| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Win7 langsam, Lizenzierung verschwunden, Scanner findet 'Bloodhound.MalPE', Malwarebytes verschwunden... aah!Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
20.06.2013, 11:36
| #1 |
 |  Win7 langsam, Lizenzierung verschwunden, Scanner findet 'Bloodhound.MalPE', Malwarebytes verschwunden... aah! Hallihallo, ich scheine da ein Problem mit meinem Laptop zu haben.. er wurde mal mit Windows Vista gekauft und hat 2009 ein Upgrade auf Windows 7 bekommen. (So ein Sonderangebot für Studentenlizenz.) ---------------------------------- Symptome: Seit längerem ist er langsam (ich hätte mich wirklich mal drum kümmern sollen). Vor ein paar Wochen hat der SMTP-Server meines Emailanbieters gesagt, dass er sich weigert mit meinem Rechner zu kommunizieren, weil es Missbrauchsverdacht gäbe. Nach zwei Warnungen hat er nicht mehr geantwortet. Ich habe draufhin mein Mailkennwort geändert (und mir ist aufgefallen, dass die Verbindungs-Verschlüsselung ausgeschaltet war, die hab ich eingeschaltet >.<), und nach ein paar Tagen gings wieder. Hätte mir zu denken geben sollen. Vor ein paar Tagen hat er sich beim Installieren von den neuesten Updates aufgehängt (sowas sollte nicht ne ganze Nacht dauern) und beim Neustart gesagt, die Echtheit der Kopie sei noch nicht bestätigt. Außerdem sagt er 'Windows muss wiederhergestellt werden. An Windows wurde eine nicht autorisierte Änderung vorgenommen. Sie müssen Windows-Systemdateien erneut installieren oder wiederherstellen, um eine Aktivierung durchzuführen." Es gibt keine Stelle, wo man den Code wieder eingeben kann (nur bei Windows anrufen geht, hab ich noch nicht gemacht), und Systemwiederherstellung hat nichts geändert. Das ist soweit stabil. (Oh, und der Desktophintergrund ist weg.) Ich habe Malwarebytes laufen lassen, es hat drei Dinge gefunden und entfernt. Ich möchte gerne das Logfile posten, aber ich finde das Programm nicht mehr. Im Menü ist es nicht und der Ordner enthält nur Textdokumente und eine .dat und eine .msg-Datei, sowie einen Ordner mit Sprachfiles (.lng). (Bin ich zu blöd oder ist das einfach verschwunden? o.O! Seh ich jetzt erst..) Seit vorgestern oder so sagt der Virenscanner-Hintergrundscanner Symantec, dass er 'Bloodhound.MalPE' gefunden hat, das erste mal in C:\program files\mozilla firefox in updater.exe, danach alle in C:\Users\test\AppData\Temp in DWH[zahlen].tmp. Die tauchen immer wieder auf. Ich habe alle Internetverbindungen gekappt. ------------------ AAAaahhhh! Ich mach mir langsam Sorgen, dass das was Übleres ist.. ich hatte sowieso vor, ihn neu aufzusetzen, aber ich muss noch ein paar Daten haben, die beim letzten Sicherheitsbackup noch nicht dabei waren, und Einstellungen und so wären auch nicht schlecht.. hab aber Angst, dass das neue System auch gleich so aussieht. Und muss ich meine Kreditkarte sperren vielleicht.. ich hab die in der Vergangenheit durchaus benutzt.. aaaahhhh!  Für Hilfe wäre ich sehr dankbar. (Bitte helft mir! )------------------------------ Ich hab die Programme von der Anleitung druberlaufenlassen, hier sind die Logfiles: Code:
ATTFilter OTL logfile created on: 19.06.2013 23:42:53 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\test\Desktop Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16614) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,87 Gb Total Physical Memory | 0,95 Gb Available Physical Memory | 50,57% Memory free 3,75 Gb Paging File | 2,30 Gb Available in Paging File | 61,34% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 101,68 Gb Total Space | 9,31 Gb Free Space | 9,16% Space Free | Partition Type: NTFS Drive D: | 10,00 Gb Total Space | 5,08 Gb Free Space | 50,80% Space Free | Partition Type: NTFS Computer Name: AREA51 | User Name: tarquin | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.06.19 23:36:32 | 000,050,477 | ---- | M] () -- C:\Users\test\Desktop\Defogger.exe PRC - [2013.06.19 23:30:21 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\test\Desktop\OTL.exe PRC - [2013.05.25 02:47:30 | 027,776,968 | ---- | M] (Dropbox, Inc.) -- C:\Users\test\AppData\Roaming\Dropbox\bin\Dropbox.exe PRC - [2013.05.23 00:19:31 | 001,855,880 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe PRC - [2013.05.12 00:26:08 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2013.05.11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.11.23 04:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2012.10.04 16:57:58 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2012.03.08 20:12:02 | 000,281,880 | ---- | M] (hxxp://tortoisesvn.net) -- C:\Program Files\TortoiseSVN\bin\TSVNCache.exe PRC - [2010.11.20 14:17:46 | 000,325,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\slui.exe PRC - [2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010.04.23 01:46:00 | 001,831,024 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe PRC - [2010.04.16 22:06:00 | 001,881,368 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe PRC - [2010.04.16 22:01:00 | 001,459,528 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe PRC - [2010.03.23 14:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe PRC - [2010.01.25 17:35:56 | 000,115,560 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe PRC - [2010.01.25 17:35:30 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe ========== Modules (No Company Name) ========== MOD - [2013.06.19 23:36:32 | 000,050,477 | ---- | M] () -- C:\Users\test\Desktop\Defogger.exe MOD - [2013.05.23 00:19:30 | 016,033,160 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_7_700_202.dll MOD - [2013.05.16 12:19:37 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\30e3a21202000677d0a9270572251477\System.Windows.Forms.ni.dll MOD - [2013.05.16 12:16:51 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\764f15e86c82662e977bd418bd6318c1\System.Configuration.ni.dll MOD - [2013.05.12 00:26:24 | 003,128,728 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll MOD - [2013.03.13 22:48:52 | 024,978,944 | ---- | M] () -- C:\Users\test\AppData\Roaming\Dropbox\bin\libcef.dll MOD - [2013.02.16 19:27:10 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\5ecf01964c70e453d71e5d7653912ff9\System.Web.ni.dll MOD - [2013.01.10 18:42:48 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll MOD - [2013.01.10 18:39:41 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll MOD - [2013.01.10 18:39:31 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\d908c91e24616e6b8d38c9da61038b25\Accessibility.ni.dll MOD - [2013.01.10 18:38:20 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll MOD - [2013.01.10 18:38:01 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll MOD - [2013.01.10 18:33:16 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll MOD - [2012.12.23 23:28:27 | 000,011,776 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.HydraVision.Runtime\2.0.3693.42552__90ba9c70f846762e\CLI.Caste.HydraVision.Runtime.dll MOD - [2012.12.23 23:28:27 | 000,008,704 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.HydraVision.Shared\2.0.3693.42552__90ba9c70f846762e\CLI.Caste.HydraVision.Shared.dll MOD - [2012.12.23 23:28:27 | 000,007,680 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.HydraVision.Wizard\2.0.3693.42556__90ba9c70f846762e\CLI.Caste.HydraVision.Wizard.dll MOD - [2012.12.23 23:28:27 | 000,007,680 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.HydraVision.Dashboard\2.0.3693.42552__90ba9c70f846762e\CLI.Caste.HydraVision.Dashboard.dll MOD - [2012.12.23 23:28:26 | 000,290,816 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3693.42442__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll MOD - [2012.12.23 23:28:26 | 000,204,800 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3693.42461__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll MOD - [2012.12.23 23:28:26 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3693.42456__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll MOD - [2012.12.23 23:28:26 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3693.42451__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll MOD - [2012.12.23 23:28:25 | 001,728,512 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3693.42460__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll MOD - [2012.12.23 23:28:24 | 000,077,824 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3693.42517__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll MOD - [2012.12.23 23:28:24 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3693.42486__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll MOD - [2012.12.23 23:28:22 | 000,069,632 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3693.42499__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll MOD - [2012.12.23 23:28:21 | 000,491,520 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3693.42537__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll MOD - [2012.12.23 23:28:20 | 000,139,264 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3693.42537__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll MOD - [2012.12.23 23:28:20 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3693.42450__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll MOD - [2012.12.23 23:28:18 | 000,094,208 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3693.42504__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll MOD - [2012.12.23 23:28:17 | 000,364,544 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3693.42504__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll MOD - [2012.12.23 23:28:17 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3693.42503__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll MOD - [2012.12.23 23:28:16 | 000,147,456 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard\2.0.3693.42536__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard.dll MOD - [2012.12.23 23:28:15 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.3693.42536__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll MOD - [2012.12.23 23:28:07 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlay3.Graphics.Runtime\2.0.3693.42499__90ba9c70f846762e\CLI.Aspect.PowerPlay3.Graphics.Runtime.dll MOD - [2012.12.23 23:27:53 | 000,405,504 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3693.42512__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll MOD - [2012.12.23 23:27:52 | 000,811,008 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3693.42488__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll MOD - [2012.12.23 23:27:52 | 000,081,920 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3693.42487__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll MOD - [2012.12.23 23:27:46 | 000,225,280 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3693.42462__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll MOD - [2012.12.23 23:27:42 | 000,126,976 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3693.42496__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll MOD - [2012.12.23 23:27:39 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3693.42496__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll MOD - [2012.12.23 23:27:37 | 000,712,704 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3693.42452__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll MOD - [2012.12.23 23:27:35 | 000,589,824 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3693.42462__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll