccess - ok
21:34:09.0831 2228 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
21:34:09.0924 2228 ShellHWDetection - ok
21:34:09.0955 2228 [ 1BC348CF6BAA90EC8E533EF6E6A69933 ] SiSGbeLH C:\Windows\system32\DRIVERS\SiSG664.sys
21:34:09.0971 2228 SiSGbeLH - ok
21:34:09.0987 2228 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
21:34:09.0987 2228 SiSRaid2 - ok
21:34:10.0002 2228 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
21:34:10.0018 2228 SiSRaid4 - ok
21:34:10.0049 2228 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
21:34:10.0080 2228 Smb - ok
21:34:10.0111 2228 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
21:34:10.0127 2228 SNMPTRAP - ok
21:34:10.0143 2228 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
21:34:10.0143 2228 spldr - ok
21:34:10.0205 2228 [ B96C17B5DC1424D56EEA3A99E97428CD ] Spooler C:\Windows\System32\spoolsv.exe
21:34:10.0299 2228 Spooler - ok
21:34:10.0392 2228 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
21:34:10.0517 2228 sppsvc - ok
21:34:10.0548 2228 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
21:34:10.0595 2228 sppuinotify - ok
21:34:10.0626 2228 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
21:34:10.0657 2228 srv - ok
21:34:10.0673 2228 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
21:34:10.0704 2228 srv2 - ok
21:34:10.0720 2228 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
21:34:10.0735 2228 srvnet - ok
21:34:10.0767 2228 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
21:34:10.0813 2228 SSDPSRV - ok
21:34:10.0829 2228 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
21:34:10.0876 2228 SstpSvc - ok
21:34:10.0891 2228 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
21:34:10.0907 2228 stexstor - ok
21:34:10.0954 2228 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
21:34:10.0985 2228 stisvc - ok
21:34:11.0016 2228 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
21:34:11.0032 2228 swenum - ok
21:34:11.0063 2228 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
21:34:11.0110 2228 swprv - ok
21:34:11.0172 2228 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
21:34:11.0203 2228 SysMain - ok
21:34:11.0235 2228 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
21:34:11.0266 2228 TabletInputService - ok
21:34:11.0281 2228 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
21:34:11.0328 2228 TapiSrv - ok
21:34:11.0344 2228 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
21:34:11.0391 2228 TBS - ok
21:34:11.0453 2228 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
21:34:11.0531 2228 Tcpip - ok
21:34:11.0593 2228 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
21:34:11.0625 2228 TCPIP6 - ok
21:34:11.0656 2228 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
21:34:11.0687 2228 tcpipreg - ok
21:34:11.0718 2228 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
21:34:11.0718 2228 TDPIPE - ok
21:34:11.0749 2228 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
21:34:11.0765 2228 TDTCP - ok
21:34:11.0781 2228 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
21:34:11.0812 2228 tdx - ok
21:34:11.0843 2228 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
21:34:11.0843 2228 TermDD - ok
21:34:11.0874 2228 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
21:34:11.0921 2228 TermService - ok
21:34:11.0952 2228 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
21:34:11.0968 2228 Themes - ok
21:34:11.0983 2228 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
21:34:12.0015 2228 THREADORDER - ok
21:34:12.0015 2228 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
21:34:12.0046 2228 TrkWks - ok
21:34:12.0093 2228 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
21:34:12.0124 2228 TrustedInstaller - ok
21:34:12.0139 2228 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
21:34:12.0171 2228 tssecsrv - ok
21:34:12.0186 2228 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
21:34:12.0217 2228 TsUsbFlt - ok
21:34:12.0249 2228 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
21:34:12.0280 2228 tunnel - ok
21:34:12.0295 2228 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
21:34:12.0311 2228 uagp35 - ok
21:34:12.0342 2228 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
21:34:12.0405 2228 udfs - ok
21:34:12.0436 2228 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
21:34:12.0451 2228 UI0Detect - ok
21:34:12.0483 2228 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
21:34:12.0498 2228 uliagpkx - ok
21:34:12.0529 2228 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
21:34:12.0545 2228 umbus - ok
21:34:12.0576 2228 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
21:34:12.0592 2228 UmPass - ok
21:34:12.0623 2228 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
21:34:12.0670 2228 upnphost - ok
21:34:12.0701 2228 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
21:34:12.0717 2228 usbaudio - ok
21:34:12.0732 2228 [ 481DFF26B4DCA8F4CBAC1F7DCE1D6829 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
21:34:12.0748 2228 usbccgp - ok
21:34:12.0779 2228 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
21:34:12.0795 2228 usbcir - ok
21:34:12.0795 2228 [ 74EE782B1D9C241EFE425565854C661C ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
21:34:12.0810 2228 usbehci - ok
21:34:12.0841 2228 [ DC96BD9CCB8403251BCF25047573558E ] usbhub C:\Windows\system32\drivers\usbhub.sys
21:34:12.0857 2228 usbhub - ok
21:34:12.0888 2228 [ 58E546BBAF87664FC57E0F6081E4F609 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
21:34:12.0888 2228 usbohci - ok
21:34:12.0904 2228 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
21:34:12.0919 2228 usbprint - ok
21:34:12.0935 2228 [ D76510CFA0FC09023077F22C2F979D86 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:34:12.0951 2228 USBSTOR - ok
21:34:12.0951 2228 [ 81FB2216D3A60D1284455D511797DB3D ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
21:34:12.0966 2228 usbuhci - ok
21:34:12.0997 2228 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
21:34:13.0013 2228 usbvideo - ok
21:34:13.0029 2228 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
21:34:13.0060 2228 UxSms - ok
21:34:13.0075 2228 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
21:34:13.0091 2228 VaultSvc - ok
21:34:13.0122 2228 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
21:34:13.0138 2228 vdrvroot - ok
21:34:13.0185 2228 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
21:34:13.0294 2228 vds - ok
21:34:13.0325 2228 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
21:34:13.0356 2228 vga - ok
21:34:13.0372 2228 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
21:34:13.0419 2228 VgaSave - ok
21:34:13.0450 2228 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
21:34:13.0465 2228 vhdmp - ok
21:34:13.0497 2228 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
21:34:13.0512 2228 viaide - ok
21:34:13.0528 2228 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
21:34:13.0528 2228 volmgr - ok
21:34:13.0575 2228 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
21:34:13.0606 2228 volmgrx - ok
21:34:13.0621 2228 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
21:34:13.0637 2228 volsnap - ok
21:34:13.0653 2228 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
21:34:13.0668 2228 vsmraid - ok
21:34:13.0715 2228 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
21:34:13.0762 2228 VSS - ok
21:34:13.0777 2228 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
21:34:13.0777 2228 vwifibus - ok
21:34:13.0793 2228 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
21:34:13.0824 2228 vwififlt - ok
21:34:13.0840 2228 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
21:34:13.0871 2228 W32Time - ok
21:34:13.0887 2228 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
21:34:13.0902 2228 WacomPen - ok
21:34:13.0949 2228 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
21:34:13.0980 2228 WANARP - ok
21:34:13.0980 2228 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
21:34:14.0011 2228 Wanarpv6 - ok
21:34:14.0074 2228 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
21:34:14.0152 2228 WatAdminSvc - ok
21:34:14.0199 2228 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
21:34:14.0245 2228 wbengine - ok
21:34:14.0292 2228 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
21:34:14.0339 2228 WbioSrvc - ok
21:34:14.0370 2228 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
21:34:14.0401 2228 wcncsvc - ok
21:34:14.0417 2228 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
