| |
| |||||||
Log-Analyse und Auswertung: TR/Rootkit.Gen2 - Virenscanner wird deaktiviert - Metasploit 7 wird im Startmenue aktiviert - 5mk1owasew99.exeWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
13.05.2015, 18:58
| #1 |
 |  TR/Rootkit.Gen2 - Virenscanner wird deaktiviert - Metasploit 7 wird im Startmenue aktiviert - 5mk1owasew99.exe Moin Moin und Gruesse aus Buenos Aires. Bin hier auf ein Problem gestossen und kann es leider nicht alleine loesen. Trotz ADWCleaner und Malwarebytes und altem/sowie neuem Virenscanner taucht der Virus/Trojaner immer wieder im System auf, obwohl ich mehrfach versucht habe ihn zu loeschen. Das System ist in den letzten Tagen unglaublich langsam geworden und Metaploit Rapid 7 wird im Startmenue immer wieder re-aktiviert. Nachdem Avira zwar 3 Trojaner erkannt hat (Habe nur noch 3 Screenshots), jedoch nicht loeschen konnte, habe ich AVG2015 heruntergeladen, der Scan wird jedoch mehrfach abgebrochen. Hilfe!! Weitere Dateien die immer wieder auftauchen sind: Help_Decrypt 5mk1owasew99.exe und 548bdadaaecaa26.sys Anscheinend habe wir uns das Ding auf DropBox eingefangen.. Wie kann man das auch loeschen??? Der Rechner laeuft bisher auf Spanisch, da ich das noch nicht veraendern wollte...Wenn ich das aendern soll, dann bitte sagen. Danke (Ich hoffe ich hab alles richtig gemacht...) Code:
ATTFilter efogger_disable by jpshortstuff (23.02.10.1)
Log created at 13:59 on 13/05/2015 (shaka)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
Unable to read 548bdadaaeecaa26.sys
Unable to read bthmodem.sys
Unable to read bxvbdx.sys
Unable to read cdfs.sys
Unable to read cdrom.sys
Unable to read circlass.sys
Unable to read Classpnp.sys
Unable to read CmBatt.sys
Unable to read cmdide.sys
Unable to read cng.sys
Unable to read compbatt.sys
Unable to read CompositeBus.sys
Unable to read crashdmp.sys
Unable to read crcdisk.sys
Unable to read csc.sys
Unable to read dfsc.sys
Unable to read discache.sys
Unable to read disk.sys
Unable to read Diskdump.sys
Unable to read djsvs.sys
Unable to read drmk.sys
Unable to read drmkaud.sys
Unable to read Dumpata.sys
Unable to read dumpfve.sys
Unable to read dxapi.sys
Unable to read dxg.sys
Unable to read dxgkrnl.sys
Unable to read dxgmms1.sys
Unable to read elxstor.sys
Unable to read errdev.sys
Unable to read evbdx.sys
Unable to read exfat.sys
Unable to read fastfat.sys
Unable to read fdc.sys
Unable to read fileinfo.sys
Unable to read filetrace.sys
Unable to read flpydisk.sys
Unable to read fltMgr.sys
Unable to read fsdepends.sys
Unable to read fs_rec.sys
Unable to read fvevol.sys
Unable to read FWPKCLNT.SYS
Unable to read GAGP30KX.SYS
Unable to read hcw85cir.sys
Unable to read hdaudbus.sys
Unable to read HdAudio.sys
Unable to read HECI.sys
Unable to read hidbatt.sys
Unable to read hidbth.sys
Unable to read hidclass.sys
Unable to read hidir.sys
Unable to read hidparse.sys
Unable to read hidusb.sys
Unable to read HpSAMD.sys
Unable to read http.sys
Unable to read hwpolicy.sys
Unable to read i8042prt.sys
Unable to read iaStor.sys
Unable to read iaStorV.sys
Unable to read igdkmd32.sys
Unable to read iirsp.sys
Unable to read intelide.sys
Unable to read intelppm.sys
Unable to read ipfltdrv.sys
Unable to read IPMIDrv.sys
Unable to read ipnat.sys
Unable to read irda.sys
Unable to read irenum.sys
Unable to read isapnp.sys
Unable to read kbdclass.sys
Unable to read kbdhid.sys
Unable to read ks.sys
Unable to read ksecdd.sys
Unable to read ksecpkg.sys
Unable to read lltdio.sys
Unable to read lsi_fc.sys
Unable to read lsi_sas.sys
Unable to read lsi_sas2.sys
Unable to read lsi_scsi.sys
Unable to read luafv.sys
Unable to read mcd.sys
Unable to read megasas.sys
Unable to read MegaSR.sys
Unable to read modem.sys
Unable to read monitor.sys
Unable to read mouclass.sys
Unable to read mouhid.sys
Unable to read mountmgr.sys
Unable to read mpio.sys
Unable to read mpsdrv.sys
Unable to read mrxdav.sys
Unable to read mrxsmb.sys
Unable to read mrxsmb10.sys
Unable to read mrxsmb20.sys
Unable to read msahci.sys
Unable to read msdsm.sys
Unable to read msfs.sys
Unable to read mshidkmdf.sys
Unable to read msisadrv.sys
Unable to read msiscsi.sys
Unable to read mskssrv.sys
Unable to read mspclock.sys
Unable to read mspqm.sys
Unable to read msrpc.sys
Unable to read mssmbios.sys
Unable to read mstee.sys
Unable to read MTConfig.sys
Unable to read mup.sys
Unable to read ndis.sys
Unable to read ndiscap.sys
Unable to read ndistapi.sys
Unable to read ndisuio.sys
Unable to read ndiswan.sys
Unable to read ndproxy.sys
Unable to read netbios.sys
Unable to read netbt.sys
Unable to read netio.sys
Unable to read nfrd960.sys
Unable to read npfs.sys
Unable to read nsiproxy.sys
Unable to read ntfs.sys
Unable to read null.sys
Unable to read nvraid.sys
Unable to read nvstor.sys
Unable to read NV_AGP.SYS
Unable to read nwifi.sys
Unable to read ohci1394.sys
Unable to read pacer.sys
Unable to read parport.sys
Unable to read partmgr.sys
Unable to read parvdm.sys
Unable to read pci.sys
Unable to read pciide.sys
Unable to read pciidex.sys
Unable to read pcmcia.sys
Unable to read pcw.sys
Unable to read PEAuth.sys
Unable to read portcls.sys
Unable to read processr.sys
Unable to read ql2300.sys
Unable to read ql40xx.sys
Unable to read qwavedrv.sys
Unable to read rasacd.sys
Unable to read rasl2tp.sys
Unable to read raspppoe.sys
Unable to read raspptp.sys
Unable to read rassstp.sys
Unable to read rdbss.sys
Unable to read rdpbus.sys
Unable to read RDPCDD.sys
Unable to read rdpdr.sys
Unable to read RDPENCDD.sys
Unable to read RDPREFMP.sys
Unable to read rdpvideominiport.sys
Unable to read rdpwd.sys
Unable to read rdyboost.sys
Unable to read rmcast.sys
Unable to read RNDISMP.sys
Unable to read rootmdm.sys
Unable to read rspndr.sys
Unable to read Rt86win7.sys
Unable to read RTKVHDA.sys
Unable to read sbp2port.sys
Unable to read scfilter.sys
Unable to read scsiport.sys
Unable to read secdrv.sys
Unable to read serenum.sys
Unable to read serial.sys
Unable to read sermouse.sys
Unable to read sffdisk.sys
Unable to read sffp_mmc.sys
Unable to read sffp_sd.sys
Unable to read sfloppy.sys