MOD - [2012.12.23 23:27:33 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3693.42466__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll MOD - [2012.12.23 23:27:32 | 000,307,200 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.3693.42466__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll MOD - [2012.12.23 23:27:31 | 000,401,408 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.3693.42498__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll MOD - [2012.12.23 23:27:30 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3693.42497__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll MOD - [2012.12.23 23:27:28 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3693.42486__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll MOD - [2012.12.23 23:27:27 | 000,438,272 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3693.42487__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll MOD - [2012.12.23 23:27:27 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3693.42487__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll MOD - [2012.12.23 23:27:22 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3309.28629__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll MOD - [2012.12.23 23:27:21 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3309.28617__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll MOD - [2012.12.23 23:27:20 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3309.28608__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll MOD - [2012.12.23 23:27:19 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3309.28645__90ba9c70f846762e\AEM.Plugin.REG.Shared.dll MOD - [2012.12.23 23:27:19 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3309.28627__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll MOD - [2012.12.23 23:27:18 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3309.28647__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll MOD - [2012.12.23 23:27:18 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3309.28647__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll MOD - [2012.12.23 23:27:15 | 000,007,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll MOD - [2012.12.23 23:27:04 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3309.28603__90ba9c70f846762e\NEWAEM.Foundation.dll MOD - [2012.12.23 23:27:03 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3309.28601__90ba9c70f846762e\LOG.Foundation.dll MOD - [2012.12.23 23:27:03 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS.I0602\2.0.3309.28630__90ba9c70f846762e\DEM.OS.I0602.dll MOD - [2012.12.23 23:27:03 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3309.28626__90ba9c70f846762e\MOM.Foundation.dll MOD - [2012.12.23 23:27:03 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS\2.0.3309.28645__90ba9c70f846762e\DEM.OS.dll MOD - [2012.12.23 23:27:03 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll MOD - [2012.12.23 23:27:02 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll MOD - [2012.12.23 23:27:02 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.3309.28630__90ba9c70f846762e\DEM.Graphics.dll MOD - [2012.12.23 23:27:02 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll MOD - [2012.12.23 23:27:01 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3309.28604__90ba9c70f846762e\CLI.Foundation.dll MOD - [2012.12.23 23:27:01 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3309.28669__90ba9c70f846762e\CLI.Foundation.XManifest.dll MOD - [2012.12.23 23:27:01 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3309.28620__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll MOD - [2012.12.23 23:27:01 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3309.28617__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll MOD - [2012.12.23 23:27:01 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3309.28611__90ba9c70f846762e\CLI.Component.Client.Shared.dll MOD - [2012.12.23 23:27:01 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3309.28617__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll MOD - [2012.12.23 23:27:00 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3309.28618__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll MOD - [2012.12.23 23:27:00 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3309.28631__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll MOD - [2012.12.23 23:27:00 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3309.28630__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll MOD - [2012.12.23 23:26:59 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3309.28644__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll MOD - [2012.12.23 23:26:58 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3309.28636__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll MOD - [2012.12.23 23:26:58 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.3309.28644__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll MOD - [2012.12.23 23:26:58 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlay3.Graphics.Shared\2.0.3309.28635__90ba9c70f846762e\CLI.Aspect.PowerPlay3.Graphics.Shared.dll MOD - [2012.12.23 23:26:56 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3309.28636__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll MOD - [2012.12.23 23:26:56 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3309.28634__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll MOD - [2012.12.23 23:26:56 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3309.28624__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll MOD - [2012.12.23 23:26:56 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3309.28632__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll MOD - [2012.12.23 23:26:56 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3309.28635__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll MOD - [2012.12.23 23:26:56 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3309.28630__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll MOD - [2012.12.23 23:26:55 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3309.28634__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll MOD - [2012.12.23 23:26:55 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3309.28634__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll MOD - [2012.12.23 23:26:55 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3309.28636__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll MOD - [2012.12.23 23:26:55 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3309.28630__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll MOD - [2012.12.23 23:26:55 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3309.28627__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll MOD - [2012.12.23 23:26:54 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.3309.28626__90ba9c70f846762e\APM.Foundation.dll MOD - [2012.12.23 23:26:54 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3309.28617__90ba9c70f846762e\AEM.Server.Shared.dll MOD - [2012.12.23 23:26:53 | 000,503,808 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Implementation\2.0.3693.42564__90ba9c70f846762e\ResourceManagement.Foundation.Implementation.dll MOD - [2012.12.23 23:26:53 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll MOD - [2012.12.23 23:26:51 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3693.42545__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll MOD - [2012.12.23 23:26:51 | 000,007,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3693.42437__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll MOD - [2012.12.23 23:26:50 | 000,106,496 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3693.42531__90ba9c70f846762e\MOM.Implementation.dll MOD - [2012.12.23 23:26:50 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3309.28614__90ba9c70f846762e\LOG.Foundation.Private.dll MOD - [2012.12.23 23:26:50 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3309.28612__90ba9c70f846762e\ResourceManagement.Foundation.Private.dll MOD - [2012.12.23 23:26:50 | 000,014,848 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll MOD - [2012.12.23 23:26:50 | 000,013,312 | ---- | M] () -- C:\Windows\assembly\GAC\Interop.WBOCXLib\1.0.0.0__90ba9c70f846762e\Interop.WBOCXLib.dll MOD - [2012.12.23 23:26:49 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3693.42530__90ba9c70f846762e\LOG.Foundation.Implementation.dll MOD - [2012.12.23 23:26:49 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3309.28608__90ba9c70f846762e\CLI.Foundation.Private.dll MOD - [2012.12.23 23:26:49 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3309.28626__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll MOD - [2012.12.23 23:26:48 | 000,544,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3693.42525__90ba9c70f846762e\CLI.Component.Systemtray.dll MOD - [2012.12.23 23:26:48 | 000,405,504 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3693.42455__90ba9c70f846762e\CLI.Component.Wizard.dll MOD - [2012.12.23 23:26:48 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3693.42441__90ba9c70f846762e\CLI.Component.SkinFactory.dll MOD - [2012.12.23 23:26:48 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3309.28628__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll MOD - [2012.12.23 23:26:48 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3309.28627__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll MOD - [2012.12.23 23:26:47 | 000,081,920 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3693.42440__90ba9c70f846762e\CLI.Component.Runtime.dll MOD - [2012.12.23 23:26:44 | 001,142,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3693.42446__90ba9c70f846762e\CLI.Component.Dashboard.dll MOD - [2012.12.23 23:26:44 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3309.28624__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll MOD - [2012.12.23 23:26:43 | 000,081,920 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATIDEMOS\2.0.3693.42440__90ba9c70f846762e\ATIDEMOS.dll MOD - [2012.12.23 23:26:43 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3309.28621__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll MOD - [2012.12.23 23:26:43 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3693.42531__90ba9c70f846762e\CCC.Implementation.dll MOD - [2012.12.23 23:26:43 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3309.28637__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll MOD - [2012.12.23 23:26:42 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.3693.42439__90ba9c70f846762e\APM.Server.dll MOD - [2012.12.23 23:26:42 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.3693.42438__90ba9c70f846762e\AEM.Server.dll MOD - [2012.12.23 23:26:42 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll MOD - [2012.11.14 01:32:50 | 003,558,400 | ---- | M] () -- C:\Users\test\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll MOD - [2012.03.08 20:11:36 | 000,070,424 | ---- | M] () -- C:\Program Files\TortoiseSVN\bin\libsasl32.dll MOD - [2011.07.18 23:04:08 | 000,296,448 | ---- | M] () -- C:\Program Files\Notepad++\NppShell_04.dll MOD - [2010.11.13 02:02:22 | 000,434,176 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll MOD - [2010.11.13 02:02:21 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2009.11.24 14:36:36 | 000,016,384 | R--- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll ========== Services (SafeList) ========== SRV - [2013.05.28 23:33:00 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc) SRV - [2013.05.12 00:26:17 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.05.11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.11.21 02:23:48 | 000,079,360 | ---- | M] (SolidWorks) [On_Demand | Stopped] -- C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe -- (SolidWorks Licensing Service) SRV - [2012.11.21 02:23:46 | 001,044,816 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2011.01.08 09:17:46 | 000,087,336 | ---- | M] (Dassault Systèmes SolidWorks Corp.) [On_Demand | Stopped] -- C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe -- (CoordinatorServiceHost) SRV - [2010.06.25 19:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) SRV - [2010.04.23 01:46:00 | 001,831,024 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus) SRV - [2010.04.16 22:06:00 | 001,881,368 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService) SRV - [2010.04.01 21:47:00 | 000,349,512 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE -- (SNAC) SRV - [2010.03.23 14:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND) SRV - [2010.02.17 11:53:18 | 003,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate) SRV - [2010.01.26 12:41:08 | 000,652,800 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2010.01.25 17:35:30 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr) SRV - [2010.01.25 17:35:30 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr) SRV - [2009.07.14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc) SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2005.09.23 08:01:16 | 002,799,808 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon80) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbdev.sys -- (hwusbdev) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbmdm.sys -- (hwdatacard) DRV - [2013.06.15 10:00:00 | 001,611,992 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20130619.002\NAVEX15.SYS -- (NAVEX15) DRV - [2013.06.15 10:00:00 | 000,093,272 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20130619.002\NAVENG.SYS -- (NAVENG) DRV - [2013.05.15 09:55:42 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl) DRV - [2012.10.02 23:32:22 | 000,174,056 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wpshelper.sys -- (WpsHelper) DRV - [2012.08.08 10:00:00 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv) DRV - [2010.12.26 20:23:30 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent) DRV - [2010.11.20 14:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus) DRV - [2010.11.20 14:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt) DRV - [2010.11.20 14:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc) DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010.11.20 11:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID) DRV - [2010.11.20 11:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap) DRV - [2010.06.25 19:07:14 | 000,035,088 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\npf.sys -- (NPF) DRV - [2010.04.16 22:06:00 | 000,097,096 | ---- | M] (Symantec Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\SysPlant.sys -- (SysPlant) DRV - [2010.04.16 22:03:00 | 000,043,336 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\WPSDRVnt.sys -- (WPS) DRV - [2010.03.23 14:15:36 | 000,308,859 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA) DRV - [2010.03.08 13:59:14 | 000,320,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\srtspl.sys -- (SRTSPL) DRV - [2010.03.08 13:59:14 | 000,283,184 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\srtsp.sys -- (SRTSP) DRV - [2010.03.08 13:59:14 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\srtspx.sys -- (SRTSPX) DRV - [2010.02.11 09:42:22 | 004,450,816 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV - [2010.01.21 14:53:16 | 000,018,048 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd) DRV - [2009.12.30 11:30:56 | 000,007,936 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt) DRV - [2009.12.30 11:30:48 | 000,022,016 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc) DRV - [2009.12.30 11:30:48 | 000,007,936 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev) DRV - [2009.12.28 13:42:00 | 000,067,472 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Teefer2.sys -- (Teefer2) DRV - [2009.12.18 16:42:12 | 000,421,424 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv) DRV - [2009.09.03 17:03:48 | 000,188,080 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\symtdi.sys -- (SYMTDI) DRV - [2009.09.03 17:03:48 | 000,026,416 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\symredrv.sys -- (SYMREDRV) DRV - [2009.07.14 01:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\serial.sys -- (Serial) DRV - [2009.07.14 00:02:49 | 000,046,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp) DRV - [2008.11.16 19:39:44 | 000,131,984 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE) DRV - [2008.08.26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2007.01.18 21:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = EF C5 4C 98 2D A5 CB 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2011.05.26 00:13:01 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.05.23 00:43:48 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.11.21 01:07:53 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010.12.27 15:20:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\tarquin\AppData\Roaming\mozilla\Extensions [2010.12.27 15:20:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\tarquin\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2010.12.26 21:03:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\tarquin\AppData\Roaming\mozilla\Firefox\Profiles\zw0mz0bl.default\extensions [2013.05.23 00:07:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2012.01.18 18:01:13 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013.05.23 00:07:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions [2013.05.23 00:07:26 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2011.01.06 10:46:10 | 000,258,560 | ---- | M] (Dassault Systèmes SolidWorks Corp.) -- C:\Program Files\mozilla firefox\plugins\npEModelPlugin.dll O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation) O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKCU..\Run: [] File not found O4 - HKLM..\RunOnce: [*Restore] C:\Windows\System32\rstrui.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{465834E8-FAE6-4B7C-A79B-321A2440E36B}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{dbaa0f7a-110c-11e0-b310-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{dbaa0f7a-110c-11e0-b310-806e6f6e6963}\Shell\AutoRun\command - "" = E:\SETUP.EXE O33 - MountPoints2\{dbaa0f7a-110c-11e0-b310-806e6f6e6963}\Shell\configure\command - "" = E:\SETUP.EXE O33 - MountPoints2\{dbaa0f7a-110c-11e0-b310-806e6f6e6963}\Shell\install\command - "" = E:\SETUP.EXE O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.06.17 14:16:34 | 000,000,000 | ---D | C] -- C:\Windows\rescache [2013.06.14 17:29:03 | 000,000,000 | ---D | C] -- C:\Users\tarquin\AppData\Roaming\Malwarebytes [2013.06.14 17:28:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.06.14 17:28:37 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2013.05.28 23:33:03 | 000,000,000 | ---D | C] -- C:\Windows\System32\Wat [2013.05.23 00:34:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2013.05.23 00:31:05 | 000,000,000 | ---D | C] -- C:\Program Files\Java ========== Files - Modified Within 30 Days ========== [2013.06.19 23:41:46 | 000,000,000 | ---- | M] () -- C:\Users\tarquin\defogger_reenable [2013.06.19 23:09:18 | 000,013,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.06.19 23:09:17 | 000,013,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.06.19 23:09:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.06.17 18:58:35 | 1508,413,440 | -HS- | M] () -- C:\hiberfil.sys [2013.06.14 18:21:29 | 000,007,608 | ---- | M] () -- C:\Users\tarquin\AppData\Local\Resmon.ResmonCfg [2013.06.09 22:34:27 | 000,643,866 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.06.09 22:34:27 | 000,607,190 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.06.09 22:34:27 | 000,126,394 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.06.09 22:34:27 | 000,103,568 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.05.23 00:43:49 | 000,001,951 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk [2013.05.23 00:07:42 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk ========== Files Created - No Company Name ========== [2013.06.19 23:41:46 | 000,000,000 | ---- | C] () -- C:\Users\tarquin\defogger_reenable [2013.05.23 00:43:49 | 000,001,951 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk [2013.05.23 00:43:48 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk [2012.12.23 23:21:26 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2012.11.21 02:56:53 | 000,000,000 | ---- | C] () -- C:\Windows\eDrawingOfficeAutomator.INI [2011.09.26 22:25:10 | 000,000,218 | ---- | C] () -- C:\Users\tarquin\.recently-used.xbel [2011.07.17 14:25:52 | 000,007,608 | ---- | C] () -- C:\Users\tarquin\AppData\Local\Resmon.ResmonCfg [2011.07.02 16:21:57 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2011.01.16 17:15:02 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat ========== ZeroAccess Check ========== [2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2012.05.13 21:40:59 | 000,000,000 | ---D | M] -- C:\Users\tarquin\AppData\Roaming\avidemux [2012.05.14 00:03:56 | 000,000,000 | ---D | M] -- C:\Users\tarquin\AppData\Roaming\Blender Foundation [2012.11.21 02:51:39 | 000,000,000 | ---D | M] -- C:\Users\tarquin\AppData\Roaming\DassaultSystemes [2011.06.06 16:55:29 | 000,000,000 | ---D | M] -- C:\Users\tarquin\AppData\Roaming\Dropbox [2011.09.26 22:11:12 | 000,000,000 | ---D | M] -- C:\Users\tarquin\AppData\Roaming\inkscape [2010.12.27 00:34:34 | 000,000,000 | ---D | M] -- C:\Users\tarquin\AppData\Roaming\IrfanView [2011.09.01 23:39:11 | 000,000,000 | ---D | M] -- C:\Users\tarquin\AppData\Roaming\Nokia [2011.11.14 01:42:26 | 000,000,000 | ---D | M] -- C:\Users\tarquin\AppData\Roaming\Notepad++ [2011.09.01 23:36:44 | 000,000,000 | ---D | M] -- C:\Users\tarquin\AppData\Roaming\PC Suite [2012.05.13 21:40:39 | 000,000,000 | ---D | M] -- C:\Users\tarquin\AppData\Roaming\Subversion [2010.12.27 15:20:33 | 000,000,000 | ---D | M] -- C:\Users\tarquin\AppData\Roaming\Thunderbird [2012.01.20 01:16:04 | 000,000,000 | ---D | M] -- C:\Users\tarquin\AppData\Roaming\Wireshark [2011.06.07 12:07:15 | 000,000,000 | ---D | M] -- C:\Users\tarquin\AppData\Roaming\WordToPDF ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 19.06.2013 23:42:53 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\test\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,87 Gb Total Physical Memory | 0,95 Gb Available Physical Memory | 50,57% Memory free
3,75 Gb Paging File | 2,30 Gb Available in Paging File | 61,34% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 101,68 Gb Total Space | 9,31 Gb Free Space | 9,16% Space Free | Partition Type: NTFS
Drive D: | 10,00 Gb Total Space | 5,08 Gb Free Space | 50,80% Space Free | Partition Type: NTFS
Computer Name: AREA51 | User Name: tarquin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PeaZip] -- Reg Error: Value error.