21:34:14.0433 2228 WcsPlugInService - ok
21:34:14.0448 2228 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
21:34:14.0448 2228 Wd - ok
21:34:14.0479 2228 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
21:34:14.0495 2228 Wdf01000 - ok
21:34:14.0511 2228 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
21:34:14.0542 2228 WdiServiceHost - ok
21:34:14.0557 2228 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
21:34:14.0573 2228 WdiSystemHost - ok
21:34:14.0589 2228 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
21:34:14.0604 2228 WebClient - ok
21:34:14.0620 2228 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
21:34:14.0667 2228 Wecsvc - ok
21:34:14.0682 2228 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
21:34:14.0698 2228 wercplsupport - ok
21:34:14.0729 2228 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
21:34:14.0760 2228 WerSvc - ok
21:34:14.0791 2228 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
21:34:14.0823 2228 WfpLwf - ok
21:34:14.0838 2228 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
21:34:14.0838 2228 WIMMount - ok
21:34:14.0869 2228 WinDefend - ok
21:34:14.0869 2228 WinHttpAutoProxySvc - ok
21:34:14.0916 2228 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
21:34:14.0979 2228 Winmgmt - ok
21:34:15.0041 2228 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
21:34:15.0150 2228 WinRM - ok
21:34:15.0197 2228 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
21:34:15.0228 2228 Wlansvc - ok
21:34:15.0259 2228 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
21:34:15.0275 2228 WmiAcpi - ok
21:34:15.0291 2228 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
21:34:15.0306 2228 wmiApSrv - ok
21:34:15.0353 2228 WMPNetworkSvc - ok
21:34:15.0400 2228 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
21:34:15.0431 2228 WPCSvc - ok
21:34:15.0462 2228 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
21:34:15.0509 2228 WPDBusEnum - ok
21:34:15.0540 2228 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
21:34:15.0556 2228 ws2ifsl - ok
21:34:15.0587 2228 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
21:34:15.0603 2228 wscsvc - ok
21:34:15.0618 2228 WSearch - ok
21:34:15.0696 2228 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
21:34:15.0790 2228 wuauserv - ok
21:34:15.0805 2228 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
21:34:15.0837 2228 WudfPf - ok
21:34:15.0868 2228 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
21:34:15.0899 2228 WUDFRd - ok
21:34:15.0930 2228 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
21:34:15.0961 2228 wudfsvc - ok
21:34:15.0977 2228 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
21:34:16.0008 2228 WwanSvc - ok
21:34:16.0024 2228 ================ Scan global ===============================
21:34:16.0039 2228 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
21:34:16.0071 2228 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
21:34:16.0086 2228 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
21:34:16.0102 2228 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
21:34:16.0133 2228 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
21:34:16.0133 2228 [Global] - ok
21:34:16.0133 2228 ================ Scan MBR ==================================
21:34:16.0164 2228 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
21:34:16.0695 2228 \Device\Harddisk0\DR0 - ok
21:34:16.0695 2228 ================ Scan VBR ==================================
21:34:16.0741 2228 [ 7E046C1E6835644F1DEBE7E568AED6AB ] \Device\Harddisk0\DR0\Partition1
21:34:16.0741 2228 \Device\Harddisk0\DR0\Partition1 - ok
21:34:16.0741 2228 ============================================================
21:34:16.0741 2228 Scan finished
21:34:16.0741 2228 ============================================================
21:34:16.0757 4068 Detected object count: 0
21:34:16.0757 4068 Actual detected object count: 0
21:35:19.0959 3080 Deinitialize success
|
|
23.12.2012, 21:56
| #6 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Malwarebytes findet Exploit.Drop.GSA und Mitteilung über 100 €-Zahlung Verschlüsselungstrojaner Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ --> Malwarebytes findet Exploit.Drop.GSA und Mitteilung über 100 €-Zahlung Verschlüsselungstrojaner |
|
24.12.2012, 08:45
| #7 |
| | Malwarebytes findet Exploit.Drop.GSA und Mitteilung über 100 €-Zahlung Verschlüsselungstrojaner Hallo Cosinus, hier mein Logfile von Combofix: Code:
ATTFilter ComboFix 12-12-23.01 - MaRa 24.12.2012 8:35.1.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.4021.2838 [GMT 1:00]
ausgeführt von:: c:\users\MaRa\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\programdata\dsgsdgdsgdsgw.pad
c:\programdata\SetWallpaper.exe
c:\windows\IsUn0407.exe
c:\windows\wininit.ini
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-11-24 bis 2012-12-24 ))))))))))))))))))))))))))))))
.
.
2012-12-23 20:04 . 2012-12-23 20:04 -------- d-----w- c:\program files\Enigma Software Group
2012-12-23 20:04 . 2012-12-23 20:31 -------- d-----w- c:\windows\83B952C7F8F34CA3B4C533C85B24E478.TMP
2012-12-23 20:04 . 2012-12-23 20:04 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2012-12-22 18:04 . 2012-12-22 18:03 959976 ----a-w- c:\windows\system32\deployJava1.dll
2012-12-22 18:04 . 2012-12-22 18:03 308200 ----a-w- c:\windows\system32\javaws.exe
2012-12-22 18:04 . 2012-12-22 18:03 1081320 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-12-22 18:04 . 2012-12-22 18:03 108008 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2012-12-22 18:04 . 2012-12-22 18:03 188392 ----a-w- c:\windows\system32\javaw.exe
2012-12-22 18:04 . 2012-12-22 18:03 188392 ----a-w- c:\windows\system32\java.exe
2012-12-22 18:03 . 2012-12-22 18:03 -------- d-----w- c:\program files\Java
2012-12-22 00:43 . 2012-12-22 00:43 2914 ----a-w- c:\programdata\dsgsdgdsgdsgw.js
2012-12-21 06:38 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-21 06:38 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-21 06:38 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-21 06:38 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-21 06:30 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{ECA111F5-F2C8-4D22-A7B9-2B8F2C7FD832}\mpengine.dll
2012-12-13 15:14 . 2012-11-14 05:52 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-12-13 14:44 . 2012-11-09 05:45 2048 ----a-w- c:\windows\system32\tzres.dll
2012-12-13 14:43 . 2012-11-02 05:59 478208 ----a-w- c:\windows\system32\dpnet.dll
2012-12-13 14:43 . 2012-11-02 05:11 376832 ----a-w- c:\windows\SysWow64\dpnet.dll
2012-12-13 14:42 . 2012-12-13 14:42 16363960 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-13 15:15 . 2010-05-21 14:45 67413224 ----a-w- c:\windows\system32\MRT.exe
2012-12-13 14:42 . 2012-10-23 10:27 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-12-13 14:42 . 2012-10-19 17:07 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-11-07 20:36 . 2012-05-20 11:57 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-11-07 20:36 . 2010-05-21 15:27 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-10-30 22:51 . 2010-07-24 16:52 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-10-30 22:51 . 2011-03-30 17:06 984144 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-10-30 22:51 . 2010-07-24 16:52 370288 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-10-30 22:51 . 2010-07-24 16:52 71600 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-10-30 22:51 . 2010-07-24 16:52 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-10-30 22:51 . 2010-07-24 16:52 41224 ----a-w- c:\windows\avastSS.scr
2012-10-30 22:50 . 2010-07-24 16:52 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-10-30 22:50 . 2011-01-16 19:10 285328 ----a-w- c:\windows\system32\aswBoot.exe
2012-10-15 16:59 . 2012-02-25 05:47 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-10-04 16:40 . 2012-12-13 14:44 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-09-25 22:47 . 2012-11-14 06:11 78336 ----a-w- c:\windows\SysWow64\synceng.dll
2012-09-25 22:46 . 2012-11-14 06:11 95744 ----a-w- c:\windows\system32\synceng.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccleaner"="c:\program files (x86)\CCleaner\CCleaner.exe" [2012-12-19 3273136]
"Personal ID"="c:\coolsp~1\PERSON~1\PID.EXE" [2009-03-04 1134008]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-01-22 98304]
"avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2012-10-30 4297136]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
.