Unable to read SISAGP.SYS
Unable to read sisraid2.sys
Unable to read sisraid4.sys
Unable to read smb.sys
Unable to read smclib.sys
Unable to read spldr.sys
Unable to read spsys.sys
Unable to read srv.sys
Unable to read srv2.sys
Unable to read srvnet.sys
Unable to read stexstor.sys
Unable to read storport.sys
Unable to read storvsc.sys
Unable to read swenum.sys
Unable to read tape.sys
Unable to read tcpip.sys
Unable to read tcpipreg.sys
Unable to read tdi.sys
Unable to read tdpipe.sys
Unable to read tdtcp.sys
Unable to read tdx.sys
Unable to read termdd.sys
Unable to read tssecsrv.sys
Unable to read TsUsbFlt.sys
Unable to read tunnel.sys
Unable to read UAGP35.SYS
Unable to read udfs.sys
Unable to read ULIAGPKX.SYS
Unable to read umbus.sys
Unable to read umpass.sys
Unable to read usb8023.sys
Unable to read usbccgp.sys
Unable to read usbcir.sys
Unable to read usbd.sys
Unable to read usbehci.sys
Unable to read usbhub.sys
Unable to read usbohci.sys
Unable to read usbport.sys
Unable to read usbprint.sys
Unable to read usbscan.sys
Unable to read USBSTOR.SYS
Unable to read usbuhci.sys
Unable to read usbvideo.sys
Unable to read vdrvroot.sys
Unable to read vga.sys
Unable to read vgapnp.sys
Unable to read vhdmp.sys
Unable to read VIAAGP.SYS
Unable to read viac7.sys
Unable to read viaide.sys
Unable to read videoprt.sys
Unable to read vmbus.sys
Unable to read VMBusHID.sys
Unable to read vms3cap.sys
Unable to read vmstorfl.sys
Unable to read volmgr.sys
Unable to read volmgrx.sys
Unable to read volsnap.sys
Unable to read vsmraid.sys
Unable to read vwifibus.sys
Unable to read vwififlt.sys
Unable to read vwifimp.sys
Unable to read wacompen.sys
Unable to read wanarp.sys
Unable to read watchdog.sys
Unable to read wd.sys
Unable to read Wdf01000.sys
Unable to read WdfLdr.sys
Unable to read wfplwf.sys
Unable to read wimmount.sys
Unable to read winhv.sys
Unable to read winusb.sys
Unable to read wmiacpi.sys
Unable to read wmilib.sys
Unable to read ws2ifsl.sys
Unable to read WUDFPf.sys
Unable to read WUDFRd.sys
-=E.O.F=-
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 09-05-2015
Ran by shaka at 2015-05-13 14:00:54
Running from C:\Users\shaka\Downloads
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrador (S-1-5-21-248733116-1412973945-2583540736-500 - Administrator - Disabled)
Invitado (S-1-5-21-248733116-1412973945-2583540736-501 - Limited - Disabled)
shaka (S-1-5-21-248733116-1412973945-2583540736-1000 - Administrator - Enabled) => C:\Users\shaka
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: AVG AntiVirus Free Edition 2015 (Disabled - Out of date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2015 (Disabled - Out of date) {F620D48B-1497-73CC-F290-58052563BEAE}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.5941 - AVG Technologies)
AVG 2015 (Version: 15.0.4331 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.5941 - AVG Technologies) Hidden
BufferChm (Version: 130.0.327.000 - Hewlett-Packard) Hidden
Crystal Reports (HKLM\...\CrystalReports) (Version: - )
Destinations (Version: 130.0.0.0 - Hewlett-Packard) Hidden
DocProc (Version: 13.0.0.0 - Hewlett-Packard) Hidden
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version: - )
Google Chrome (HKLM\...\Google Chrome) (Version: 42.0.2311.152 - Google Inc.)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden
GPBaseService2 (Version: 130.0.367.000 - Hewlett-Packard) Hidden
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP)
HP Scanjet 2400 (HKLM\...\{D3A65B0A-403B-4C20-A488-BFED2BC5D2EF}) (Version: 13.0 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Update (HKLM\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (Version: 1.00.0000 - Microsoft) Hidden
hpg2410 (Version: 14.0.0.0 - Nombre de su organización) Hidden
HPPhotosmartEssential (Version: 2.04.0000 - Hewlett-Packard) Hidden
HPProductAssistant (Version: 130.0.367.000 - Hewlett-Packard) Hidden
Intel(R) Management Engine Components (HKLM\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.4.1441 - Intel Corporation)
Intel(R) OpenCL CPU Runtime (HKLM\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: - Intel Corporation)
Intel(R) Processor Graphics (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2669 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.0.0.1032 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{51A66ED3-200E-4147-8D1E-E8D30936FD26}) (Version: 1.23.605.1 - Intel Corporation)
Malwarebytes Anti-Malware Version 2.1.6.1022 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Markey (HKLM\...\Markey1.0) (Version: 1.0 - Markey)
Markey (HKLM\...\Markey3.5) (Version: 3.5 - Prevención Tecnológica S.A.)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP)
Realtek Ethernet Controller Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.49.927.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6521 - Realtek Semiconductor Corp.)
Scan (Version: 13.0.0.0 - Hewlett-Packard) Hidden
Skype Click to Call (HKLM\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 7.4 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.4.102 - Skype Technologies S.A.)
SolutionCenter (Version: 130.0.369.000 - Hewlett-Packard) Hidden
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 2.0.6 (HKLM\...\VLC media player) (Version: 2.0.6 - VideoLAN)
WebReg (Version: 130.0.128.017 - Hewlett-Packard) Hidden
WinRAR 4.20 (32-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-248733116-1412973945-2583540736-1000_Classes\CLSID\{0B4AA204-AB61-47E3-B5B4-27DCF375EBAC}\localserver32 -> "CDStart.exe" No File
==================== Restore Points =========================
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 23:04 - 2013-04-13 20:23 - 00000864 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 validation.sls.microsoft.com
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {26333F52-395A-40AF-85EB-62866E3A9FD2} - System32\Tasks\{7862002D-768C-4093-A780-26FFE95CA295} => Chrome.exe hxxp://ui.skype.com/ui/0/6.6.0.106/es/abandoninstall?page=tsPlugin
Task: {39492BFD-1022-4CCB-8342-FBEFE6A28FAF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-24] (Google Inc.)
