| |
| |||||||
Log-Analyse und Auswertung: Windows 7 GData Antivirus Client und Taskmgr sowie einige *.exe starten nicht mehrWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
24.04.2014, 21:14
| #1 |
| |  Windows 7 GData Antivirus Client und Taskmgr sowie einige *.exe starten nicht mehr Guten Abend und vielen Dank schon einmal vorab für Eure Mühe. Seit kurzer Zeit funktioniert mein GData AntivirusClient nicht mehr (Dienst nicht mehr gefunden) Taskmgr ließ sich nicht öffnen. GData deinstalliert und erneut installiert - keine Veränderung. Dann mit Hilfe von AVCleaner nochmals entfernt ohne Neuinstallation. Das Problem mit dem Taskmanager konnte ich mit Spybot S&D beheben. Dort wurde beim Scan kein Trojaner gefunden sondern lediglich Registry Veränderungen (s. Log). Das aktuelle Windows Tool zum Entfernen böser Software hat auch nichts gefunden. Trotzdem Rootkit Check gemäß eurer Anleitung durchgeführt. Anbei die Logs mit der Bitte um Rückmeldung ob die Rootkits unbedenklich sind. Ich hoffe ich habe nichts falsch gemacht. Mfg Samos Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-04-2014
Ran by Ver****2 at 2014-04-24 20:47:43
Running from C:\Users\Ver***2.HV-*****\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: G Data AntiVirus (Disabled - Out of date) {39B780B4-63C2-05B0-3B40-8F7A21E4F496}
AS: G Data AntiVirus (Disabled - Out of date) {82D66150-45F8-0A3E-01F0-B4085A63BE2B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
64 Bit HP CIO Components Installer (Version: 8.2.4 - Hewlett-Packard) Hidden
Adobe Acrobat X Standard - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-BA7E-000000000005}) (Version: 10.1.9 - Adobe Systems)
Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
BioAPI Framework (Version: 1.0.2 - Dell Inc.) Hidden
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center (HKLM-x32\...\{8B1A559A-FB9D-42F5-A8A7-2F132CF28414}) (Version: 1.00.0000 - )
Catalyst Control Center (x32 Version: 2011.0218.1838.33398 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2011.0218.1838.33398 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2011.0218.1838.33398 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2011.0218.1838.33398 - ATI) Hidden
Catalyst Control Center Profiles Desktop (x32 Version: 2011.0218.1838.33398 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2011.0218.1837.33398 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2011.0218.1837.33398 - ATI) Hidden
CCC Help Czech (x32 Version: 2011.0218.1837.33398 - ATI) Hidden
CCC Help Danish (x32 Version: 2011.0218.1837.33398 - ATI) Hidden
CCC Help Dutch (x32 Version: 2011.0218.1837.33398 - ATI) Hidden
CCC Help English (x32 Version: 2011.0218.1837.33398 - ATI) Hidden
CCC Help Finnish (x32 Version: 2011.0218.1837.33398 - ATI) Hidden
CCC Help French (x32 Version: 2011.0218.1837.33398 - ATI) Hidden
CCC Help German (x32 Version: 2011.0218.1837.33398 - ATI) Hidden
CCC Help Greek (x32 Version: 2011.0218.1837.33398 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2011.0218.1837.33398 - ATI) Hidden
CCC Help Italian (x32 Version: 2011.0218.1837.33398 - ATI) Hidden
CCC Help Japanese (x32 Version: 2011.0218.1837.33398 - ATI) Hidden
CCC Help Korean (x32 Version: 2011.0218.1837.33398 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2011.0218.1837.33398 - ATI) Hidden
CCC Help Polish (x32 Version: 2011.0218.1837.33398 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2011.0218.1837.33398 - ATI) Hidden
CCC Help Russian (x32 Version: 2011.0218.1837.33398 - ATI) Hidden
CCC Help Spanish (x32 Version: 2011.0218.1837.33398 - ATI) Hidden
CCC Help Swedish (x32 Version: 2011.0218.1837.33398 - ATI) Hidden
CCC Help Thai (x32 Version: 2011.0218.1837.33398 - ATI) Hidden
CCC Help Turkish (x32 Version: 2011.0218.1837.33398 - ATI) Hidden
ccc-utility64 (Version: 2011.0218.1838.33398 - ATI) Hidden
Custom (Version: 01.00.00.000 - Wave Systems Corp.) Hidden
CyberLink PowerDVD 9.5 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.5.1.4418 - CyberLink Corp.)
CyberLink PowerDVD 9.5 (x32 Version: 9.5.1.4418 - CyberLink Corp.) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{92C42EDD-6524-4577-B2EB-6C68C63B6D4A}) (Version: - Microsoft)
Dell Backup and Recovery Manager (HKLM\...\{50B4B603-A4C6-4739-AE96-6C76A0F8A388}) (Version: 1.3.1 - Dell Inc.)
Dell Data Protection | Access (HKLM-x32\...\{A7D91856-258D-4C87-8041-B170851CE432}) (Version: 2.1.00001.002 - Dell Inc.)
Dell Data Protection | Access (Version: 02.01.01.002 - Wave Systems Corp) Hidden
Dell Data Protection | Access | Drivers (HKLM-x32\...\{4E4E65EE-C456-45AC-B5AD-C62C3A325BD0}) (Version: 2.01.018 - Dell Inc.)
Dell Data Protection | Access | Middleware (HKLM-x32\...\{841CBDD5-4BB5-403E-AEE3-2FADC3890BE8}) (Version: 2.01.010 - Dell Inc.)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell System Detect (HKCU\...\9204f5692a8faf3b) (Version: 5.7.0.6 - Dell)
DellAccess (Version: 01.01.00.072 - Wave Systems Corp.) Hidden
Depends (HKLM-x32\...\{0186DCDD-46DA-4554-8850-74A6557737B7}) (Version: 1.00.0000 - GFAD Systemhaus AG)
EMBASSY Security Center (Version: 04.03.00.121 - Wave Systems Corp.) Hidden
Gemalto (Version: 01.64.01.0010 - Wave Systems Corp) Hidden
HausSoft (HKLM-x32\...\InstallShield_{BE8FCB8D-4F99-4793-ADEB-0A596AFE15F5}) (Version: 3.2.286 - GFAD Systemhaus AG)
HausSoft (x32 Version: 3.2.286 - GFAD Systemhaus AG) Hidden
HiPath TAPI 120 SP V2 (HKLM\...\{42C95128-4207-4516-B4FF-12DBDADC58E0}) (Version: 2.0.64.0000 - Siemens Enterprise Communications GmbH & Co. KG)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1010 - Intel Corporation)
Intel(R) Identity Protection Technology 1.1.2.0 (HKLM-x32\...\{C01A86F5-56E7-101F-9BC9-E3F1025EB779}) (Version: 1.1.2.0 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.1.70.1205 - Intel Corporation)
Intel(R) Network Connections 16.5.2.0 (HKLM\...\PROSetDX) (Version: 16.5.2.0 - Dell)
Intel(R) Network Connections 16.5.2.0 (Version: 16.5.2.0 - Dell) Hidden
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.0.1008 - Intel Corporation)
Java Auto Updater (x32 Version: 2.0.7.1 - Sun Microsystems, Inc.) Hidden
Java(TM) 6 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216031FF}) (Version: 6.0.310 - Oracle)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Business 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox 28.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 de)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.5.6426.22 - PC-Doctor, Inc.)
NTRU TCG Software Stack (Version: 2.1.36 - Security Innovation, Inc.) Hidden
PC-CCID (Version: 2.0.0 - Gemalto) Hidden
Preboot Manager (Version: 03.03.00.074 - Wave Systems Corp.) Hidden
Private Information Manager (Version: 07.01.00.022 - Wave Systems Corp.) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5883 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.30.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.30.0 - Renesas Electronics Corporation) Hidden
SEPA Account Converter (HKLM-x32\...\{BE109F11-6E2C-43F4-B105-AC646809915D}) (Version: 1.25.2 - Star Finanz GmbH)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version: - Microsoft) Hidden
SHARP MX/DX Series PCL/PS Printer Driver (HKLM-x32\...\SHARP MX-2300 2700 3500 4500 Series PCL PS Printer Driver) (Version: 1.00.000 - SHARP)
SHARP MX/MX-M Series PCL/PS Printer Driver (HKLM-x32\...\SHARP MX-2310U PCL PS Printer Driver) (Version: 1.00.000 - SHARP)
Sharpdesk (HKLM-x32\...\{2A30AFBD-6DA5-499F-A83B-7CB2DFF21C23}) (Version: 3.3 - SHARP CORPORATION)
SPBA 5.9 (Version: 5.9.4.6686 - UPEK Inc.) Hidden
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.2.25 - Safer-Networking Ltd.)
System Requirements Lab for Intel (HKLM-x32\...\{C71067FC-288F-4E0B-88C6-44DFDA8311E2}) (Version: 4.5.9.0 - Husdawg, LLC)
TeamViewer 8 (HKLM-x32\...\TeamViewer 8) (Version: 8.0.26038 - TeamViewer)
Trusted Drive Manager (Version: 4.1.1.312 - Wave Systems Corp.) Hidden
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{D3C85176-ACCC-4AF0-817D-1BC803303B74}) (Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{D3C85176-ACCC-4AF0-817D-1BC803303B74}) (Version: - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2494150) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{3FCFD88F-4D13-4F38-8625-ABABEA7F61EA}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{C70D2038-A2C4-4A99-87DE-5272BB44F0CE}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2863818) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{83B1B530-7D9E-4C6A-907F-E979CEE9C295}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{EFF5EBA3-40AD-4859-85E7-3C1CF4F297EB}) (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{A0657506-69DC-44AE-8DC1-58E7C6F5B1C9}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{81812245-FC84-426A-BC02-6659C88CC7B2}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2775360) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{80F56E3F-1D47-4E45-B6E0-FEF4E919F4F9}) (Version: - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version: - Microsoft)
Update for Microsoft Visio 2010 (KB2878227) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5D357893-40BA-4323-86BA-D97C66CD72F4}) (Version: - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{8C55AA83-54C2-4236-A622-78440A411DC5}) (Version: - Microsoft)
Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{E78E2B68-8FD1-42EE-BB74-99A4D9E6222D}) (Version: - Microsoft)
Upek Touchchip Fingerprint Reader (Version: 1.2.004 - Dell Inc.) Hidden
Wave Infrastructure Installer (Version: 07.67.17.0010 - Wave Systems Corp) Hidden
Wave Support Software Installer (Version: 05.13.00.033 - Wave Systems Corp) Hidden
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows-Treiberpaket - Dell Inc. PBADRV System (09/11/2009 1.0.1.6) (HKLM\...\9512AA21B791B05A54E27065C45BBC417AB282DF) (Version: 09/11/2009 1.0.1.6 - Dell Inc.)
xp-AntiSpy 3.98 (HKLM-x32\...\xp-AntiSpy) (Version: - Christian Taubenheim)
==================== Restore Points =========================
==================== Hosts content: ==========================
2009-07-14 04:34 - 2011-12-28 22:38 - 00000847 ____A C:\Windows\system32\Drivers\etc\hosts
192.168.1.250 fritz.box
==================== Scheduled Tasks (whitelisted) =============
Task: {303D08FE-C036-4620-BC1A-561F7F752909} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-12] (Adobe Systems Incorporated)
Task: {607636D0-68FD-4C5C-8C4E-E2C0457337F8} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\My Dell\uaclauncher.exe [2014-01-11] (PC-Doctor, Inc.)
Task: {A93B82D0-91E2-40DE-B5DF-EA2510E9611F} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {C9F4FDEC-851B-40FC-86AA-B44CFECCAAFD} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\My Dell\sessionchecker.exe [2014-01-11] (PC-Doctor, Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Loaded Modules (whitelisted) =============
2013-09-11 09:08 - 2013-08-02 04:12 - 00043520 _____ () C:\Windows\system32\CSRSRV.dll
2009-07-14 01:19 - 2009-07-14 03:41 - 00036864 _____ () C:\Windows\system32\pcwum.dll
2009-07-14 01:19 - 2009-07-14 03:41 - 00036864 _____ () C:\Windows\system32\pcwum.DLL
2009-07-14 01:19 - 2009-07-14 03:41 - 00036864 _____ () C:\Windows\System32\pcwum.dll
2009-07-14 01:19 - 2009-07-14 03:41 - 00036864 _____ () c:\windows\system32\pcwum.dll
2011-12-28 22:28 - 2006-02-23 12:35 - 00020480 _____ () C:\Windows\System32\FritzColorPort64.dll
2009-07-14 01:19 - 2009-07-14 03:41 - 00036864 _____ () C:\Windows\System32\pcwum.DLL
2011-02-18 20:36 - 2011-02-18 20:36 - 00243712 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2010-08-26 18:12 - 2010-08-26 18:12 - 00016384 ____R () c:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2014-02-17 10:38 - 2014-02-17 10:38 - 00169472 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\0a0467413a424068d1471448ff6ca6cc\IsdiInterop.ni.dll
2011-11-28 10:44 - 2010-11-06 01:50 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2013-12-18 20:43 - 2013-12-18 20:43 - 00019968 _____ () C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\locale\de_de\acrotray.deu
2011-04-19 15:06 - 2011-04-19 15:06 - 00006144 _____ () C:\Program Files (x86)\Sharp\Sharpdesk\discoveryps.dll
2011-04-19 15:18 - 2011-04-19 15:18 - 00930304 _____ () C:\Program Files (x86)\Sharp\Sharpdesk\SCprMfpif.dll
2014-04-24 19:38 - 2013-05-16 10:55 - 00113496 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-04-24 19:38 - 2013-05-16 10:55 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2014-04-24 19:38 - 2013-05-16 10:55 - 00161112 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-04-24 19:38 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2014-03-31 11:07 - 2014-03-31 11:07 - 03642480 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
==================== Disabled items from MSCONFIG ==============
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^GFAD PhoneCenter.lnk => C:\Windows\pss\GFAD PhoneCenter.lnk.CommonStartup
MSCONFIG\startupreg: PDVD9LanguageShortcut => "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe"
MSCONFIG\startupreg: RemoteControl9 => "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RtDCpl64.exe
==================== Faulty Device Manager Devices =============
Name: GDBehave
Description: GDBehave
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: GDBehave
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
Name: GDMnIcpt
Description: GDMnIcpt
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: GDMnIcpt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
Name: PS/2-kompatible Maus
Description: PS/2-kompatible Maus
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
Name: HookCentre
Description: HookCentre
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: HookCentre
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
==================== Event log errors: =========================
Application errors:
==================
Error: (04/24/2014 07:33:41 PM) (Source: Software Protection Platform Service) (User: )
Description: Fehler beim Starten des Softwareschutzdiensts. 0xD0000022
6.1.7601.17514
Error: (04/24/2014 07:30:57 PM) (Source: Winlogon) (User: )
Description: Der Windows-Anmeldeprozess wurde unerwartet beendet.
Error: (04/24/2014 07:20:49 PM) (Source: MsiInstaller) (User: HV-*****)
Description: Produkt: G Data Security Client -- Fehler 1316. Beim Versuch, die Datei C:\Windows\Installer\setup.msi zu lesen, ist ein Netzwerkfehler aufgetreten.
Error: (04/24/2014 07:20:26 PM) (Source: NSSDK.MfpifValidator.1) (User: )
Description: Das Gerät mit der IP-Nummer 192.168.1.22 ist nicht im Netzwerk erreichbar. (0x8215110b)
Error: (04/24/2014 07:19:59 PM) (Source: MsiInstaller) (User: HV-*****)
Description: Produkt: G Data Security Client -- Fehler 1316. Beim Versuch, die Datei C:\Windows\Installer\setup.msi zu lesen, ist ein Netzwerkfehler aufgetreten.
Error: (04/24/2014 07:19:32 PM) (Source: MsiInstaller) (User: HV-*****)
Description: Produkt: G Data Security Client -- Fehler 1316. Beim Versuch, die Datei C:\Windows\Installer\setup.msi zu lesen, ist ein Netzwerkfehler aufgetreten.
Error: (04/24/2014 07:18:46 PM) (Source: NSSDK.MfpifValidator.1) (User: )
Description: Das Gerät mit der IP-Nummer 192.168.1.22 ist nicht im Netzwerk erreichbar. (0x8215110b)
Error: (04/24/2014 07:05:18 PM) (Source: NSSDK.MfpifValidator.1) (User: )
Description: Das Gerät mit der IP-Nummer 192.168.1.22 ist nicht im Netzwerk erreichbar. (0x8215110b)
Error: (04/24/2014 07:03:42 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: O990-A18.exe, Version: 0.0.0.0, Zeitstempel: 0x00000000
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0004c25d
ID des fehlerhaften Prozesses: 0xdd8
Startzeit der fehlerhaften Anwendung: 0xO990-A18.exe0
Pfad der fehlerhaften Anwendung: O990-A18.exe1
Pfad des fehlerhaften Moduls: O990-A18.exe2
Berichtskennung: O990-A18.exe3
Error: (04/24/2014 07:03:12 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
System errors:
=============
Error: (04/24/2014 07:39:05 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Spybot-S&D 2 Scanner Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (04/24/2014 07:39:05 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Spybot-S&D 2 Scanner Service erreicht.
Error: (04/24/2014 07:33:41 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Software Protection" wurde mit folgendem Fehler beendet:
%%5
Error: (04/24/2014 07:20:33 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "G Data Dateisystem Wächter" ist von folgendem Dienst abhängig: GDScan. Dieser Dienst ist eventuell nicht installiert.
Error: (04/24/2014 07:20:33 PM) (Source: DCOM) (User: )
Description: 1075AVKWCtl-Service{BCB3CC02-761B-4C74-8B04-891A31034D19}
Error: (04/24/2014 07:19:40 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "G Data Dateisystem Wächter" ist von folgendem Dienst abhängig: GDScan. Dieser Dienst ist eventuell nicht installiert.
Error: (04/24/2014 07:19:14 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "G Data Dateisystem Wächter" ist von folgendem Dienst abhängig: GDScan. Dieser Dienst ist eventuell nicht installiert.
Error: (04/24/2014 07:19:14 PM) (Source: DCOM) (User: )
Description: 1075AVKWCtl-Service{BCB3CC02-761B-4C74-8B04-891A31034D19}
Error: (04/24/2014 07:17:38 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "G Data Dateisystem Wächter" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (04/24/2014 07:17:38 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst G Data Dateisystem Wächter erreicht.