c:\users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]
.
c:\users\Rahel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]
.
c:\users\MaRa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2011-1-5 291896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R3 ASUSProcObsrv;ASUS Process Creation/Termination Observer;c:\preload64\Patch\AsPrOb64.sys [x]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe [2009-07-14 27136]
S1 aswKbd;aswKbd; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-01-22 202752]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-10-30 71600]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2009-10-15 117760]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [2009-09-04 62464]
S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2010-09-01 17976]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
Inhalt des "geplante Tasks" Ordners
.
2012-12-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-23 14:42]
.
2012-09-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-23 14:32]
.
2012-09-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-23 14:32]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50 133400 ----a-w- c:\program files\Alwil Software\Avast5\ashShA64.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Free YouTube Download - c:\users\MaRa\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\users\MaRa\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
TCP: DhcpNameServer = 192.168.2.1 192.168.2.1
FF - ProfilePath - c:\users\MaRa\AppData\Roaming\Mozilla\Firefox\Profiles\747svujy.default\
FF - user.js: yahoo.homepage.dontask - true
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-204273484-3938517943-1512999354-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-12-24 08:41:27
ComboFix-quarantined-files.txt 2012-12-24 07:41
.
Vor Suchlauf: 10 Verzeichnis(se), 423.701.368.832 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 423.672.680.448 Bytes frei
.
- - End Of File - - 19769D90FCC56DAA187D0DCB9CB04443
Hallo Cosinus, jetzt habe ich noch einen Nachtrag. Ich sehe aus der Logdatei von Combofix, daß das Programm im Verzeichnis c:\ProgramData sowohl die Datei dsgsdgdsgdsgw.pad als auch die setwallpaper.exe gelöscht hat. Wenn ich jetzt in das Verzeichnis ProgramData gehe, finde ich dort noch zwei Dateien, nämlich: dsgsdgdsgdsgw mit der Typbezeichnung JScript-Skriptdatei 3 KB groß und setwallpaper mit der Typbezeichnung Windows-Befehlsskript 1 KB groß. Soll ich die beiden manuell löschen? Gruß Angkor |
|
24.12.2012, 16:24
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Malwarebytes findet Exploit.Drop.GSA und Mitteilung über 100 €-Zahlung Verschlüsselungstrojaner Nein, nicht gleich direkt löschen, wir machen die später weg dalls unbedingt erforderlich adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren Downloade Dir bitte AdwCleaner auf deinen Desktop. Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
24.12.2012, 17:49
| #9 |
| | Malwarebytes findet Exploit.Drop.GSA und Mitteilung über 100 €-Zahlung Verschlüsselungstrojaner Hallo Cosinus, hier also der Inhalt des Logfiles vom AdwCleaner. Das hat übrigens nur Sekunden gedauert. - Ist das normal? Code:
ATTFilter # AdwCleaner v2.102 - Datei am 24/12/2012 um 17:40:36 erstellt
# Aktualisiert am 23/12/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : MaRa - MALACHIAS
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\MaRa\Desktop\adwcleaner.exe
# Option [Suche]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Ordner Gefunden : C:\Users\MaRa\AppData\Roaming\OpenCandy
***** [Registrierungsdatenbank] *****
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16457
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v17.0.1 (de)
Datei : C:\Users\MaRa\AppData\Roaming\Mozilla\Firefox\Profiles\747svujy.default\prefs.js
[OK] Die Datei ist sauber.
Datei : C:\Users\Rahel\AppData\Roaming\Mozilla\Firefox\Profiles\82auspha.CydCharisse\prefs.js
[OK] Die Datei ist sauber.
Datei : C:\Users\Rahel\AppData\Roaming\Mozilla\Firefox\Profiles\ruikeb1f.default\prefs.js
[OK] Die Datei ist sauber.
Datei : C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\zkiwmwz5.default\prefs.js
[OK] Die Datei ist sauber.
-\\ Opera v12.12.1707.0
Datei : C:\Users\MaRa\AppData\Roaming\Opera\Opera\operaprefs.ini
[OK] Die Datei ist sauber.
Datei : C:\Users\Rahel\AppData\Roaming\Opera\Opera\operaprefs.ini
[OK] Die Datei ist sauber.
Datei : C:\Users\Martin\AppData\Roaming\Opera\Opera\operaprefs.ini
[OK] Die Datei ist sauber.
*************************
AdwCleaner[R1].txt - [1478 octets] - [24/12/2012 17:40:36]
########## EOF - C:\AdwCleaner[R1].txt - [1538 octets] ##########
Hammerhart, alle Achtung!! Ich hoffe, Ihr werdet dafür anständig bezahlt. Gruß Angkor |
|
24.12.2012, 17:56
| #10 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Malwarebytes findet Exploit.Drop.GSA und Mitteilung über 100 €-Zahlung VerschlüsselungstrojanerZitat:
 Und ja der adwCleaner ist sehr schnell adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen
Danach eine Kontrolle mit OTL bitte:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
24.12.2012, 19:13
| #11 |
| | Malwarebytes findet Exploit.Drop.GSA und Mitteilung über 100 €-Zahlung Verschlüsselungstrojaner Hallo Cosinus, hier das Logfile von ADWCleaner: Code:
ATTFilter # AdwCleaner v2.102 - Datei am 24/12/2012 um 18:50:56 erstellt
# Aktualisiert am 23/12/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : MaRa - MALACHIAS
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\MaRa\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Ordner Gelöscht : C:\Users\MaRa\AppData\Roaming\OpenCandy
***** [Registrierungsdatenbank] *****
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16457
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v17.0.1 (de)
Datei : C:\Users\MaRa\AppData\Roaming\Mozilla\Firefox\Profiles\747svujy.default\prefs.js
C:\Users\MaRa\AppData\Roaming\Mozilla\Firefox\Profiles\747svujy.default\user.js ... Gelöscht !