Task: {BD9C3C2F-475C-46F2-882C-97DAD8F857B9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-24] (Google Inc.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) ==============
2013-04-13 21:21 - 2013-03-19 01:48 - 00038912 _____ () C:\Windows\system32\CSRSRV.dll
2009-07-13 20:11 - 2009-07-13 22:16 - 00033280 _____ () C:\Windows\system32\pcwum.dll
2009-07-13 20:11 - 2009-07-13 22:16 - 00033280 _____ () c:\windows\system32\pcwum.DLL
2009-07-13 20:11 - 2009-07-13 22:16 - 00033280 _____ () C:\Windows\System32\pcwum.dll
2009-07-13 20:11 - 2009-07-13 22:16 - 00033280 _____ () c:\windows\system32\pcwum.dll
2013-04-16 10:29 - 2012-09-18 15:26 - 00169472 _____ () C:\Windows\System32\zlhp1020.dll
2013-04-16 10:30 - 2012-09-18 15:26 - 00059904 _____ () C:\Windows\system32\spool\PRTPROCS\W32X86\pphp1020.dll
2010-01-30 02:41 - 2010-01-30 02:41 - 04254560 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2013-04-13 20:03 - 2012-02-27 13:07 - 00094208 _____ () C:\Windows\System32\IccLibDll.dll
2013-04-18 12:04 - 2013-04-18 12:04 - 00172032 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\8b857add6394c98128874eb2579534e5\IsdiInterop.ni.dll
2013-04-13 19:55 - 2011-11-29 20:00 - 00059392 _____ () C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2013-04-13 19:51 - 2012-03-06 04:27 - 01198872 ____R () C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2015-05-13 10:32 - 2015-05-05 01:06 - 01252680 _____ () C:\Program Files\Google\Chrome\Application\42.0.2311.152\libglesv2.dll
2015-05-13 10:32 - 2015-05-05 01:06 - 00080712 _____ () C:\Program Files\Google\Chrome\Application\42.0.2311.152\libegl.dll
2015-05-13 10:32 - 2015-05-05 01:06 - 14982472 _____ () C:\Program Files\Google\Chrome\Application\42.0.2311.152\PepperFlash\pepflashplayer.dll
2015-05-13 13:55 - 2014-06-26 07:44 - 00358144 _____ () C:\Program Files\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, the associated entry will be removed from the registry.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-248733116-1412973945-2583540736-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\shaka\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 200.49.130.47 - 200.42.4.210
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: c2cautoupdatesvc => 2
MSCONFIG\Services: c2cpnrsvc => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: gusvc => 3
MSCONFIG\Services: KMService => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\startupfolder: C:^Users^shaka^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^HELP_DECRYPT.HTML => C:\Windows\pss\HELP_DECRYPT.HTML.Startup
MSCONFIG\startupfolder: C:^Users^shaka^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^HELP_DECRYPT.PNG => C:\Windows\pss\HELP_DECRYPT.PNG.Startup
MSCONFIG\startupfolder: C:^Users^shaka^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^HELP_DECRYPT.TXT => C:\Windows\pss\HELP_DECRYPT.TXT.Startup
MSCONFIG\startupfolder: C:^Users^shaka^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^HELP_DECRYPT.URL => C:\Windows\pss\HELP_DECRYPT.URL.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: avgnt => "C:\Program Files\Avira\Antivirus\avgnt.exe" /min
MSCONFIG\startupreg: BCSSync => "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: HP Software Update => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: hpqSRMon => C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
MSCONFIG\startupreg: IAStorIcon => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
MSCONFIG\startupreg: RTHDVCPL => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: Windows Search 5.3.10 => "C:\ProgramData\Windows Search 5.3.10\5mk1owasew99.exe"
==================== FirewallRules (whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{43EA46D2-576A-4D49-87F0-CB599B1A9F9C}] => (Allow) C:\Program Files\AVG\AVG2013\avgmfapx.exe
FirewallRules: [{889A193B-0CF9-4617-ACAB-CDC78B719F8E}] => (Allow) C:\Program Files\AVG\AVG2013\avgmfapx.exe
FirewallRules: [{9C5BA8F1-12DF-4316-8BEC-4FFEE95297A8}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{1F6799A7-3655-46B2-A8BD-DD3A1E998BE4}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{37FE0C1C-F4F8-460F-BFBC-A69ABA0607FA}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{1AF2A179-93CB-41A1-897C-0F4C97EE35FB}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{387476B0-3580-4F27-A229-469E5222F2AC}] => (Allow) C:\Program Files\common files\hp\digital imaging\bin\hpqphotocrm.exe
FirewallRules: [{B282551C-C29C-43D9-9F1E-C3579876C643}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe
FirewallRules: [{2E2B045C-B6A5-4F0D-B272-838EF219E7AC}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe
FirewallRules: [{381B57EF-4C70-4B1E-8EC1-16C80BC3CD95}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe
FirewallRules: [{1CCD67C9-35AF-415A-975B-0B42DC531DF5}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{8FDF4CBE-6D1A-4053-B6DE-B07E4344078F}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{42BFC7E9-9F1D-4062-BF03-F8758434D5AC}] => (Allow) C:\Program Files\HP\hp software update\hpwucli.exe
FirewallRules: [TCP Query User{695A6352-C713-4E93-B73C-0D91FAAD09FA}C:\users\shaka\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\shaka\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{3B58EFB0-4B90-4D15-A134-12562EE5B357}C:\users\shaka\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\shaka\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{0D4C6489-4111-4FA2-A261-CD582DC318D5}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
FirewallRules: [{912D1AF4-FD65-4852-8C06-82DF132EE1BB}] => (Allow) C:\Program Files\AVG\AVG2015\avgnsx.exe
FirewallRules: [{15A0BC5E-EB73-467D-86B0-6EF1DF41E623}] => (Allow) C:\Program Files\AVG\AVG2015\avgnsx.exe
FirewallRules: [{C1586590-AC4C-4155-8A93-8C0D1CECB3B9}] => (Allow) C:\Program Files\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{8860B64F-93EB-415E-A78F-5BB71196526C}] => (Allow) C:\Program Files\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{50206D38-EBD5-4011-9FBB-3061A19B73BE}] => (Allow) C:\Program Files\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{B4770506-583E-48B9-8DE5-447CE81EBF39}] => (Allow) C:\Program Files\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{1D3BD8A4-4675-4F8D-85D7-0D675030892B}] => (Allow) C:\Program Files\AVG\AVG2015\avgemcx.exe
FirewallRules: [{236C3B48-1BB4-46A7-B850-775A521863F8}] => (Allow) C:\Program Files\AVG\AVG2015\avgemcx.exe
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (05/13/2015 11:03:37 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Error del Servicio de instantáneas de volumen: error inesperado al consultar la interfaz IVssWriterCallback. HR = 0x80070005, Acceso denegado.
.
A menudo ocurre por una configuración de seguridad incorrecta en el proceso de escritura o de solicitud.
Operación:
Recopilando datos del escritor
Contexto:
Id. de clase del escritor: {e8132975-6f93-4464-a53e-1050253ae220}
Nombre del escritor: System Writer
Id. de instancia del escritor: {e4c47749-9679-4d3a-915e-4bd4a36a802c}
Error: (05/13/2015 10:30:38 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: taskhost.exe, versión: 6.1.7601.18010, marca de tiempo: 0x50aee407
Nombre del módulo con errores: ntdll.dll, versión: 6.1.7601.17725, marca de tiempo: 0x4ec49b60
Código de excepción: 0x80000003
Desplazamiento de errores: 0x0006374e
Id. del proceso con errores: 0x738
Hora de inicio de la aplicación con errores: 0xtaskhost.exe0
Ruta de acceso de la aplicación con errores: taskhost.exe1
Ruta de acceso del módulo con errores: taskhost.exe2
Id. del informe: taskhost.exe3
Error: (05/13/2015 10:30:35 AM) (Source: VSS) (EventID: 13) (User: )
Description: Información del Servicio de instantáneas de volumen: el servidor COM con CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} y el nombre Coordinator no puede iniciarse. [0x80070005, Acceso denegado.
]
Error: (05/13/2015 09:24:00 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: AvastUI.exe, versión: 10.2.2218.942, marca de tiempo: 0x55364e82
Nombre del módulo con errores: ntdll.dll, versión: 6.1.7601.17725, marca de tiempo: 0x4ec49b60
Código de excepción: 0xc000070a
Desplazamiento de errores: 0x0009bdec
Id. del proceso con errores: 0xb74
Hora de inicio de la aplicación con errores: 0xAvastUI.exe0
Ruta de acceso de la aplicación con errores: AvastUI.exe1
Ruta de acceso del módulo con errores: AvastUI.exe2
Id. del informe: AvastUI.exe3
Error: (05/12/2015 11:30:16 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: El programa Explorer.EXE, versión 6.1.7601.17514, dejó de interactuar con Windows y se cerró. Para ver si hay más información disponible acerca del problema, compruebe el historial de problemas en el panel de control Centro de actividades.
Identificador de proceso: 868
Hora de inicio: 01d08d22fe2cd795
Hora de finalización: 31
Ruta de acceso de la aplicación: C:\Windows\Explorer.EXE
Identificador de informe: fb53a5b0-f917-11e4-a81f-eca86b747777
Error: (05/12/2015 11:01:57 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Error del Servicio de instantáneas de volumen: error inesperado al consultar la interfaz IVssWriterCallback. HR = 0x80070005, Acceso denegado.