Microsoft Office Sessions:
=========================
Error: (04/24/2014 07:33:41 PM) (Source: Software Protection Platform Service)(User: )
Description: 0xD00000226.1.7601.17514
Error: (04/24/2014 07:30:57 PM) (Source: Winlogon)(User: )
Description:
Error: (04/24/2014 07:20:49 PM) (Source: MsiInstaller)(User: HV-*****)
Description: Produkt: G Data Security Client -- Fehler 1316. Beim Versuch, die Datei C:\Windows\Installer\setup.msi zu lesen, ist ein Netzwerkfehler aufgetreten.(NULL)(NULL)(NULL)(NULL)(NULL)
Error: (04/24/2014 07:20:26 PM) (Source: NSSDK.MfpifValidator.1)(User: )
Description: Das Gerät mit der IP-Nummer 192.168.1.22 ist nicht im Netzwerk erreichbar. (0x8215110b)
Error: (04/24/2014 07:19:59 PM) (Source: MsiInstaller)(User: HV-*****)
Description: Produkt: G Data Security Client -- Fehler 1316. Beim Versuch, die Datei C:\Windows\Installer\setup.msi zu lesen, ist ein Netzwerkfehler aufgetreten.(NULL)(NULL)(NULL)(NULL)(NULL)
Error: (04/24/2014 07:19:32 PM) (Source: MsiInstaller)(User: HV-*****)
Description: Produkt: G Data Security Client -- Fehler 1316. Beim Versuch, die Datei C:\Windows\Installer\setup.msi zu lesen, ist ein Netzwerkfehler aufgetreten.(NULL)(NULL)(NULL)(NULL)(NULL)
Error: (04/24/2014 07:18:46 PM) (Source: NSSDK.MfpifValidator.1)(User: )
Description: Das Gerät mit der IP-Nummer 192.168.1.22 ist nicht im Netzwerk erreichbar. (0x8215110b)
Error: (04/24/2014 07:05:18 PM) (Source: NSSDK.MfpifValidator.1)(User: )
Description: Das Gerät mit der IP-Nummer 192.168.1.22 ist nicht im Netzwerk erreichbar. (0x8215110b)
Error: (04/24/2014 07:03:42 PM) (Source: Application Error)(User: )
Description: O990-A18.exe0.0.0.000000000unknown0.0.0.000000000c00000050004c25ddd801cf5fdf24eb1578C:\Users\Administrator\Desktop\O990-A18.exeunknown62af6bb0-cbd2-11e3-a96b-180373d14ab5
Error: (04/24/2014 07:03:12 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
CodeIntegrity Errors:
===================================
Date: 2014-04-24 20:45:22.193
Description: N/A
Date: 2014-04-09 18:46:30.995
Description: N/A
Date: 2014-04-09 18:31:04.358
Description: N/A
Date: 2014-04-01 13:30:10.117
Description: N/A
Date: 2014-04-01 13:30:10.068
Description: N/A
Date: 2014-03-14 18:01:06.574
Description: N/A
Date: 2014-03-14 17:44:26.841
Description: N/A
Date: 2014-02-23 01:38:25.578
Description: N/A
Date: 2014-02-22 21:15:52.779
Description: N/A
Date: 2014-02-22 21:07:28.356
Description: N/A
==================== Memory info ===========================
Percentage of memory in use: 41%
Total physical RAM: 8149.02 MB
Available physical RAM: 4793.55 MB
Total Pagefile: 16296.21 MB
Available Pagefile: 12775.99 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:285.8 GB) (Free:200.3 GB) NTFS
Drive d: (Reichelt-***** ) (CDROM) (Total:0.01 GB) (Free:0 GB) UDF
Drive f: (Daten_NEU) (Network) (Total:220 GB) (Free:135.67 GB) NTFS
Drive p: (Daten) (Network) (Total:209.17 GB) (Free:56.27 GB) NTFS
Drive q: (Daten) (Network) (Total:209.17 GB) (Free:56.27 GB) NTFS
Drive z: (Daten) (Network) (Total:209.17 GB) (Free:56.27 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298 GB) (Disk ID: CDFC01C4)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=12 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=286 GB) - (Type=07 NTFS)
==================== End Of Log ============================
Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-04-2014
Ran by ver*****2 (administrator) on ver*****2-PC on 24-04-2014 20:47:28
Running from C:\Users\ver*****2.HV-*****\Desktop
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(AMD) C:\Windows\system32\atiesrxx.exe
(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe
(Intel Corporation) C:\Windows\system32\IProsetMonitor.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\sysWOW64\wbem\wmiprvse.exe
(AMD) C:\Windows\system32\atieclxx.exe
(UPEK Inc.) C:\Program Files\Common Files\SPBA\upeksvr.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\tv_x64.exe
(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe
(Dell Computer Corporation) C:\dell\DBRM\Reminder\DbrmTrayicon.exe
(Dell) C:\Users\ver*****2.HV-*****\AppData\Local\Apps\2.0\JRBEM29J.2GX\NEB10E2P.XQ0\dell..tion_0f612f649c4a10af_0005.0007_59de4fd2458fcaec\DellSystemDetect.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Advanced Micro Devices Inc.) c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(SHARP CORPORATION) C:\Program Files (x86)\Sharp\Sharpdesk\SharpTray.exe
(SHARP CORPORATION) C:\Program Files (x86)\Sharp\Sharpdesk\FTPServer.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(SHARP CORPORATION) C:\Program Files (x86)\Sharp\Sharpdesk\nsapp.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Users\ver*****2.HV-*****\Desktop\Windows-KB890830-x64-V5.11.exe
(Microsoft Corporation) c:\bdc9a445550166d881531b7900f0\mrtstub.exe
(Microsoft Corporation) C:\Windows\system32\MRT.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWelcome.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
(Microsoft Corporation) C:\Windows\system32\LogonUI.exe
(AMD) C:\Windows\system32\atieclxx.exe
(UPEK Inc.) C:\Program Files\Common Files\SPBA\upeksvr.exe
(Microsoft Corporation) C:\Windows\system32\rdpclip.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [TdmNotify] => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe [257392 2011-05-27] (Wave Systems Corp.)
HKLM\...\Run: [DBRMTray] => C:\Dell\DBRM\Reminder\DbrmTrayIcon.exe [227328 2011-03-08] (Dell Computer Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2010-11-06] (Intel Corporation)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [113656 2013-01-24] (Intel Corporation)
HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-02-18] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41336 2013-12-18] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840568 2013-12-18] (Adobe Systems Inc.)
HKLM-x32\...\Run: [SharpTray.exe] => C:\Program Files (x86)\Sharp\Sharpdesk\SharpTray.exe [131584 2011-04-20] (SHARP CORPORATION)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [FtpServer.exe] => C:\Program Files (x86)\Sharp\Sharpdesk\FtpServer.exe [820224 2011-04-19] (SHARP CORPORATION)
HKLM-x32\...\Run: [IndexTray.exe] => C:\Program Files (x86)\Sharp\Sharpdesk\IndexTray.exe [395264 2011-04-20] (SHARP CORPORATION)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
HKLM\...\RunOnce: [DBRMTray] - C:\Dell\DBRM\Reminder\TrayApp.exe [7168 2010-02-05] (Microsoft)
Winlogon\Notify\spba: C:\Program Files\Common Files\SPBA\homefus2.dll (UPEK Inc.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-1829681468-3325977407-3042191813-1143\...\Run: [DellSystemDetect] => C:\Users\ver*****2.HV-*****\AppData\Local\Apps\2.0\JRBEM29J.2GX\NEB10E2P.XQ0\dell..tion_0f612f649c4a10af_0005.0007_59de4fd2458fcaec\DellSystemDetect.exe [254976 2014-04-24] (Dell)
HKU\S-1-5-21-1829681468-3325977407-3042191813-1143\...\Policies\system: [NoDispScrSavPage] 1
HKU\S-1-5-21-1829681468-3325977407-3042191813-1143\...\Policies\Explorer: [NoInternetOpenWith] 1
HKU\S-1-5-21-1829681468-3325977407-3042191813-1143\...\Policies\Explorer: [ClearRecentProgForNewUserInStartMenu] 0
HKU\S-1-5-21-1829681468-3325977407-3042191813-1143\...\Policies\Explorer: [NoStartMenuMFUprogramsList] 0
HKU\S-1-5-21-1829681468-3325977407-3042191813-1143\...\Policies\Explorer: [NoAutoUpdate] 1
HKU\S-1-5-21-1829681468-3325977407-3042191813-1143\...\Policies\Explorer: [ForceStartMenuLogOff] 1
HKU\S-1-5-21-1829681468-3325977407-3042191813-1143\...\Policies\Explorer: [TaskbarLockAll] 0
HKU\S-1-5-21-1829681468-3325977407-3042191813-1143\...\Policies\Explorer: [ForceClassicControlPanel] 0
HKU\S-1-5-21-1829681468-3325977407-3042191813-1143\...\MountPoints2: E - E:\ting.exe
HKU\S-1-5-21-1829681468-3325977407-3042191813-1143\...\MountPoints2: {15e0ae4c-7b37-11e2-98c5-180373d14ab5} - E:\ting.exe
HKU\S-1-5-21-2524561109-972703396-2741487341-500\...\Run: [DellSystemDetect] => C:\Users\Administrator\AppData\Local\Apps\2.0\ZK1WEW81.OA3\QQ2CXO32.WD4\dell..tion_0f612f649c4a10af_0005.0007_59de4fd2458fcaec\DellSystemDetect.exe [254976 2014-04-24] (Dell)
Lsa: [Authentication Packages] msv1_0 wvauth
Startup: C:\Users\ver*****2.HV-*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GFAD PhoneCenter.lnk
ShortcutTarget: GFAD PhoneCenter.lnk -> C:\Program Files (x86)\GFAD\PhoneCenter\gPhoneCenter.exe (GFAD Systemhaus AG)
Startup: C:\Users\ver*****2.HV-*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GFAD PhoneCenter.lnk
ShortcutTarget: GFAD PhoneCenter.lnk -> C:\Program Files (x86)\GFAD\PhoneCenter\gPhoneCenter.exe (GFAD Systemhaus AG)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USREL/8
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - DefaultScope {0DA4F4DF-494D-497B-87AE-7F23183363AB} URL = hxxp://www.google.de/search?q={searchTerms}
SearchScopes: HKCU - {0A199814-C811-40F1-B5C7-860B46557B13} URL =
SearchScopes: HKCU - {0DA4F4DF-494D-497B-87AE-7F23183363AB} URL = hxxp://www.google.de/search?q={searchTerms}
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
DPF: HKLM-x32 {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} hxxp://xserv.dell.com/DellDriverScanner/DellSystem.CAB
DPF: HKLM-x32 {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
DPF: HKLM-x32 {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.9.0.cab
Handler: sds - {79E0F14C-9C52-4218-89A7-7C4B0563D121} - No File
Handler-x32: sds - {79E0F14C-9C52-4218-89A7-7C4B0563D121} - C:\Program Files (x86)\Sharp\Sharpdesk\ExplorerExtensions.dll (SHARP CORPORATION)
Hosts: 192.168.1.250 fritz.box
Tcpip\..\Interfaces\{B1E823EF-B08D-4E46-963C-D1994057A2A7}: [NameServer]192.168.1.6
FireFox:
========
FF ProfilePath: C:\Users\ver*****2.HV-*****\AppData\Roaming\Mozilla\Firefox\Profiles\i3nuvds8.default
FF DefaultSearchEngine: LEO Eng-Deu
FF SelectedSearchEngine: LEO Eng-Deu
FF Homepage: www.google.de
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin-x32: Adobe Acrobat - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\ver*****2.HV-*****\AppData\Roaming\Mozilla\Firefox\Profiles\i3nuvds8.default\searchplugins\preissuchmaschine.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: German Dictionary - C:\Users\ver*****2.HV-*****\AppData\Roaming\Mozilla\Firefox\Profiles\i3nuvds8.default\Extensions\de-DE@dictionaries.addons.mozilla.org [2012-10-26]
FF Extension: FRITZ!Box AddOn - C:\Users\ver*****2.HV-*****\AppData\Roaming\Mozilla\Firefox\Profiles\i3nuvds8.default\Extensions\fb_add_on@avm.de [2013-04-12]
FF Extension: WOT - C:\Users\ver*****2.HV-*****\AppData\Roaming\Mozilla\Firefox\Profiles\i3nuvds8.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2013-12-03]
FF Extension: Adblock Plus - C:\Users\ver*****2.HV-*****\AppData\Roaming\Mozilla\Firefox\Profiles\i3nuvds8.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-12-05]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2011-11-28]
==================== Services (Whitelisted) =================
S2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
R2 syshost32; C:\Windows\Installer\{2A05AD0F-BA3A-B16D-A14C-1E0D810830C6}\syshost.exe [89600 2014-04-01] ()
S2 tcsd_win32.exe; C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe [1633280 2011-02-17] ()
R2 Wave Authentication Manager Service; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe [1600000 2011-07-01] (Wave Systems Corp.)
S2 AVKWCtl; "C:\Program Files (x86)\G Data\AVKClient\AVKWCtlX64.exe" [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-04-24 20:47 - 2014-04-24 20:47 - 00015212 _____ () C:\Users\ver*****2.HV-*****\Desktop\FRST.txt
2014-04-24 20:47 - 2014-04-24 20:47 - 00000000 ____D () C:\FRST
2014-04-24 20:46 - 2014-04-24 20:46 - 02061824 _____ (Farbar) C:\Users\ver*****2.HV-*****\Desktop\FRST64.exe
2014-04-24 20:45 - 2014-04-24 20:45 - 00000484 _____ () C:\Users\ver*****2.HV-*****\Desktop\defogger_disable.log
2014-04-24 20:45 - 2014-04-24 20:45 - 00000000 _____ () C:\Users\ver*****2.HV-*****\defogger_reenable
2014-04-24 20:44 - 2014-04-24 20:45 - 00050477 _____ () C:\Users\ver*****2.HV-*****\Desktop\Defogger.exe
2014-04-24 19:41 - 2014-04-24 19:41 - 00000000 ____D () C:\Users\ver*****2.HV-*****\Documents\ProcAlyzer Dumps
2014-04-24 19:38 - 2014-04-24 19:45 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-04-24 19:38 - 2014-04-24 19:42 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-04-24 19:38 - 2014-04-24 19:38 - 00001397 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-04-24 19:38 - 2014-04-24 19:38 - 00001385 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-04-24 19:38 - 2014-04-24 19:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-04-24 19:38 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2014-04-24 19:36 - 2014-04-24 19:36 - 00613200 _____ (Chip Digital GmbH) C:\Users\ver*****2.HV-*****\Desktop\SpyBot Search Destroy - CHIP-Downloader.exe
2014-04-24 19:24 - 2014-04-24 19:24 - 26747104 _____ (Microsoft Corporation) C:\Users\ver*****2.HV-*****\Desktop\Windows-KB890830-x64-V5.11.exe
2014-04-24 19:24 - 2014-04-24 19:24 - 00000000 ____D () C:\bdc9a445550166d881531b7900f0
2014-04-24 19:16 - 2014-04-24 19:16 - 00411144 _____ () C:\Users\ver*****2.HV-*****\Desktop\AVCleaner.exe
2014-04-24 19:16 - 2014-04-24 19:16 - 00094200 _____ (G Data Software AG) C:\Users\ver*****2.HV-*****\Desktop\svchost.exe
2014-04-24 19:11 - 2014-04-24 20:17 - 00002192 ____H () C:\Users\ver*****2.HV-*****\Documents\Default.rdp
2014-04-24 18:59 - 2014-04-24 18:59 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell
2014-04-24 18:59 - 2014-04-24 18:59 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Macromedia
2014-04-24 18:59 - 2014-04-24 18:59 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Deployment
2014-04-24 18:59 - 2014-04-24 18:59 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Apps\2.0
2014-04-24 18:57 - 2014-04-24 18:57 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Downloaded Installations
2014-04-24 18:56 - 2014-04-24 18:56 - 00109688 _____ () C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2014-04-24 18:56 - 2014-04-24 18:56 - 00001423 _____ () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-04-24 18:56 - 2014-04-24 18:56 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-24 18:56 - 2014-04-24 18:56 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-04-24 18:56 - 2014-04-24 18:56 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Intel Corporation
2014-04-24 18:56 - 2014-04-24 18:56 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\ATI
2014-04-24 18:56 - 2014-04-24 18:56 - 00000000 ____D () C:\Users\Administrator\AppData\Local\G DATA
2014-04-24 18:56 - 2014-04-24 18:56 - 00000000 ____D () C:\Users\Administrator\AppData\Local\ATI
2014-04-24 18:56 - 2014-04-24 18:56 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Adobe
2014-04-24 18:55 - 2014-04-24 18:56 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Adobe
2014-04-24 18:52 - 2014-04-24 18:52 - 02087752 _____ (Dell Inc) C:\Users\ver*****2.HV-*****\Desktop\aulauncher.exe
2014-04-24 18:49 - 2014-04-24 18:55 - 00000000 ____D () C:\Users\ver*****2.HV-*****\Desktop\A18 Bios
2014-04-24 18:49 - 2014-04-24 18:49 - 00000000 ____D () C:\Users\ver*****2.HV-*****\Desktop\Chipsatz
2014-04-15 09:05 - 2014-04-15 09:05 - 00000000 ____D () C:\Windows\SysWOW64\140415-090542
2014-04-14 09:33 - 2014-04-14 09:33 - 00000000 ____D () C:\Windows\SysWOW64\140414-093340
2014-04-11 09:07 - 2014-04-11 09:07 - 00000000 ____D () C:\Windows\SysWOW64\140411-090722
2014-04-10 09:44 - 2014-04-10 09:44 - 00000000 ____D () C:\Windows\SysWOW64\140410-094436
2014-04-09 17:19 - 2014-04-09 17:19 - 00000000 ____D () C:\Windows\SysWOW64\140409-171911
2014-04-09 09:14 - 2014-04-09 09:14 - 00000000 ____D () C:\Windows\SysWOW64\140409-091416
2014-04-08 08:42 - 2014-04-08 08:42 - 00000000 ____D () C:\Windows\SysWOW64\140408-084247
2014-04-07 08:46 - 2014-04-07 08:46 - 00000000 ____D () C:\Windows\SysWOW64\140407-084620
2014-04-04 11:17 - 2014-04-04 11:17 - 00000000 ____D () C:\Windows\SysWOW64\140404-111746
2014-04-03 15:21 - 2014-04-03 15:21 - 00000000 ____D () C:\Windows\SysWOW64\140403-152125
2014-04-01 13:30 - 2014-04-01 13:30 - 00077776 _____ () C:\Windows\system32\Drivers\1cbccdb6771da47b.sys
2014-03-31 11:07 - 2014-03-31 11:07 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
==================== One Month Modified Files and Folders =======
2014-04-24 20:47 - 2014-04-24 20:47 - 00015212 _____ () C:\Users\ver*****2.HV-*****\Desktop\FRST.txt
2014-04-24 20:47 - 2014-04-24 20:47 - 00000000 ____D () C:\FRST
2014-04-24 20:46 - 2014-04-24 20:46 - 02061824 _____ (Farbar) C:\Users\ver*****2.HV-*****\Desktop\FRST64.exe
2014-04-24 20:45 - 2014-04-24 20:45 - 00000484 _____ () C:\Users\ver*****2.HV-*****\Desktop\defogger_disable.log
2014-04-24 20:45 - 2014-04-24 20:45 - 00000000 _____ () C:\Users\ver*****2.HV-*****\defogger_reenable
2014-04-24 20:45 - 2014-04-24 20:44 - 00050477 _____ () C:\Users\ver*****2.HV-*****\Desktop\Defogger.exe
2014-04-24 20:45 - 2011-12-05 19:38 - 00000000 ____D () C:\Users\ver*****2.HV-*****
2014-04-24 20:38 - 2012-07-16 16:35 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-24 20:17 - 2014-04-24 19:11 - 00002192 ____H () C:\Users\ver*****2.HV-*****\Documents\Default.rdp
2014-04-24 19:45 - 2014-04-24 19:38 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-04-24 19:42 - 2014-04-24 19:38 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-04-24 19:41 - 2014-04-24 19:41 - 00000000 ____D () C:\Users\ver*****2.HV-*****\Documents\ProcAlyzer Dumps
2014-04-24 19:38 - 2014-04-24 19:38 - 00001397 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-04-24 19:38 - 2014-04-24 19:38 - 00001385 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-04-24 19:38 - 2014-04-24 19:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-04-24 19:36 - 2014-04-24 19:36 - 00613200 _____ (Chip Digital GmbH) C:\Users\ver*****2.HV-*****\Desktop\SpyBot Search Destroy - CHIP-Downloader.exe
2014-04-24 19:35 - 2011-11-28 10:30 - 01191531 _____ () C:\Windows\WindowsUpdate.log
2014-04-24 19:24 - 2014-04-24 19:24 - 26747104 _____ (Microsoft Corporation) C:\Users\ver*****2.HV-*****\Desktop\Windows-KB890830-x64-V5.11.exe
2014-04-24 19:24 - 2014-04-24 19:24 - 00000000 ____D () C:\bdc9a445550166d881531b7900f0
2014-04-24 19:21 - 2011-12-05 19:28 - 00000000 ____D () C:\Program Files (x86)\G Data
2014-04-24 19:19 - 2012-04-22 18:46 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-04-24 19:18 - 2011-12-05 19:36 - 00000128 _____ () C:\Windows\system32\config\netlogon.ftl
2014-04-24 19:17 - 2011-12-05 19:33 - 00000000 ____D () C:\Users\ver*****2.HV-*****\AppData\Local\G DATA
2014-04-24 19:17 - 2011-12-05 19:28 - 00000000 ____D () C:\ProgramData\G Data
2014-04-24 19:16 - 2014-04-24 19:16 - 00411144 _____ () C:\Users\ver*****2.HV-*****\Desktop\AVCleaner.exe
2014-04-24 19:16 - 2014-04-24 19:16 - 00094200 _____ (G Data Software AG) C:\Users\ver*****2.HV-*****\Desktop\svchost.exe
2014-04-24 19:08 - 2009-07-14 06:45 - 00021088 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-24 19:08 - 2009-07-14 06:45 - 00021088 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-24 19:05 - 2010-11-21 08:50 - 00702964 _____ () C:\Windows\system32\perfh007.dat
2014-04-24 19:05 - 2010-11-21 08:50 - 00150604 _____ () C:\Windows\system32\perfc007.dat
2014-04-24 19:05 - 2009-07-14 07:13 - 01629436 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-24 19:01 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-24 19:01 - 2009-07-14 06:51 - 00072016 _____ () C:\Windows\setupact.log
2014-04-24 18:59 - 2014-04-24 18:59 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell
2014-04-24 18:59 - 2014-04-24 18:59 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Macromedia
2014-04-24 18:59 - 2014-04-24 18:59 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Deployment
2014-04-24 18:59 - 2014-04-24 18:59 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Apps\2.0
2014-04-24 18:57 - 2014-04-24 18:57 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Downloaded Installations
2014-04-24 18:56 - 2014-04-24 18:56 - 00109688 _____ () C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2014-04-24 18:56 - 2014-04-24 18:56 - 00001423 _____ () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-04-24 18:56 - 2014-04-24 18:56 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-24 18:56 - 2014-04-24 18:56 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-04-24 18:56 - 2014-04-24 18:56 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Intel Corporation
2014-04-24 18:56 - 2014-04-24 18:56 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\ATI
2014-04-24 18:56 - 2014-04-24 18:56 - 00000000 ____D () C:\Users\Administrator\AppData\Local\G DATA
2014-04-24 18:56 - 2014-04-24 18:56 - 00000000 ____D () C:\Users\Administrator\AppData\Local\ATI
2014-04-24 18:56 - 2014-04-24 18:56 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Adobe
2014-04-24 18:56 - 2014-04-24 18:55 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Adobe
2014-04-24 18:56 - 2011-12-05 18:39 - 00000000 ____D () C:\Users\Administrator
2014-04-24 18:56 - 2009-07-14 06:57 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-04-24 18:55 - 2014-04-24 18:49 - 00000000 ____D () C:\Users\ver*****2.HV-*****\Desktop\A18 Bios
2014-04-24 18:53 - 2014-02-22 21:57 - 00000000 ____D () C:\Users\ver*****2.HV-*****\AppData\Local\Deployment
2014-04-24 18:52 - 2014-04-24 18:52 - 02087752 _____ (Dell Inc) C:\Users\ver*****2.HV-*****\Desktop\aulauncher.exe
2014-04-24 18:51 - 2011-11-28 10:45 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2014-04-24 18:50 - 2014-02-22 21:59 - 00000000 ____D () C:\ProgramData\dell
2014-04-24 18:49 - 2014-04-24 18:49 - 00000000 ____D () C:\Users\ver*****2.HV-*****\Desktop\Chipsatz
2014-04-23 15:29 - 2012-01-02 11:25 - 00000000 ____D () C:\Users\ver*****2.HV-*****\AppData\Roaming\.oit
2014-04-15 09:05 - 2014-04-15 09:05 - 00000000 ____D () C:\Windows\SysWOW64\140415-090542
2014-04-15 09:03 - 2010-11-21 05:47 - 00281774 _____ () C:\Windows\PFRO.log
2014-04-14 09:33 - 2014-04-14 09:33 - 00000000 ____D () C:\Windows\SysWOW64\140414-093340
2014-04-11 09:07 - 2014-04-11 09:07 - 00000000 ____D () C:\Windows\SysWOW64\140411-090722
2014-04-10 09:48 - 2011-12-05 18:38 - 00004666 __RSH () C:\Users\ver*****2.HV-*****\ntuser.pol
2014-04-10 09:44 - 2014-04-10 09:44 - 00000000 ____D () C:\Windows\SysWOW64\140410-094436
2014-04-09 17:19 - 2014-04-09 17:19 - 00000000 ____D () C:\Windows\SysWOW64\140409-171911
2014-04-09 09:14 - 2014-04-09 09:14 - 00000000 ____D () C:\Windows\SysWOW64\140409-091416
2014-04-08 08:42 - 2014-04-08 08:42 - 00000000 ____D () C:\Windows\SysWOW64\140408-084247
2014-04-07 08:46 - 2014-04-07 08:46 - 00000000 ____D () C:\Windows\SysWOW64\140407-084620
2014-04-04 11:17 - 2014-04-04 11:17 - 00000000 ____D () C:\Windows\SysWOW64\140404-111746
2014-04-03 15:21 - 2014-04-03 15:21 - 00000000 ____D () C:\Windows\SysWOW64\140403-152125
2014-04-02 09:33 - 2012-07-09 10:10 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-04-01 13:30 - 2014-04-01 13:30 - 00077776 _____ () C:\Windows\system32\Drivers\1cbccdb6771da47b.sys
2014-04-01 13:04 - 2014-02-22 21:55 - 00003440 _____ () C:\Windows\System32\Tasks\PCDEventLauncherTask
2014-03-31 11:07 - 2014-03-31 11:07 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-31 10:19 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-03-31 03:51 - 2011-12-05 19:04 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys
[2010-11-21 05:23] - [2010-11-21 05:23] - 0295808 ____A () D41D8CD98F00B204E9800998ECF8427E
C:\Windows\System32\Drivers\volsnap.sys No Company Name <===== ATTENTION!