[OK] Die Datei ist sauber.
Datei : C:\Users\Rahel\AppData\Roaming\Mozilla\Firefox\Profiles\82auspha.CydCharisse\prefs.js
[OK] Die Datei ist sauber.
Datei : C:\Users\Rahel\AppData\Roaming\Mozilla\Firefox\Profiles\ruikeb1f.default\prefs.js
[OK] Die Datei ist sauber.
Datei : C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\zkiwmwz5.default\prefs.js
[OK] Die Datei ist sauber.
-\\ Opera v12.12.1707.0
Datei : C:\Users\MaRa\AppData\Roaming\Opera\Opera\operaprefs.ini
[OK] Die Datei ist sauber.
Datei : C:\Users\Rahel\AppData\Roaming\Opera\Opera\operaprefs.ini
[OK] Die Datei ist sauber.
Datei : C:\Users\Martin\AppData\Roaming\Opera\Opera\operaprefs.ini
[OK] Die Datei ist sauber.
*************************
AdwCleaner[R1].txt - [1607 octets] - [24/12/2012 17:40:36]
AdwCleaner[S1].txt - [1638 octets] - [24/12/2012 18:50:56]
########## EOF - C:\AdwCleaner[S1].txt - [1698 octets] ##########
Code:
ATTFilter OTL logfile created on: 12/24/2012 6:55:06 PM - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\MaRa\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3.93 Gb Total Physical Memory | 2.69 Gb Available Physical Memory | 68.44% Memory free 7.85 Gb Paging File | 6.57 Gb Available in Paging File | 83.72% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 451.11 Gb Total Space | 394.30 Gb Free Space | 87.41% Space Free | Partition Type: NTFS Computer Name: MALACHIAS | User Name: MaRa | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\MaRa\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software) PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\Secunia\PSI\sua.exe (Secunia) PRC - C:\Program Files (x86)\Secunia\PSI\PSIA.exe (Secunia) PRC - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia) PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (OpenOffice.org) PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll () ========== Services (SafeList) ========== SRV:64bit: - (avast! Firewall) -- C:\Program Files\Alwil Software\Avast5\afwServ.exe File not found SRV:64bit: - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software) SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (Secunia Update Agent) -- C:\Program Files (x86)\Secunia\PSI\sua.exe (Secunia) SRV - (Secunia PSI Agent) -- C:\Program Files (x86)\Secunia\PSI\PSIA.exe (Secunia) SRV - (nosGetPlusHelper) -- C:\Program Files (x86)\NOS\bin\getPlus_Helper_3004.dll (NOS Microsystems Ltd.) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (esgiguard) -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys File not found DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software) DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software) DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software) DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software) DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software) DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr2.sys (AVAST Software) DRV:64bit: - (aswKbd) -- C:\Windows\SysNative\drivers\aswKbd.sys (AVAST Software) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (PSI) -- C:\Windows\SysNative\drivers\psi_mf.sys (Secunia) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atipmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (ETD) -- C:\Windows\SysNative\drivers\ETD.sys (ELAN Microelectronic Corp.) DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.) DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.) DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (kbfiltr) -- C:\Windows\SysNative\drivers\kbfiltr.sys ( ) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (SiSGbeLH) -- C:\Windows\SysNative\drivers\SiSG664.sys (Silicon Integrated Systems Corp.) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ATK64AMD.sys (ASUS) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-204273484-3938517943-1512999354-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-204273484-3938517943-1512999354-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 08 D7 9A 8D DE F8 CA 01 [binary data] IE - HKU\S-1-5-21-204273484-3938517943-1512999354-1000\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-204273484-3938517943-1512999354-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-204273484-3938517943-1512999354-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:7.0.1474 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1 FF - prefs.js..extensions.enabledItems: https-everywhere@eff.org:0.9.2 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.10.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.10.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll File not found FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2012/11/09 23:31:21 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/12/22 13:47:45 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/12/22 13:47:45 | 000,000,000 | ---D | M] [2010/05/21 13:12:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MaRa\AppData\Roaming\mozilla\Extensions [2012/05/29 08:10:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MaRa\AppData\Roaming\mozilla\Firefox\Profiles\747svujy.default\extensions [2011/12/17 09:02:55 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\MaRa\AppData\Roaming\mozilla\Firefox\Profiles\747svujy.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012/12/05 09:54:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012/11/09 23:31:21 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF [2012/11/29 09:26:57 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012/11/29 10:19:31 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012/11/29 10:19:31 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012/11/29 10:19:31 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012/11/29 10:19:32 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012/11/29 10:19:31 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012/11/29 10:19:31 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2012/12/24 08:39:50 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll (AVAST Software) O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software) O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll (AVAST Software) O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4 - HKLM..\Run: [avast] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKU\S-1-5-21-204273484-3938517943-1512999354-1000..\Run: [ccleaner] C:\Program Files (x86)\CCleaner\CCleaner.exe (Piriform Ltd) O4 - HKU\S-1-5-21-204273484-3938517943-1512999354-1000..\Run: [Personal ID] C:\coolspot AG\Personal ID\pid.exe (coolspot AG, Düsseldorf) O4 - Startup: C:\Users\MaRa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () O4 - Startup: C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () O4 - Startup: C:\Users\Rahel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-204273484-3938517943-1512999354-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-204273484-3938517943-1512999354-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\MaRa\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\MaRa\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Free YouTube Download - C:\Users\MaRa\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\MaRa\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CD3BA6CA-6BCB-4CBB-819B-8E0DA3BDDB09}: DhcpNameServer = 192.168.2.1 192.168.2.1 O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2012/12/23 21:04:57 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012/12/24 08:49:25 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2012/12/24 08:41:29 | 000,000,000 | ---D | C] -- C:\Windows\temp [2012/12/24 08:34:38 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2012/12/24 08:34:38 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2012/12/24 08:34:38 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2012/12/24 08:34:31 | 000,000,000 | ---D | C] -- C:\Qoobox [2012/12/24 08:34:21 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2012/12/24 08:33:20 | 005,012,686 | R--- | C] (Swearware) -- C:\Users\MaRa\Desktop\ComboFix.exe [2012/12/23 21:36:51 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\MaRa\Desktop\aswMBR.exe [2012/12/23 21:32:44 