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07488535-1279-47B5-8030-77EEE19AA4FD}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{0CAFD5C9-1360-41F6-8E14-190DC7188FD4}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{12231ED3-7BEE-4A68-B2C8-2AE000462136}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1AFEDF8D-9DC8-4EE6-96D6-8DE29C991218}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{1DD2E677-6518-4104-9D37-22FD9C4968A4}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{1DE2D118-A3E2-4517-A9C0-01594FB6A191}" = lport=2869 | protocol=6 | dir=in | app=system |
"{26211CA4-120B-4CF8-86BE-F9FE8A53587E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2EACEDFE-54A6-402A-9EC6-B8AEDEB6BFEE}" = lport=138 | protocol=17 | dir=in | app=system |
"{394F36EC-6EDD-420B-9869-A12CD7490CC0}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{45F82DC3-B785-418E-9E63-3084BBADEF72}" = lport=139 | protocol=6 | dir=in | app=system |
"{4608A937-233F-49E4-8F83-6F4F48D90D9E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{52FBA192-6702-48DA-BD4B-C7CF9214CEF1}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{55B3EF4E-8EC3-4C10-BF08-EF9B79142246}" = lport=137 | protocol=17 | dir=in | app=system |
"{5864F8EB-CF73-46C6-A43F-AC8B768B78DE}" = rport=138 | protocol=17 | dir=out | app=system |
"{5884443A-3F38-4D4B-B9C3-EE116BE77AED}" = rport=139 | protocol=6 | dir=out | app=system |
"{6BFC66A9-A19D-4809-AF24-18444307AC5F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{837754F6-8B5E-41B2-967B-05128B40BBDB}" = rport=10243 | protocol=6 | dir=out | app=system |
"{8B64A978-3F25-440B-9DB4-64EC035E8285}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{9E07C6E5-3402-4F40-80DE-9F7BA3057B99}" = lport=445 | protocol=6 | dir=in | app=system |
"{A37F9AAA-11CE-47D1-ADCA-B7690FB8EDCB}" = rport=137 | protocol=17 | dir=out | app=system |
"{ABFADFF7-8D13-413B-8938-D5D4607B72BC}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B540951D-79C0-4C85-B2B1-9AAF63B32B7F}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{BBF87CEE-2830-4DDB-B975-85BFA83566D7}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C456CC27-2235-4CDA-8473-C5841685B31B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C649805D-8DEA-40B3-88B6-F077ABAC4F1C}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CFD2C9D8-716A-4674-9037-22B8A54132EC}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{D7554076-D657-4E8C-9D1D-DABC0BF89D30}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{DEB61D37-6482-44FD-9413-3DE45B22BBF3}" = lport=54925 | protocol=17 | dir=in | name=brothernetwork scanner |
"{E0A7E11F-E78E-4B3F-84B8-66C9E4BCE335}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{E564BC5C-E781-4779-8E91-D49652E1D277}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{EB881DD4-50C7-425E-8312-E84855D38F16}" = lport=10243 | protocol=6 | dir=in | app=system |
"{EDACCD1D-6374-403C-8E80-E03E24DFC352}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{EE17987A-E406-4978-A6D4-CCF313E65E48}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{FB006297-829D-4D01-85A5-753768F6F4E4}" = rport=445 | protocol=6 | dir=out | app=system |
"{FBDBCBC4-BCEF-4465-8794-4FF75F9660A6}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07C23556-F20B-4C8C-8898-59FD9FAE46FF}" = protocol=17 | dir=in | app=c:\program files\common files\symantec shared\ccapp.exe |
"{0BD7899D-DD90-4548-8005-06FB9EC720F1}" = protocol=6 | dir=in | app=c:\program files\solidworks corp\solidworks\photoview\photoview360.exe |
"{118371F8-B6D2-471C-B164-0F3551E8BE2D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1ACC72AD-B9F2-4ACA-92AF-95FC5B88A2E9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1D291E9A-45F3-46D9-AA7B-A7F673E79C3F}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{20CBDC32-1793-4A70-A03A-2C7BA06A4847}" = protocol=6 | dir=in | app=c:\program files\symantec\symantec endpoint protection\snac.exe |
"{2135B2A0-34A9-4CE3-AB7F-D60CFD17696D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{230987F6-7DE4-4277-A564-E8FCBB39C290}" = protocol=17 | dir=in | app=c:\program files\brother\brmfl07b\faxrx.exe |
"{3631510D-E3C6-4F14-B85D-7F51399E1F75}" = protocol=17 | dir=in | app=c:\users\tarquin\appdata\roaming\dropbox\bin\dropbox.exe |
"{369D57C4-3C03-49A4-B05C-672F8216630F}" = protocol=17 | dir=in | app=c:\program files\solidworks corp\solidworks\swscheduler\dtscoordinatorservice.exe |
"{38F7156B-F120-4B13-BB61-CFC67DE04E1D}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{3B456D28-F5B9-4A4B-9B91-D31282E37F20}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{41D694C2-EDEB-4A07-A9CB-BA7D8617588E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4F2CC053-4FDA-4DB3-8BFE-A64AC3CC8707}" = protocol=6 | dir=in | app=c:\users\test\appdata\roaming\dropbox\bin\dropbox.exe |
"{55C676E9-5BDE-4648-9094-5115E5B1F473}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{590F7D29-E1E4-476C-9161-13CED30DF6A1}" = protocol=6 | dir=out | app=system |
"{65F4D0E0-FDDE-42AD-8E29-A05DF67E5768}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{6D24006C-3B0C-4836-BBA1-CF5466FA69BA}" = protocol=17 | dir=in | app=c:\users\test\appdata\roaming\dropbox\bin\dropbox.exe |
"{805A84D2-E2EC-411F-B895-29E5BFDBFE03}" = protocol=17 | dir=in | app=c:\program files\symantec\symantec endpoint protection\smc.exe |
"{80EA4134-8A05-4DA1-9830-DB833DED46B3}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{80FC00AD-7ABE-483F-BFBA-553BB49FCD15}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8857579D-F5FD-4177-835F-ECF4F1DA0275}" = protocol=17 | dir=in | app=c:\program files\symantec\symantec endpoint protection\snac.exe |
"{9227A12B-A2B3-4C02-A6DE-BA90F82BF7D8}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{9B5C6ED1-09C6-41FC-A2E7-CBE7934CD984}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9CA8E367-2939-43C4-8D20-0B10F3656E1A}" = protocol=6 | dir=in | app=c:\program files\common files\symantec shared\ccapp.exe |
"{9EF388D6-80D4-4B4E-8724-46FDC5131F1C}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{A39111E0-5C6D-431D-BEC9-7C73CD17F4E3}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{A4AF2537-A915-4265-969A-E567A494BE18}" = protocol=17 | dir=in | app=c:\program files\solidworks corp\solidworks\photoview\photoview360.exe |
"{A8F8518F-B09E-4367-B4CA-AFA16FC63F8C}" = protocol=6 | dir=in | app=c:\program files\solidworks corp\solidworks\swscheduler\dtscoordinatorservice.exe |
"{BD445A18-A338-499E-BA59-875C016C9CE9}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{CA50199D-9AF9-4497-AB30-8F31F9DB87E7}" = protocol=6 | dir=in | app=c:\program files\symantec\symantec endpoint protection\smc.exe |
"{CFB472FC-7176-4AE9-BE15-5C629CF27273}" = protocol=6 | dir=in | app=c:\program files\solidworks corp\solidworks\photoview\photoview360_cl.exe |
"{D87CDD74-20CD-4524-86DF-143820D0C4BC}" = protocol=6 | dir=in | app=c:\users\tarquin\appdata\roaming\dropbox\bin\dropbox.exe |
"{EB0FF289-592E-4AEA-B6B2-A66417913189}" = protocol=17 | dir=in | app=c:\program files\solidworks corp\solidworks\photoview\photoview360_cl.exe |
"{EFEFD6FE-8944-4DF8-9D11-8CAF41208B45}" = protocol=6 | dir=in | app=c:\program files\brother\brmfl07b\faxrx.exe |
"{F2D353A5-95F7-4840-85A4-3E84513E1835}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FA490609-538A-4A3C-9FFF-E587355DD00C}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{03AD40C7-EBFD-4080-88F7-E72F2E0FBCEE}C:\windows\system32\java.exe" = protocol=6 | dir=in | app=c:\windows\system32\java.exe |
"TCP Query User{0716C8F3-022B-439B-9440-E69158949416}C:\program files\nokia\nokia ovi suite\nokiaovisuite.exe" = protocol=6 | dir=in | app=c:\program files\nokia\nokia ovi suite\nokiaovisuite.exe |
"TCP Query User{0D5E5BCB-405E-416D-825B-C5F356328C74}C:\windows.old\program files\maple 13\jre\bin\maple.exe" = protocol=6 | dir=in | app=c:\windows.old\program files\maple 13\jre\bin\maple.exe |
"TCP Query User{43391501-1CD3-4689-A1D3-5392BDA3BEE4}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe |
"TCP Query User{81F747AF-67BC-438C-859B-A6106B6B69D8}C:\users\test\appdata\roaming\microsoft\windows\pidgin\pidgin.exe" = protocol=6 | dir=in | app=c:\users\test\appdata\roaming\microsoft\windows\pidgin\pidgin.exe |
"TCP Query User{9561D289-0A90-41A8-9B8B-19D0F894728B}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=6 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
"TCP Query User{BD0855D5-5621-455D-99E1-AEDCD423DC80}C:\users\test\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\test\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{E5FC1BAF-3F8F-4F87-A970-0373ACC0E7BD}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe |
"UDP Query User{12BAE7E8-9C70-42D3-B678-0347E5BBA47C}C:\users\test\appdata\roaming\microsoft\windows\pidgin\pidgin.exe" = protocol=17 | dir=in | app=c:\users\test\appdata\roaming\microsoft\windows\pidgin\pidgin.exe |
"UDP Query User{17C6C6ED-6517-4802-A879-2D09090B6F93}C:\program files\nokia\nokia ovi suite\nokiaovisuite.exe" = protocol=17 | dir=in | app=c:\program files\nokia\nokia ovi suite\nokiaovisuite.exe |
"UDP Query User{32C5A595-C0CC-4D36-AC24-36A82CC990DE}C:\windows.old\program files\maple 13\jre\bin\maple.exe" = protocol=17 | dir=in | app=c:\windows.old\program files\maple 13\jre\bin\maple.exe |
"UDP Query User{3F3A8422-9DC0-4267-AF7A-C384C1B70AFA}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe |
"UDP Query User{67F7F62C-1E6E-447D-8B1E-8DE80364F3E8}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe |
"UDP Query User{AEED3866-92AB-41A6-823E-975A29C5D234}C:\users\test\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\test\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{BF5C0B0A-F495-4443-B8E2-6A86396FC348}C:\windows\system32\java.exe" = protocol=17 | dir=in | app=c:\windows\system32\java.exe |
"UDP Query User{F7DC529C-6052-41A6-AD10-69844C7F5905}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=17 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{02570AE0-BEE0-4A6C-BE3F-D806E9F2EA17}" = ScanSoft PaperPort 11