testsigning: ==> Check for possible unsigned rootkit driver <===== ATTENTION!
LastRegBack: 2014-04-09 17:48
==================== End Of Log ============================
Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 20:45 on 24/04/2014 (****2)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
GMER Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-04-24 21:43:54
Windows 6.1.7601 Service Pack 1 x64
Running: Gmer-19357.exe
---- Services - GMER 2.1 ----
Service System32\Drivers\1cbccdb6771da47b.sys (*** hidden *** ) [BOOT] 1cbccdb6771da47b <-- ROOTKIT !!!
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\1cbccdb6771da47b@ImagePath \SystemRoot\System32\Drivers\1cbccdb6771da47b.sys
Reg HKLM\SYSTEM\CurrentControlSet\services\1cbccdb6771da47b@Group Boot Bus Extender
Reg HKLM\SYSTEM\CurrentControlSet\services\1cbccdb6771da47b@ErrorControl 0
Reg HKLM\SYSTEM\CurrentControlSet\services\1cbccdb6771da47b@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\services\1cbccdb6771da47b@Start 0
Reg HKLM\SYSTEM\CurrentControlSet\services\1cbccdb6771da47b@Tag 1
Reg HKLM\SYSTEM\CurrentControlSet\services\1cbccdb6771da47b@DisplayName syshost.exe
Reg HKLM\SYSTEM\CurrentControlSet\services\1cbccdb6771da47b
Reg HKLM\SYSTEM\ControlSet002\services\1cbccdb6771da47b@ImagePath \SystemRoot\System32\Drivers\1cbccdb6771da47b.sys
Reg HKLM\SYSTEM\ControlSet002\services\1cbccdb6771da47b@Group Boot Bus Extender
Reg HKLM\SYSTEM\ControlSet002\services\1cbccdb6771da47b@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet002\services\1cbccdb6771da47b@Type 1
Reg HKLM\SYSTEM\ControlSet002\services\1cbccdb6771da47b@Start 0
Reg HKLM\SYSTEM\ControlSet002\services\1cbccdb6771da47b@Tag 1
Reg HKLM\SYSTEM\ControlSet002\services\1cbccdb6771da47b@DisplayName syshost.exe
---- EOF - GMER 2.1 ----
Code:
ATTFilter Search results from Spybot - Search & Destroy
24.04.2014 21:13:42
Scan took 00:13:55.
47 items found.
DownloadSponsor: [SBI $CC437C6B] Settings (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-1829681468-3325977407-3042191813-1143\Software\OCS\lastPID
DownloadSponsor: [SBI $980DE8E4] Settings (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-1829681468-3325977407-3042191813-1143\Software\OCS\PID
Microsoft.Windows.ActiveDesktop: [SBI $99FAD8A8] User settings (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-1829681468-3325977407-3042191813-1143\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallpaper
Microsoft.Windows.System: [SBI $7F8E43F4] User settings (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-1829681468-3325977407-3042191813-1143\Software\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage
DoubleClick: [SBI $4E2AF2AC] Tracking cookie (Firefox: Ver******2 (default)) (Browser: Cookie, nothing done)
Internet Explorer: [SBI $1E8157BE] Typed URL list (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-1829681468-3325977407-3042191813-1143\Software\Microsoft\Internet Explorer\TypedURLs
Internet Explorer: [SBI $1E8157BE] Typed URL list (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-2524561109-972703396-2741487341-500\Software\Microsoft\Internet Explorer\TypedURLs
Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-1829681468-3325977407-3042191813-1143\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-2524561109-972703396-2741487341-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
MS Management Console: [SBI $ECD50EAD] Recent command list (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-1829681468-3325977407-3042191813-1143\Software\Microsoft\Microsoft Management Console\Recent File List
MS Media Player: [SBI $5C51E349] Client ID (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-1829681468-3325977407-3042191813-1143\Software\Microsoft\MediaPlayer\Player\Settings\Client ID
MS Media Player: [SBI $5C51E349] Client ID (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-2524561109-972703396-2741487341-500\Software\Microsoft\MediaPlayer\Player\Settings\Client ID
MS Direct3D: [SBI $7FB7B83F] Most recent application (Registry Change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Direct3D\MostRecentApplication\Name
MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Direct3D\MostRecentApplication\Name
MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
HKEY_USERS\S-1-5-20\Software\Microsoft\Direct3D\MostRecentApplication\Name
MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-1829681468-3325977407-3042191813-1143\Software\Microsoft\Direct3D\MostRecentApplication\Name
MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-2524561109-972703396-2741487341-500\Software\Microsoft\Direct3D\MostRecentApplication\Name
MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Direct3D\MostRecentApplication\Name
MS DirectDraw: [SBI $EB49D5AF] Most recent application (Registry Change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name
MS DirectInput: [SBI $9A063C91] Most recent application (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-1829681468-3325977407-3042191813-1143\Software\Microsoft\DirectInput\MostRecentApplication\Name
MS DirectInput: [SBI $7B184199] Most recent application ID (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-1829681468-3325977407-3042191813-1143\Software\Microsoft\DirectInput\MostRecentApplication\Id
MS Imaging: [SBI $39A58B51] Recent file list (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-1829681468-3325977407-3042191813-1143\Software\Kodak\Imaging\Recent File List
MS Paint: [SBI $07867C39] Recent file list (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-1829681468-3325977407-3042191813-1143\Software\Microsoft\Windows\CurrentVersion\Applets\Paint\Recent File List
MS Regedit: [SBI $C3B62FC1] Recent open key (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-1829681468-3325977407-3042191813-1143\Software\Microsoft\Windows\CurrentVersion\Applets\Regedit\LastKey
Windows: [SBI $1E4E2003] Drivers installation paths (Registry Change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources
Windows: [SBI $1E4E2003] Drivers installation paths (Registry Change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources
Windows.OpenWith: [SBI $A1C94E79] Open with list - .BMP extension (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-1829681468-3325977407-3042191813-1143\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.BMP\OpenWithList
Windows.OpenWith: [SBI $ECC28BDF] Open with list - .CSV extension (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-1829681468-3325977407-3042191813-1143\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CSV\OpenWithList
Windows Explorer: [SBI $8390E60B] Network map history (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-1829681468-3325977407-3042191813-1143\Software\Microsoft\Windows\CurrentVersion\Explorer\Map Network Drive MRU
Windows Explorer: [SBI $7308A845] Run history (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-1829681468-3325977407-3042191813-1143\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU
Windows Explorer: [SBI $AA0766B5] Stream history (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-1829681468-3325977407-3042191813-1143\Software\Microsoft\Windows\CurrentVersion\Explorer\StreamMRU
Windows Explorer: [SBI $D20DA0AD] Recent file global history (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-1829681468-3325977407-3042191813-1143\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs
Windows Explorer: [SBI $D20DA0AD] Recent file global history (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-2524561109-972703396-2741487341-500\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs
Windows Media SDK: [SBI $37AAEDE6] Computer name (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-1829681468-3325977407-3042191813-1143\Software\Microsoft\Windows Media\WMSDK\General\ComputerName
Windows Media SDK: [SBI $37AAEDE6] Computer name (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-2524561109-972703396-2741487341-500\Software\Microsoft\Windows Media\WMSDK\General\ComputerName
Windows Media SDK: [SBI $CAA58B6E] Unique ID (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-1829681468-3325977407-3042191813-1143\Software\Microsoft\Windows Media\WMSDK\General\UniqueID
Windows Media SDK: [SBI $CAA58B6E] Unique ID (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-2524561109-972703396-2741487341-500\Software\Microsoft\Windows Media\WMSDK\General\UniqueID
Windows Media SDK: [SBI $BACCD0DA] Volume serial number (Registry Value, nothing done)
HKEY_USERS\S-1-5-21-1829681468-3325977407-3042191813-1143\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber
Windows Media SDK: [SBI $BACCD0DA] Volume serial number (Registry Value, nothing done)
HKEY_USERS\S-1-5-21-2524561109-972703396-2741487341-500\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber
Cookie: [SBI $49804B54] Browser: Cookie (29) (Browser: Cookie, nothing done)
Cache: [SBI $49804B54] Browser: Cache (4) (Browser: Cache, nothing done)
Verlauf: [SBI $49804B54] Browser: History (10505) (Browser: History, nothing done)
Cookie: [SBI $49804B54] Browser: Cookie (99) (Browser: Cookie, nothing done)
--- Spybot - Search & Destroy version: 2.1.18.131 DLL (build: 20130516) ---
2013-09-20 blindman.exe (2.2.18.151)
2013-09-20 explorer.exe (2.2.18.177)
2013-09-20 SDBootCD.exe (2.2.18.109)
2013-09-20 SDCleaner.exe (2.2.18.110)
2013-09-20 SDDelFile.exe (2.2.18.94)
2013-06-18 SDDisableProxy.exe
2013-09-20 SDFiles.exe (2.2.18.135)
2013-09-20 SDFileScanHelper.exe (2.2.16.1)
2013-10-15 SDFSSvc.exe (2.2.25.211)
2013-10-10 SDHookHelper.exe (2.3.30.2)
2013-10-10 SDHookInst32.exe (2.3.30.2)
2013-10-10 SDHookInst64.exe (2.3.30.2)
2013-09-20 SDImmunize.exe (2.2.18.130)
2013-05-16 SDLogReport.exe (2.1.18.107)
2013-10-14 SDOnAccess.exe (2.2.25.4)
2013-09-20 SDPESetup.exe (2.2.18.3)
2013-09-20 SDPEStart.exe (2.2.18.86)
2013-09-20 SDPhoneScan.exe (2.2.18.28)
2013-09-20 SDPRE.exe (2.2.18.22)
2013-09-20 SDPrepPos.exe (2.2.18.10)
2013-09-20 SDQuarantine.exe (2.2.18.103)
2013-09-20 SDRootAlyzer.exe (2.2.18.116)
2013-09-20 SDScan.exe (2.2.18.177)
2013-10-15 SDSettings.exe (2.2.25.138)
2013-09-20 SDShell.exe (2.2.18.2)
2013-09-20 SDShred.exe (2.2.18.107)
2013-09-20 SDSysRepair.exe (2.2.18.101)
2013-09-20 SDTools.exe (2.2.18.150)
2013-07-25 SDTray.exe (2.1.21.129)
2013-09-20 SDUpdate.exe (2.2.18.91)
2013-09-20 SDUpdSvc.exe (2.2.18.76)
2013-09-20 SDWelcome.exe (2.2.21.129)
2012-03-22 SDWSCSvc.exe (2.0.8.2)
2013-06-19 spybotsd2-translation-frx.exe
2014-04-24 unins000.exe (51.1052.0.0)
1999-12-02 xcacls.exe
2012-08-23 borlndmm.dll (10.0.2288.42451)
2012-09-05 DelZip190.dll (1.9.0.107)
2012-09-10 libeay32.dll (1.0.0.4)
2012-09-10 libssl32.dll (1.0.0.4)
2013-05-16 SDAdvancedCheckLibrary.dll (2.1.18.98)
2013-05-16 SDAV.dll
2013-05-16 SDECon32.dll (2.1.18.113)
2013-05-16 SDECon64.dll (2.1.18.113)
2013-04-05 SDEvents.dll (2.1.16.2)
2013-10-14 SDFileScanLibrary.dll (2.2.25.14)
2013-10-10 SDHook32.dll (2.3.30.2)
2013-10-10 SDHook64.dll (2.3.30.2)
2013-05-16 SDImmunizeLibrary.dll (2.1.18.2)
2013-05-16 SDLicense.dll (2.1.18.0)
2013-05-16 SDLists.dll (2.1.18.4)
2013-05-16 SDResources.dll (2.1.18.7)
2013-05-16 SDScanLibrary.dll (2.1.18.131)
2013-05-16 SDTasks.dll (2.1.18.15)
2013-05-16 SDWinLogon.dll (2.1.18.0)
2012-08-23 sqlite3.dll
2012-09-10 ssleay32.dll (1.0.0.4)
2013-05-16 Tools.dll (2.1.18.36)
2014-03-05 Includes\Adware-000.sbi (*)
2014-01-08 Includes\Adware-001.sbi (*)
2014-04-22 Includes\Adware-C.sbi (*)
2014-01-13 Includes\Adware.sbi (*)
2014-01-13 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2014-01-08 Includes\Dialer-000.sbi (*)
2014-01-08 Includes\Dialer-001.sbi (*)
2014-01-08 Includes\Dialer-C.sbi (*)
2014-01-13 Includes\Dialer.sbi (*)
2014-01-13 Includes\DialerC.sbi (*)
2014-01-09 Includes\Fraud-000.sbi (*)
2014-01-09 Includes\Fraud-001.sbi (*)
2014-03-31 Includes\Fraud-002.sbi (*)
2014-01-09 Includes\Fraud-003.sbi (*)
2012-11-14 Includes\HeavyDuty.sbi (*)
2014-01-08 Includes\Hijackers-000.sbi (*)
2014-01-08 Includes\Hijackers-001.sbi (*)
2014-01-08 Includes\Hijackers-C.sbi (*)
2014-01-13 Includes\Hijackers.sbi (*)
2014-01-13 Includes\HijackersC.sbi (*)
2014-01-08 Includes\iPhone-000.sbi (*)
2014-01-08 Includes\iPhone.sbi (*)
2014-01-08 Includes\Keyloggers-000.sbi (*)
2014-03-19 Includes\Keyloggers-C.sbi (*)
2014-01-13 Includes\Keyloggers.sbi (*)
2014-01-13 Includes\KeyloggersC.sbi (*)
2014-01-09 Includes\Malware-001.sbi (*)
2014-01-09 Includes\Malware-002.sbi (*)
2014-02-05 Includes\Malware-003.sbi (*)
2014-01-28 Includes\Malware-004.sbi (*)
2014-04-15 Includes\Malware-005.sbi (*)
2014-02-26 Includes\Malware-006.sbi (*)
2014-01-09 Includes\Malware-007.sbi (*)
2014-04-22 Includes\Malware-C.sbi (*)
2014-01-13 Includes\Malware.sbi (*)
2013-12-23 Includes\MalwareC.sbi (*)
2014-01-15 Includes\PUPS-000.sbi (*)
2014-01-15 Includes\PUPS-001.sbi (*)
2014-01-15 Includes\PUPS-002.sbi (*)
2014-04-22 Includes\PUPS-C.sbi (*)
2012-11-14 Includes\PUPS.sbi (*)
2014-01-07 Includes\PUPSC.sbi (*)
2014-01-08 Includes\Security-000.sbi (*)
2014-01-08 Includes\Security-C.sbi (*)
2014-01-21 Includes\Security.sbi (*)
2014-01-21 Includes\SecurityC.sbi (*)
2014-01-08 Includes\Spyware-000.sbi (*)
2014-01-08 Includes\Spyware-001.sbi (*)
2014-01-08 Includes\Spyware-C.sbi (*)
2014-01-21 Includes\Spyware.sbi (*)
2014-01-21 Includes\SpywareC.sbi (*)
2011-06-07 Includes\Tracks.sbi (*)
2012-11-19 Includes\Tracks.uti (*)
2014-01-15 Includes\Trojans-000.sbi (*)
2014-01-15 Includes\Trojans-001.sbi (*)
2014-01-15 Includes\Trojans-002.sbi (*)
2014-01-15 Includes\Trojans-003.sbi (*)
2014-01-15 Includes\Trojans-004.sbi (*)
2014-03-19 Includes\Trojans-005.sbi (*)
2014-01-15 Includes\Trojans-006.sbi (*)
2014-01-15 Includes\Trojans-007.sbi (*)
2014-01-15 Includes\Trojans-008.sbi (*)
2014-01-15 Includes\Trojans-009.sbi (*)
2014-04-22 Includes\Trojans-C.sbi (*)
2014-01-15 Includes\Trojans-OG-000.sbi (*)
2014-01-15 Includes\Trojans-TD-000.sbi (*)
2014-01-15 Includes\Trojans-VM-000.sbi (*)
2014-01-15 Includes\Trojans-VM-001.sbi (*)
2014-01-15 Includes\Trojans-VM-002.sbi (*)
2014-01-15 Includes\Trojans-VM-003.sbi (*)
2014-01-15 Includes\Trojans-VM-004.sbi (*)
2014-01-15 Includes\Trojans-VM-005.sbi (*)
2014-01-15 Includes\Trojans-VM-006.sbi (*)
2014-01-15 Includes\Trojans-VM-007.sbi (*)
2014-01-15 Includes\Trojans-VM-008.sbi (*)
2014-01-15 Includes\Trojans-VM-009.sbi (*)
2014-01-15 Includes\Trojans-VM-010.sbi (*)
2014-01-15 Includes\Trojans-VM-011.sbi (*)
2014-01-15 Includes\Trojans-VM-012.sbi (*)
2014-01-15 Includes\Trojans-VM-013.sbi (*)
2014-01-15 Includes\Trojans-VM-014.sbi (*)
2014-01-15 Includes\Trojans-VM-015.sbi (*)
2014-01-15 Includes\Trojans-VM-016.sbi (*)
2014-01-15 Includes\Trojans-VM-017.sbi (*)
2014-01-15 Includes\Trojans-VM-018.sbi (*)
2014-01-15 Includes\Trojans-VM-019.sbi (*)
2014-01-15 Includes\Trojans-VM-020.sbi (*)
2014-01-15 Includes\Trojans-VM-021.sbi (*)
2014-01-15 Includes\Trojans-VM-022.sbi (*)
2014-01-15 Includes\Trojans-VM-023.sbi (*)
2014-01-15 Includes\Trojans-VM-024.sbi (*)
2014-01-15 Includes\Trojans-ZB-000.sbi (*)
2014-01-15 Includes\Trojans-ZL-000.sbi (*)
2014-01-09 Includes\Trojans.sbi (*)
2014-01-16 Includes\TrojansC-01.sbi (*)
2014-01-16 Includes\TrojansC-02.sbi (*)
2014-01-16 Includes\TrojansC-03.sbi (*)
2014-01-16 Includes\TrojansC-04.sbi (*)
2014-01-16 Includes\TrojansC-05.sbi (*)
2014-01-09 Includes\TrojansC.sbi (*)
|
|
24.04.2014, 21:23
| #2 |
  | Windows 7 GData Antivirus Client und Taskmgr sowie einige *.exe starten nicht mehr Ich habe dein Thema in Arbeit und melde mich so schnell als möglich mit weiteren Anweisungen. Ich bedanke mich für deine Geduld  |
|
25.04.2014, 10:12
| #3 |
| | Windows 7 GData Antivirus Client und Taskmgr sowie einige *.exe starten nicht mehr Vielen Dank mort, ich habe eben noch zusätzlich festgestellt, dass Windows Update nicht funktioniert. Der Dient "Windows-Update" ist unter services.msc verschwunden.