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\MaRa\Desktop\tdsskiller.exe [2012/12/23 21:31:57 | 000,000,000 | ---D | C] -- C:\Config.Msi [2012/12/23 21:04:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard [2012/12/23 20:45:55 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\MaRa\Documents\aswMBR.exe [2012/12/22 19:31:04 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\MaRa\Desktop\OTL.exe [2012/12/22 19:29:59 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\MaRa\Documents\OTL.exe [2012/12/22 19:04:21 | 000,959,976 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll [2012/12/22 19:04:20 | 001,081,320 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll [2012/12/22 19:04:20 | 000,308,200 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe [2012/12/22 19:04:03 | 000,188,392 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe [2012/12/22 19:04:03 | 000,188,392 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\java.exe [2012/12/22 19:04:03 | 000,108,008 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll [2012/12/22 19:03:20 | 000,000,000 | ---D | C] -- C:\Program Files\Java [2012/12/22 19:01:41 | 032,946,152 | ---- | C] (Oracle Corporation) -- C:\Users\MaRa\Documents\jre-7u10-windows-x64.exe [2012/12/22 18:27:03 | 010,524,080 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\MaRa\Documents\mbam-setup-1.65.0.1400.exe [2012/12/22 18:23:12 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\MaRa\Documents\HiJackThis204.exe [2012/12/21 07:38:41 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll [2012/12/21 07:38:41 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll [2012/12/21 07:38:40 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll [2012/12/21 07:38:39 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll [2012/12/13 16:13:58 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012/12/13 16:13:58 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012/12/13 16:13:57 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012/12/13 16:13:57 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012/12/13 16:13:56 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012/12/13 16:13:56 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012/12/13 16:13:56 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2012/12/13 16:13:56 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2012/12/13 16:13:55 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2012/12/13 16:13:55 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2012/12/13 16:13:55 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2012/12/13 16:13:55 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2012/12/13 16:13:53 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2012/12/13 16:13:53 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012/12/13 16:13:53 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2012/12/13 15:44:09 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll [2012/12/13 15:44:08 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll [2012/12/13 15:44:08 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe [2012/12/13 15:44:07 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll [2012/12/13 15:44:05 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll [2012/12/13 15:44:05 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll [2012/12/13 15:44:05 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe [2012/12/13 15:44:05 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll [2012/12/13 15:44:05 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll [2012/12/13 15:44:05 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll [2012/12/13 15:44:05 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll [2012/12/13 15:44:04 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe [2012/12/13 15:44:04 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll [2012/12/13 15:44:04 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll [2012/12/13 15:44:04 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll [2012/12/13 15:44:04 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll [2012/12/13 15:44:04 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll [2012/12/13 15:44:04 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll [2012/12/13 15:44:04 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll [2012/12/13 15:44:04 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll [2012/12/13 15:44:04 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll [2012/12/13 15:44:04 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll [2012/12/13 15:44:04 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll [2012/12/13 15:44:04 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll [2012/12/13 15:44:04 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll [2012/12/13 15:44:04 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll [2012/12/13 15:44:04 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll [2012/12/13 15:44:04 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll [2012/12/13 15:44:04 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll [2012/12/13 15:44:04 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll [2012/12/13 15:44:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll [2012/12/13 15:44:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll [2012/12/13 15:44:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll [2012/12/13 15:44:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll [2012/12/13 15:44:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll [2012/12/13 15:44:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll [2012/12/13 15:44:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll [2012/12/13 15:44:03 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll [2012/12/13 15:44:03 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll [2012/12/13 15:44:03 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll [2012/12/13 15:44:03 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll [2012/12/13 15:44:03 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll [2012/12/13 15:44:03 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll [2012/12/13 15:44:03 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll [2012/12/13 15:44:03 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll [2012/12/13 15:44:03 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll [2012/12/13 15:44:03 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll [2012/12/13 15:44:03 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll [2012/12/13 15:44:03 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll [2012/12/13 15:44:03 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll [2012/12/13 15:44:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll [2012/12/13 15:44:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll [2012/12/13 15:44:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll [2012/12/13 15:44:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll [2012/12/13 15:44:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll [2012/12/13 15:44:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll [2012/12/13 15:44:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll [2012/12/13 15:44:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll [2012/12/13 15:44:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll [2012/12/13 15:44:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll [2012/12/13 15:44:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll [2012/12/13 15:44:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll [2012/12/13 15:44:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll [2012/12/13 15:44:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll [2012/12/13 15:44:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll [2012/12/13 15:44:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll [2012/12/13 15:44:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll [2012/12/13 15:44:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll [2012/12/13 15:44:02 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe [2012/12/13 15:43:42 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnet.dll [2012/12/13 