.
A menudo ocurre por una configuración de seguridad incorrecta en el proceso de escritura o de solicitud.
Operación:
Recopilando datos del escritor
Contexto:
Id. de clase del escritor: {e8132975-6f93-4464-a53e-1050253ae220}
Nombre del escritor: System Writer
Id. de instancia del escritor: {9980a6b2-78b8-445c-8265-5e61a92e039f}
Error: (05/12/2015 10:58:11 PM) (Source: VSS) (EventID: 13) (User: )
Description: Información del Servicio de instantáneas de volumen: el servidor COM con CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} y el nombre Coordinator no puede iniciarse. [0x80070005, Acceso denegado.
]
Error: (05/12/2015 10:58:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: taskhost.exe, versión: 6.1.7601.18010, marca de tiempo: 0x50aee407
Nombre del módulo con errores: ntdll.dll, versión: 6.1.7601.17725, marca de tiempo: 0x4ec49b60
Código de excepción: 0x80000003
Desplazamiento de errores: 0x0006374e
Id. del proceso con errores: 0x80c
Hora de inicio de la aplicación con errores: 0xtaskhost.exe0
Ruta de acceso de la aplicación con errores: taskhost.exe1
Ruta de acceso del módulo con errores: taskhost.exe2
Id. del informe: taskhost.exe3
Error: (05/12/2015 10:51:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: Avira.OE.Systray.exe, versión: 1.1.37.14638, marca de tiempo: 0x5535f74c
Nombre del módulo con errores: unknown, versión: 0.0.0.0, marca de tiempo: 0x00000000
Código de excepción: 0xc0000005
Desplazamiento de errores: 0x05943637
Id. del proceso con errores: 0x1104
Hora de inicio de la aplicación con errores: 0xAvira.OE.Systray.exe0
Ruta de acceso de la aplicación con errores: Avira.OE.Systray.exe1
Ruta de acceso del módulo con errores: Avira.OE.Systray.exe2
Id. del informe: Avira.OE.Systray.exe3
Error: (05/12/2015 10:47:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: Avira.OE.Systray.exe, versión: 1.1.37.14638, marca de tiempo: 0x5535f74c
Nombre del módulo con errores: unknown, versión: 0.0.0.0, marca de tiempo: 0x00000000
Código de excepción: 0xc0000005
Desplazamiento de errores: 0x08cf3637
Id. del proceso con errores: 0x1514
Hora de inicio de la aplicación con errores: 0xAvira.OE.Systray.exe0
Ruta de acceso de la aplicación con errores: Avira.OE.Systray.exe1
Ruta de acceso del módulo con errores: Avira.OE.Systray.exe2
Id. del informe: Avira.OE.Systray.exe3
System errors:
=============
Error: (05/13/2015 01:11:19 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: El siguiente controlador de inicio del sistema o de inicio del arranque no se cargó correctamente:
Avgdiskx
AVGIDSDriver
AVGIDSHX
AVGIDSShim
Avgldx86
Avglogx
Avgmfx86
Avgrkx86
Avgtdix
avipbb
avkmgr
ssmdrv
Error: (05/13/2015 01:11:18 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: El servicio Avira Mail Protection depende del servicio Avira Real-Time Protection, el cual no pudo iniciarse debido al siguiente error:
%%2
Error: (05/13/2015 01:11:18 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: El servicio MBAMService depende del servicio MBAMProtector, el cual no pudo iniciarse debido al siguiente error:
%%31
Error: (05/13/2015 01:11:18 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: El servicio avnetflt no pudo iniciarse debido al siguiente error:
%%31
Error: (05/13/2015 01:11:18 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: El servicio AVGIDSAgent depende del servicio AVGIDSDriver, el cual no pudo iniciarse debido al siguiente error:
%%31
Error: (05/13/2015 01:11:18 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: El servicio Avira Web Protection depende del servicio Avira Real-Time Protection, el cual no pudo iniciarse debido al siguiente error:
%%2
Error: (05/13/2015 01:11:18 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: El servicio Avira Real-Time Protection no pudo iniciarse debido al siguiente error:
%%2
Error: (05/13/2015 01:11:18 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: El servicio Avira Programador no pudo iniciarse debido al siguiente error:
%%2
Error: (05/13/2015 01:11:16 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: El servicio MBAMProtector no pudo iniciarse debido al siguiente error:
%%31
Error: (05/13/2015 01:11:16 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: El servicio avgntflt no pudo iniciarse debido al siguiente error:
%%31
Microsoft Office Sessions:
=========================
Error: (05/13/2015 11:03:37 AM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Acceso denegado.
Operación:
Recopilando datos del escritor
Contexto:
Id. de clase del escritor: {e8132975-6f93-4464-a53e-1050253ae220}
Nombre del escritor: System Writer
Id. de instancia del escritor: {e4c47749-9679-4d3a-915e-4bd4a36a802c}
Error: (05/13/2015 10:30:38 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: taskhost.exe6.1.7601.1801050aee407ntdll.dll6.1.7601.177254ec49b60800000030006374e73801d08d7faa64a4e1C:\Windows\system32\taskhost.exeC:\Windows\SYSTEM32\ntdll.dll3dfc7cde-f974-11e4-b8f9-eca86b747777
Error: (05/13/2015 10:30:35 AM) (Source: VSS) (EventID: 13) (User: )
Description: {e579ab5f-1cc4-44b4-bed9-de0991ff0623}Coordinator0x80070005, Acceso denegado.
Error: (05/13/2015 09:24:00 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: AvastUI.exe10.2.2218.94255364e82ntdll.dll6.1.7601.177254ec49b60c000070a0009bdecb7401d08d777c55c59fC:\Program Files\AVAST Software\Avast\AvastUI.exeC:\Windows\SYSTEM32\ntdll.dlleeec3b61-f96a-11e4-a7a9-eca86b747777
Error: (05/12/2015 11:30:16 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Explorer.EXE6.1.7601.1751486801d08d22fe2cd79531C:\Windows\Explorer.EXEfb53a5b0-f917-11e4-a81f-eca86b747777
Error: (05/12/2015 11:01:57 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Acceso denegado.
Operación:
Recopilando datos del escritor
Contexto:
Id. de clase del escritor: {e8132975-6f93-4464-a53e-1050253ae220}
Nombre del escritor: System Writer
Id. de instancia del escritor: {9980a6b2-78b8-445c-8265-5e61a92e039f}
Error: (05/12/2015 10:58:11 PM) (Source: VSS) (EventID: 13) (User: )
Description: {e579ab5f-1cc4-44b4-bed9-de0991ff0623}Coordinator0x80070005, Acceso denegado.