__________________Hallo mort, REG Einträge, die mit ADWCleaner gefunden wurden, sind nach jedem Neustart wieder da. Die mit GMER gefundenen Einträge lassen sich nicht löschen/deaktivieren, Nach Rücksprache mit einem befreundetem Admin, komme ich um ein Neu Aufsetzen des Systems nicht herum  . Ich bitte Dich daher meinen Fall zu schließen und danke für die Zeit Mühe!Viel Erfolg weiterhin! Mfg Samos |
|
25.04.2014, 12:30
| #4 | |
| | Windows 7 GData Antivirus Client und Taskmgr sowie einige *.exe starten nicht mehr Hallo Samos und Ich werde dir bei der Bereinigung des Computers helfen.
Falls du noch nicht formatiert hast kanst du hier gerne weitermachen. Zitat:
Schritt 1 Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
|
|
25.04.2014, 15:16
| #5 |
| |  Windows 7 GData Antivirus Client und Taskmgr sowie einige *.exe starten nicht mehr Hallo mort, vielen Dank für die Lösung!!! Einzig der empfohlene TDSSKiller war in der Lage, den Befall zu beheben (ADWCleaner z. B. nicht). Beim ersten Scandurchgang wurde ein Befall festgestellt (Log 1) nach dem Neustart habe ich den Scan nochmals gemacht (diesmal alles angehakt) und es wurde 2 mal "Rootkit.Win32.Necurs.gen" (Log2) gefunden und beseitigt. Seitdem funktioniert alles wieder bestens! Ich bin Dir sehr dankbar, weil ich viel Zeit für ein Neuaufsetzen des Systems gespart habe! Schönes Wochenende Samos Code:
ATTFilter 15:26:44.0067 0x0b74 TDSS rootkit removing tool 3.0.0.33 Apr 24 2014 14:02:50
15:26:44.0379 0x0b74 ============================================================
15:26:44.0379 0x0b74 Current date / time: 2014/04/25 15:26:44.0379
15:26:44.0379 0x0b74 SystemInfo:
15:26:44.0379 0x0b74
15:26:44.0379 0x0b74 OS Version: 6.1.7601 ServicePack: 1.0
15:26:44.0379 0x0b74 Product type: Workstation
15:26:44.0379 0x0b74 ComputerName:
15:26:44.0379 0x0b74 UserName:
15:26:44.0379 0x0b74 Windows directory: C:\Windows
15:26:44.0379 0x0b74 System windows directory: C:\Windows
15:26:44.0379 0x0b74 Running under WOW64
15:26:44.0379 0x0b74 Processor architecture: Intel x64
15:26:44.0379 0x0b74 Number of processors: 8
15:26:44.0379 0x0b74 Page size: 0x1000
15:26:44.0379 0x0b74 Boot type: Normal boot
15:26:44.0379 0x0b74 ============================================================
15:26:44.0410 0x0b74 BG loaded
15:26:47.0514 0x0b74 System UUID: {47825797-1968-70A5-E70A-EB250F488D52}
15:26:48.0341 0x0b74 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:26:48.0357 0x0b74 ============================================================
15:26:48.0357 0x0b74 \Device\Harddisk0\DR0:
15:26:48.0372 0x0b74 MBR partitions:
15:26:48.0372 0x0b74 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1880000
15:26:48.0372 0x0b74 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1894000, BlocksNum 0x23B9A000
15:26:48.0372 0x0b74 ============================================================
15:26:48.0450 0x0b74 C: <-> \Device\Harddisk0\DR0\Partition2
15:26:48.0450 0x0b74 ============================================================
15:26:48.0450 0x0b74 Initialize success
15:26:48.0450 0x0b74 ============================================================
15:26:58.0080 0x0cc4 ============================================================
15:26:58.0080 0x0cc4 Scan started
15:26:58.0080 0x0cc4 Mode: Manual;
15:26:58.0080 0x0cc4 ============================================================
15:26:58.0080 0x0cc4 KSN ping started
15:27:01.0310 0x0cc4 KSN ping finished: true
15:27:03.0509 0x0cc4 ================ Scan system memory ========================
15:27:03.0509 0x0cc4 System memory - ok
15:27:03.0509 0x0cc4 ================ Scan services =============================
15:27:04.0991 0x0cc4 [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
15:27:04.0991 0x0cc4 1394ohci - ok
15:27:05.0007 0x0cc4 Suspicious service (NoAccess): 1cbccdb6771da47b
15:27:05.0116 0x0cc4 [ 039015F79A88101FB4D195583DDAA964, 5C885D57B0B8EC27C83650EE15703CDACEA9E25410679BF4BB3DC04A51BE5325 ] 1cbccdb6771da47b C:\Windows\System32\Drivers\1cbccdb6771da47b.sys
15:27:05.0116 0x0cc4 Suspicious file ( NoAccess ): C:\Windows\System32\Drivers\1cbccdb6771da47b.sys. md5: 039015F79A88101FB4D195583DDAA964, sha256: 5C885D57B0B8EC27C83650EE15703CDACEA9E25410679BF4BB3DC04A51BE5325
15:27:05.0178 0x0cc4 1cbccdb6771da47b - detected Rootkit.Win32.Necurs.gen ( 0 )
15:27:07.0674 0x0cc4 1cbccdb6771da47b ( Rootkit.Win32.Necurs.gen ) - infected
15:27:07.0674 0x0cc4 Force sending object to P2P due to detect: C:\Windows\System32\Drivers\1cbccdb6771da47b.sys
15:27:10.0202 0x0cc4 Object send P2P result: true
15:27:13.0946 0x0cc4 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI C:\Windows\system32\drivers\ACPI.sys
15:27:13.0961 0x0cc4 ACPI - ok
15:27:13.0992 0x0cc4 [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
15:27:14.0008 0x0cc4 AcpiPmi - ok
15:27:14.0304 0x0cc4 [ B362181ED3771DC03B4141927C80F801, 69514E5177A0AEA89C27C2234712F9F82E8D8F99E1FD4273898C9324C6FF7472 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
15:27:14.0304 0x0cc4 AdobeARMservice - ok
15:27:14.0788 0x0cc4 [ 9D96B0D5855FD1B98023B3EEC9F06786, E4C79233158BE8AA4E9C6DD71585E5D2703A5156531EB3D692D7D81BC443E844 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
15:27:14.0819 0x0cc4 AdobeFlashPlayerUpdateSvc - ok
15:27:14.0866 0x0cc4 [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
15:27:14.0882 0x0cc4 adp94xx - ok
15:27:14.0928 0x0cc4 [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci C:\Windows\system32\drivers\adpahci.sys
15:27:14.0944 0x0cc4 adpahci - ok
15:27:15.0053 0x0cc4 [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
15:27:15.0053 0x0cc4 adpu320 - ok
15:27:15.0116 0x0cc4 [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
15:27:15.0116 0x0cc4 AeLookupSvc - ok
15:27:15.0240 0x0cc4 [ 79059559E89D06E8B80CE2944BE20228, 6E041D2FED2D0C3D8E16E56CB61D3245F9144EA92F5BDC9A4AA30598D1C8E6EE ] AFD C:\Windows\system32\drivers\afd.sys
15:27:15.0240 0x0cc4 AFD - ok
15:27:15.0272 0x0cc4 [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440 C:\Windows\system32\drivers\agp440.sys
15:27:15.0272 0x0cc4 agp440 - ok
15:27:15.0287 0x0cc4 [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG C:\Windows\System32\alg.exe
15:27:15.0287 0x0cc4 ALG - ok
15:27:15.0334 0x0cc4 [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide C:\Windows\system32\drivers\aliide.sys
15:27:15.0334 0x0cc4 aliide - ok
15:27:15.0412 0x0cc4 [ B9C8770F3061582DA3F9AB39071DEE37, 058C948F10B54EBDB95025A9EAC55F45CF3616BA834A1733B80A269E4ADF391B ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
15:27:15.0412 0x0cc4 AMD External Events Utility - ok
15:27:15.0584 0x0cc4 [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide C:\Windows\system32\drivers\amdide.sys
15:27:15.0584 0x0cc4 amdide - ok
15:27:15.0615 0x0cc4 [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
15:27:15.0615 0x0cc4 AmdK8 - ok
15:27:16.0083 0x0cc4 [ 31D7999C389C7F1EFFD4B861B64ECAA9, 50D9EE9F3D85D65ED50A87C70284FA130348464C314960EFED4232787016C7C8 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
15:27:16.0208 0x0cc4 amdkmdag - ok
15:27:16.0254 0x0cc4 [ 48E49CB63CB14E1A6EE80A14381213B0, 7A150F1D8B8C9FD5BFAB76C8999AD08F0771DE9D824D64F829B04E09CE29EB33 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
15:27:16.0270 0x0cc4 amdkmdap - ok
15:27:16.0286 0x0cc4 [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
15:27:16.0301 0x0cc4 AmdPPM - ok
15:27:16.0332 0x0cc4 [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata C:\Windows\system32\drivers\amdsata.sys
15:27:16.0348 0x0cc4 amdsata - ok
15:27:16.0379 0x0cc4 [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
15:27:16.0395 0x0cc4 amdsbs - ok
15:27:16.0395 0x0cc4 [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata C:\Windows\system32\drivers\amdxata.sys
15:27:16.0395 0x0cc4 amdxata - ok
15:27:16.0410 0x0cc4 [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID C:\Windows\system32\drivers\appid.sys
15:27:16.0426 0x0cc4 AppID - ok
15:27:16.0457 0x0cc4 [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc C:\Windows\System32\appidsvc.dll
15:27:16.0457 0x0cc4 AppIDSvc - ok
15:27:16.0488 0x0cc4 [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo C:\Windows\System32\appinfo.dll
15:27:16.0504 0x0cc4 Appinfo - ok
15:27:16.0535 0x0cc4 [ 4ABA3E75A76195A3E38ED2766C962899, E2001ACD44DA270B8289DA362D26416676301773AB22616C211F31CF2E7869AA ] AppMgmt C:\Windows\System32\appmgmts.dll
15:27:16.0535 0x0cc4 AppMgmt - ok
15:27:16.0535 0x0cc4 [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc C:\Windows\system32\drivers\arc.sys
15:27:16.0551 0x0cc4 arc - ok
15:27:16.0551 0x0cc4 [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas C:\Windows\system32\drivers\arcsas.sys
15:27:16.0551 0x0cc4 arcsas - ok
15:27:16.0676 0x0cc4 [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
15:27:16.0722 0x0cc4 aspnet_state - ok
15:27:16.0754 0x0cc4 [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
15:27:16.0754 0x0cc4 AsyncMac - ok
15:27:16.0800 0x0cc4 [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi C:\Windows\system32\drivers\atapi.sys
15:27:16.0800 0x0cc4 atapi - ok
15:27:16.0894 0x0cc4 [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
15:27:16.0910 0x0cc4 AudioEndpointBuilder - ok
15:27:16.0956 0x0cc4 [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioSrv C:\Windows\System32\Audiosrv.dll
15:27:16.0972 0x0cc4 AudioSrv - ok
15:27:17.0034 0x0cc4 AVKWCtl - ok
15:27:17.0112 0x0cc4 [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV C:\Windows\System32\AxInstSV.dll
15:27:17.0112 0x0cc4 AxInstSV - ok
15:27:17.0190 0x0cc4 [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
15:27:17.0222 0x0cc4 b06bdrv - ok
15:27:17.0300 0x0cc4 [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
15:27:17.0300 0x0cc4 b57nd60a - ok
15:27:17.0378 0x0cc4 [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC C:\Windows\System32\bdesvc.dll
15:27:17.0378 0x0cc4 BDESVC - ok
15:27:17.0409 0x0cc4 [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep C:\Windows\system32\drivers\Beep.sys
15:27:17.0409 0x0cc4 Beep - ok
15:27:17.0487 0x0cc4 [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE C:\Windows\System32\bfe.dll
15:27:17.0502 0x0cc4 BFE - ok
15:27:17.0580 0x0cc4 [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS C:\Windows\System32\qmgr.dll
15:27:17.0612 0x0cc4 BITS - ok
15:27:17.0658 0x0cc4 [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
15:27:17.0658 0x0cc4 blbdrive - ok
15:27:17.0752 0x0cc4 [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
15:27:17.0752 0x0cc4 bowser - ok
15:27:17.0783 0x0cc4 [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
15:27:17.0783 0x0cc4 BrFiltLo - ok
15:27:17.0783 0x0cc4 [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
15:27:17.0799 0x0cc4 BrFiltUp - ok
15:27:18.0407 0x0cc4 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser C:\Windows\System32\browser.dll
15:27:20.0420 0x0cc4 Browser - ok
15:27:20.0466 0x0cc4 [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid C:\Windows\System32\Drivers\Brserid.sys
15:27:20.0482 0x0cc4 Brserid - ok
15:27:20.0498 0x0cc4 [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
15:27:20.0498 0x0cc4 BrSerWdm - ok
15:27:20.0498 0x0cc4 [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
15:27:20.0513 0x0cc4 BrUsbMdm - ok
15:27:20.0513 0x0cc4 [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
15:27:20.0513 0x0cc4 BrUsbSer - ok
15:27:20.0529 0x0cc4 [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
15:27:20.0529 0x0cc4 BTHMODEM - ok
15:27:20.0576 0x0cc4 [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv C:\Windows\system32\bthserv.dll
15:27:20.0576 0x0cc4 bthserv - ok
15:27:20.0607 0x0cc4 [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
15:27:20.0622 0x0cc4 cdfs - ok
15:27:20.0654 0x0cc4 [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
15:27:20.0654 0x0cc4 cdrom - ok
15:27:20.0685 0x0cc4 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc C:\Windows\System32\certprop.dll
15:27:20.0700 0x0cc4 CertPropSvc - ok
15:27:20.0732 0x0cc4 [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass C:\Windows\system32\drivers\circlass.sys
15:27:20.0732 0x0cc4 circlass - ok
15:27:20.0841 0x0cc4 [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS C:\Windows\system32\CLFS.sys
15:27:20.0872 0x0cc4 CLFS - ok
15:27:21.0106 0x0cc4 [ D88040F816FDA31C3B466F0FA0918F29, 39D3630E623DA25B8444B6D3AAAB16B98E7E289C5619E19A85D47B74C71449F3 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:27:21.0106 0x0cc4 clr_optimization_v2.0.50727_32 - ok
15:27:21.0246 0x0cc4 [ D1CEEA2B47CB998321C579651CE3E4F8, 654013B8FD229A50017B08DEC6CA19C7DDA8CE0771260E057A92625201D539B1 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:27:21.0246 0x0cc4 clr_optimization_v2.0.50727_64 - ok
15:27:21.0558 0x0cc4 [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:27:22.0385 0x0cc4 clr_optimization_v4.0.30319_32 - ok
15:27:22.0385 0x0cc4 [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
15:27:22.0572 0x0cc4 clr_optimization_v4.0.30319_64 - ok
15:27:22.0604 0x0cc4 [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
15:27:22.0619 0x0cc4 CmBatt - ok
15:27:22.0650 0x0cc4 [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide C:\Windows\system32\drivers\cmdide.sys
15:27:22.0650 0x0cc4 cmdide - ok
15:27:22.0728 0x0cc4 [ EBF28856F69CF094A902F884CF989706, AD6C9F0BC20AA49EEE5478DA0F856F0EA2B414B63208C5FFB03C9D7F5B59765F ] CNG C:\Windows\system32\Drivers\cng.sys
15:27:22.0728 0x0cc4 CNG - ok
15:27:22.0760 0x0cc4 [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
15:27:22.0775 0x0cc4 Compbatt - ok
15:27:22.0791 0x0cc4 [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
15:27:22.0791 0x0cc4 CompositeBus - ok
15:27:22.0806 0x0cc4 COMSysApp - ok
15:27:22.0838 0x0cc4 [ 3CA734CE373E5675FBC15CA2C45228E5, A6C6E9FABDE5EA18D266DB71C0CC6B51D682116D1898CCB4E9BA730F15C44B32 ] cpudrv64 C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys
15:27:22.0853 0x0cc4 cpudrv64 - ok
15:27:22.0853 0x0cc4 [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
15:27:22.0869 0x0cc4 crcdisk - ok
15:27:22.0916 0x0cc4 [ 6B400F211BEE880A37A1ED0368776BF4, 2F27C6FA96A1C8CBDA467846DA57E63949A7EA37DB094B13397DDD30114295BD ] CryptSvc C:\Windows\system32\cryptsvc.dll
15:27:22.0916 0x0cc4 CryptSvc - ok
15:27:22.0962 0x0cc4 [ 54DA3DFD29ED9F1619B6F53F3CE55E49, 9177C6907A983296BF188892A894B668A09FFA058FD56B50FE12940D54B0FA5E ] CSC C:\Windows\system32\drivers\csc.sys
15:27:22.0962 0x0cc4 CSC - ok
15:27:23.0134 0x0cc4 [ 3AB183AB4D2C79DCF459CD2C1266B043, 72B0187EBA9DC74E61EC5CB3DC24058DDB768843E865801894AAEAA211610C56 ] CscService C:\Windows\System32\cscsvc.dll
15:27:23.0150 0x0cc4 CscService - ok
15:27:23.0274 0x0cc4 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch C:\Windows\system32\rpcss.dll
15:27:23.0274 0x0cc4 DcomLaunch - ok
15:27:23.0321 0x0cc4 [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc C:\Windows\System32\defragsvc.dll
15:27:23.0321 0x0cc4 defragsvc - ok
15:27:23.0337 0x0cc4 [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC C:\Windows\system32\Drivers\dfsc.sys
15:27:23.0337 0x0cc4 DfsC - ok
15:27:23.0415 0x0cc4 [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp C:\Windows\system32\dhcpcore.dll
15:27:23.0415 0x0cc4 Dhcp - ok
15:27:23.0493 0x0cc4 [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache C:\Windows\system32\drivers\discache.sys
15:27:23.0493 0x0cc4 discache - ok
15:27:23.0540 0x0cc4 [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk C:\Windows\system32\drivers\disk.sys
15:27:23.0540 0x0cc4 Disk - ok
15:27:23.0602 0x0cc4 [ 5DB085A8A6600BE6401F2B24EECB5415, 5FC5C7C1B4DB7BF6EFD0992E91DB41FD047E90D1ABA0B8F868CB72557F88FB13 ] dmvsc C:\Windows\system32\drivers\dmvsc.sys
15:27:23.0602 0x0cc4 dmvsc - ok
15:27:23.0664 0x0cc4 [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache C:\Windows\System32\dnsrslvr.dll
15:27:23.0664 0x0cc4 Dnscache - ok
15:27:23.0742 0x0cc4 [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc C:\Windows\System32\dot3svc.dll
15:27:23.0758 0x0cc4 dot3svc - ok
15:27:23.0805 0x0cc4 [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS C:\Windows\system32\dps.dll
15:27:23.0820 0x0cc4 DPS - ok
15:27:23.0852 0x0cc4 [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
15:27:23.0867 0x0cc4 drmkaud - ok
15:27:23.0961 0x0cc4 [ 88612F1CE3BF42256913BF6E61C70D52, 7CF190F83FA8F15C33008EB381D3E345CEF37CBC046227DED26B36799EF4D9A7 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
15:27:23.0976 0x0cc4 DXGKrnl - ok