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0FFAC7BB-50DC-CB54-6CA7-A8B74513280B}" = CCC Help Chinese Traditional
"{18A5DFF2-8A95-49F3-873F-743CB5549F3D}" = Canon ScanGear Starter
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1C802083-6D79-78ED-BF1C-601DDF908DD1}" = Catalyst Control Center Core Implementation
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83217021FF}" = Java 7 Update 21
"{282C4EAA-F162-F52F-7BAF-C7B50DAAA00A}" = ccc-utility
"{28728178-FF15-218B-0B63-012692F42C28}" = CCC Help Danish
"{2BC2781A-F7F6-452E-95EB-018A522F1B2C}" = PaperPort Image Printer
"{32851025-1E46-83A3-1320-471619254E39}" = Catalyst Control Center Localization All
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{35ED8B97-897C-4BD1-AEAE-6FD3404BA082}" = Ovi Desktop Sync Engine
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3C1AE512-3C37-44FA-BA42-ABB721EC5B1D}" = Symantec Endpoint Protection
"{40217B2F-462B-94A4-E84E-6A1C6EDBCE2F}" = CCC Help Swedish
"{46E1B1F2-A279-4356-9B17-029F9CC72EAE}" = Brother MFL-Pro Suite MFC-7440N
"{47FDEFC7-BFE6-FD75-41D1-28DD572BD2D9}" = ATI Catalyst Install Manager
"{481C9A00-91AC-4065-870C-BD4E28186E5A}" = PC Connectivity Solution
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E1CD3D5-D4EE-4246-AE24-F0FD5A60390D}" = OviMPlatform
"{5343A801-92E5-C234-9F27-AB27EC738BF6}" = CCC Help Japanese
"{5A2BC38A-406C-4A5B-BF45-6991F9A05325}_is1" = PeaZip 3.6
"{5D22226D-EBC1-C95F-7746-2E3A9F4C97BA}" = CCC Help Russian
"{600C37F2-098B-A165-C1DB-6AE2B89D8D49}" = Catalyst Control Center Graphics Previews Common
"{61F8CA2C-9A80-8A1B-D3B9-347530CB387F}" = CCC Help Norwegian
"{636625C2-A43F-4149-8E0D-DC01F8280DD8}" = Salford FTN95
"{674B407D-EAB1-B6B6-F9BF-C34CEE4CD83F}" = Catalyst Control Center Graphics Light
"{67C6633B-5A12-4955-A5E4-98D703F9AFA3}" = SolidWorks eDrawings 2011 SP02
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6992A828-6095-4DC1-AE78-90AC32051E16}" = MATLAB(R) Compiler Runtime 7.15
"{69F411C5-4851-6DA9-EA4C-160BEF8788AA}" = CCC Help French
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6DD27E54-2598-0FEC-7CE1-BE00924C0570}" = Catalyst Control Center Graphics Previews Vista
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7C27114E-6FC8-21F5-E501-FE48F09243DF}" = CCC Help Dutch
"{80237C20-CBF3-F841-4AD5-E727AA86FBD1}" = CCC Help Italian
"{802EE127-D32A-1447-09DC-77419772BCDC}" = CCC Help Portuguese
"{836AFA32-7B8B-2C19-99D9-36EF32B42EB8}" = CCC Help Thai
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8D7133DE-27D2-47E5-B248-4180278D32AA}" = Catalyst Control Center - Branding
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2007
"{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_STANDARD_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_STANDARD_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_STANDARD_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_STANDARD_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_STANDARD_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_STANDARD_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_STANDARD_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_STANDARD_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_STANDARD_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A4-0409-0000-0000000FF1CE}" = Microsoft Office 2003 Web Components
"{90120000-00B2-0407-0000-0000000FF1CE}" = Microsoft – Speichern als PDF oder XPS – Add-In für 2007 Microsoft Office-Programme
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{927AA2A2-7631-4EA2-A1F9-252D27B9D0A2}" = Nokia Ovi Suite
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{946942CB-D078-F33A-A3CD-27E0393507FD}" = CCC Help Turkish
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9682B99B-BB28-AD37-CA50-C1CB5BFF0FA6}" = Catalyst Control Center Graphics Full New
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DBCF44B-77AC-81D8-0F8E-1E60D6330AC2}" = Catalyst Control Center InstallProxy
"{9F53C38E-32CB-4914-9A98-5141D8DBD58D}" = TortoiseSVN 1.7.6.22632 (32 bit)
"{A02CC93A-134F-0319-1438-B1E895B52577}" = CCC Help German
"{A51B8787-B1C1-4A24-856C-D79BD4F6ADFC}" = SolidWorks 2011 German Resources
"{A7E1ADB8-162B-7C33-60FB-0561A17BD876}" = CCC Help Spanish
"{A96EEF55-155C-552E-ABB1-6FDAEF5BD944}" = CCC Help Polish
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.03) - Deutsch
"{AC76BA86-7AD7-2447-0000-A00000000003}" = Chinese Simplified Fonts Support For Adobe Reader X
"{AC76BA86-7AD7-5760-0000-A00000000003}" = Japanese Fonts Support For Adobe Reader X
"{ADB25FF0-AEC4-2CFB-130C-2C60D80C5934}" = CCC Help Greek
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B04D5DA5-11DA-830C-85C6-0FF9185787E7}" = Skins
"{B0BF7057-6869-4E4B-920C-EA2A58DA07F0}" = Cisco Systems VPN Client 5.0.07.0290
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{b2042d5e-986d-44ec-aee3-afe4108ccc93}" = Python 3.2
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B9C9DB4C-6D77-4AE9-AD1C-C708C23239A0}" = Nokia Connectivity Cable Driver
"{BA63348B-143D-4CAC-A355-3879402ED781}" = Nokia Ovi Suite Software Updater
"{BB603E9F-ECE8-7713-B0AC-7E0614E8C058}" = Catalyst Control Center HydraVision Full
"{BE232D60-AEA5-502F-ACBF-9AC188A82C21}" = CCC Help Finnish
"{C15C4AB5-EF5D-5050-273C-4636E3FBE301}" = CCC Help Czech
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C3E9887A-23BA-4777-8080-191A5AFCAB74}" = Mumble 1.2.3
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0D3BFE5-5215-41BD-B82E-81D7FB6A9166}" = SolidWorks 2011 SP02
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D481EA96-2313-4A7C-98EE-710D1AF884AC}" = Microsoft Visual Studio 2005 Tools for Applications - ENU
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E09CD13D-7CE3-351C-1625-8DC7F21A99C0}" = ccc-core-static
"{E373E0E2-20F5-90DF-B315-615EA6E52101}" = Catalyst Control Center Graphics Full Existing
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E6DA746E-1175-88BD-2B16-1DC62018E060}" = CCC Help Chinese Standard
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F053BFD9-4357-6A82-6042-CF919667448F}" = CCC Help English
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F17EB02C-DA0D-EDEF-2E16-501FB700A710}" = CCC Help Hungarian
"{F5DDC0CD-F13A-83F0-5103-563A17EA306F}" = CCC Help Korean
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Anki" = Anki
"Blender" = Blender
"Braid_is1" = Braid (Version 1.015)
"ElsterFormular für Privatanwender 12.2.0.6412p" = ElsterFormular für Privatanwender
"Firehand Ember Pro" = Firehand Ember Pro
"GIMP-2_is1" = GIMP 2.8.0
"Git_is1" = Git version 1.7.9-preview20120201
"GnuPG" = GNU Privacy Guard
"GPL Ghostscript" = GPL Ghostscript
"Inkscape" = Inkscape 0.48.2
"IrfanView" = IrfanView (remove only)
"LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)
"Microsoft Visual Studio 2005 Tools for Applications - ENU" = Microsoft Visual Studio 2005 Tools for Applications - ENU
"MiKTeX 2.8" = MiKTeX 2.8
"Mozilla Firefox 21.0 (x86 de)" = Mozilla Firefox 21.0 (x86 de)
"Mozilla Thunderbird 17.0 (x86 de)" = Mozilla Thunderbird 17.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Nokia Ovi Suite" = Nokia Ovi Suite
"Notepad++" = Notepad++
"Passbild-Generator_is1" = Bewerbungsfoto-/Passbild-Generator v3.5a
"PyQt GPL v4.8.5 for Python v3.2 (x86)" = PyQt GPL v4.8.5 for Python v3.2 (x86)
"SolidWorks Installation Manager 20110-40200-1100-200" = SolidWorks 2011 SP02
"STANDARD" = Microsoft Office Standard 2007
"Super Meat Boy v1.5_is1" = Super Meat Boy v1.5
"TeXnicCenter_is1" = TeXnicCenter Version 2.0 Beta 1
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.1.2
"Wireshark" = Wireshark 1.6.5
"WordToPDF_is1" = WordToPDF 2.4
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Limbo" = LIMBO
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 19.06.2013 18:00:48 | Computer Name = area51 | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2013/06/20 00:00:48.768]: [00001972]: GetDeviceIpAddress:
GetAddressByName [BRN001BA95CAA27] Error
Error - 19.06.2013 18:01:18 | Computer Name = area51 | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2013/06/20 00:01:18.794]: [00001972]: GetDeviceIpAddress:
GetAddressByName [BRN001BA95CAA27] Error
Error - 19.06.2013 18:01:48 | Computer Name = area51 | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2013/06/20 00:01:48.825]: [00001972]: GetDeviceIpAddress:
GetAddressByName [BRN001BA95CAA27] Error
Error - 19.06.2013 18:02:18 | Computer Name = area51 | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2013/06/20 00:02:18.856]: [00001972]: GetDeviceIpAddress:
GetAddressByName [BRN001BA95CAA27] Error
Error - 19.06.2013 18:02:48 | Computer Name = area51 | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2013/06/20 00:02:48.882]: [00001972]: GetDeviceIpAddress:
GetAddressByName [BRN001BA95CAA27] Error
Error - 19.06.2013 18:03:18 | Computer Name = area51 | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2013/06/20 00:03:18.909]: [00001972]: GetDeviceIpAddress:
GetAddressByName [BRN001BA95CAA27] Error
Error - 19.06.2013 18:03:48 | Computer Name = area51 | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2013/06/20 00:03:48.935]: [00001972]: GetDeviceIpAddress:
GetAddressByName [BRN001BA95CAA27] Error
Error - 19.06.2013 18:04:18 | Computer Name = area51 | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2013/06/20 00:04:18.963]: [00001972]: GetDeviceIpAddress:
GetAddressByName [BRN001BA95CAA27] Error
Error - 19.06.2013 18:04:48 | Computer Name = area51 | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2013/06/20 00:04:48.992]: [00001972]: GetDeviceIpAddress:
GetAddressByName [BRN001BA95CAA27] Error
Error - 19.06.2013 18:05:19 | Computer Name = area51 | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2013/06/20 00:05:19.019]: [00001972]: GetDeviceIpAddress:
GetAddressByName [BRN001BA95CAA27] Error
[ System Events ]
Error - 16.06.2013 08:41:28 | Computer Name = area51 | Source = Microsoft-Windows-HAL | ID = 12
Description = Der Speicher wurde beim letzten Leistungsübergang des Systems von
der Plattformfirmware beschädigt. Überprüfen Sie, ob für Ihr System aktualisierte
Firmware verfügbar ist.