Error: (05/12/2015 10:58:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: taskhost.exe6.1.7601.1801050aee407ntdll.dll6.1.7601.177254ec49b60800000030006374e80c01d08d0c2286d8dbC:\Windows\system32\taskhost.exeC:\Windows\SYSTEM32\ntdll.dll7f0061d9-f913-11e4-bc6f-eca86b747777
Error: (05/12/2015 10:51:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Avira.OE.Systray.exe1.1.37.146385535f74cunknown0.0.0.000000000c000000505943637110401d08d1f400b655eC:\Program Files\Avira\Launcher\Avira.OE.Systray.exeunknown867b065c-f912-11e4-bc6f-eca86b747777
Error: (05/12/2015 10:47:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Avira.OE.Systray.exe1.1.37.146385535f74cunknown0.0.0.000000000c000000508cf3637151401d08d1ed1c878eaC:\Program Files\Avira\Launcher\Avira.OE.Systray.exeunknown135de0a0-f912-11e4-bc6f-eca86b747777
==================== Memory info ===========================
Processor: Intel(R) Pentium(R) CPU G2020 @ 2.90GHz
Percentage of memory in use: 41%
Total physical RAM: 3494.59 MB
Available physical RAM: 2056.86 MB
Total Pagefile: 6987.47 MB
Available Pagefile: 5550.57 MB
Total Virtual: 2047.88 MB
Available Virtual: 1877.03 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:465.66 GB) (Free:431.06 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 5DC69892)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)
==================== End Of Log ============================
Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 09-05-2015
Ran by shaka (administrator) on OFICINA on 13-05-2015 14:00:25
Running from C:\Users\shaka\Downloads
Loaded Profiles: shaka (Available profiles: shaka)
Platform: Microsoft Windows 7 Enterprise Service Pack 1 (X86) OS Language: Español (España, internacional)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgwdsvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgemcx.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.26.9\GoogleCrashHandler.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgui.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\msconfig.exe
(ESET) C:\Program Files\ESET\ESET Online Scanner\OnlineScannerApp.exe
() C:\Program Files\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2015\avgui.exe [3745232 2015-04-15] (AVG Technologies CZ, s.r.o.)
HKU\S-1-5-21-248733116-1412973945-2583540736-1000\...\MountPoints2: {2d3b77c9-a4a4-11e2-9f54-806e6f6e6963} - D:\EIProcessCaller.exe
HKU\S-1-5-21-248733116-1412973945-2583540736-1000\...\MountPoints2: {4e1a8a16-c215-11e2-b710-eca86b747777} - G:\LaunchU3.exe -a
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2013-04-15] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-248733116-1412973945-2583540736-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=SKY2&ocid=SKY2DHP&osmkt=es-ar
HKU\S-1-5-21-248733116-1412973945-2583540736-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://ar.msn.com/?ocid=iehp
HKU\S-1-5-21-248733116-1412973945-2583540736-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = https://mail.google.com/mail/u/1/#inbox
hxxp://www.lanacion.com.ar/
hxxp://www.prefecturanaval.gov.ar/web/es/html/dico_alturas.php
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-248733116-1412973945-2583540736-1000 -> {B6846C33-43CE-41CD-BB51-F754E8F8D9C0} URL = https://www.google.com/search?q={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
Hosts: 127.0.0.1 validation.sls.microsoft.com
Tcpip\Parameters: [DhcpNameServer] 200.49.130.47 200.42.4.210
FireFox:
========
FF ProfilePath: C:\Users\shaka\AppData\Roaming\Mozilla\Firefox\Profiles\3UZSzQhi.default
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-01-06] (Intel Corporation)
FF Plugin: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-01-06] (Intel Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-09] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-09] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2013-04-10] (VideoLAN)
FF Extension: Avira Browser Safety - C:\Users\shaka\AppData\Roaming\Mozilla\Firefox\Profiles\3UZSzQhi.default\Extensions\abs@avira.com [2015-05-12]
Chrome:
=======
CHR HomePage: Default -> hxxp://avg.nation.com/avgtbavg/search/home?cid={E208873C-885A-4286-B6F4-317872DB511A}&mid=491fcc7d9a9147d3b0823de12d909e84-0762da72d5c59cee9c9f5a280d2b05848fe8dcff&lang=es-es&ds=AVG&coid=avgtbavg&pr=fr&d=2013-10-01 13:49:47&v=18.1.0.443&pid=nation&sg=0&sap=hp&cmpid=0913b
CHR StartupUrls: Default -> "hxxp://avg.nation.com/avgtbavg/search/home?cid={E208873C-885A-4286-B6F4-317872DB511A}&mid=491fcc7d9a9147d3b0823de12d909e84-0762da72d5c59cee9c9f5a280d2b05848fe8dcff&lang=es-es&ds=AVG&coid=avgtbavg&pr=fr&d=2013-10-01 13:49:47&v=18.1.0.443&pid=nation&sg=0&sap=hp&cmpid=0913b"
CHR DefaultSearchKeyword: Default -> avg.nation.com
CHR DefaultSearchURL: Default -> hxxp://avg.nation.com/avgtbavg/search/web?cid={E208873C-885A-4286-B6F4-317872DB511A}&mid=491fcc7d9a9147d3b0823de12d909e84-0762da72d5c59cee9c9f5a280d2b05848fe8dcff&lang=es-es&ds=AVG&coid=avgtbavg&pr=fr&d=2013-10-01 13:49:47&v=17.0.1.12&pid=nation&sg=0&sap=dsp&q={searchTerms}&cmpid=0913b
CHR DefaultNewTabURL: Default -> https://avg.nation.com/chroment?espv=2&cid={E208873C-885A-4286-B6F4-317872DB511A}&mid=491fcc7d9a9147d3b0823de12d909e84-0762da72d5c59cee9c9f5a280d2b05848fe8dcff&lang=es-es&ds=AVG&pr=fr&d=2013-10-01 13:49:47&v=18.1.0.443&pid=nation&sg=0
CHR DefaultSuggestURL: Default -> hxxp://toolbar.avg.com/acp?q={searchTerms}&o=1
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\42.0.2311.152\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\42.0.2311.152\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\42.0.2311.152\pdf.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (VLC Web Plugin) - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Profile: C:\Users\shaka\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\shaka\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-06-27]
CHR Extension: (Google Search) - C:\Users\shaka\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-06-27]
CHR Extension: (Bookmark Manager) - C:\Users\shaka\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-27]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\shaka\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-21]
CHR Extension: (Google Wallet) - C:\Users\shaka\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-24]
CHR Extension: (Gmail) - C:\Users\shaka\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-06-27]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
Locked "548bdadaaeecaa26" service could not be unlocked. <===== ATTENTION
S2 AVGIDSAgent; C:\Program Files\AVG\AVG2015\avgidsagent.exe [3438032 2015-04-15] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2015\avgwdsvc.exe [311792 2015-04-15] (AVG Technologies CZ, s.r.o.)
S4 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
S4 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
S3 cphs; C:\Windows\system32\IntelCpHeciSvc.exe [276248 2012-03-06] (Intel Corporation)
S3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-18] (Hewlett-Packard Co.) [File not signed]
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [458464 2012-02-02] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [162648 2012-03-15] (Intel Corporation)
S4 KMService; C:\Windows\system32\srvany.exe [8192 2013-04-13] () [File not signed]
S2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
U3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-13] (Microsoft Corporation)
S2 AntiVirMailService; "C:\Program Files\Avira\Antivirus\avmailc7.exe" [X]
S2 AntiVirSchedulerService; "C:\Program Files\Avira\Antivirus\sched.exe" [X]
S2 AntiVirService; "C:\Program Files\Avira\Antivirus\avguard.exe" [X]
S2 AntiVirWebService; "C:\Program Files\Avira\Antivirus\avwebg7.exe" [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 amdide; C:\Windows\system32\drivers\amdide.sys [14912 2009-07-13] () [File not signed]
S3 AmdK8; C:\Windows\system32\DRIVERS\amdk8.sys [55296 2009-07-13] () [File not signed]
S3 AmdPPM; C:\Windows\system32\DRIVERS\amdppm.sys [52736 2009-07-13] () [File not signed]
S3 amdsata; C:\Windows\system32\drivers\amdsata.sys [80256 2010-11-20] () [File not signed]
S3 amdsbs; C:\Windows\system32\DRIVERS\amdsbs.sys [159312 2009-07-13] () [File not signed]
R0 amdxata; C:\Windows\System32\drivers\amdxata.sys [22400 2010-11-20] () [File not signed]
S3 AppID; C:\Windows\system32\drivers\appid.sys [50176 2010-11-20] () [File not signed]
S3 arc; C:\Windows\system32\DRIVERS\arc.sys [76368 2009-07-13] () [File not signed]
S3 arcsas; C:\Windows\system32\DRIVERS\arcsas.sys [86608 2009-07-13] () [File not signed]
S3 AsyncMac; C:\Windows\System32\DRIVERS\asyncmac.sys [17920 2009-07-13] () [File not signed]
R0 atapi; C:\Windows\System32\drivers\atapi.sys [21584 2009-07-13] () [File not signed]
S1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [132576 2015-03-11] () [File not signed]
S1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [226784 2015-04-09] () [File not signed]
S0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [166880 2015-03-11] () [File not signed]
S1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [29664 2015-03-11] () [File not signed]
S1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [206816 2015-04-15] () [File not signed]
S0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [269792 2015-03-11] () [File not signed]
S0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [110048 2015-04-03] (AVG Technologies CZ, s.r.o.)