15:43:42 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnet.dll [2012/12/13 15:42:13 | 016,363,960 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/12/24 18:52:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/12/24 18:51:58 | 3161,874,432 | -HS- | M] () -- C:\hiberfil.sys [2012/12/24 18:42:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012/12/24 17:41:56 | 000,010,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/12/24 17:41:56 | 000,010,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/12/24 17:40:02 | 000,549,359 | ---- | M] () -- C:\Users\MaRa\Desktop\adwcleaner.exe [2012/12/24 14:08:13 | 001,472,002 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012/12/24 14:08:13 | 000,643,866 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012/12/24 14:08:13 | 000,607,190 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012/12/24 14:08:13 | 000,126,394 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012/12/24 14:08:13 | 000,103,568 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012/12/24 08:39:50 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2012/12/24 08:33:20 | 005,012,686 | R--- | M] (Swearware) -- C:\Users\MaRa\Desktop\ComboFix.exe [2012/12/23 21:37:36 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\MaRa\Desktop\aswMBR.exe [2012/12/23 21:32:48 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\MaRa\Desktop\tdsskiller.exe [2012/12/23 21:04:57 | 000,000,000 | ---- | M] () -- C:\autoexec.bat [2012/12/23 21:01:10 | 000,000,512 | ---- | M] () -- C:\Users\MaRa\Desktop\MBR.dat [2012/12/23 20:46:41 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\MaRa\Documents\aswMBR.exe [2012/12/23 08:47:00 | 000,022,514 | ---- | M] () -- C:\Users\MaRa\Documents\gvu.odt [2012/12/22 19:29:59 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\MaRa\Documents\OTL.exe [2012/12/22 19:29:59 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\MaRa\Desktop\OTL.exe [2012/12/22 19:29:07 | 000,000,000 | ---- | M] () -- C:\Users\MaRa\defogger_reenable [2012/12/22 19:27:53 | 000,050,477 | ---- | M] () -- C:\Users\MaRa\Documents\Defogger.exe [2012/12/22 19:03:35 | 000,108,008 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll [2012/12/22 19:03:31 | 000,308,200 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe [2012/12/22 19:03:31 | 000,188,392 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe [2012/12/22 19:03:30 | 000,188,392 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\java.exe [2012/12/22 19:03:28 | 001,081,320 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll [2012/12/22 19:03:28 | 000,959,976 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll [2012/12/22 19:01:51 | 032,946,152 | ---- | M] (Oracle Corporation) -- C:\Users\MaRa\Documents\jre-7u10-windows-x64.exe [2012/12/22 18:27:05 | 010,524,080 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\MaRa\Documents\mbam-setup-1.65.0.1400.exe [2012/12/22 18:23:12 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\MaRa\Documents\HiJackThis204.exe [2012/12/22 13:46:16 | 000,001,019 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012/12/22 01:43:26 | 000,002,914 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.js [2012/12/21 09:23:32 | 000,289,296 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012/12/16 18:11:22 | 000,046,080 | ---- | M] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll [2012/12/16 15:45:03 | 000,367,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll [2012/12/16 15:13:28 | 000,295,424 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll [2012/12/16 15:13:20 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll [2012/12/13 15:42:20 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012/12/13 15:42:20 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012/12/13 15:42:13 | 016,363,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe [2012/12/05 09:54:09 | 000,001,149 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/12/24 17:40:02 | 000,549,359 | ---- | C] () -- C:\Users\MaRa\Desktop\adwcleaner.exe [2012/12/24 08:34:38 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012/12/24 08:34:38 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012/12/24 08:34:38 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012/12/24 08:34:38 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012/12/24 08:34:38 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012/12/23 21:04:57 | 000,000,000 | ---- | C] () -- C:\autoexec.bat [2012/12/23 21:01:10 | 000,000,512 | ---- | C] () -- C:\Users\MaRa\Desktop\MBR.dat [2012/12/23 08:46:57 | 000,022,514 | ---- | C] () -- C:\Users\MaRa\Documents\gvu.odt [2012/12/22 19:29:07 | 000,000,000 | ---- | C] () -- C:\Users\MaRa\defogger_reenable [2012/12/22 19:27:53 | 000,050,477 | ---- | C] () -- C:\Users\MaRa\Documents\Defogger.exe [2012/12/22 01:43:26 | 000,002,914 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.js [2011/10/08 10:36:32 | 000,000,303 | ---- | C] () -- C:\Windows\SIERRA.INI [2009/07/29 06:21:06 | 000,000,223 | ---- | C] () -- C:\ProgramData\setwallpaper.cmd ========== ZeroAccess Check ========== [2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] < End of report > Code:
ATTFilter OTL Extras logfile created on: 12/24/2012 6:55:06 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\MaRa\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3.93 Gb Total Physical Memory | 2.69 Gb Available Physical Memory | 68.44% Memory free
7.85 Gb Paging File | 6.57 Gb Available in Paging File | 83.72% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.11 Gb Total Space | 394.30 Gb Free Space | 87.41% Space Free | Partition Type: NTFS
Computer Name: MALACHIAS | User Name: MaRa | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
[HKEY_USERS\S-1-5-21-204273484-3938517943-1512999354-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DisableUnicastResponsesToMulticastBroadcast" = 0
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1
"DoNotAllowExceptions" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0033C1FE-3E33-45B1-8D3A-58006A43CAB3}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{04E9A204-65F3-43DD-9BA0-A8ADDDB9D68E}" = lport=139 | protocol=6 | dir=in | app=system |
"{182095C2-CCCA-40C8-9CEE-40A455E43177}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{21B5FDEB-8022-4880-806D-224BD52B1AA2}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{26163EBB-C9CA-4924-9447-6A18504A4365}" = rport=139 | protocol=6 | dir=out | app=system |
"{454C78A8-7439-4877-B0B3-C4DF6461787F}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{62FA2505-6D18-47D1-86E1-B30916C934BD}" = lport=138 | protocol=17 | dir=in | app=system |
"{681336DF-96B3-4D7F-BEC6-0D17EE79577C}" = rport=10243 | protocol=6 | dir=out | app=system |
"{7D16EB24-8D1A-42F9-BB7A-CA38258C5B04}" = lport=445 | protocol=6 | dir=in | app=system |
"{877754AD-BB4B-4A58-82D8-A1F03D2393FB}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{8A97087D-D83D-40C5-899C-59BA4A62DD40}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{90D0F5C0-5858-425A-9A3E-262F2EBE1CD0}" = lport=2869 | protocol=6 | dir=in | app=system |
"{9A6FB10A-94FD-4018-94DD-46F6C64FF5AA}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9BCB39E6-7799-44AA-9970-5CB49538941E}" = lport=10243 | protocol=6 | dir=in | app=system |
"{9BEE6A93-AC58-4DBC-BE7C-B53A62FAC20F}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A0ECCDD3-12E1-4237-A700-3BA30A5D4E80}" = rport=138 | protocol=17 | dir=out | app=system |
"{C2A8DF8F-A45E-4966-B5A4-848E60BD1D72}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E16511CF-A0A5-4D80-94C0-5213BA65C13B}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E329FAA8-E16B-4A41-9CC6-2436897B94F0}" = lport=137 | protocol=17 | dir=in | app=system |
"{F03FB3DF-03D7-4546-A384-3B252A7856B7}" = rport=137 | protocol=17 | dir=out | app=system |