15:27:24.0054 0x0cc4 [ BA01A130D2B850CA87483CE6AC1A2BBA, DFF760DB1A6F60A856D64F01C67B8FC075ABED9DD80FFA50AA681296FF56FCE0 ] e1cexpress C:\Windows\system32\DRIVERS\e1c62x64.sys
15:27:24.0054 0x0cc4 e1cexpress - ok
15:27:24.0070 0x0cc4 [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost C:\Windows\System32\eapsvc.dll
15:27:24.0070 0x0cc4 EapHost - ok
15:27:24.0507 0x0cc4 [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv C:\Windows\system32\drivers\evbda.sys
15:27:24.0600 0x0cc4 ebdrv - ok
15:27:24.0663 0x0cc4 [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] EFS C:\Windows\System32\lsass.exe
15:27:24.0663 0x0cc4 EFS - ok
15:27:24.0788 0x0cc4 [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
15:27:24.0819 0x0cc4 ehRecvr - ok
15:27:24.0834 0x0cc4 [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched C:\Windows\ehome\ehsched.exe
15:27:24.0834 0x0cc4 ehSched - ok
15:27:24.0897 0x0cc4 [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor C:\Windows\system32\drivers\elxstor.sys
15:27:24.0912 0x0cc4 elxstor - ok
15:27:24.0928 0x0cc4 [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev C:\Windows\system32\drivers\errdev.sys
15:27:24.0928 0x0cc4 ErrDev - ok
15:27:24.0959 0x0cc4 [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem C:\Windows\system32\es.dll
15:27:24.0975 0x0cc4 EventSystem - ok
15:27:25.0006 0x0cc4 [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat C:\Windows\system32\drivers\exfat.sys
15:27:25.0006 0x0cc4 exfat - ok
15:27:25.0022 0x0cc4 [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat C:\Windows\system32\drivers\fastfat.sys
15:27:25.0037 0x0cc4 fastfat - ok
15:27:25.0084 0x0cc4 [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax C:\Windows\system32\fxssvc.exe
15:27:25.0100 0x0cc4 Fax - ok
15:27:25.0100 0x0cc4 [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc C:\Windows\system32\drivers\fdc.sys
15:27:25.0100 0x0cc4 fdc - ok
15:27:25.0115 0x0cc4 [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost C:\Windows\system32\fdPHost.dll
15:27:25.0115 0x0cc4 fdPHost - ok
15:27:25.0131 0x0cc4 [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub C:\Windows\system32\fdrespub.dll
15:27:25.0131 0x0cc4 FDResPub - ok
15:27:25.0162 0x0cc4 [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
15:27:25.0162 0x0cc4 FileInfo - ok
15:27:25.0178 0x0cc4 [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
15:27:25.0178 0x0cc4 Filetrace - ok
15:27:25.0178 0x0cc4 [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
15:27:25.0178 0x0cc4 flpydisk - ok
15:27:25.0193 0x0cc4 [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
15:27:25.0209 0x0cc4 FltMgr - ok
15:27:25.0334 0x0cc4 [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache C:\Windows\system32\FntCache.dll
15:27:25.0349 0x0cc4 FontCache - ok
15:27:25.0458 0x0cc4 [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:27:25.0458 0x0cc4 FontCache3.0.0.0 - ok
15:27:25.0490 0x0cc4 [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
15:27:25.0505 0x0cc4 FsDepends - ok
15:27:25.0536 0x0cc4 [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
15:27:25.0536 0x0cc4 Fs_Rec - ok
15:27:25.0583 0x0cc4 [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
15:27:25.0583 0x0cc4 fvevol - ok
15:27:25.0599 0x0cc4 [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
15:27:25.0599 0x0cc4 gagp30kx - ok
15:27:25.0599 0x0cc4 GDBehave - ok
15:27:25.0614 0x0cc4 GDMnIcpt - ok
15:27:25.0661 0x0cc4 [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc C:\Windows\System32\gpsvc.dll
15:27:25.0677 0x0cc4 gpsvc - ok
15:27:25.0692 0x0cc4 [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
15:27:25.0692 0x0cc4 hcw85cir - ok
15:27:25.0724 0x0cc4 [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
15:27:25.0724 0x0cc4 HDAudBus - ok
15:27:25.0724 0x0cc4 [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
15:27:25.0724 0x0cc4 HidBatt - ok
15:27:25.0739 0x0cc4 [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth C:\Windows\system32\drivers\hidbth.sys
15:27:25.0739 0x0cc4 HidBth - ok
15:27:25.0770 0x0cc4 [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr C:\Windows\system32\drivers\hidir.sys
15:27:25.0770 0x0cc4 HidIr - ok
15:27:25.0786 0x0cc4 [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv C:\Windows\system32\hidserv.dll
15:27:25.0802 0x0cc4 hidserv - ok
15:27:25.0833 0x0cc4 [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb C:\Windows\system32\drivers\hidusb.sys
15:27:25.0833 0x0cc4 HidUsb - ok
15:27:25.0848 0x0cc4 [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc C:\Windows\system32\kmsvc.dll
15:27:25.0848 0x0cc4 hkmsvc - ok
15:27:25.0864 0x0cc4 [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
15:27:25.0880 0x0cc4 HomeGroupListener - ok
15:27:25.0895 0x0cc4 [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
15:27:25.0895 0x0cc4 HomeGroupProvider - ok
15:27:25.0926 0x0cc4 [ 4CA17EE22B340DE8B85F6CEB3445E6DB, EE9D30CCDC80C16DA25F8054CF152586A3CCBACF2EEBE279C3BF7175D15375BB ] HookCentre C:\Windows\system32\drivers\HookCentre.sys
15:27:25.0926 0x0cc4 HookCentre - ok
15:27:25.0958 0x0cc4 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
15:27:25.0958 0x0cc4 HpSAMD - ok
15:27:25.0989 0x0cc4 [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP C:\Windows\system32\drivers\HTTP.sys
15:27:26.0004 0x0cc4 HTTP - ok
15:27:26.0020 0x0cc4 [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
15:27:26.0020 0x0cc4 hwpolicy - ok
15:27:26.0051 0x0cc4 [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
15:27:26.0051 0x0cc4 i8042prt - ok
15:27:26.0082 0x0cc4 [ D7921D5A870B11CC1ADAB198A519D50A, 5DF99EB5D5504E9D9EB21658E8B4A58DEE2AD143A1875DB7F9B7BF4877FCB57F ] iaStor C:\Windows\system32\drivers\iaStor.sys
15:27:26.0098 0x0cc4 iaStor - ok
15:27:26.0160 0x0cc4 [ 8FFF9083252C16FE3960173722605E9E, 6546FDA34B9AF94C5E86E5269BBC2F02F1E78D6D4BE5B5EC01F4B284CC934994 ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
15:27:26.0160 0x0cc4 IAStorDataMgrSvc - ok
15:27:26.0176 0x0cc4 [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
15:27:26.0192 0x0cc4 iaStorV - ok
15:27:26.0363 0x0cc4 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD, 2B9512324DBA4A97F6AC34E8067EE08E3B6874CD60F6CB4209AFC22A34D2BE99 ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:27:26.0410 0x0cc4 idsvc - ok
15:27:26.0426 0x0cc4 IEEtwCollectorService - ok
15:27:26.0441 0x0cc4 [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp C:\Windows\system32\drivers\iirsp.sys
15:27:26.0457 0x0cc4 iirsp - ok
15:27:26.0504 0x0cc4 [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT C:\Windows\System32\ikeext.dll
15:27:26.0519 0x0cc4 IKEEXT - ok
15:27:26.0597 0x0cc4 [ 19F9D8F7C996D5AE22E913491C912009, 1E733E34F2D39203216F3542F1A5818F3EA21CE51F434FE3B255CB6BF0B048FC ] IntcAzAudAddService C:\Windows\system32\drivers\RTDVHD64.sys
15:27:26.0597 0x0cc4 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\RTDVHD64.sys. md5: 19F9D8F7C996D5AE22E913491C912009, sha256: 1E733E34F2D39203216F3542F1A5818F3EA21CE51F434FE3B255CB6BF0B048FC
15:27:26.0597 0x0cc4 IntcAzAudAddService - detected LockedFile.Multi.Generic ( 1 )
15:27:29.0000 0x0cc4 Detect skipped due to KSN trusted
15:27:29.0000 0x0cc4 IntcAzAudAddService - ok
15:27:29.0031 0x0cc4 [ D7B978F4504D3DA95A21002863D0E7EE, 17B4B4F9334EF874FF7DF30C63D4541142DD0324F842050AC755B170F46C3159 ] Intel(R) PROSet Monitoring Service C:\Windows\system32\IProsetMonitor.exe
15:27:29.0031 0x0cc4 Intel(R) PROSet Monitoring Service - ok
15:27:29.0062 0x0cc4 [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide C:\Windows\system32\drivers\intelide.sys
15:27:29.0062 0x0cc4 intelide - ok
15:27:29.0109 0x0cc4 [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
15:27:29.0109 0x0cc4 intelppm - ok
15:27:29.0156 0x0cc4 [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum C:\Windows\system32\ipbusenum.dll
15:27:29.0171 0x0cc4 IPBusEnum - ok
15:27:29.0187 0x0cc4 [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:27:29.0187 0x0cc4 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\ipfltdrv.sys. md5: C9F0E1BD74365A8771590E9008D22AB6, sha256: 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51
15:27:29.0187 0x0cc4 IpFilterDriver - detected LockedFile.Multi.Generic ( 1 )
15:27:31.0589 0x0cc4 Detect skipped due to KSN trusted
15:27:31.0589 0x0cc4 IpFilterDriver - ok
15:27:32.0057 0x0cc4 [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
15:27:32.0073 0x0cc4 iphlpsvc - ok
15:27:32.0120 0x0cc4 [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
15:27:32.0120 0x0cc4 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\IPMIDrv.sys. md5: 0FC1AEA580957AA8817B8F305D18CA3A, sha256: 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9
15:27:32.0120 0x0cc4 IPMIDRV - detected LockedFile.Multi.Generic ( 1 )
15:27:34.0584 0x0cc4 Detect skipped due to KSN trusted
15:27:34.0584 0x0cc4 IPMIDRV - ok
15:27:34.0694 0x0cc4 [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT C:\Windows\system32\drivers\ipnat.sys
15:27:34.0694 0x0cc4 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\ipnat.sys. md5: AF9B39A7E7B6CAA203B3862582E9F2D0, sha256: 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E
15:27:34.0694 0x0cc4 IPNAT - detected LockedFile.Multi.Generic ( 1 )
15:27:37.0096 0x0cc4 Detect skipped due to KSN trusted
15:27:37.0096 0x0cc4 IPNAT - ok
15:27:37.0704 0x0cc4 [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM C:\Windows\system32\drivers\irenum.sys
15:27:37.0704 0x0cc4 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\irenum.sys. md5: 3ABF5E7213EB28966D55D58B515D5CE9, sha256: A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE
15:27:37.0704 0x0cc4 IRENUM - detected LockedFile.Multi.Generic ( 1 )
15:27:40.0169 0x0cc4 Detect skipped due to KSN trusted
15:27:40.0169 0x0cc4 IRENUM - ok
15:27:40.0278 0x0cc4 [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp C:\Windows\system32\drivers\isapnp.sys
15:27:40.0278 0x0cc4 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\isapnp.sys. md5: 2F7B28DC3E1183E5EB418DF55C204F38, sha256: D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548
15:27:40.0278 0x0cc4 isapnp - detected LockedFile.Multi.Generic ( 1 )
15:27:42.0743 0x0cc4 Detect skipped due to KSN trusted
15:27:42.0743 0x0cc4 isapnp - ok
15:27:42.0837 0x0cc4 [ D931D7309DEB2317035B07C9F9E6B0BD, 13AD84172ED8C6153F8A98499C01733B74E48464CE07D099508E38D409913ED3 ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
15:27:42.0837 0x0cc4 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\msiscsi.sys. md5: D931D7309DEB2317035B07C9F9E6B0BD, sha256: 13AD84172ED8C6153F8A98499C01733B74E48464CE07D099508E38D409913ED3
15:27:42.0837 0x0cc4 iScsiPrt - detected LockedFile.Multi.Generic ( 1 )
15:27:45.0317 0x0cc4 Detect skipped due to KSN trusted
15:27:45.0317 0x0cc4 iScsiPrt - ok
15:27:45.0411 0x0cc4 [ 6C85719A21B3F62C2C76280F4BD36C7B, 471E333467937720EF9369419EEDE5C2246C976123B437E0AC66F394CF1C056A ] jhi_service C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
15:27:45.0426 0x0cc4 jhi_service - ok
15:27:45.0473 0x0cc4 [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
15:27:45.0473 0x0cc4 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\kbdclass.sys. md5: BC02336F1CBA7DCC7D1213BB588A68A5, sha256: 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93
15:27:45.0473 0x0cc4 kbdclass - detected LockedFile.Multi.Generic ( 1 )
15:27:47.0875 0x0cc4 Detect skipped due to KSN trusted
15:27:47.0875 0x0cc4 kbdclass - ok
15:27:47.0875 0x0cc4 [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
15:27:47.0875 0x0cc4 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\kbdhid.sys. md5: 0705EFF5B42A9DB58548EEC3B26BB484, sha256: 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99
15:27:47.0875 0x0cc4 kbdhid - detected LockedFile.Multi.Generic ( 1 )
15:27:50.0979 0x0cc4 Detect skipped due to KSN trusted
15:27:50.0979 0x0cc4 kbdhid - ok
15:27:51.0010 0x0cc4 [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] KeyIso C:\Windows\system32\lsass.exe
15:27:51.0010 0x0cc4 KeyIso - ok
15:27:51.0072 0x0cc4 [ 8F489706472F7E9A06BAAA198703FA64, F020406690FB38EABD82D63B91D33039CC93ED52A5497AE12BAF475F22D0B08A ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
15:27:51.0072 0x0cc4 Suspicious file ( NoAccess ): C:\Windows\system32\Drivers\ksecdd.sys. md5: 8F489706472F7E9A06BAAA198703FA64, sha256: F020406690FB38EABD82D63B91D33039CC93ED52A5497AE12BAF475F22D0B08A
15:27:51.0072 0x0cc4 KSecDD - detected LockedFile.Multi.Generic ( 1 )
15:27:53.0535 0x0cc4 Detect skipped due to KSN trusted
15:27:53.0535 0x0cc4 KSecDD - ok
15:27:53.0551 0x0cc4 [ 868A2CAAB12EFC7A021682BCA0EEC54C, 12C4925B5B3D6EA7B6410C01F33158C6EAB50CBD6AF445F8B04ED9899720C2DD ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
15:27:53.0551 0x0cc4 Suspicious file ( NoAccess ): C:\Windows\system32\Drivers\ksecpkg.sys. md5: 868A2CAAB12EFC7A021682BCA0EEC54C, sha256: 12C4925B5B3D6EA7B6410C01F33158C6EAB50CBD6AF445F8B04ED9899720C2DD
15:27:53.0551 0x0cc4 KSecPkg - detected LockedFile.Multi.Generic ( 1 )
15:27:55.0952 0x0cc4 Detect skipped due to KSN trusted
15:27:55.0952 0x0cc4 KSecPkg - ok
15:27:55.0983 0x0cc4 [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
15:27:55.0983 0x0cc4 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\ksthunk.sys. md5: 6869281E78CB31A43E969F06B57347C4, sha256: 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B
15:27:55.0983 0x0cc4 ksthunk - detected LockedFile.Multi.Generic ( 1 )
15:27:58.0446 0x0cc4 Detect skipped due to KSN trusted
15:27:58.0446 0x0cc4 ksthunk - ok
15:27:58.0680 0x0cc4 [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm C:\Windows\system32\msdtckrm.dll
15:27:58.0696 0x0cc4 KtmRm - ok
15:27:58.0742 0x0cc4 [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer C:\Windows\system32\srvsvc.dll
15:27:58.0742 0x0cc4 LanmanServer - ok
15:27:58.0758 0x0cc4 [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
15:27:58.0758 0x0cc4 LanmanWorkstation - ok
15:27:58.0789 0x0cc4 [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
15:27:58.0789 0x0cc4 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\lltdio.sys. md5: 1538831CF8AD2979A04C423779465827, sha256: E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C
15:27:58.0789 0x0cc4 lltdio - detected LockedFile.Multi.Generic ( 1 )
15:28:01.0268 0x0cc4 Detect skipped due to KSN trusted
15:28:01.0268 0x0cc4 lltdio - ok
15:28:01.0299 0x0cc4 [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc C:\Windows\System32\lltdsvc.dll
15:28:01.0315 0x0cc4 lltdsvc - ok
15:28:01.0346 0x0cc4 [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts C:\Windows\System32\lmhsvc.dll
15:28:01.0346 0x0cc4 lmhosts - ok
15:28:01.0408 0x0cc4 [ 713B289020B0C72DBAE93EB1EC79B28B, D15713E72D22D183C4AF7B75E74AF3F82F946C7B2AA841DB2B49D88FEF7C5853 ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
15:28:01.0424 0x0cc4 LMS - ok
15:28:01.0455 0x0cc4 [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
15:28:01.0455 0x0cc4 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\lsi_fc.sys. md5: 1A93E54EB0ECE102495A51266DCDB6A6, sha256: DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B
15:28:01.0455 0x0cc4 LSI_FC - detected LockedFile.Multi.Generic ( 1 )
15:28:03.0918 0x0cc4 Detect skipped due to KSN trusted
15:28:03.0918 0x0cc4 LSI_FC - ok
15:28:03.0934 0x0cc4 [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
15:28:03.0934 0x0cc4 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\lsi_sas.sys. md5: 1047184A9FDC8BDBFF857175875EE810, sha256: F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B
15:28:03.0934 0x0cc4 LSI_SAS - detected LockedFile.Multi.Generic ( 1 )
15:28:06.0276 0x0cc4 Detect skipped due to KSN trusted
15:28:06.0276 0x0cc4 LSI_SAS - ok
15:28:06.0303 0x0cc4 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
15:28:06.0303 0x0cc4 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\lsi_sas2.sys. md5: 30F5C0DE1EE8B5BC9306C1F0E4A75F93, sha256: 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06
15:28:06.0303 0x0cc4 LSI_SAS2 - detected LockedFile.Multi.Generic ( 1 )
15:28:08.0726 0x0cc4 Detect skipped due to KSN trusted
15:28:08.0726 0x0cc4 LSI_SAS2 - ok
15:28:08.0752 0x0cc4 [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
15:28:08.0753 0x0cc4 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\lsi_scsi.sys. md5: 0504EACAFF0D3C8AED161C4B0D369D4A, sha256: 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D
15:28:08.0753 0x0cc4 LSI_SCSI - detected LockedFile.Multi.Generic ( 1 )
15:28:11.0180 0x0cc4 Detect skipped due to KSN trusted
15:28:11.0180 0x0cc4 LSI_SCSI - ok
15:28:11.0191 0x0cc4 Scan was interrupted by user!