S2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105864 2015-03-27] (Avira Operations GmbH & Co. KG)
S0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [35808 2015-03-20] () [File not signed]
S1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [213984 2015-04-07] () [File not signed]
S1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2015-03-27] (Avira Operations GmbH & Co. KG)
S1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2015-03-27] (Avira Operations GmbH & Co. KG)
S2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [37896 2015-03-27] (Avira Operations GmbH & Co. KG)
S3 b06bdrv; C:\Windows\system32\DRIVERS\bxvbdx.sys [430080 2009-07-13] () [File not signed]
S3 b57nd60x; C:\Windows\System32\DRIVERS\b57nd60x.sys [229888 2009-07-13] () [File not signed]
R1 Beep; C:\Windows\system32\Drivers\Beep.sys [6144 2009-07-13] () [File not signed]
R1 blbdrive; C:\Windows\System32\DRIVERS\blbdrive.sys [35328 2009-07-13] () [File not signed]
R3 bowser; C:\Windows\System32\DRIVERS\bowser.sys [69632 2011-02-23] () [File not signed]
S3 BrFiltLo; C:\Windows\system32\DRIVERS\BrFiltLo.sys [13568 2009-07-13] () [File not signed]
S3 BrFiltUp; C:\Windows\system32\DRIVERS\BrFiltUp.sys [5248 2009-07-13] () [File not signed]
S3 Brserid; C:\Windows\System32\Drivers\Brserid.sys [272128 2009-07-13] () [File not signed]
S3 BrSerWdm; C:\Windows\System32\Drivers\BrSerWdm.sys [62336 2009-07-13] () [File not signed]
S3 BrUsbMdm; C:\Windows\System32\Drivers\BrUsbMdm.sys [12160 2009-07-13] () [File not signed]
S3 BrUsbSer; C:\Windows\System32\Drivers\BrUsbSer.sys [11904 2009-07-13] () [File not signed]
S3 BTHMODEM; C:\Windows\system32\DRIVERS\bthmodem.sys [56320 2009-07-13] () [File not signed]
S4 cdfs; C:\Windows\System32\DRIVERS\cdfs.sys [70656 2009-07-13] () [File not signed]
R1 cdrom; C:\Windows\System32\DRIVERS\cdrom.sys [108544 2010-11-20] () [File not signed]
S3 circlass; C:\Windows\system32\DRIVERS\circlass.sys [37888 2009-07-13] () [File not signed]
R0 CLFS; C:\Windows\System32\CLFS.sys [249408 2009-07-13] () [File not signed]
S3 CmBatt; C:\Windows\system32\DRIVERS\CmBatt.sys [14080 2009-07-13] () [File not signed]
S3 cmdide; C:\Windows\system32\drivers\cmdide.sys [15952 2009-07-13] () [File not signed]
R0 CNG; C:\Windows\System32\Drivers\cng.sys [369336 2012-06-02] () [File not signed]
S3 Compbatt; C:\Windows\system32\DRIVERS\compbatt.sys [19024 2009-07-13] () [File not signed]
R3 CompositeBus; C:\Windows\system32\drivers\CompositeBus.sys [31232 2010-11-20] () [File not signed]
S4 crcdisk; C:\Windows\system32\DRIVERS\crcdisk.sys [22096 2009-07-13] () [File not signed]
R1 CSC; C:\Windows\System32\drivers\csc.sys [388096 2010-11-20] () [File not signed]
R1 DfsC; C:\Windows\System32\Drivers\dfsc.sys [78336 2010-11-20] () [File not signed]
R1 discache; C:\Windows\System32\drivers\discache.sys [32256 2009-07-13] () [File not signed]
R0 Disk; C:\Windows\System32\DRIVERS\disk.sys [57424 2009-07-13] () [File not signed]
S3 drmkaud; C:\Windows\System32\drivers\drmkaud.sys [5120 2009-07-13] () [File not signed]
R3 DXGKrnl; C:\Windows\System32\drivers\dxgkrnl.sys [728448 2010-11-20] () [File not signed]
S3 ebdrv; C:\Windows\system32\DRIVERS\evbdx.sys [3100160 2009-07-13] () [File not signed]
S3 elxstor; C:\Windows\system32\DRIVERS\elxstor.sys [453712 2009-07-13] () [File not signed]
S3 ErrDev; C:\Windows\system32\drivers\errdev.sys [7168 2009-07-13] () [File not signed]
S3 exfat; C:\Windows\system32\Drivers\exfat.sys [142336 2009-07-13] () [File not signed]
S3 fastfat; C:\Windows\system32\Drivers\fastfat.sys [148480 2009-07-13] () [File not signed]
R3 fdc; C:\Windows\System32\DRIVERS\fdc.sys [25088 2009-07-13] () [File not signed]
R0 FileInfo; C:\Windows\System32\drivers\fileinfo.sys [58448 2009-07-13] () [File not signed]
S3 Filetrace; C:\Windows\System32\drivers\filetrace.sys [28160 2009-07-13] () [File not signed]
S3 flpydisk; C:\Windows\system32\DRIVERS\flpydisk.sys [19968 2009-07-13] () [File not signed]
R0 FltMgr; C:\Windows\System32\drivers\fltmgr.sys [198208 2009-07-13] () [File not signed]
S3 FsDepends; C:\Windows\System32\drivers\FsDepends.sys [46160 2009-07-13] () [File not signed]
U0 Fs_Rec; C:\Windows\system32\Drivers\Fs_Rec.sys [19824 2012-03-01] () [File not signed]
R0 fvevol; C:\Windows\System32\DRIVERS\fvevol.sys [194800 2010-11-20] () [File not signed]
S3 gagp30kx; C:\Windows\system32\DRIVERS\gagp30kx.sys [57936 2009-07-13] () [File not signed]
S3 hcw85cir; C:\Windows\system32\drivers\hcw85cir.sys [26624 2009-07-13] () [File not signed]
S3 HdAudAddService; C:\Windows\system32\drivers\HdAudio.sys [304128 2010-11-20] () [File not signed]
R3 HDAudBus; C:\Windows\system32\drivers\HDAudBus.sys [108544 2010-11-20] () [File not signed]
S3 HidBatt; C:\Windows\system32\DRIVERS\HidBatt.sys [21504 2009-07-13] () [File not signed]
S3 HidBth; C:\Windows\system32\DRIVERS\hidbth.sys [91136 2009-07-13] () [File not signed]
S3 HidIr; C:\Windows\system32\DRIVERS\hidir.sys [37888 2009-07-13] () [File not signed]
R3 HidUsb; C:\Windows\System32\DRIVERS\hidusb.sys [24064 2010-11-20] () [File not signed]
S3 HpSAMD; C:\Windows\system32\drivers\HpSAMD.sys [67152 2009-07-13] () [File not signed]
R3 HTTP; C:\Windows\System32\drivers\HTTP.sys [513536 2010-11-20] () [File not signed]
R0 hwpolicy; C:\Windows\System32\drivers\hwpolicy.sys [14208 2010-11-20] () [File not signed]
R3 i8042prt; C:\Windows\system32\drivers\i8042prt.sys [80896 2009-07-13] () [File not signed]
R0 iaStor; C:\Windows\System32\DRIVERS\iaStor.sys [470808 2011-11-29] () [File not signed]
S3 iaStorV; C:\Windows\system32\drivers\iaStorV.sys [332160 2010-11-20] () [File not signed]