"{F0E71657-2E3E-4D6F-A838-0BB95BF66AA6}" = rport=445 | protocol=6 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{129CC343-0A1C-4E2B-9B82-B7550324F7A9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{12DBD817-EC69-471C-83FF-41C936905428}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{22EB8E8B-A420-42DB-95CD-B4A3FB0F2BE9}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{292C9E49-A3F2-4E64-8B5A-91DDCB62FE14}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{469CE90A-8563-437B-AC95-98442B4318E9}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4D1D54D5-E6A4-4A49-9B58-0C0B6A53B42A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{4F8836DD-22C5-4014-92E5-BCAE7E05ED41}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{741E58AF-CB3D-4F9B-AAC3-3CC437EF7EA8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8AF748FD-71FB-44BF-86FE-0CBC23B4D816}" = protocol=6 | dir=out | app=system |
"{98A3DDF5-D6EB-41D8-B2AC-C95DD9657969}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{A21454CF-8A59-4841-8CC1-0BF9846E1FCA}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{AEFD7496-175E-459E-A2F5-4F870B45874C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{B232E1E1-CF78-4D7A-AE90-37A206496DFF}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{B26285C1-D881-4885-AB98-F55273B9732F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D7E85CAD-A797-46CA-8E05-04DF769F3679}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{DC97B838-ED74-45D7-85C4-93EA5C7C5B03}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{EF61730A-157A-4200-A78F-B1E8B2B314AF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{EF77DDD3-8706-45D2-AFD1-C03C2CA187A2}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{EF7E5B88-D92E-4F6F-B8F3-AA6733D34AEC}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{F2F5798A-177A-440A-B797-5315A575DA13}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{FC4D0FFB-C243-4780-94A8-CF1E3ED1F775}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{51204649-1A67-4E9B-88C0-FC00A3FA40E8}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe |
"TCP Query User{8C7A2A34-123E-4956-850A-4D0A3F47A3F4}C:\program files (x86)\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"UDP Query User{8A95485B-3A86-469E-BBCB-828EA485AD15}C:\program files (x86)\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"UDP Query User{D69C0900-3895-4A88-881B-173C21A3F50F}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{26A24AE4-039D-4CA4-87B4-2F86417010FF}" = Java 7 Update 10 (64-bit)
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{489F2C5A-83B9-79D5-714C-1DEF32A898E5}" = ATI AVIVO64 Codecs
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{AA5A2780-10FC-913C-B8AA-FE42DFDBAA42}" = ccc-utility64
"{D0528577-31BF-2ABC-D7FC-E443EBF8B40A}" = ATI Catalyst Install Manager
"CCleaner" = CCleaner
"Elantech" = ETDWare PS/2-x64 7.0.5.9_WHQL
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{182A1405-9660-F35E-4910-2F4804EF9CD1}" = Catalyst Control Center Core Implementation
"{1E9165D4-D1BB-A8FF-4D81-4769904075BE}" = CCC Help Spanish
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2271DC83-BDCA-B742-0F66-51C548D83878}" = CCC Help Hungarian
"{2458E345-90BF-A135-A9F6-7B79E5A1B034}" = Catalyst Control Center Graphics Full New
"{2801377C-AED0-9DF8-8C13-DE5B8A255E01}" = CCC Help Italian
"{2944D228-BD9D-293C-9207-36F3F83200C7}" = Catalyst Control Center Graphics Full Existing
"{2BE54333-0A35-B568-B9B6-BBAC93363F07}" = CCC Help Polish
"{321CA409-D308-D275-FD2E-07745286F7B1}" = CCC Help Portuguese
"{394B8A28-0984-B687-DC3D-600A83E3D8AB}" = ccc-core-static
"{3C168069-602E-D4DE-AAEA-C83395FD7CBB}" = CCC Help German
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{507BF84D-922E-367A-1B91-2C92A8626627}" = CCC Help Finnish
"{56670C91-F1BA-86BC-0AAE-8605B726EF2F}" = CCC Help Russian
"{57CB36B6-4884-535F-9379-34560046C912}" = CCC Help Dutch
"{698E45C8-5054-554F-51CB-68847E4B0BA5}" = CCC Help Greek
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{719C5E05-B9B2-EBBB-766D-2A1245147DF9}" = Catalyst Control Center Graphics Previews Common
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77498F29-4EFE-159E-DB0E-8E36C3E2B473}" = CCC Help Danish
"{788A7564-40B9-4993-78AF-1852D423781E}" = CCC Help Chinese Traditional
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{91D02903-7EDB-2A1F-C19F-8EBB335BA708}" = CCC Help Chinese Standard
"{929CE49F-1CA7-4CF3-A9A1-6D757443C63F}" = Microsoft Games for Windows - LIVE Redistributable
"{95F1EE6A-2C0E-5CE9-8042-287E11DFA089}" = Catalyst Control Center InstallProxy
"{9933221A-32B7-75A8-A496-713191B260CC}" = CCC Help Norwegian
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C28D1FA-B33F-AA17-9A87-FA556C5B6C2D}" = CCC Help English
"{9C976EB6-3C08-3B82-0162-26513153E347}" = CCC Help French
"{9EC8C2B7-74F5-EEDC-E3F2-3E13564ABF8D}" = Catalyst Control Center Graphics Light
"{A0306AD8-1D8C-A5BB-6311-81A42370EEB9}" = Catalyst Control Center Graphics Previews Vista
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB3C268A-E54B-4F6D-BF97-2DFCEEFA94F5}" = Catalyst Control Center - Branding
"{AB77649D-25F2-EC99-67CD-A1B2F9862199}" = CCC Help Turkish
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{B0474B6D-9508-9D4F-694A-9C78F06BB037}" = CCC Help Swedish
"{B5529701-E380-06B7-14A8-D24EC95B5CD2}" = CCC Help Japanese
"{BA32FA50-7D3C-F111-9E79-619774EDB517}" = Catalyst Control Center Localization All
"{BD9CA010-1B74-B806-F4B7-C2175EE3AC2C}" = CCC Help Korean
"{BEFBEDDF-1417-4C8A-92FB-F003C0D41199}" = OpenOffice.org 3.2
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{F5E5DFE5-37AC-61A7-1A57-6741C243C96F}" = CCC Help Czech
"{F722209B-739E-40E4-ADB1-062BD032A0DB}" = Personal ID
"{F92CDFEB-DB96-4589-B88C-BE181D153445}" = Moorhuhn WE AYCS
"{FF250E8C-2925-C0C8-71EF-C456BE470759}" = CCC Help Thai
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"avast" = avast! Free Antivirus
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"Free Studio_is1" = Free Studio version 5.3.2
"Mozilla Firefox 17.0.1 (x86 de)" = Mozilla Firefox 17.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Opera 12.12.1707" = Opera 12.12
"Rocks'n'Diamonds_is1" = Rocks'n'Diamonds 3.3.0.1
"Secunia PSI" = Secunia PSI (2.0.0.2001)
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-204273484-3938517943-1512999354-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"DrKawashima" = Dr Kawashima
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 12/22/2012 4:26:25 PM | Computer Name = Malachias | Source = ESENT | ID = 455
Description = Windows (2104) Windows: Fehler -1811 beim Öffnen von Protokolldatei
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS000F3.log.
Error - 12/22/2012 4:26:27 PM | Computer Name = Malachias | Source = Windows Search Service | ID = 9000
Description =
Error - 12/22/2012 4:26:27 PM | Computer Name = Malachias | Source = Windows Search Service | ID = 7040
Description =
Error - 12/22/2012 4:26:27 PM | Computer Name = Malachias | Source = Windows Search Service | ID = 7042
Description =
Error - 12/22/2012 4:26:28 PM | Computer Name = Malachias | Source = Windows Search Service | ID = 9002
Description =
Error - 12/22/2012 4:26:28 PM | Computer Name = Malachias | Source = Windows Search Service | ID = 3029
Description =
Error - 12/22/2012 4:26:34 PM | Computer Name = Malachias | Source = Windows Search Service | ID = 3029
Description =
Error - 12/22/2012 4:26:34 PM | Computer Name = Malachias | Source = Windows Search Service | ID = 3028
Description =
Error - 12/22/2012 4:26:34 PM | Computer Name = Malachias | Source = Windows Search Service | ID = 3058
Description =
Error - 12/22/2012 4:26:34 PM | Computer Name = Malachias | Source = Windows Search Service | ID = 7010
Description =
[ Media Center Events ]
Error - 7/4/2010 5:17:19 PM | Computer Name = Malachias | Source = MCUpdate | ID = 0
Description = 23:17:19 - Fehler beim Herstellen der Internetverbindung. 23:17:19
- Serververbindung konnte nicht hergestellt werden..
Error - 7/4/2010 5:17:28 PM | Computer Name = Malachias | Source = MCUpdate | ID = 0
Description = 23:17:24 - Fehler beim Herstellen der Internetverbindung. 23:17:24
- Serververbindung konnte nicht hergestellt werden..
Error - 3/20/2011 7:05:57 PM | Computer Name = Malachias | Source = MCUpdate | ID = 0
Description = 00:05:50 - MCEClientUX konnte nicht abgerufen werden (Fehler: Die
zugrunde liegende Verbindung wurde geschlossen: Für den geschützten SSL/TLS-Kanal
konnte keine Vertrauensstellung hergestellt werden..)