15:28:11.0227 0x0cc4 Win FW state via NFP2: enabled
15:28:13.0574 0x0cc4 ============================================================
15:28:13.0574 0x0cc4 Scan finished
15:28:13.0574 0x0cc4 ============================================================
15:28:13.0581 0x0c9c Detected object count: 1
15:28:13.0581 0x0c9c Actual detected object count: 1
15:28:18.0597 0x0c9c C:\Windows\System32\Drivers\1cbccdb6771da47b.sys - copied to quarantine
15:28:18.0597 0x0c9c HKLM\SYSTEM\ControlSet001\services\1cbccdb6771da47b - will be deleted on reboot
15:28:18.0610 0x0c9c HKLM\SYSTEM\ControlSet002\services\1cbccdb6771da47b - will be deleted on reboot
15:28:18.0769 0x0c9c C:\Windows\System32\Drivers\1cbccdb6771da47b.sys - will be deleted on reboot
15:28:18.0770 0x0c9c 1cbccdb6771da47b ( Rootkit.Win32.Necurs.gen ) - User select action: Delete
15:28:19.0639 0x0c9c KLMD registered as C:\Windows\system32\drivers\72731850.sys
15:28:27.0604 0x0b40 Deinitialize success
Geändert von Samos (25.04.2014 um 15:26 Uhr) Grund: Logs hinzugefügt |
|
25.04.2014, 15:28
| #6 |
| | Windows 7 GData Antivirus Client und Taskmgr sowie einige *.exe starten nicht mehr Log 2 gekürzt Code:
ATTFilter 15:43:27.0002 0x083c TDSS rootkit removing tool 3.0.0.33 Apr 24 2014 14:02:50
15:43:27.0377 0x083c ============================================================
15:43:27.0377 0x083c Current date / time: 2014/04/25 15:43:27.0377
15:43:27.0377 0x083c SystemInfo:
15:43:27.0377 0x083c
15:43:27.0377 0x083c OS Version: 6.1.7601 ServicePack: 1.0
15:43:27.0377 0x083c Product type: Workstation
15:43:27.0377 0x083c ComputerName:
15:43:27.0392 0x083c UserName:
15:43:27.0392 0x083c Windows directory: C:\Windows
15:43:27.0392 0x083c System windows directory: C:\Windows
15:43:27.0392 0x083c Running under WOW64
15:43:27.0392 0x083c Processor architecture: Intel x64
15:43:27.0392 0x083c Number of processors: 8
15:43:27.0392 0x083c Page size: 0x1000
15:43:27.0392 0x083c Boot type: Normal boot
15:43:27.0392 0x083c ============================================================
15:43:27.0392 0x083c BG loaded
15:43:27.0455 0x083c System UUID: {47825797-1968-70A5-E70A-EB250F488D52}
15:43:32.0431 0x083c Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:43:32.0431 0x083c ============================================================
15:43:32.0431 0x083c \Device\Harddisk0\DR0:
15:43:32.0431 0x083c MBR partitions:
15:43:32.0431 0x083c \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1880000
15:43:32.0431 0x083c \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1894000, BlocksNum 0x23B9A000
15:43:32.0431 0x083c ============================================================
15:43:32.0509 0x083c C: <-> \Device\Harddisk0\DR0\Partition2
15:43:32.0509 0x083c ============================================================
15:43:32.0509 0x083c Initialize success
15:43:32.0509 0x083c ============================================================
15:44:45.0567 0x1278 ============================================================
15:44:45.0567 0x1278 Scan started
15:44:45.0567 0x1278 Mode: Manual; SigCheck; TDLFS;
15:44:45.0567 0x1278 ============================================================
15:44:45.0567 0x1278 KSN ping started
15:44:48.0002 0x1278 KSN ping finished: true
15:44:49.0766 0x1278 ================ Scan system memory ========================
15:44:49.0766 0x1278 System memory - ok
15:44:49.0766 0x1278 ================ Scan services =============================
15:44:50.0015 0x1278 [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
15:44:50.0109 0x1278 1394ohci - ok
15:44:50.0125 0x1278 Suspicious service (NoAccess): 9ad6de89f537b53e
15:44:50.0140 0x1278 [ 3ACF9155739626FE2D65BFE1ED37B391, 8F9CD1C200B084F96281B341DA13BE7FEE0E677C4E5F2D0054867F83BC6D46C9 ] 9ad6de89f537b53e C:\Windows\System32\Drivers\9ad6de89f537b53e.sys
15:44:50.0140 0x1278 Suspicious file ( NoAccess ): C:\Windows\System32\Drivers\9ad6de89f537b53e.sys. md5: 3ACF9155739626FE2D65BFE1ED37B391, sha256: 8F9CD1C200B084F96281B341DA13BE7FEE0E677C4E5F2D0054867F83BC6D46C9
15:44:50.0156 0x1278 9ad6de89f537b53e - detected Rootkit.Win32.Necurs.gen ( 0 )
15:44:52.0684 0x1278 9ad6de89f537b53e ( Rootkit.Win32.Necurs.gen ) - infected
15:44:52.0684 0x1278 Force sending object to P2P due to detect: C:\Windows\System32\Drivers\9ad6de89f537b53e.sys
15:45:02.0018 0x1278 Object send P2P result: true
15:45:04.0563 0x1278 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI C:\Windows\system32\drivers\ACPI.sys
15:45:04.0563 0x1278 ACPI - ok
15:45:04.0625 0x1278 [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
15:45:04.0890 0x1278 AcpiPmi - ok
15:45:05.0203 0x1278 [ B362181ED3771DC03B4141927C80F801, 69514E5177A0AEA89C27C2234712F9F82E8D8F99E1FD4273898C9324C6FF7472 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
15:45:05.0203 0x1278 AdobeARMservice - ok
15:45:05.0796 0x1278 [ 9D96B0D5855FD1B98023B3EEC9F06786, E4C79233158BE8AA4E9C6DD71585E5D2703A5156531EB3D692D7D81BC443E844 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
15:45:05.0842 0x1278 AdobeFlashPlayerUpdateSvc - ok
15:45:05.0999 0x1278 [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
15:45:06.0030 0x1278 adp94xx - ok
15:45:06.0108 0x1278 [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci C:\Windows\system32\drivers\adpahci.sys
15:45:06.0139 0x1278 adpahci - ok
15:45:06.0201 0x1278 [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
15:45:06.0233 0x1278 adpu320 - ok
15:45:06.0280 0x1278 [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
15:45:07.0794 0x1278 AeLookupSvc - ok
15:45:07.0887 0x1278 [ 79059559E89D06E8B80CE2944BE20228, 6E041D2FED2D0C3D8E16E56CB61D3245F9144EA92F5BDC9A4AA30598D1C8E6EE ] AFD C:\Windows\system32\drivers\afd.sys
15:45:07.0996 0x1278 AFD - ok
15:45:08.0043 0x1278 [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440 C:\Windows\system32\drivers\agp440.sys
15:45:08.0043 0x1278 agp440 - ok
15:45:08.0106 0x1278 [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG C:\Windows\System32\alg.exe
15:45:08.0246 0x1278 ALG - ok
15:45:09.0027 0x1278 [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide C:\Windows\system32\drivers\aliide.sys
15:45:09.0042 0x1278 aliide - ok
15:45:09.0136 0x1278 [ B9C8770F3061582DA3F9AB39071DEE37, 058C948F10B54EBDB95025A9EAC55F45CF3616BA834A1733B80A269E4ADF391B ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
15:45:09.0745 0x1278 AMD External Events Utility - ok
15:45:09.0791 0x1278 [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide C:\Windows\system32\drivers\amdide.sys
15:45:09.0807 0x1278 amdide - ok
15:45:09.0823 0x1278 [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
15:45:09.0838 0x1278 AmdK8 - ok
15:45:10.0150 0x1278 [ 31D7999C389C7F1EFFD4B861B64ECAA9, 50D9EE9F3D85D65ED50A87C70284FA130348464C314960EFED4232787016C7C8 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
15:45:10.0369 0x1278 amdkmdag - ok
15:45:10.0400 0x1278 [ 48E49CB63CB14E1A6EE80A14381213B0, 7A150F1D8B8C9FD5BFAB76C8999AD08F0771DE9D824D64F829B04E09CE29EB33 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
15:45:10.0416 0x1278 amdkmdap - ok
15:45:10.0431 0x1278 [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
15:45:10.0463 0x1278 AmdPPM - ok
15:45:10.0494 0x1278 [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata C:\Windows\system32\drivers\amdsata.sys
15:45:10.0509 0x1278 amdsata - ok
15:45:10.0525 0x1278 [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
15:45:10.0525 0x1278 amdsbs - ok
15:45:10.0541 0x1278 [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata C:\Windows\system32\drivers\amdxata.sys
15:45:10.0541 0x1278 amdxata - ok
15:45:10.0556 0x1278 [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID C:\Windows\system32\drivers\appid.sys
15:45:11.0134 0x1278 AppID - ok
15:45:11.0166 0x1278 [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc C:\Windows\System32\appidsvc.dll
15:45:11.0213 0x1278 AppIDSvc - ok
15:45:11.0291 0x1278 [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo C:\Windows\System32\appinfo.dll
15:45:11.0322 0x1278 Appinfo - ok
15:45:11.0385 0x1278 [ 4ABA3E75A76195A3E38ED2766C962899, E2001ACD44DA270B8289DA362D26416676301773AB22616C211F31CF2E7869AA ] AppMgmt C:\Windows\System32\appmgmts.dll
15:45:11.0390 0x1278 AppMgmt - ok
15:45:11.0417 0x1278 [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc C:\Windows\system32\drivers\arc.sys
15:45:11.0425 0x1278 arc - ok
15:45:11.0446 0x1278 [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas C:\Windows\system32\drivers\arcsas.sys
15:45:11.0453 0x1278 arcsas - ok
15:45:11.0757 0x1278 [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
15:45:11.0835 0x1278 aspnet_state - ok
15:45:11.0881 0x1278 [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
15:45:12.0069 0x1278 AsyncMac - ok
15:45:12.0209 0x1278 [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi C:\Windows\system32\drivers\atapi.sys
15:45:12.0225 0x1278 atapi - ok
15:45:12.0381 0x1278 [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
15:45:12.0428 0x1278 AudioEndpointBuilder - ok
15:45:12.0459 0x1278 [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioSrv C:\Windows\System32\Audiosrv.dll
15:45:12.0490 0x1278 AudioSrv - ok
15:45:12.0646 0x1278 AVKWCtl - ok
15:45:12.0724 0x1278 [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV C:\Windows\System32\AxInstSV.dll
15:45:12.0912 0x1278 AxInstSV - ok
15:45:12.0958 0x1278 [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
15:45:13.0021 0x1278 b06bdrv - ok
15:45:13.0099 0x1278 [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
15:45:13.0146 0x1278 b57nd60a - ok
15:45:13.0193 0x1278 [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC C:\Windows\System32\bdesvc.dll
15:45:13.0224 0x1278 BDESVC - ok
15:45:13.0255 0x1278 [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep C:\Windows\system32\drivers\Beep.sys
15:45:13.0286 0x1278 Beep - ok
15:45:13.0364 0x1278 [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE C:\Windows\System32\bfe.dll
15:45:13.0411 0x1278 BFE - ok
15:45:13.0552 0x1278 [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS C:\Windows\System32\qmgr.dll
15:45:13.0598 0x1278 BITS - ok
15:45:13.0630 0x1278 [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
15:45:13.0645 0x1278 blbdrive - ok
15:45:13.0692 0x1278 [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
15:45:13.0723 0x1278 bowser - ok
15:45:13.0739 0x1278 [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
15:45:13.0754 0x1278 BrFiltLo - ok
15:45:13.0770 0x1278 [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
15:45:13.0770 0x1278 BrFiltUp - ok
15:45:13.0817 0x1278 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser C:\Windows\System32\browser.dll
15:45:13.0832 0x1278 Browser - ok
15:45:13.0848 0x1278 [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid C:\Windows\System32\Drivers\Brserid.sys
15:45:13.0879 0x1278 Brserid - ok
15:45:13.0879 0x1278 [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
15:45:13.0911 0x1278 BrSerWdm - ok
15:45:13.0911 0x1278 [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
15:45:13.0942 0x1278 BrUsbMdm - ok
15:45:13.0942 0x1278 [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
15:45:13.0957 0x1278 BrUsbSer - ok
15:45:13.0957 0x1278 [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
15:45:13.0973 0x1278 BTHMODEM - ok
15:45:14.0020 0x1278 [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv C:\Windows\system32\bthserv.dll
15:45:14.0035 0x1278 bthserv - ok
15:45:14.0051 0x1278 [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
15:45:14.0082 0x1278 cdfs - ok
15:45:14.0113 0x1278 [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
15:45:14.0129 0x1278 cdrom - ok
15:45:14.0160 0x1278 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc C:\Windows\System32\certprop.dll
15:45:14.0176 0x1278 CertPropSvc - ok
15:45:14.0191 0x1278 [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass C:\Windows\system32\drivers\circlass.sys
15:45:14.0207 0x1278 circlass - ok
15:45:14.0223 0x1278 [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS C:\Windows\system32\CLFS.sys
15:45:14.0238 0x1278 CLFS - ok
==============================
15:46:03.0649 0x1278 Scan finished
15:46:03.0649 0x1278 ============================================================
15:46:03.0649 0x1270 Detected object count: 2
15:46:03.0649 0x1270 Actual detected object count: 2
15:46:45.0077 0x1270 C:\Windows\System32\Drivers\9ad6de89f537b53e.sys - copied to quarantine
15:46:45.0092 0x1270 HKLM\SYSTEM\ControlSet001\services\9ad6de89f537b53e - will be deleted on reboot
15:46:45.0108 0x1270 HKLM\SYSTEM\ControlSet002\services\9ad6de89f537b53e - will be deleted on reboot
15:46:45.0280 0x1270 C:\Windows\System32\Drivers\9ad6de89f537b53e.sys - will be deleted on reboot
15:46:45.0280 0x1270 9ad6de89f537b53e ( Rootkit.Win32.Necurs.gen ) - User select action: Delete
15:46:45.0311 0x1270 C:\Windows\Installer\{2A05AD0F-BA3A-B16D-A14C-1E0D810830C6}\syshost.exe - copied to quarantine
15:46:45.0311 0x1270 HKLM\SYSTEM\ControlSet001\services\syshost32 - will be deleted on reboot
15:46:45.0326 0x1270 HKLM\SYSTEM\ControlSet002\services\syshost32 - will be deleted on reboot
15:46:45.0326 0x1270 C:\Windows\Installer\{2A05AD0F-BA3A-B16D-A14C-1E0D810830C6}\syshost.exe - will be deleted on reboot
15:46:45.0326 0x1270 syshost32 ( Rootkit.Win32.Necurs.gen ) - User select action: Delete
15:46:45.0389 0x1270 KLMD registered as C:\Windows\system32\drivers\89153646.sys
15:47:04.0010 0x0ba8 Deinitialize success
|
|
25.04.2014, 18:36
| #7 |
| | Windows 7 GData Antivirus Client und Taskmgr sowie einige *.exe starten nicht mehr Ich habe zwar nocht nicht gesagt, dass du es löschen sollst, aber ok. Versuche aber nun die Anleitungen zu befolgen. ADWCleaner ist wie der Name auch sagt nur für Adware. Für Rootkits braucht man da schon was anders. Schritt 1 Scan mit Combofix
|
|
26.04.2014, 16:37
| #8 |
| | Windows 7 GData Antivirus Client und Taskmgr sowie einige *.exe starten nicht mehr Hallo mort, hier das log wie gewünscht Warum wurde antispy gelöscht ? Kann es sein, dass der Papierkorb ungefragt gelöscht wurde? Code:
ATTFilter ComboFix 14-04-26.01 - ver***2 26.04.2014 17:22:09.1.8 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.8149.6766 [GMT 2:00]
ausgeführt von:: c:\users\ver***2.HV-****\Desktop\ComboFix.exe
AV: G Data AntiVirus *Enabled/Updated* {545C8713-0744-B079-87F8-349A6D5C8CF0}
SP: G Data AntiVirus *Enabled/Updated* {EF3D66F7-217E-BFF7-BD48-0FE816DBC64D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\xp-AntiSpy
c:\program files (x86)\xp-AntiSpy\Uninstall.exe
c:\program files (x86)\xp-AntiSpy\xp-AntiSpy.chm
c:\program files (x86)\xp-AntiSpy\xp-AntiSpy.exe
c:\program files (x86)\xp-AntiSpy\xp-AntiSpy.url
c:\windows\IsUn0407.exe
c:\windows\wininit.ini
.
.
((((((((((((((((((((((( Dateien erstellt von 2014-03-26 bis 2014-04-26 ))))))))))))))))))))))))))))))
.
.
2014-04-26 15:27 . 2014-04-26 15:27 -------- d-----w- c:\users\ver***2\AppData\Local\temp
2014-04-26 15:27 . 2014-04-26 15:27 -------- d-----w- c:\users\VERWAL~1~HV-\AppData\Local\temp
2014-04-26 14:52 . 2014-04-26 14:52 -------- d-sh--w- c:\users\ver***2.HV-****\AppData\Local\EmieUserList
2014-04-26 14:52 . 2014-04-26 14:52 -------- d-sh--w- c:\users\ver***2.HV-****\AppData\Local\EmieSiteList
2014-04-26 14:28 . 2014-01-09 02:22 5694464 ----a-w- c:\windows\SysWow64\mstscax.dll
2014-04-26 14:28 . 2014-01-03 22:44 6574592 ----a-w- c:\windows\system32\mstscax.dll
2014-04-25 15:20 . 2014-04-25 15:20 -------- d-s---w- c:\windows\system32\CompatTel
2014-04-25 14:54 . 2014-03-06 08:32 574976 ----a-w- c:\windows\system32\ieui.dll
2014-04-25 14:54 . 2014-03-06 06:00 359936 ----a-w- c:\program files\Internet Explorer\IEShims.dll
2014-04-25 14:54 . 2014-03-06 05:50 257536 ----a-w- c:\program files (x86)\Internet Explorer\IEShims.dll
2014-04-25 14:48 . 2013-09-25 02:23 1030144 ----a-w- c:\windows\system32\TSWorkspace.dll
2014-04-25 14:48 . 2013-09-25 01:57 792576 ----a-w- c:\windows\SysWow64\TSWorkspace.dll
2014-04-25 14:48 . 2014-04-14 02:24 465408 ----a-w- c:\windows\system32\aepdu.dll
2014-04-25 14:48 . 2014-04-14 02:19 424448 ----a-w- c:\windows\system32\aeinv.dll
2014-04-25 14:45 . 2014-04-25 14:45 106272 ----a-w- c:\windows\system32\drivers\GRD.sys
2014-04-25 14:45 . 2014-04-25 14:45 18160 ----a-w- c:\windows\system32\drivers\GdPhyMem.sys
2014-04-25 14:44 . 2014-04-25 14:44 64000 ----a-w- c:\windows\system32\drivers\gdwfpcd64.sys
2014-04-25 14:44 . 2014-04-25 14:44 59392 ----a-w- c:\windows\system32\drivers\GDBehave.sys
2014-04-25 14:44 . 2014-04-25 14:44 130560 ----a-w- c:\windows\system32\drivers\MiniIcpt.sys
2014-04-25 14:03 . 2014-01-24 02:37 1684928 ----a-w- c:\windows\system32\drivers\ntfs.sys
2014-04-24 17:38 . 2014-04-25 14:30 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2014-04-24 17:38 . 2014-04-25 14:35 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2
2014-04-24 17:37 . 2014-04-24 17:37 -------- d-----w- c:\users\ver***2.HV-****\AppData\Local\Programs
2014-04-24 17:02 . 2014-04-24 17:02 -------- d-----w- C:\Logs
2014-04-24 16:59 . 2014-04-24 16:59 -------- d-----w- c:\users\Administrator\AppData\Local\Deployment
2014-04-24 16:59 . 2014-04-24 16:59 -------- d-----w- c:\users\Administrator\AppData\Local\Apps
2014-04-24 16:57 . 2014-04-24 16:57 -------- d-----w- c:\users\Administrator\AppData\Local\Downloaded Installations
2014-04-24 16:56 . 2014-04-24 16:56 -------- d-----w- c:\users\Administrator\AppData\Roaming\Intel Corporation
2014-04-24 16:56 . 2014-04-24 16:56 -------- d-----w- c:\users\Administrator\AppData\Roaming\ATI
2014-04-24 16:56 . 2014-04-24 16:56 -------- d-----w- c:\users\Administrator\AppData\Local\G DATA
2014-04-24 16:56 . 2014-04-24 16:56 -------- d-----w- c:\users\Administrator\AppData\Local\ATI
2014-04-24 16:56 . 2014-04-24 16:56 -------- d-----w- c:\users\Administrator\AppData\Local\Adobe
2014-04-15 07:05 . 2014-04-15 07:05 -------- d-----w- c:\windows\SysWow64\140415-090542
2014-04-14 07:33 . 2014-04-14 07:33 -------- d-----w- c:\windows\SysWow64\140414-093340
2014-04-11 07:07 . 2014-04-11 07:07 -------- d-----w- c:\windows\SysWow64\140411-090722
2014-04-10 07:44 . 2014-04-10 07:44 -------- d-----w- c:\windows\SysWow64\140410-094436
2014-04-09 15:19 . 2014-04-09 15:19 -------- d-----w- c:\windows\SysWow64\140409-171911
2014-04-09 07:14 . 2014-04-09 07:14 -------- d-----w- c:\windows\SysWow64\140409-091416
2014-04-08 06:42 . 2014-04-08 06:42 -------- d-----w- c:\windows\SysWow64\140408-084247
2014-04-07 06:46 . 2014-04-07 06:46 -------- d-----w- c:\windows\SysWow64\140407-084620
2014-04-04 09:17 . 2014-04-04 09:17 -------- d-----w- c:\windows\SysWow64\140404-111746
2014-04-03 13:21 . 2014-04-03 13:21 -------- d-----w- c:\windows\SysWow64\140403-152125
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-04-25 14:44 . 2011-12-05 17:28 65024 ----a-w- c:\windows\system32\drivers\HookCentre.sys
2014-03-31 01:51 . 2011-12-05 17:04 90655440 ----a-w- c:\windows\system32\MRT.exe
2014-03-18 10:56 . 2014-03-18 10:56 45056 ----a-r- c:\users\ver***2.HV-****\AppData\Roaming\Microsoft\Installer\{BE109F11-6E2C-43F4-B105-AC646809915D}\NewShortcut2_7024F073510147169F4B28E8B73F2DCF.exe
2014-03-18 10:56 . 2014-03-18 10:56 45056 ----a-r- c:\users\ver***2.HV-****\AppData\Roaming\Microsoft\Installer\{BE109F11-6E2C-43F4-B105-AC646809915D}\NewShortcut1_9B3D64ED28EC4E27B62740E65B802B3A.exe
2014-03-18 10:56 . 2014-03-18 10:56 45056 ----a-r- c:\users\ver***2.HV-****\AppData\Roaming\Microsoft\Installer\{BE109F11-6E2C-43F4-B105-AC646809915D}\ARPPRODUCTICON.exe
2014-03-12 11:38 . 2012-07-16 14:35 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-03-12 11:38 . 2011-11-28 08:32 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-03-04 09:17 . 2014-04-25 14:11 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2014-02-07 01:23 . 2014-03-13 08:22 3156480 ----a-w- c:\windows\system32\win32k.sys
2014-02-04 02:32 . 2014-03-13 08:22 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2014-02-04 02:32 . 2014-03-13 08:22 624128 ----a-w- c:\windows\system32\qedit.dll
2014-02-04 02:04 . 2014-03-13 08:22 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2014-02-04 02:04 . 2014-03-13 08:22 509440 ----a-w- c:\windows\SysWow64\qedit.dll
2014-01-29 02:32 . 2014-03-13 08:22 484864 ----a-w- c:\windows\system32\wer.dll
2014-01-29 02:06 . 2014-03-13 08:22 381440 ----a-w- c:\windows\SysWow64\wer.dll
2014-01-28 02:32 . 2014-03-13 08:22 228864 ----a-w- c:\windows\system32\wwansvc.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSystemDetect"="c:\users\ver***2.HV-****\AppData\Local\Apps\2.0\JRBEM29J.2GX\NEB10E2P.XQ0\dell..tion_0f612f649c4a10af_0005.0007_59de4fd2458fcaec\DellSystemDetect.exe" [2014-04-24 254976]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-11-05 283160]
"IMSS"="c:\program files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [2013-01-23 113656]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-02-18 336384]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2013-12-18 41336]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2013-12-18 840568]
"SharpTray.exe"="c:\program files (x86)\Sharp\Sharpdesk\SharpTray.exe" [2011-04-20 131584]
"FtpServer.exe"="c:\program files (x86)\Sharp\Sharpdesk\FtpServer.exe" [2011-04-19 820224]
"IndexTray.exe"="c:\program files (x86)\Sharp\Sharpdesk\IndexTray.exe" [2011-04-20 395264]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"AVK Client"="c:\program files (x86)\G Data\AVKClient\AVKCl.exe" [2014-01-15 4191352]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ClearRecentProgForNewUserInStartMenu"= 0 (0x0)
"NoAutoUpdate"= 1 (0x1)
"ForceStartMenuLogOff"= 1 (0x1)
"TaskbarLockAll"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
.