R3 igfx; C:\Windows\System32\DRIVERS\igdkmd32.sys [13207552 2012-02-27] () [File not signed]
S3 iirsp; C:\Windows\system32\DRIVERS\iirsp.sys [41040 2009-07-13] () [File not signed]
R3 IntcAzAudAddService; C:\Windows\System32\drivers\RTKVHDA.sys [3919976 2011-12-06] () [File not signed]
S3 intelide; C:\Windows\system32\drivers\intelide.sys [15424 2009-07-13] () [File not signed]
R3 intelppm; C:\Windows\System32\DRIVERS\intelppm.sys [53760 2009-07-13] () [File not signed]
S3 IpFilterDriver; C:\Windows\System32\DRIVERS\ipfltdrv.sys [58880 2009-07-13] () [File not signed]
S3 IPMIDRV; C:\Windows\system32\drivers\IPMIDrv.sys [65536 2010-11-20] () [File not signed]
S3 IPNAT; C:\Windows\System32\drivers\ipnat.sys [101888 2009-07-13] () [File not signed]
S3 IRENUM; C:\Windows\System32\drivers\irenum.sys [13824 2009-07-13] () [File not signed]
S3 isapnp; C:\Windows\system32\drivers\isapnp.sys [46656 2009-07-13] () [File not signed]
S3 iScsiPrt; C:\Windows\system32\drivers\msiscsi.sys [233344 2010-11-20] () [File not signed]
R3 kbdclass; C:\Windows\system32\drivers\kbdclass.sys [42576 2009-07-13] () [File not signed]
S3 kbdhid; C:\Windows\system32\drivers\kbdhid.sys [28160 2010-11-20] () [File not signed]
R0 KSecDD; C:\Windows\System32\Drivers\ksecdd.sys [67440 2012-06-02] () [File not signed]
R0 KSecPkg; C:\Windows\System32\Drivers\ksecpkg.sys [134000 2012-06-02] () [File not signed]
R2 lltdio; C:\Windows\System32\DRIVERS\lltdio.sys [48128 2009-07-13] () [File not signed]
S3 LSI_FC; C:\Windows\system32\DRIVERS\lsi_fc.sys [95824 2009-07-13] () [File not signed]
S3 LSI_SAS; C:\Windows\system32\DRIVERS\lsi_sas.sys [89168 2009-07-13] () [File not signed]
S3 LSI_SAS2; C:\Windows\system32\DRIVERS\lsi_sas2.sys [54864 2009-07-13] () [File not signed]
S3 LSI_SCSI; C:\Windows\system32\DRIVERS\lsi_scsi.sys [96848 2009-07-13] () [File not signed]
R2 luafv; C:\Windows\system32\drivers\luafv.sys [86528 2009-07-13] () [File not signed]
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-04-14] (Malwarebytes Corporation)
S3 megasas; C:\Windows\system32\DRIVERS\megasas.sys [30800 2009-07-13] () [File not signed]
S3 MegaSR; C:\Windows\system32\DRIVERS\MegaSR.sys [235584 2009-07-13] () [File not signed]
R3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [46080 2011-11-09] () [File not signed]
S3 Modem; C:\Windows\System32\drivers\modem.sys [31744 2009-07-13] () [File not signed]
R3 monitor; C:\Windows\System32\DRIVERS\monitor.sys [23552 2009-07-13] () [File not signed]
R3 mouclass; C:\Windows\System32\DRIVERS\mouclass.sys [41552 2009-07-13] () [File not signed]
R3 mouhid; C:\Windows\System32\DRIVERS\mouhid.sys [26112 2009-07-13] () [File not signed]
R0 mountmgr; C:\Windows\System32\drivers\mountmgr.sys [78208 2010-11-20] () [File not signed]
S3 mpio; C:\Windows\system32\drivers\mpio.sys [130432 2010-11-20] () [File not signed]
R3 mpsdrv; C:\Windows\System32\drivers\mpsdrv.sys [60416 2009-07-13] () [File not signed]
S3 MRxDAV; C:\Windows\system32\drivers\mrxdav.sys [115712 2010-11-20] () [File not signed]
R3 mrxsmb; C:\Windows\System32\DRIVERS\mrxsmb.sys [123904 2011-04-26] () [File not signed]
R3 mrxsmb10; C:\Windows\System32\DRIVERS\mrxsmb10.sys [223744 2011-07-08] () [File not signed]
R3 mrxsmb20; C:\Windows\System32\DRIVERS\mrxsmb20.sys [96768 2011-04-26] () [File not signed]
R0 msahci; C:\Windows\System32\drivers\msahci.sys [28032 2010-11-20] () [File not signed]
S3 msdsm; C:\Windows\system32\drivers\msdsm.sys [116096 2010-11-20] () [File not signed]
R1 Msfs; C:\Windows\system32\Drivers\Msfs.sys [22528 2009-07-13] ()
S3 mshidkmdf; C:\Windows\System32\drivers\mshidkmdf.sys [4096 2009-07-13] () [File not signed]
R0 msisadrv; C:\Windows\System32\drivers\msisadrv.sys [13888 2009-07-13] () [File not signed]
S3 MSKSSRV; C:\Windows\System32\drivers\MSKSSRV.sys [8320 2009-07-13] () [File not signed]
S3 MSPCLOCK; C:\Windows\System32\drivers\MSPCLOCK.sys [5888 2009-07-13] () [File not signed]
S3 MSPQM; C:\Windows\System32\drivers\MSPQM.sys [5504 2009-07-13] () [File not signed]
S3 MsRPC; C:\Windows\system32\Drivers\MsRPC.sys [162896 2009-07-13] () [File not signed]
R1 mssmbios; C:\Windows\system32\drivers\mssmbios.sys [28240 2009-07-13] () [File not signed]
S3 MSTEE; C:\Windows\System32\drivers\MSTEE.sys [6144 2009-07-13] () [File not signed]
S3 MTConfig; C:\Windows\system32\DRIVERS\MTConfig.sys [12288 2009-07-13] () [File not signed]
R0 Mup; C:\Windows\System32\Drivers\mup.sys [49728 2009-07-13] () [File not signed]
S3 NativeWifiP; C:\Windows\System32\DRIVERS\nwifi.sys [267264 2009-07-13] () [File not signed]
R0 NDIS; C:\Windows\System32\drivers\ndis.sys [712576 2010-11-20] () [File not signed]
S3 NdisCap; C:\Windows\System32\DRIVERS\ndiscap.sys [27136 2009-07-13] () [File not signed]
R3 NdisTapi; C:\Windows\System32\DRIVERS\ndistapi.sys [20992 2009-07-13] () [File not signed]
S3 Ndisuio; C:\Windows\System32\DRIVERS\ndisuio.sys [46080 2010-11-20] () [File not signed]
R3 NdisWan; C:\Windows\System32\DRIVERS\ndiswan.sys [118784 2010-11-20] () [File not signed]
R3 NDProxy; C:\Windows\system32\Drivers\NDProxy.sys [48640 2010-11-20] () [File not signed]
R1 NetBIOS; C:\Windows\System32\DRIVERS\netbios.sys [36352 2009-07-13] () [File not signed]
R1 NetBT; C:\Windows\System32\DRIVERS\netbt.sys [187904 2010-11-20] () [File not signed]
S3 nfrd960; C:\Windows\system32\DRIVERS\nfrd960.sys [44624 2009-07-13] () [File not signed]
R1 Npfs; C:\Windows\system32\Drivers\Npfs.sys [35328 2009-07-13] () [File not signed]
R1 nsiproxy; C:\Windows\System32\drivers\nsiproxy.sys [16896 2009-07-13] () [File not signed]