Error - 17.06.2013 07:08:47 | Computer Name = area51 | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst ShellHWDetection erreicht.
Error - 17.06.2013 13:01:59 | Computer Name = area51 | Source = Microsoft-Windows-Application-Experience | ID = 205
Description = Der Dienst "Programmkompatibilitäts-Assistent" konnte Phase 2 nicht
initialisieren.
Error - 17.06.2013 13:03:28 | Computer Name = area51 | Source = Service Control Manager | ID = 7022
Description = Der Dienst "Windows Defender" wurde nicht richtig gestartet.
Error - 17.06.2013 13:30:42 | Computer Name = area51 | Source = Microsoft-Windows-HAL | ID = 12
Description = Der Speicher wurde beim letzten Leistungsübergang des Systems von
der Plattformfirmware beschädigt. Überprüfen Sie, ob für Ihr System aktualisierte
Firmware verfügbar ist.
Error - 18.06.2013 02:11:02 | Computer Name = area51 | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst lmhosts erreicht.
Error - 18.06.2013 02:11:02 | Computer Name = area51 | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst Wlansvc erreicht.
Error - 18.06.2013 10:37:35 | Computer Name = area51 | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst ShellHWDetection erreicht.
Error - 18.06.2013 15:29:12 | Computer Name = area51 | Source = Microsoft-Windows-HAL | ID = 12
Description = Der Speicher wurde beim letzten Leistungsübergang des Systems von
der Plattformfirmware beschädigt. Überprüfen Sie, ob für Ihr System aktualisierte
Firmware verfügbar ist.
Error - 18.06.2013 18:58:37 | Computer Name = area51 | Source = Microsoft-Windows-HAL | ID = 12
Description = Der Speicher wurde beim letzten Leistungsübergang des Systems von
der Plattformfirmware beschädigt. Überprüfen Sie, ob für Ihr System aktualisierte
Firmware verfügbar ist.
< End of report >
Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-06-20 12:01:45
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST9120822AS rev.3.CDD 111,79GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\tarquin\AppData\Local\Temp\awldrpow.sys
---- System - GMER 2.1 ----
SSDT 85CB2928 ZwAlertResumeThread
SSDT 85CB2A08 ZwAlertThread
SSDT 85CB04A0 ZwAllocateVirtualMemory
SSDT 85C6A810 ZwConnectPort
SSDT 85CB2678 ZwCreateMutant
SSDT 85CA19E0 ZwCreateThread
SSDT 85CAF248 ZwFreeVirtualMemory
SSDT 85CB2768 ZwImpersonateAnonymousToken
SSDT 85CB2848 ZwImpersonateThread
SSDT 85CAFBA8 ZwMapViewOfSection
SSDT 85CB2598 ZwOpenEvent
SSDT 85CB0570 ZwOpenProcessToken
SSDT 85CAF948 ZwOpenThreadToken
SSDT \??\C:\Windows\system32\drivers\wpsdrvnt.sys ZwProtectVirtualMemory [0x8F6548B0]
SSDT 85C76090 ZwResumeThread
SSDT 85CAF888 ZwSetContextThread
SSDT 85CAFA18 ZwSetInformationProcess
SSDT 85CB2FC0 ZwSetInformationThread
SSDT 85CB24B8 ZwSuspendProcess
SSDT 85CB2B50 ZwSuspendThread
SSDT 85CA4818 ZwTerminateProcess
SSDT 85CB2C30 ZwTerminateThread
SSDT 85CAFAE8 ZwUnmapViewOfSection
SSDT 85CAF318 ZwWriteVirtualMemory
---- Kernel code sections - GMER 2.1 ----
.text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 82E879F5 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82EC11F2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 10DB 82EC8420 8 Bytes [28, 29, CB, 85, 08, 2A, CB, ...]
.text ntkrnlpa.exe!KeRemoveQueueEx + 10F3 82EC8438 4 Bytes [A0, 04, CB, 85]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1193 82EC84D8 4 Bytes [10, A8, C6, 85]
.text ntkrnlpa.exe!KeRemoveQueueEx + 11CF 82EC8514 4 Bytes [78, 26, CB, 85]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1203 82EC8548 4 Bytes [E0, 19, CA, 85]
.text ...
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x93A29000, 0x267978, 0xE8000020]
---- Devices - GMER 2.1 ----
AttachedDevice \Driver\tdx \Device\Tcp wpsdrvnt.sys
AttachedDevice \Driver\tdx \Device\Udp wpsdrvnt.sys
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys
---- Registry - GMER 2.1 ----
Reg HKLM\SOFTWARE\Microsoft\Windows Search\UsnNotifier\Windows\Catalogs\SystemIndex@{DBAA0F75-110C-11E0-B310-806E6F6E6963} 10316205056
---- EOF - GMER 2.1 ----
Geändert von markise (20.06.2013 um 11:37 Uhr) Grund: Rechtschreibung |
|
20.06.2013, 11:44
| #2 |
| /// TB-Ausbilder  | Win7 langsam, Lizenzierung verschwunden, Scanner findet 'Bloodhound.MalPE', Malwarebytes verschwunden... aah! Da ist kein Malwarebefall zu sehen, aber das was du beschreibst schreit förmlich danach das System einmal sauber neu aufzusetzen.
__________________
__________________ |
|
20.06.2013, 11:54
| #3 |
| | Win7 langsam, Lizenzierung verschwunden, Scanner findet 'Bloodhound.MalPE', Malwarebytes verschwunden... aah! Uff, das klingt ja beruhigend. Danke fürs Drüberschaun.