R2 AntiVirusKit Client;G Data Security Client;c:\program files (x86)\G Data\AVKClient\AVKCl.exe;c:\program files (x86)\G Data\AVKClient\AVKCl.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 cpudrv64;cpudrv64;c:\program files (x86)\SystemRequirementsLab\cpudrv64.sys;c:\program files (x86)\SystemRequirementsLab\cpudrv64.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 GDScan;G Data Scanner;c:\program files (x86)\Common Files\G DATA\GDScan\GDScan.exe;c:\program files (x86)\Common Files\G DATA\GDScan\GDScan.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 netvsc;netvsc;c:\windows\system32\DRIVERS\netvsc60.sys;c:\windows\SYSNATIVE\DRIVERS\netvsc60.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 SynthVid;SynthVid;c:\windows\system32\DRIVERS\VMBusVideoM.sys;c:\windows\SYSNATIVE\DRIVERS\VMBusVideoM.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R4 AVKProxy;G Data AntiVirus Proxy;c:\program files (x86)\Common Files\G DATA\AVKProxy\AVKProxy.exe;c:\program files (x86)\Common Files\G DATA\AVKProxy\AVKProxy.exe [x]
R4 AVKWCtl;G Data Dateisystem Wächter;c:\program files (x86)\G Data\AVKClient\AVKWCtlX64.exe;c:\program files (x86)\G Data\AVKClient\AVKWCtlX64.exe [x]
R4 GDBackupSvc;G Data Backup Service;c:\program files (x86)\G Data\AVKClient\AVKBackupService.exe;c:\program files (x86)\G Data\AVKClient\AVKBackupService.exe [x]
S0 GDBehave;GDBehave;c:\windows\system32\drivers\GDBehave.sys;c:\windows\SYSNATIVE\drivers\GDBehave.sys [x]
S1 GDMnIcpt;GDMnIcpt;c:\windows\system32\drivers\MiniIcpt.sys;c:\windows\SYSNATIVE\drivers\MiniIcpt.sys [x]
S1 gdwfpcd;G Data WFP CD;c:\windows\system32\drivers\gdwfpcd64.sys;c:\windows\SYSNATIVE\drivers\gdwfpcd64.sys [x]
S1 GRD;G Data Rootkit Detector Driver;c:\windows\system32\drivers\GRD.sys;c:\windows\SYSNATIVE\drivers\GRD.sys [x]
S1 HookCentre;HookCentre;c:\windows\system32\drivers\HookCentre.sys;c:\windows\SYSNATIVE\drivers\HookCentre.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe;c:\windows\SYSNATIVE\IProsetMonitor.exe [x]
S2 jhi_service;Intel(R) Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [x]
S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 Wave Authentication Manager Service;Wave Authentication Manager Service;c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe;c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2014-04-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-16 11:38]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]
@="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}"
[HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}]
2011-05-27 17:46 139128 ----a-w- c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]
@="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}"
[HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}]
2011-05-27 17:46 139128 ----a-w- c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TdmNotify"="c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe" [2011-05-27 257392]
"DBRMTray"="c:\dell\DBRM\Reminder\DbrmTrayIcon.exe" [2011-03-08 227328]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.de/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: An OneNote s&enden - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: An vorhandene PDF-Datei anfügen - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: In Adobe PDF konvertieren - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Linkziel an vorhandene PDF-Datei anhängen - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Linkziel in Adobe PDF konvertieren - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
Trusted Zone: dell.com
TCP: Interfaces\{B1E823EF-B08D-4E46-963C-D1994057A2A7}: NameServer = 192.168.1.6
FF - ProfilePath - c:\users\ver***2.HV-****\AppData\Roaming\Mozilla\Firefox\Profiles\i3nuvds8.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - LEO Eng-Deu
FF - prefs.js: browser.startup.homepage - www.google.de
FF - prefs.js: network.proxy.type - 0
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
SafeBoot-09140934.sys
SafeBoot-14600248.sys
SafeBoot-38582133.sys
SafeBoot-67496163.sys
SafeBoot-68721988.sys
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
AddRemove-xp-AntiSpy - c:\program files (x86)\xp-AntiSpy\Uninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.12"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\TeamViewer\Version8\TeamViewer.exe
c:\program files (x86)\TeamViewer\Version8\tv_w32.exe
c:\program files (x86)\Sharp\Sharpdesk\nsapp.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2014-04-26 17:33:39 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2014-04-26 15:33
.
Vor Suchlauf: 14 Verzeichnis(se), 211.473.080.320 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 210.722.922.496 Bytes frei
.
- - End Of File - - D882E3618B821AEDBD19A91800176F17
Geändert von Samos (26.04.2014 um 16:44 Uhr) Grund: Frage hinzugefügt |
|
26.04.2014, 18:25
| #9 | |
| | Windows 7 GData Antivirus Client und Taskmgr sowie einige *.exe starten nicht mehr xp-antispy kannst du am Schluss wieder installieren. Wir machen nur noch ein paar Kontrollscans. Schritt 1 Bitte lade dir wuauserv.reg von Bleeping Computers runter und speichere sie auf dem Desktop. Starte diese Datei mit einem Doppelklick und bestätige folgendes Fenster mit Ja. Drücke nun die Windowstaste + R Taste und schreibe cmd in das Ausführen Fenster. Schreibe nun folgende Zeile in das Fenster und drück Enter. Zitat:
Schritt 2 Downloade Dir bitte  Malwarebytes Anti-Malware
Schritt 3 ESET Online Scanner
Schritt 4 Starte noch einmal FRST.
Gibt es noch ein Problem? |
|
26.04.2014, 21:27
| #10 |
| | Windows 7 GData Antivirus Client und Taskmgr sowie einige *.exe starten nicht mehr HI dorm, es scheint alles ok zu sein. Windows update funktioniert auch wieder! Vielen Dank nochmals!!! Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 26.04.2014 Suchlauf-Zeit: 19:51:27 Logdatei: mbam.txt Administrator: Ja Version: 2.00.1.1004 Malware Datenbank: v2014.04.26.03 Rootkit Datenbank: v2014.03.27.01 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Chameleon: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 335530 Verstrichene Zeit: 17 Min, 15 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Aktiviert Shuriken: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registrierungsschlüssel: 0 (No malicious items detected) Registrierungswerte: 0 (No malicious items detected) Registrierungsdaten: 0 (No malicious items detected) Ordner: 0 (No malicious items detected) Dateien: 0 (No malicious items detected) Physische Sektoren: 0 (No malicious items detected) (end) Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=448773c85305044e8a0a637819aa19bb
# engine=18042
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-04-26 08:14:04
# local_time=2014-04-26 10:14:04 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 24562719 150173094 0 0
# scanned=167956
# found=0
# cleaned=0
# scan_time=3377
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-04-2014 03
Ran by (administrator) on on 26-04-2014 22:21:09
Running from C:\Users
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(G Data Software AG) C:\Program Files (x86)\Common Files\G DATA\GDScan\GDScan.exe
(G Data Software AG) C:\Program Files (x86)\G Data\AVKClient\AVKWCtlX64.exe
(AMD) C:\Windows\system32\atiesrxx.exe
(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe
(AMD) C:\Windows\system32\atieclxx.exe
(UPEK Inc.) C:\Program Files\Common Files\SPBA\upeksvr.exe
(G Data Software AG) C:\Program Files (x86)\G Data\AVKClient\AVKCl.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G DATA\AVKProxy\AVKProxy.exe
(G Data Software AG) C:\Program Files (x86)\G Data\AVKClient\AVKBackupService.exe
(Intel Corporation) C:\Windows\system32\IProsetMonitor.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe
(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe
(Dell Computer Corporation) C:\dell\DBRM\Reminder\DbrmTrayicon.exe
(Dell) C:\Users\*****2.HV-*****\AppData\Local\Apps\2.0\JRBEM29J.2GX\NEB10E2P.XQ0\dell..tion_0f612f649c4a10af_0005.0007_59de4fd2458fcaec\DellSystemDetect.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(SHARP CORPORATION) C:\Program Files (x86)\Sharp\Sharpdesk\SharpTray.exe
(SHARP CORPORATION) C:\Program Files (x86)\Sharp\Sharpdesk\FTPServer.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(G Data Software AG) C:\Program Files (x86)\G Data\AVKClient\AVKCl.exe
(Advanced Micro Devices Inc.) c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(SHARP CORPORATION) C:\Program Files (x86)\Sharp\Sharpdesk\nsapp.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\tv_x64.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(Microsoft Corporation) C:\Windows\sysWOW64\wbem\wmiprvse.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [TdmNotify] => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe [257392 2011-05-27] (Wave Systems Corp.)
HKLM\...\Run: [DBRMTray] => C:\Dell\DBRM\Reminder\DbrmTrayIcon.exe [227328 2011-03-08] (Dell Computer Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2010-11-06] (Intel Corporation)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [113656 2013-01-24] (Intel Corporation)
HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-02-18] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41336 2013-12-18] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840568 2013-12-18] (Adobe Systems Inc.)
HKLM-x32\...\Run: [SharpTray.exe] => C:\Program Files (x86)\Sharp\Sharpdesk\SharpTray.exe [131584 2011-04-20] (SHARP CORPORATION)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [FtpServer.exe] => C:\Program Files (x86)\Sharp\Sharpdesk\FtpServer.exe [820224 2011-04-19] (SHARP CORPORATION)
HKLM-x32\...\Run: [IndexTray.exe] => C:\Program Files (x86)\Sharp\Sharpdesk\IndexTray.exe [395264 2011-04-20] (SHARP CORPORATION)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [AVK Client] => C:\Program Files (x86)\G Data\AVKClient\AVKCl.exe [4191352 2014-01-15] (G Data Software AG)
Winlogon\Notify\spba: C:\Program Files\Common Files\SPBA\homefus2.dll (UPEK Inc.)
HKU\S-1-5-21-1829681468-3325977407-3042191813-1143\...\Run: [DellSystemDetect] => C:\Users\*****2.HV-*****\AppData\Local\Apps\2.0\JRBEM29J.2GX\NEB10E2P.XQ0\dell..tion_0f612f649c4a10af_0005.0007_59de4fd2458fcaec\DellSystemDetect.exe [254976 2014-04-24] (Dell)
HKU\S-1-5-21-1829681468-3325977407-3042191813-1143\...\Policies\Explorer: [NoInternetOpenWith] 1
HKU\S-1-5-21-1829681468-3325977407-3042191813-1143\...\Policies\Explorer: [ClearRecentProgForNewUserInStartMenu] 0
HKU\S-1-5-21-1829681468-3325977407-3042191813-1143\...\Policies\Explorer: [NoStartMenuMFUprogramsList] 0
HKU\S-1-5-21-1829681468-3325977407-3042191813-1143\...\Policies\Explorer: [NoAutoUpdate] 1
HKU\S-1-5-21-1829681468-3325977407-3042191813-1143\...\Policies\Explorer: [ForceStartMenuLogOff] 1
HKU\S-1-5-21-1829681468-3325977407-3042191813-1143\...\Policies\Explorer: [TaskbarLockAll] 0
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - DefaultScope {0DA4F4DF-494D-497B-87AE-7F23183363AB} URL = hxxp://www.google.de/search?q={searchTerms}
SearchScopes: HKCU - {0A199814-C811-40F1-B5C7-860B46557B13} URL =
SearchScopes: HKCU - {0DA4F4DF-494D-497B-87AE-7F23183363AB} URL = hxxp://www.google.de/search?q={searchTerms}
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
DPF: HKLM-x32 {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} hxxp://xserv.dell.com/DellDriverScanner/DellSystem.CAB
DPF: HKLM-x32 {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
DPF: HKLM-x32 {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.9.0.cab
Handler: sds - {79E0F14C-9C52-4218-89A7-7C4B0563D121} - No File
Handler-x32: sds - {79E0F14C-9C52-4218-89A7-7C4B0563D121} - C:\Program Files (x86)\Sharp\Sharpdesk\ExplorerExtensions.dll (SHARP CORPORATION)
Tcpip\..\Interfaces\{B1E823EF-B08D-4E46-963C-D1994057A2A7}: [NameServer]192.168.1.6
FireFox:
========
FF ProfilePath: C:\Users\*****2.HV-*****\AppData\Roaming\Mozilla\Firefox\Profiles\i3nuvds8.default
FF DefaultSearchEngine: LEO Eng-Deu
FF SelectedSearchEngine: LEO Eng-Deu
FF Homepage: www.google.de
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin-x32: Adobe Acrobat - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\*****2.HV-*****\AppData\Roaming\Mozilla\Firefox\Profiles\i3nuvds8.default\searchplugins\preissuchmaschine.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: German Dictionary - C:\Users\*****2.HV-*****\AppData\Roaming\Mozilla\Firefox\Profiles\i3nuvds8.default\Extensions\de-DE@dictionaries.addons.mozilla.org [2012-10-26]
FF Extension: FRITZ!Box AddOn - C:\Users\*****2.HV-*****\AppData\Roaming\Mozilla\Firefox\Profiles\i3nuvds8.default\Extensions\fb_add_on@avm.de [2013-04-12]
FF Extension: WOT - C:\Users\*****2.HV-*****\AppData\Roaming\Mozilla\Firefox\Profiles\i3nuvds8.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2013-12-03]
FF Extension: Adblock Plus - C:\Users\*****2.HV-*****\AppData\Roaming\Mozilla\Firefox\Profiles\i3nuvds8.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-12-05]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2011-11-28]
==================== Services (Whitelisted) =================
R2 AntiVirusKit Client; C:\Program Files (x86)\G Data\AVKClient\AVKCl.exe [4191352 2014-01-15] (G Data Software AG)
R2 AVKProxy; C:\Program Files (x86)\Common Files\G DATA\AVKProxy\AVKProxy.exe [1990264 2014-01-15] (G Data Software AG)
R2 AVKWCtl; C:\Program Files (x86)\G Data\AVKClient\AVKWCtlX64.exe [2572520 2014-01-15] (G Data Software AG)
R2 GDBackupSvc; C:\Program Files (x86)\G Data\AVKClient\AVKBackupService.exe [1947768 2014-01-15] (G Data Software AG)
R3 GDScan; C:\Program Files (x86)\Common Files\G DATA\GDScan\GDScan.exe [709240 2014-01-15] (G Data Software AG)
S2 tcsd_win32.exe; C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe [1633280 2011-02-17] ()
R2 Wave Authentication Manager Service; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe [1600000 2011-07-01] (Wave Systems Corp.)