Error - 4/30/2011 4:33:33 PM | Computer Name = Malachias | Source = MCUpdate | ID = 0
Description = 22:33:33 - Fehler beim Herstellen der Internetverbindung. 22:33:33
- Serververbindung konnte nicht hergestellt werden..
Error - 4/30/2011 4:33:43 PM | Computer Name = Malachias | Source = MCUpdate | ID = 0
Description = 22:33:39 - Fehler beim Herstellen der Internetverbindung. 22:33:39
- Serververbindung konnte nicht hergestellt werden..
Error - 5/17/2011 2:37:54 AM | Computer Name = Malachias | Source = MCUpdate | ID = 0
Description = 08:37:54 - Directory konnte nicht abgerufen werden (Fehler: Timeout
für Vorgang überschritten)
Error - 5/17/2011 2:39:20 AM | Computer Name = Malachias | Source = MCUpdate | ID = 0
Description = 08:39:15 - Broadband konnte nicht abgerufen werden (Fehler: Die zugrunde
liegende Verbindung wurde geschlossen: Unbekannter Fehler beim Empfangen..)
Error - 3/21/2012 7:12:14 AM | Computer Name = Malachias | Source = MCUpdate | ID = 0
Description = 12:12:14 - Fehler beim Herstellen der Internetverbindung. 12:12:14
- Serververbindung konnte nicht hergestellt werden..
Error - 3/21/2012 7:12:23 AM | Computer Name = Malachias | Source = MCUpdate | ID = 0
Description = 12:12:19 - Fehler beim Herstellen der Internetverbindung. 12:12:19
- Serververbindung konnte nicht hergestellt werden..
[ System Events ]
Error - 12/22/2012 2:32:00 AM | Computer Name = Malachias | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?22.?12.?2012 um 03:20:35 unerwartet heruntergefahren.
Error - 12/22/2012 8:37:10 AM | Computer Name = Malachias | Source = Service Control Manager | ID = 7022
Description = Der Dienst "Windows Update" wurde nicht richtig gestartet.
Error - 12/22/2012 4:26:34 PM | Computer Name = Malachias | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Windows Search" wurde mit folgendem dienstspezifischem
Fehler beendet: %%-1073473535.
Error - 12/22/2012 4:26:34 PM | Computer Name = Malachias | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits
1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt:
Neustart des Diensts.
Error - 12/24/2012 3:06:48 AM | Computer Name = Malachias | Source = PNRPSvc | ID = 102
Description =
Error - 12/24/2012 3:06:48 AM | Computer Name = Malachias | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler
beendet: %%32
Error - 12/24/2012 3:06:48 AM | Computer Name = Malachias | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name
Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet
wurde: %%32
Error - 12/24/2012 3:37:50 AM | Computer Name = Malachias | Source = Service Control Manager | ID = 7030
Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet.
Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error - 12/24/2012 3:39:21 AM | Computer Name = Malachias | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\ComboFix\catchme.sys
nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
des Treibers zu erhalten.
Error - 12/24/2012 3:39:53 AM | Computer Name = Malachias | Source = Service Control Manager | ID = 7030
Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet.
Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
< End of report >
Angkor. |
|
24.12.2012, 19:15
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Malwarebytes findet Exploit.Drop.GSA und Mitteilung über 100 €-Zahlung Verschlüsselungstrojaner Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt: ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
|
24.12.2012, 20:36
| #13 |
| | Malwarebytes findet Exploit.Drop.GSA und Mitteilung über 100 €-Zahlung Verschlüsselungstrojaner Tja, hier sind also die Logfiles: Erstmal Malwarebytes, das ich ehrlich gesagt nicht für zuverlässig halte. Der Scan dauerte nur 1:58; gestern dauerte der quick scan noch mehr als 7 Minuten. Verstehe ich ehrlich gesagt nicht und traue dem Ergebnis nicht. Code:
ATTFilter Malwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Datenbank Version: v2012.12.24.06 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 MaRa :: MALACHIAS [Administrator] 24.12.2012 19:19:10 mbam-log-2012-12-24 (19-19-10).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM | P2P Deaktivierte Suchlaufeinstellungen: Durchsuchte Objekte: 251214 Laufzeit: 1 Minute(n), 58 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6844
# api_version=3.0.2
# EOSSerial=23c5694a9ac6d44fa63ccbd88bd6b88c
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-12-24 07:20:59
# local_time=2012-12-24 08:20:59 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776573 100 94 309053 108006709 0 0
# scanned=125871
# found=1
# cleaned=0
# scan_time=2998
C:\Users\...\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62\1bc060be-69ca79b7 Java/Agent.FH trojan (unable to clean) 5D83DCF74FABC5A777F39B3BAA61C355FF28F6D8 I
Ernüchtert, Angkor. |
|
26.12.2012, 21:23
| #14 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Malwarebytes findet Exploit.Drop.GSA und Mitteilung über 100 €-Zahlung VerschlüsselungstrojanerZitat:
Hast du echt geglaubt du installierst einfach einen Scanner und der findet fortan immer alles?!  Sieht soweit ok aus, nur ein Fund im JavaCache, bitte mal die Temp- und Cacheordner leeren mit TFC: TFC - Temp File Cleaner Downloade Dir bitte TFC ( von Oldtimer ) und speichere die Datei auf dem Desktop. Schließe nun alle offenen Programme und trenne Dich von dem Internet. Doppelklick auf die TFC.exe und drücke auf Start. Sollte TFC nicht alle Dateien löschen können wird es einen Neustart verlangen. Dies bitte zulassen. Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat. Info: Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie ) Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird. Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
14.01.2013, 10:24
| #15 |
| | Malwarebytes findet Exploit.Drop.GSA und Mitteilung über 100 €-Zahlung Verschlüsselungstrojaner Hallo Cosinus und Entschuldigung, daß ich mich nicht mehr gemeldet habe; war für eine Weile weg. Und nein, bisher sieht es so aus, als sei alles wieder in Ordnung. Habe mich entschlossen, meinen unvorsichtigen Mitbenutzer nur noch per Sandboxie ins Internet zu lassen; bis jetzt funktioniert das. Deine weiteren Hinweise werde ich umsetzen; muß ich mich aber noch mit befassen. Gruß Angkor und ein gutes neues Jahr Ach so, und über die Java Console habe ich bei den Einstellungen nun angegeben, daß er keine temporären Dateien mehr auf dem Rechner behalten soll, da ich festgestellt habe, daß die bislang häufig auftretenden Java-Viren sich immer im Cache-Verzeichnis aufhalten. Seitdem toi toi toi keine Funde mehr. |
|
| Themen zu Malwarebytes findet Exploit.Drop.GSA und Mitteilung über 100 €-Zahlung Verschlüsselungstrojaner |
| admin, aktion, angeblichen, appdata, benutzer, cache, erfolgreich, exploit.drop.gsa, gen, gestern, herzlichen, heute, hoffe, java, konnte, laufen, löschen, malwarebytes, melde, meldung, natürlich, plötzlich, quarantäne, rechner, sekunden, verschlüsselungstrojaner, zahlen |
Linear-Darstellung