__________________ Weißt du vielleicht, was es hiermit auf sich hat - Der Log von Symantec, mit den ganzen Bloodhounds - ist das noch gefährlich? Im Moment kommen keine neuen, aber ich trau dem noch nicht.. Code:
ATTFilter Dateiname,Risiko,Aktion,Risikotyp,Quelladresse,Computer,Benutzer,Status,Aktueller Ablageort,Primäre Aktion,Sekundäre Aktion,Protokolliert von,Aktionsbeschreibung,Datum und Uhrzeit
updater.exe,Bloodhound.MalPE,Isoliert,Heuristik,C:\program files\mozilla firefox\,AREA51,SYSTEM,Infiziert,Isolieren,Von Sicherheitsrisiko bereinigen,Isolieren,Auto-Protect-Scan,Die Datei wurde erfolgreich isoliert.,17.06.2013 14:16:23
DWH50D.tmp,Bloodhound.MalPE,Nur protokollieren,Heuristik,C:\Users\test\AppData\Local\Temp\,AREA51,SYSTEM,Nur protokollieren,C:\Users\test\AppData\Local\Temp\,Von Sicherheitsrisiko bereinigen,Isolieren,Auto-Protect-Scan,Die Datei wurde nicht geändert.,18.06.2013 08:11:23
DWH50D.tmp,Bloodhound.MalPE,Isoliert,Heuristik,C:\Users\test\AppData\Local\Temp\,AREA51,test,Infiziert,Isolieren,Von Sicherheitsrisiko bereinigen,Isolieren,Auto-Protect-Scan,Die Datei wurde erfolgreich isoliert.,18.06.2013 08:12:35
DWH6E3A.tmp,Bloodhound.MalPE,Nur protokollieren,Heuristik,C:\Users\test\AppData\Local\Temp\,AREA51,SYSTEM,Nur protokollieren,C:\Users\test\AppData\Local\Temp\,Von Sicherheitsrisiko bereinigen,Isolieren,Auto-Protect-Scan,Die Datei wurde nicht geändert.,19.06.2013 00:54:18
DWH5B6F.tmp,Bloodhound.MalPE,Isoliert,Heuristik,C:\Users\test\AppData\Local\Temp\,AREA51,test,Infiziert,Isolieren,Von Sicherheitsrisiko bereinigen,Isolieren,Auto-Protect-Scan,Die Datei wurde erfolgreich isoliert.,19.06.2013 08:30:09
DWH6E3A.tmp,Bloodhound.MalPE,Isoliert,Heuristik,C:\Users\test\AppData\Local\Temp\,AREA51,test,Infiziert,Isolieren,Von Sicherheitsrisiko bereinigen,Isolieren,Auto-Protect-Scan,Die Datei wurde erfolgreich isoliert.,19.06.2013 08:37:02
DWH8B54.tmp,Bloodhound.MalPE,Isoliert,Heuristik,C:\Users\test\AppData\Local\Temp\,AREA51,test,Infiziert,Isolieren,Von Sicherheitsrisiko bereinigen,Isolieren,Auto-Protect-Scan,Die Datei wurde erfolgreich isoliert.,19.06.2013 18:33:49
DWH64CD.tmp,Bloodhound.MalPE,Isoliert,Heuristik,C:\Users\test\AppData\Local\Temp\,AREA51,test,Infiziert,Isolieren,Von Sicherheitsrisiko bereinigen,Isolieren,Auto-Protect-Scan,Die Datei wurde erfolgreich isoliert.,19.06.2013 18:34:54
DWH7AAE.tmp,Bloodhound.MalPE,Isoliert,Heuristik,C:\Users\test\AppData\Local\Temp\,AREA51,test,Infiziert,Isolieren,Von Sicherheitsrisiko bereinigen,Isolieren,Auto-Protect-Scan,Die Datei wurde erfolgreich isoliert.,19.06.2013 18:35:58
DWHE724.tmp,Bloodhound.MalPE,Isoliert,Heuristik,C:\Users\test\AppData\Local\Temp\,AREA51,test,Infiziert,Isolieren,Von Sicherheitsrisiko bereinigen,Isolieren,Auto-Protect-Scan,Die Datei wurde erfolgreich isoliert.,19.06.2013 18:36:51
DWHC4D3.tmp,Bloodhound.MalPE,Isoliert,Heuristik,C:\Users\test\AppData\Local\Temp\,AREA51,test,Infiziert,Isolieren,Von Sicherheitsrisiko bereinigen,Isolieren,Auto-Protect-Scan,Die Datei wurde erfolgreich isoliert.,19.06.2013 23:18:30
DWHF717.tmp,Bloodhound.MalPE,Isoliert,Heuristik,C:\Users\test\AppData\Local\Temp\,AREA51,test,Infiziert,Isolieren,Von Sicherheitsrisiko bereinigen,Isolieren,Auto-Protect-Scan,Die Datei wurde erfolgreich isoliert.,19.06.2013 23:19:24
DWH7076.tmp,Bloodhound.MalPE,Isoliert,Heuristik,C:\Users\test\AppData\Local\Temp\,AREA51,test,Infiziert,Isolieren,Von Sicherheitsrisiko bereinigen,Isolieren,Auto-Protect-Scan,Die Datei wurde erfolgreich isoliert.,19.06.2013 23:20:17
DWH2721.tmp,Bloodhound.MalPE,Isoliert,Heuristik,C:\Users\test\AppData\Local\Temp\,AREA51,test,Infiziert,Isolieren,Von Sicherheitsrisiko bereinigen,Isolieren,Auto-Protect-Scan,Die Datei wurde erfolgreich isoliert.,19.06.2013 23:21:12
DWH8947.tmp,Bloodhound.MalPE,Isoliert,Heuristik,C:\Users\test\AppData\Local\Temp\,AREA51,test,Infiziert,Isolieren,Von Sicherheitsrisiko bereinigen,Isolieren,Auto-Protect-Scan,Die Datei wurde erfolgreich isoliert.,19.06.2013 23:22:18
DWHD91D.tmp,Bloodhound.MalPE,Isoliert,Heuristik,C:\Users\test\AppData\Local\Temp\,AREA51,test,Infiziert,Isolieren,Von Sicherheitsrisiko bereinigen,Isolieren,Auto-Protect-Scan,Die Datei wurde erfolgreich isoliert.,19.06.2013 23:23:15
DWH18F6.tmp,Bloodhound.MalPE,Isoliert,Heuristik,C:\Users\test\AppData\Local\Temp\,AREA51,test,Infiziert,Isolieren,Von Sicherheitsrisiko bereinigen,Isolieren,Auto-Protect-Scan,Die Datei wurde erfolgreich isoliert.,19.06.2013 23:24:05
DWH686F.tmp,Bloodhound.MalPE,Isoliert,Heuristik,C:\Users\test\AppData\Local\Temp\,AREA51,test,Infiziert,Isolieren,Von Sicherheitsrisiko bereinigen,Isolieren,Auto-Protect-Scan,Die Datei wurde erfolgreich isoliert.,19.06.2013 23:25:02
|
|
20.06.2013, 11:56
| #4 |
| /// TB-Ausbilder | Win7 langsam, Lizenzierung verschwunden, Scanner findet 'Bloodhound.MalPE', Malwarebytes verschwunden... aah! Ich würde der Kiste eh nicht weiter trauen. Aber wir können mal schauen was uns Combofix verrät: Scan mit Combofix
__________________  Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
20.06.2013, 12:39
| #5 |
| | Win7 langsam, Lizenzierung verschwunden, Scanner findet 'Bloodhound.MalPE', Malwarebytes verschwunden... aah! Der Rechner ist heute wirklich legendär langsam.. man sollte seine Rechner nicht 5 Jahre ohne Neuaufsetzen laufen lassen.. >.< Hier ist der log: Code:
ATTFilter ComboFix 13-06-18.02 - tarquin 20.06.2013 13:08:31.1.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.1918.764 [GMT 2:00]
ausgeführt von:: c:\users\test\Desktop\ComboFix.exe
AV: Symantec Endpoint Protection *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
FW: Symantec Endpoint Protection *Enabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
SP: Symantec Endpoint Protection *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
D:\install.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-05-20 bis 2013-06-20 ))))))))))))))))))))))))))))))
.
.