==================== Drivers (Whitelisted) ====================
S3 cpudrv64; C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [17864 2011-06-02] ()
R0 GDBehave; C:\Windows\System32\drivers\GDBehave.sys [59392 2014-04-25] (G Data Software AG)
R1 GDMnIcpt; C:\Windows\system32\drivers\MiniIcpt.sys [130560 2014-04-25] (G Data Software AG)
R1 gdwfpcd; C:\Windows\System32\drivers\gdwfpcd64.sys [64000 2014-04-25] (G Data Software AG)
R1 GRD; C:\Windows\system32\drivers\GRD.sys [106272 2014-04-25] (G Data Software)
R1 HookCentre; C:\Windows\system32\drivers\HookCentre.sys [65024 2014-04-25] (G Data Software AG)
R3 IntcAzAudAddService; C:\Windows\System32\drivers\RTDVHD64.sys [1980648 2010-10-04] (Realtek Semiconductor Corp.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-04-26 22:21 - 2014-04-26 22:21 - 00014154 _____ () C:\Users\*****2.HV-*****\Desktop\FRST.txt
2014-04-26 22:21 - 2014-04-26 22:21 - 00000000 ____D () C:\FRST
2014-04-26 22:20 - 2014-04-26 22:20 - 02061824 _____ (Farbar) C:\Users\*****2.HV-*****\Desktop\FRST64.exe
2014-04-26 21:15 - 2014-04-26 21:15 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-04-26 21:14 - 2014-04-26 21:15 - 02347384 _____ (ESET) C:\Users\*****2.HV-*****\Desktop\esetsmartinstaller_deu.exe
2014-04-26 21:12 - 2014-04-26 21:14 - 00001144 _____ () C:\Users\*****2.HV-*****\Desktop\mbam.txt
2014-04-26 19:33 - 2014-04-26 21:13 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-26 19:33 - 2014-04-26 19:33 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-26 19:32 - 2014-04-26 19:32 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\*****2.HV-*****\Desktop\mbam-setup-2.0.1.1004.exe
2014-04-26 19:29 - 2014-04-26 19:29 - 00006176 _____ () C:\Users\*****2.HV-*****\Desktop\wuauserv.reg
2014-04-26 17:33 - 2014-04-26 17:33 - 00022711 _____ () C:\ComboFix.txt
2014-04-26 17:20 - 2014-04-26 17:33 - 00000000 ____D () C:\Qoobox
2014-04-26 17:20 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-04-26 17:20 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-04-26 17:20 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-04-26 17:20 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-04-26 17:20 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-04-26 17:20 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-04-26 17:20 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-04-26 17:20 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-04-26 17:19 - 2014-04-26 17:32 - 00000000 ____D () C:\Windows\erdnt
2014-04-26 16:52 - 2014-04-26 16:52 - 00000000 __SHD () C:\Users\*****2.HV-*****\AppData\Local\EmieUserList
2014-04-26 16:52 - 2014-04-26 16:52 - 00000000 __SHD () C:\Users\*****2.HV-*****\AppData\Local\EmieSiteList
2014-04-26 16:28 - 2014-01-09 04:22 - 05694464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-04-26 16:28 - 2014-01-04 00:44 - 06574592 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-04-25 17:20 - 2014-04-25 17:20 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-04-25 17:16 - 2014-04-25 17:16 - 00000977 _____ () C:\DelFix.txt
2014-04-25 16:57 - 2013-10-02 04:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2014-04-25 16:57 - 2013-10-02 04:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-04-25 16:57 - 2013-10-02 04:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-04-25 16:57 - 2013-10-02 03:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2014-04-25 16:57 - 2013-10-02 03:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2014-04-25 16:57 - 2013-10-02 03:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-04-25 16:57 - 2013-10-02 03:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-04-25 16:57 - 2013-10-02 02:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2014-04-25 16:57 - 2013-10-02 02:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2014-04-25 16:57 - 2013-10-02 02:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2014-04-25 16:57 - 2013-10-02 02:08 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2014-04-25 16:57 - 2013-10-02 02:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2014-04-25 16:57 - 2013-10-02 01:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-04-25 16:57 - 2013-10-02 01:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-04-25 16:57 - 2013-10-02 01:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2014-04-25 16:57 - 2013-10-02 00:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-04-25 16:54 - 2014-03-06 10:32 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-04-25 16:54 - 2014-03-06 09:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-04-25 16:53 - 2014-03-06 12:21 - 23549440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-25 16:53 - 2014-03-06 11:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-25 16:53 - 2014-03-06 11:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-04-25 16:53 - 2014-03-06 11:19 - 17387008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-04-25 16:53 - 2014-03-06 10:59 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-04-25 16:53 - 2014-03-06 10:57 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-04-25 16:53 - 2014-03-06 10:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-04-25 16:53 - 2014-03-06 10:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-04-25 16:53 - 2014-03-06 10:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-04-25 16:53 - 2014-03-06 10:39 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-04-25 16:53 - 2014-03-06 10:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-25 16:53 - 2014-03-06 10:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-04-25 16:53 - 2014-03-06 10:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-04-25 16:53 - 2014-03-06 10:28 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-04-25 16:53 - 2014-03-06 10:15 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-04-25 16:53 - 2014-03-06 10:11 - 05784064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-04-25 16:53 - 2014-03-06 10:09 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-04-25 16:53 - 2014-03-06 10:03 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-04-25 16:53 - 2014-03-06 10:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-04-25 16:53 - 2014-03-06 10:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-04-25 16:53 - 2014-03-06 10:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-04-25 16:53 - 2014-03-06 09:56 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-04-25 16:53 - 2014-03-06 09:48 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-04-25 16:53 - 2014-03-06 09:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-04-25 16:53 - 2014-03-06 09:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-04-25 16:53 - 2014-03-06 09:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-04-25 16:53 - 2014-03-06 09:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-04-25 16:53 - 2014-03-06 09:42 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-04-25 16:53 - 2014-03-06 09:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-04-25 16:53 - 2014-03-06 09:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-04-25 16:53 - 2014-03-06 09:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-04-25 16:53 - 2014-03-06 09:21 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-04-25 16:53 - 2014-03-06 09:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-04-25 16:53 - 2014-03-06 09:11 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-04-25 16:53 - 2014-03-06 09:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-04-25 16:53 - 2014-03-06 09:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-04-25 16:53 - 2014-03-06 08:53 - 13551104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-04-25 16:53 - 2014-03-06 08:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-04-25 16:53 - 2014-03-06 08:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-04-25 16:53 - 2014-03-06 08:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-04-25 16:53 - 2014-03-06 08:22 - 02260480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-04-25 16:53 - 2014-03-06 07:58 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-04-25 16:53 - 2014-03-06 07:50 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-04-25 16:53 - 2014-03-06 07:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-04-25 16:53 - 2014-03-06 07:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-04-25 16:53 - 2014-03-06 07:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-04-25 16:48 - 2014-04-14 04:24 - 00465408 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-04-25 16:48 - 2014-04-14 04:19 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-04-25 16:48 - 2013-09-25 04:23 - 01030144 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-04-25 16:48 - 2013-09-25 03:57 - 00792576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-04-25 16:45 - 2014-04-25 16:45 - 00106272 _____ (G Data Software) C:\Windows\system32\Drivers\GRD.sys
2014-04-25 16:45 - 2014-04-25 16:45 - 00018160 _____ (G Data Software) C:\Windows\system32\Drivers\GdPhyMem.sys
2014-04-25 16:44 - 2014-04-25 16:44 - 00130560 _____ (G Data Software AG) C:\Windows\system32\Drivers\MiniIcpt.sys
2014-04-25 16:44 - 2014-04-25 16:44 - 00064000 _____ (G Data Software AG) C:\Windows\system32\Drivers\gdwfpcd64.sys
2014-04-25 16:44 - 2014-04-25 16:44 - 00059392 _____ (G Data Software AG) C:\Windows\system32\Drivers\GDBehave.sys
2014-04-25 16:30 - 2014-04-25 16:30 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-04-25 16:11 - 2014-03-04 11:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-25 16:11 - 2014-03-04 11:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2014-04-25 16:11 - 2014-03-04 11:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-04-25 16:11 - 2014-03-04 11:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2014-04-25 16:11 - 2014-03-04 11:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2014-04-25 16:11 - 2014-03-04 11:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-04-25 16:11 - 2014-03-04 11:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-04-25 16:11 - 2014-03-04 11:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-04-25 16:11 - 2014-03-04 11:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-04-25 16:11 - 2014-03-04 10:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-04-25 16:11 - 2014-03-04 10:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-04-25 16:11 - 2014-02-04 04:37 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2014-04-25 16:11 - 2014-02-04 04:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-04-25 16:11 - 2014-02-04 04:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-04-25 16:11 - 2014-02-04 04:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2014-04-25 16:11 - 2014-02-04 04:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll
2014-04-25 16:03 - 2014-01-24 04:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-04-24 20:45 - 2014-04-24 20:45 - 00000000 _____ () C:\Users\*****2.HV-*****\defogger_reenable
2014-04-24 19:41 - 2014-04-24 19:41 - 00000000 ____D () C:\Users\*****2.HV-*****\Documents\ProcAlyzer Dumps
2014-04-24 19:38 - 2014-04-25 16:35 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-04-24 19:38 - 2014-04-25 16:30 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-04-24 19:11 - 2014-04-25 16:41 - 00002182 ____H () C:\Users\*****2.HV-*****\Documents\Default.rdp
2014-04-24 18:59 - 2014-04-24 18:59 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell
2014-04-24 18:59 - 2014-04-24 18:59 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Macromedia
2014-04-24 18:59 - 2014-04-24 18:59 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Deployment
2014-04-24 18:59 - 2014-04-24 18:59 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Apps\2.0
2014-04-24 18:57 - 2014-04-24 18:57 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Downloaded Installations
2014-04-24 18:56 - 2014-04-24 18:56 - 00109688 _____ () C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2014-04-24 18:56 - 2014-04-24 18:56 - 00001423 _____ () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-04-24 18:56 - 2014-04-24 18:56 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-24 18:56 - 2014-04-24 18:56 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-04-24 18:56 - 2014-04-24 18:56 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Intel Corporation
2014-04-24 18:56 - 2014-04-24 18:56 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\ATI
2014-04-24 18:56 - 2014-04-24 18:56 - 00000000 ____D () C:\Users\Administrator\AppData\Local\G DATA
2014-04-24 18:56 - 2014-04-24 18:56 - 00000000 ____D () C:\Users\Administrator\AppData\Local\ATI
2014-04-24 18:56 - 2014-04-24 18:56 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Adobe
2014-04-24 18:55 - 2014-04-24 18:56 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Adobe
2014-04-15 09:05 - 2014-04-15 09:05 - 00000000 ____D () C:\Windows\SysWOW64\140415-090542
2014-04-14 09:33 - 2014-04-14 09:33 - 00000000 ____D () C:\Windows\SysWOW64\140414-093340
2014-04-11 09:07 - 2014-04-11 09:07 - 00000000 ____D () C:\Windows\SysWOW64\140411-090722
2014-04-10 09:44 - 2014-04-10 09:44 - 00000000 ____D () C:\Windows\SysWOW64\140410-094436
2014-04-09 17:19 - 2014-04-09 17:19 - 00000000 ____D () C:\Windows\SysWOW64\140409-171911
2014-04-09 09:14 - 2014-04-09 09:14 - 00000000 ____D () C:\Windows\SysWOW64\140409-091416
2014-04-08 08:42 - 2014-04-08 08:42 - 00000000 ____D () C:\Windows\SysWOW64\140408-084247
2014-04-07 08:46 - 2014-04-07 08:46 - 00000000 ____D () C:\Windows\SysWOW64\140407-084620
2014-04-04 11:17 - 2014-04-04 11:17 - 00000000 ____D () C:\Windows\SysWOW64\140404-111746
2014-04-03 15:21 - 2014-04-03 15:21 - 00000000 ____D () C:\Windows\SysWOW64\140403-152125
2014-03-31 11:07 - 2014-03-31 11:07 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
==================== One Month Modified Files and Folders =======
2014-04-26 22:21 - 2014-04-26 22:21 - 00014154 _____ () C:\Users\*****2.HV-*****\Desktop\FRST.txt
2014-04-26 22:21 - 2014-04-26 22:21 - 00000000 ____D () C:\FRST
2014-04-26 22:20 - 2014-04-26 22:20 - 02061824 _____ (Farbar) C:\Users\*****2.HV-*****\Desktop\FRST64.exe
2014-04-26 21:38 - 2012-07-16 16:35 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-26 21:16 - 2011-12-05 19:36 - 00000128 _____ () C:\Windows\system32\config\netlogon.ftl
2014-04-26 21:15 - 2014-04-26 21:15 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-04-26 21:15 - 2014-04-26 21:14 - 02347384 _____ (ESET) C:\Users\*****2.HV-*****\Desktop\esetsmartinstaller_deu.exe
2014-04-26 21:14 - 2014-04-26 21:12 - 00001144 _____ () C:\Users\*****2.HV-*****\Desktop\mbam.txt
2014-04-26 21:13 - 2014-04-26 19:33 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-26 19:38 - 2009-07-14 06:45 - 00021088 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-26 19:38 - 2009-07-14 06:45 - 00021088 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-26 19:37 - 2010-11-21 08:50 - 00702964 _____ () C:\Windows\system32\perfh007.dat
2014-04-26 19:37 - 2010-11-21 08:50 - 00150604 _____ () C:\Windows\system32\perfc007.dat
2014-04-26 19:37 - 2009-07-14 07:13 - 01629436 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-26 19:33 - 2014-04-26 19:33 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-26 19:32 - 2014-04-26 19:32 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\*****2.HV-*****\Desktop\mbam-setup-2.0.1.1004.exe
2014-04-26 19:32 - 2011-11-28 10:30 - 01597375 _____ () C:\Windows\WindowsUpdate.log
2014-04-26 19:31 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-26 19:30 - 2009-07-14 06:51 - 00073248 _____ () C:\Windows\setupact.log
2014-04-26 19:29 - 2014-04-26 19:29 - 00006176 _____ () C:\Users\*****2.HV-*****\Desktop\wuauserv.reg
2014-04-26 18:22 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-04-26 17:38 - 2014-02-22 21:57 - 00000000 ____D () C:\Users\*****2.HV-*****\AppData\Local\Apps\2.0
2014-04-26 17:33 - 2014-04-26 17:33 - 00022711 _____ () C:\ComboFix.txt
2014-04-26 17:33 - 2014-04-26 17:20 - 00000000 ____D () C:\Qoobox
2014-04-26 17:33 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2014-04-26 17:32 - 2014-04-26 17:19 - 00000000 ____D () C:\Windows\erdnt
2014-04-26 17:30 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-04-26 17:28 - 2010-11-21 05:47 - 00299818 _____ () C:\Windows\PFRO.log
2014-04-26 17:27 - 2009-07-14 04:34 - 80740352 _____ () C:\Windows\system32\config\SOFTWARE.bak
2014-04-26 17:27 - 2009-07-14 04:34 - 44040192 _____ () C:\Windows\system32\config\COMPONENTS.bak
2014-04-26 17:27 - 2009-07-14 04:34 - 14680064 _____ () C:\Windows\system32\config\SYSTEM.bak
2014-04-26 17:27 - 2009-07-14 04:34 - 01048576 _____ () C:\Windows\system32\config\DEFAULT.bak
2014-04-26 17:27 - 2009-07-14 04:34 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak
2014-04-26 16:52 - 2014-04-26 16:52 - 00000000 __SHD () C:\Users\*****2.HV-*****\AppData\Local\EmieUserList
2014-04-26 16:52 - 2014-04-26 16:52 - 00000000 __SHD () C:\Users\*****2.HV-*****\AppData\Local\EmieSiteList
2014-04-26 16:38 - 2011-12-05 19:38 - 00000000 ____D () C:\Users\*****2.HV-*****
2014-04-26 16:38 - 2011-12-05 18:38 - 00004666 __RSH () C:\Users\*****2.HV-*****\ntuser.pol
2014-04-25 17:20 - 2014-04-25 17:20 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-04-25 17:20 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-04-25 17:16 - 2014-04-25 17:16 - 00000977 _____ () C:\DelFix.txt
2014-04-25 17:04 - 2011-12-05 18:50 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-04-25 16:51 - 2011-02-11 19:45 - 01602780 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-04-25 16:47 - 2011-12-05 19:28 - 00000000 ____D () C:\ProgramData\G Data
2014-04-25 16:45 - 2014-04-25 16:45 - 00106272 _____ (G Data Software) C:\Windows\system32\Drivers\GRD.sys
2014-04-25 16:45 - 2014-04-25 16:45 - 00018160 _____ (G Data Software) C:\Windows\system32\Drivers\GdPhyMem.sys
2014-04-25 16:44 - 2014-04-25 16:44 - 00130560 _____ (G Data Software AG) C:\Windows\system32\Drivers\MiniIcpt.sys
2014-04-25 16:44 - 2014-04-25 16:44 - 00064000 _____ (G Data Software AG) C:\Windows\system32\Drivers\gdwfpcd64.sys
2014-04-25 16:44 - 2014-04-25 16:44 - 00059392 _____ (G Data Software AG) C:\Windows\system32\Drivers\GDBehave.sys
2014-04-25 16:44 - 2011-12-05 19:33 - 00000000 ____D () C:\Users\*****2.HV-*****\AppData\Local\G DATA
2014-04-25 16:44 - 2011-12-05 19:28 - 00065024 _____ (G Data Software AG) C:\Windows\system32\Drivers\HookCentre.sys
2014-04-25 16:43 - 2011-12-05 19:28 - 00000000 ____D () C:\Program Files (x86)\G Data
2014-04-25 16:42 - 2014-03-18 12:56 - 00000000 ____D () C:\Users\*****2.HV-*****\AppData\Local\Downloaded Installations
2014-04-25 16:41 - 2014-04-24 19:11 - 00002182 ____H () C:\Users\*****2.HV-*****\Documents\Default.rdp
2014-04-25 16:35 - 2014-04-24 19:38 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-04-25 16:30 - 2014-04-25 16:30 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-04-25 16:30 - 2014-04-24 19:38 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-04-25 15:44 - 2011-12-05 18:38 - 00000000 ___RD () C:\Users\*****2.HV-*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-24 20:45 - 2014-04-24 20:45 - 00000000 _____ () C:\Users\*****2.HV-*****\defogger_reenable
2014-04-24 19:41 - 2014-04-24 19:41 - 00000000 ____D () C:\Users\*****2.HV-*****\Documents\ProcAlyzer Dumps
2014-04-24 19:19 - 2012-04-22 18:46 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-04-24 18:59 - 2014-04-24 18:59 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell
2014-04-24 18:59 - 2014-04-24 18:59 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Macromedia
2014-04-24 18:59 - 2014-04-24 18:59 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Deployment
2014-04-24 18:59 - 2014-04-24 18:59 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Apps\2.0
2014-04-24 18:57 - 2014-04-24 18:57 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Downloaded Installations
2014-04-24 18:56 - 2014-04-24 18:56 - 00109688 _____ () C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2014-04-24 18:56 - 2014-04-24 18:56 - 00001423 _____ () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-04-24 18:56 - 2014-04-24 18:56 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-24 18:56 - 2014-04-24 18:56 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-04-24 18:56 - 2014-04-24 18:56 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Intel Corporation
2014-04-24 18:56 - 2014-04-24 18:56 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\ATI
2014-04-24 18:56 - 2014-04-24 18:56 - 00000000 ____D () C:\Users\Administrator\AppData\Local\G DATA
2014-04-24 18:56 - 2014-04-24 18:56 - 00000000 ____D () C:\Users\Administrator\AppData\Local\ATI
2014-04-24 18:56 - 2014-04-24 18:56 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Adobe
2014-04-24 18:56 - 2014-04-24 18:55 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Adobe
2014-04-24 18:56 - 2011-12-05 18:39 - 00000000 ____D () C:\Users\Administrator
2014-04-24 18:56 - 2009-07-14 06:57 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-04-24 18:53 - 2014-02-22 21:57 - 00000000 ____D () C:\Users\*****2.HV-*****\AppData\Local\Deployment
2014-04-24 18:51 - 2011-11-28 10:45 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2014-04-24 18:50 - 2014-02-22 21:59 - 00000000 ____D () C:\ProgramData\dell
2014-04-23 15:29 - 2012-01-02 11:25 - 00000000 ____D () C:\Users\*****2.HV-*****\AppData\Roaming\.oit
2014-04-15 09:05 - 2014-04-15 09:05 - 00000000 ____D () C:\Windows\SysWOW64\140415-090542
2014-04-14 09:33 - 2014-04-14 09:33 - 00000000 ____D () C:\Windows\SysWOW64\140414-093340
2014-04-14 04:24 - 2014-04-25 16:48 - 00465408 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-04-14 04:19 - 2014-04-25 16:48 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-04-11 09:07 - 2014-04-11 09:07 - 00000000 ____D () C:\Windows\SysWOW64\140411-090722
2014-04-10 09:44 - 2014-04-10 09:44 - 00000000 ____D () C:\Windows\SysWOW64\140410-094436
2014-04-09 17:19 - 2014-04-09 17:19 - 00000000 ____D () C:\Windows\SysWOW64\140409-171911
2014-04-09 09:14 - 2014-04-09 09:14 - 00000000 ____D () C:\Windows\SysWOW64\140409-091416
2014-04-08 08:42 - 2014-04-08 08:42 - 00000000 ____D () C:\Windows\SysWOW64\140408-084247
2014-04-07 08:46 - 2014-04-07 08:46 - 00000000 ____D () C:\Windows\SysWOW64\140407-084620
2014-04-04 11:17 - 2014-04-04 11:17 - 00000000 ____D () C:\Windows\SysWOW64\140404-111746
2014-04-03 15:21 - 2014-04-03 15:21 - 00000000 ____D () C:\Windows\SysWOW64\140403-152125
2014-04-02 09:33 - 2012-07-09 10:10 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-04-01 13:04 - 2014-02-22 21:55 - 00003440 _____ () C:\Windows\System32\Tasks\PCDEventLauncherTask
2014-03-31 11:07 - 2014-03-31 11:07 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-31 10:19 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-03-31 03:51 - 2011-12-05 19:04 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
testsigning: ==> Check for possible unsigned rootkit driver <===== ATTENTION!
LastRegBack: 2014-04-26 18:15
==================== End Of Log ============================
|
|
27.04.2014, 19:00
| #11 |
| | Windows 7 GData Antivirus Client und Taskmgr sowie einige *.exe starten nicht mehr Das sind nur noch die letzten Reste. Schritt 1 Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter HKU\S-1-5-21-1829681468-3325977407-3042191813-1143\...\Policies\Explorer: [NoInternetOpenWith] 1
HKU\S-1-5-21-1829681468-3325977407-3042191813-1143\...\Policies\Explorer: [ClearRecentProgForNewUserInStartMenu] 0
HKU\S-1-5-21-1829681468-3325977407-3042191813-1143\...\Policies\Explorer: [NoStartMenuMFUprogramsList] 0
HKU\S-1-5-21-1829681468-3325977407-3042191813-1143\...\Policies\Explorer: [NoAutoUpdate] 1
HKU\S-1-5-21-1829681468-3325977407-3042191813-1143\...\Policies\Explorer: [ForceStartMenuLogOff] 1
HKU\S-1-5-21-1829681468-3325977407-3042191813-1143\...\Policies\Explorer: [TaskbarLockAll] 0
FF SearchPlugin: C:\Users\*****2.HV-*****\AppData\Roaming\Mozilla\Firefox\Profiles\i3nuvds8.default\searchplugins\preissuchmaschine.xml
testsigning: ==> Check for possible unsigned rootkit driver <===== ATTENTION!
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Updates Klicke nun auf den Windowsbutton in der Taskleiste und dort auf "Systemsteuerung". Wenn du dort bist, gehe auf "Programme deinstallieren" unter "Programme". Deinstalliere hier alle alten Java-Versionen. Falls du Java brauchst kannst du es wieder herunter laden:
Wenn du zufrieden bist, kannst du mir hier gerne danken. Ich sehe in deinen Logs nichts gefährliches mehr. Cleanup Lade dir  TFC (TempFileCleaner von Oldtimer) herunter und speichere es auf den Desktop.
Die Reihenfolge ist hier entscheidend.
Tipps  Welches Antiviren-Programm soll ich nehmen?Es gibt kein Antiviren-Programm, dass alle Schädlinge findet und du kannst dich nicht 100%-ig auf das Programm verlassen. Es hängt immer noch von deinem Verhalten ab. Mit dem richtigen Verhalten schützt du dich am besten davor, dass du überhaupt infiziert wirst.
Nutze immer nur ein Antiviren Programm, da mehrere sich gegenseitig blockieren werden und es somit mehr schadet, als es nutzt. Falls du mehr als einen installiert hast, entscheide dich für einen von denen und deinstalliere die anderen. Halte außerdem dein Antiviren-Programm immer aktuell, denn durch eine veraltete Datenbank kann das Programm die neuen Infektionen nicht finden.
Zusätzlich zu deinem Antiviren-Programm kannst du kannst auch regelmäßig einen On-Demand Scanner laufen lassen um dir eine zweite Meinung zu holen. Ein On-Demand Scanner läuft im Gegensatz zu einem normalem Antiviren-Programm nicht ständig mit sondern nur wenn du ihm sagst, dass er das System scannen soll.
Was sollte ich vor dem Runterladen beachten?
Sonstige Tipps
Wenn du das Trojaner-Board unterstützten willst, kannst du gerne Spenden. Ich wünsche dir noch eine schöne Zeit. |
|
| Themen zu Windows 7 GData Antivirus Client und Taskmgr sowie einige *.exe starten nicht mehr |
| antivirus, branding, browser, converter, dell computer, entfernen, error, excel, fehler, firefox, flash player, help, helper, helper.exe, home, homepage, ip-nummer, problem, registry, registry key, rojaner gefunden, rootkit, safer networking, scan, security, software, starten, starten nicht, taskmanager, trojaner, usb, vista, windows |
Linear-Darstellung