2013-06-20 11:21 . 2013-06-20 11:21 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-06-20 11:21 . 2013-06-20 11:21 -------- d-----w- c:\users\boinc_master\AppData\Local\temp
2013-06-17 12:42 . 2013-06-17 12:42 60872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{49E604A7-0B97-4777-96F7-2CCB303E6FAD}\offreg.dll
2013-06-17 12:16 . 2013-06-17 12:30 -------- d-----w- c:\windows\rescache
2013-06-15 11:20 . 2013-05-08 05:38 1293672 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-06-14 16:53 . 2013-06-08 11:13 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2013-06-14 16:53 . 2013-06-08 11:41 218112 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2013-06-14 16:45 . 2013-05-17 01:25 2877440 ----a-w- c:\windows\system32\jscript9.dll
2013-06-14 16:45 . 2013-05-17 01:25 108032 ----a-w- c:\program files\Internet Explorer\jsdebuggeride.dll
2013-06-14 16:45 . 2013-05-17 01:25 61440 ----a-w- c:\windows\system32\iesetup.dll
2013-06-14 16:45 . 2013-05-17 01:25 257536 ----a-w- c:\program files\Internet Explorer\ieproxy.dll
2013-06-14 16:45 . 2013-05-17 01:25 235520 ----a-w- c:\program files\Internet Explorer\IEShims.dll
2013-06-14 16:45 . 2013-05-17 01:25 109056 ----a-w- c:\windows\system32\iesysprep.dll
2013-06-14 16:45 . 2013-05-14 08:40 71680 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-06-14 16:44 . 2013-05-17 01:25 817664 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-06-14 16:44 . 2013-05-17 02:32 770648 ----a-w- c:\program files\Internet Explorer\iexplore.exe
2013-06-14 16:44 . 2013-05-17 01:25 1767936 ----a-w- c:\windows\system32\wininet.dll
2013-06-14 15:59 . 2013-06-14 15:59 -------- d-----w- c:\users\test\AppData\Roaming\Malwarebytes
2013-06-14 15:29 . 2013-06-14 15:29 -------- d-----w- c:\users\tarquin\AppData\Roaming\Malwarebytes
2013-06-14 15:28 . 2013-06-14 15:28 -------- d-----w- c:\programdata\Malwarebytes
2013-06-14 15:28 . 2013-06-14 16:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-06-12 13:09 . 2013-04-26 04:55 492544 ----a-w- c:\windows\system32\win32spl.dll
2013-06-12 13:09 . 2013-05-13 03:08 903168 ----a-w- c:\windows\system32\certutil.exe
2013-06-12 13:09 . 2013-05-13 04:45 1160192 ----a-w- c:\windows\system32\crypt32.dll
2013-06-12 13:09 . 2013-05-13 04:45 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2013-06-12 13:09 . 2013-05-13 04:45 103936 ----a-w- c:\windows\system32\cryptnet.dll
2013-06-12 13:09 . 2013-05-13 03:08 43008 ----a-w- c:\windows\system32\certenc.dll
2013-06-12 13:09 . 2013-05-06 05:06 3968872 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-06-12 13:09 . 2013-05-06 05:06 3913576 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-06-11 07:55 . 2013-05-13 06:19 7016152 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{49E604A7-0B97-4777-96F7-2CCB303E6FAD}\mpengine.dll
2013-05-28 21:33 . 2013-05-28 21:33 -------- d-----w- c:\windows\system32\Wat
2013-05-22 22:34 . 2013-05-22 22:34 -------- d-----w- c:\program files\Common Files\Java
2013-05-22 22:32 . 2013-05-22 22:31 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-05-22 22:31 . 2013-05-22 22:31 -------- d-----w- c:\program files\Java
2013-05-22 22:07 . 2013-05-11 22:27 262552 ----a-w- c:\program files\Mozilla Firefox\browser\components\browsercomps.dll
2013-05-22 22:07 . 2013-05-11 22:26 96664 ----a-w- c:\program files\Mozilla Firefox\webapprt-stub.exe
2013-05-22 22:07 . 2013-05-11 22:26 170232 ----a-w- c:\program files\Mozilla Firefox\webapp-uninstaller.exe
2013-05-22 22:07 . 2013-05-11 22:26 26520 ----a-w- c:\program files\Mozilla Firefox\plugin-hang-ui.exe
2013-05-22 22:07 . 2013-05-11 22:26 193824 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice_installer.exe
2013-05-22 22:07 . 2013-05-11 22:26 117144 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice.exe
2013-05-22 22:07 . 2010-03-18 16:15 770384 ----a-w- c:\program files\Mozilla Firefox\msvcr100.dll
2013-05-22 22:07 . 2010-03-18 16:15 421200 ----a-w- c:\program files\Mozilla Firefox\msvcp100.dll
2013-05-22 22:07 . 2013-05-11 22:26 74136 ----a-w- c:\program files\Mozilla Firefox\breakpadinjector.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-22 22:31 . 2012-07-10 20:42 866720 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-05-22 22:31 . 2011-01-15 13:30 788896 ----a-w- c:\windows\system32\deployJava1.dll
2013-05-22 22:19 . 2012-12-01 14:50 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-05-22 22:19 . 2012-12-01 14:50 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-10 17:49 . 2011-03-28 16:36 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-02 00:06 . 2010-12-26 19:00 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-04-12 13:45 . 2013-04-23 17:17 1211752 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-10 05:18 . 2013-05-15 14:47 218984 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2013-04-10 05:18 . 2013-05-15 14:47 728424 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-04-10 03:14 . 2013-05-15 14:47 2347520 ----a-w- c:\windows\system32\win32k.sys
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\tarquin\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\tarquin\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\tarquin\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\tarquin\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2010-01-25 115560]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2009-05-26 1159168]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-10 61440]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-05-11 958576]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"*Restore"="c:\windows\System32\rstrui.exe" [2010-11-20 262656]
.
c:\users\test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\tarquin\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2011-5-25 24176560]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^VPN Client.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\VPN Client.lnk
backup=c:\windows\pss\VPN Client.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^tarquin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]
path=c:\users\tarquin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
backup=c:\windows\pss\Dropbox.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-05-11 10:37 958576 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
2008-07-09 22:05 46368 ----a-w- c:\program files\ScanSoft\PaperPort\IndexSearch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaOviSuite2]
2010-02-05 11:45 385856 ----a-w- c:\program files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
2008-07-09 22:07 29984 ----a-w- c:\program files\ScanSoft\PaperPort\pptd40nt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PPort11reminder]
2007-08-31 08:01 328992 ----a-w- c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
2006-10-25 08:03 210472 ----a-w- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 CoordinatorServiceHost;SW Distributed TS Coordinator Service;c:\program files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe [2011-01-08 87336]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [x]
R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-06-25 35088]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2013-05-28 1343400]
R4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2005-09-23 2799808]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-08-08 106656]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - AWLDRPOW
*Deregistered* - awldrpow
.
.
------- Zusätzlicher Suchlauf -------
.
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\tarquin\AppData\Roaming\Mozilla\Firefox\Profiles\zw0mz0bl.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
SafeBoot-Symantec Antvirus
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-06-20 13:24:20
ComboFix-quarantined-files.txt 2013-06-20 11:24
.
Vor Suchlauf: 22 Verzeichnis(se), 11.089.276.928 Bytes frei
Nach Suchlauf: 28 Verzeichnis(se), 11.206.115.328 Bytes frei
.
- - End Of File - - 4A593FD997D5FFFF78A028B1DC272542
A36C5E4F47E84449FF07ED3517B43A31
|
|
20.06.2013, 12:44
| #6 |
| /// TB-Ausbilder | Win7 langsam, Lizenzierung verschwunden, Scanner findet 'Bloodhound.MalPE', Malwarebytes verschwunden... aah! Wenn man Symantec Produkte benutzt muss man sich da auch nicht wundern.
__________________ --> Win7 langsam, Lizenzierung verschwunden, Scanner findet 'Bloodhound.MalPE', Malwarebytes verschwunden... aah! |
|
20.06.2013, 12:44
| #7 |
| /// TB-Ausbilder | Win7 langsam, Lizenzierung verschwunden, Scanner findet 'Bloodhound.MalPE', Malwarebytes verschwunden... aah! Fein ... Benenne die Combofix exe um in uninstall.exe und lass sie laufen.
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
20.06.2013, 12:50
| #8 |
| | Win7 langsam, Lizenzierung verschwunden, Scanner findet 'Bloodhound.MalPE', Malwarebytes verschwunden... aah! >Wenn man Symantec Produkte benutzt muss man sich da auch nicht wundern. Kannst du mir da was besseres empfehlen? War mir nicht bewusst, dass das zu Problemen führen kann. :/ >Fein ... Benenne die Combofix exe um in uninstall.exe und lass sie laufen. ComboFix beschwert sich, dass Symantec läuft und sagt, ich solle es ausschalten, bevor ich auf ok klicke in dem Fenster. Symantec selbst meint, es sei aus. Was soll ich tun? Sollte das so passieren? |
|
20.06.2013, 12:53
| #9 |
| /// TB-Ausbilder | Win7 langsam, Lizenzierung verschwunden, Scanner findet 'Bloodhound.MalPE', Malwarebytes verschwunden... aah! Genau das meine ich ... Warnung ignorieren.
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
20.06.2013, 12:57
| #10 |
| | Win7 langsam, Lizenzierung verschwunden, Scanner findet 'Bloodhound.MalPE', Malwarebytes verschwunden... aah! "ComboFix wurde deinstalliert." Was hat er denn da gelöscht? (Also das Ding im Logfile, nicht ComboFix selber.) Geändert von markise (20.06.2013 um 13:19 Uhr) Grund: Klarstellung |
|
20.06.2013, 13:33
| #11 |
| /// TB-Ausbilder | Win7 langsam, Lizenzierung verschwunden, Scanner findet 'Bloodhound.MalPE', Malwarebytes verschwunden... aah! Habe bitte Verständnis dafür, dass wir bei dem hohen Aufkommen an Bereinigungen, die wir hier durchführen üblicherweise nicht auch noch eine ausführliche Analyse der Situation liefern können.
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
20.06.2013, 14:11
| #12 |
| | Win7 langsam, Lizenzierung verschwunden, Scanner findet 'Bloodhound.MalPE', Malwarebytes verschwunden... aah! Alles klar, entschuldige bitte. Dass ihr das einfach so anbietet, ist sowieso schon unglaublich. Kann ich den Rechner jetzt als sauber genug betrachten, um die Daten runterzuziehen und ihn neu aufzusetzen? |
|
20.06.2013, 16:59
| #13 |
| /// TB-Ausbilder | Win7 langsam, Lizenzierung verschwunden, Scanner findet 'Bloodhound.MalPE', Malwarebytes verschwunden... aah! Ja, du bist "sauber".
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
20.06.2013, 17:13
| #14 |
| | Win7 langsam, Lizenzierung verschwunden, Scanner findet 'Bloodhound.MalPE', Malwarebytes verschwunden... aah! Danke vielmals für deine Zeit und Mühe!! Ihr seid Helden des Internets. |
|
20.06.2013, 17:13
| #15 |
| /// TB-Ausbilder | Win7 langsam, Lizenzierung verschwunden, Scanner findet 'Bloodhound.MalPE', Malwarebytes verschwunden... aah! Schön, dass wir helfen konnten  Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Solltest Du das Thema erneut brauchen schicke mir bitte eine PM. Jeder andere bitte hier klicken und einen eigenen Thread erstellen Falls du noch Lob oder Kritik loswerden möchtest, dann gibt es diesen Bereich hier: Lob, Kritik und Wünsche - Trojaner-Board
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
| Themen zu Win7 langsam, Lizenzierung verschwunden, Scanner findet 'Bloodhound.MalPE', Malwarebytes verschwunden... aah! |
| 32 bit, antivirus, autorun, bho, branding, canon, error, excel, firefox, flash player, install.exe, installation, karte, kreditkarte, langsam, logfile, microsoft office 2003, mozilla, plug-in, problem, programm, registry, rundll, scan, security, software, super, svchost.exe, symantec, updates, vista, visual studio, windows, windows.old, windows7, wlansvc |
WARNUNG an die MITLESER: 
Linear-Darstellung