R3 Ntfs; C:\Windows\system32\Drivers\Ntfs.sys [1211264 2010-11-20] ()
R1 Null; C:\Windows\system32\Drivers\Null.sys [4608 2009-07-13] () [File not signed]
S3 nvraid; C:\Windows\system32\drivers\nvraid.sys [117120 2010-11-20] () [File not signed]
S3 nvstor; C:\Windows\system32\drivers\nvstor.sys [143744 2010-11-20] () [File not signed]
S3 nv_agp; C:\Windows\system32\drivers\nv_agp.sys [105024 2009-07-13] () [File not signed]
S3 ohci1394; C:\Windows\system32\drivers\ohci1394.sys [62464 2009-07-13] () [File not signed]
S3 Parport; C:\Windows\system32\DRIVERS\parport.sys [79360 2009-07-13] () [File not signed]
R0 partmgr; C:\Windows\System32\drivers\partmgr.sys [56176 2012-03-17] () [File not signed]
S2 Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [8704 2009-07-13] () [File not signed]
R0 pci; C:\Windows\System32\drivers\pci.sys [153984 2010-11-20] () [File not signed]
S3 pciide; C:\Windows\system32\drivers\pciide.sys [12368 2009-07-13] () [File not signed]
S3 pcmcia; C:\Windows\system32\DRIVERS\pcmcia.sys [180288 2009-07-13] () [File not signed]
R0 pcw; C:\Windows\System32\drivers\pcw.sys [43088 2009-07-13] () [File not signed]
R2 PEAUTH; C:\Windows\System32\drivers\peauth.sys [586752 2009-07-13] () [File not signed]
R3 PptpMiniport; C:\Windows\System32\DRIVERS\raspptp.sys [73728 2009-07-13] () [File not signed]
S3 Processor; C:\Windows\system32\DRIVERS\processr.sys [52224 2009-07-13] () [File not signed]
R1 Psched; C:\Windows\System32\DRIVERS\pacer.sys [104448 2009-07-13] () [File not signed]
S3 ql2300; C:\Windows\system32\DRIVERS\ql2300.sys [1383488 2009-07-13] () [File not signed]
S3 ql40xx; C:\Windows\system32\DRIVERS\ql40xx.sys [106064 2009-07-13] () [File not signed]
S3 QWAVEdrv; C:\Windows\system32\drivers\qwavedrv.sys [31744 2009-07-13] () [File not signed]
S3 RasAcd; C:\Windows\System32\DRIVERS\rasacd.sys [11776 2009-07-13] () [File not signed]
R3 RasAgileVpn; C:\Windows\System32\DRIVERS\AgileVpn.sys [49152 2009-07-13] () [File not signed]
R3 Rasl2tp; C:\Windows\System32\DRIVERS\rasl2tp.sys [78848 2009-07-13] () [File not signed]
R3 RasPppoe; C:\Windows\System32\DRIVERS\raspppoe.sys [77824 2009-07-13] () [File not signed]
R3 RasSstp; C:\Windows\System32\DRIVERS\rassstp.sys [75264 2009-07-13] () [File not signed]
R1 rdbss; C:\Windows\System32\DRIVERS\rdbss.sys [242688 2010-11-20] () [File not signed]
R3 rdpbus; C:\Windows\System32\DRIVERS\rdpbus.sys [18944 2009-07-13] () [File not signed]
R1 RDPCDD; C:\Windows\System32\DRIVERS\RDPCDD.sys [6656 2010-11-20] () [File not signed]
S3 RDPDR; C:\Windows\System32\drivers\rdpdr.sys [133632 2010-11-20] () [File not signed]
R1 RDPENCDD; C:\Windows\System32\drivers\rdpencdd.sys [6656 2009-07-13] () [File not signed]
R1 RDPREFMP; C:\Windows\System32\drivers\rdprefmp.sys [7168 2009-07-13] () [File not signed]
S3 RdpVideoMiniport; C:\Windows\System32\drivers\rdpvideominiport.sys [15872 2010-11-20] () [File not signed]
S3 RDPWD; C:\Windows\system32\Drivers\RDPWD.sys [183808 2012-04-28] () [File not signed]
R0 rdyboost; C:\Windows\System32\drivers\rdyboost.sys [173440 2010-11-20] () [File not signed]
R2 rspndr; C:\Windows\System32\DRIVERS\rspndr.sys [60928 2009-07-13] () [File not signed]
R3 RTL8167; C:\Windows\System32\DRIVERS\Rt86win7.sys [490088 2011-09-29] () [File not signed]
S3 s3cap; C:\Windows\system32\drivers\vms3cap.sys [5632 2010-11-20] () [File not signed]
S3 sbp2port; C:\Windows\system32\drivers\sbp2port.sys [85376 2010-11-20] () [File not signed]
S3 scfilter; C:\Windows\System32\DRIVERS\scfilter.sys [26624 2010-11-20] () [File not signed]
R2 secdrv; C:\Windows\system32\Drivers\secdrv.sys [20480 2009-07-13] () [File not signed]
R3 Serenum; C:\Windows\System32\DRIVERS\serenum.sys [17920 2009-07-13] () [File not signed]
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [83456 2009-07-13] () [File not signed]
S3 sermouse; C:\Windows\system32\DRIVERS\sermouse.sys [19968 2009-07-13] () [File not signed]
S3 sffdisk; C:\Windows\system32\drivers\sffdisk.sys [11264 2009-07-13] () [File not signed]
S3 sffp_mmc; C:\Windows\system32\drivers\sffp_mmc.sys [12288 2009-07-13] () [File not signed]
S3 sffp_sd; C:\Windows\system32\drivers\sffp_sd.sys [12800 2010-11-20] () [File not signed]
S3 sfloppy; C:\Windows\system32\DRIVERS\sfloppy.sys [13824 2009-07-13] () [File not signed]
S3 sisagp; C:\Windows\system32\drivers\sisagp.sys [52304 2009-07-13] () [File not signed]
S3 SiSRaid2; C:\Windows\system32\DRIVERS\SiSRaid2.sys [40016 2009-07-13] () [File not signed]
S3 SiSRaid4; C:\Windows\system32\DRIVERS\sisraid4.sys [77888 2009-07-13] () [File not signed]
S3 Smb; C:\Windows\System32\DRIVERS\smb.sys [71168 2009-07-13] () [File not signed]
R0 spldr; C:\Windows\system32\Drivers\spldr.sys [17472 2009-07-13] () [File not signed]
R3 srv; C:\Windows\System32\DRIVERS\srv.sys [311808 2011-04-28] () [File not signed]
R3 srv2; C:\Windows\System32\DRIVERS\srv2.sys [310272 2011-04-28] () [File not signed]
R3 srvnet; C:\Windows\System32\DRIVERS\srvnet.sys [114688 2011-04-28] () [File not signed]
S1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2015-03-27] (Avira GmbH)
S3 stexstor; C:\Windows\system32\DRIVERS\stexstor.sys [21072 2009-07-13] () [File not signed]
R0 storflt; C:\Windows\System32\drivers\vmstorfl.sys [40704 2010-11-20] () [File not signed]
S3 storvsc; C:\Windows\system32\drivers\storvsc.sys [28032 2010-11-20] () [File not signed]
R3 swenum; C:\Windows\system32\drivers\swenum.sys [12240 2009-07-13] () [File not signed]
R0 Tcpip; C:\Windows\System32\drivers\tcpip.sys [1293672 2013-01-03] () [File not signed]
S3 TCPIP6; C:\Windows\System32\DRIVERS\tcpip.sys [1293672 2013-01-03] () [File not signed]
R2 tcpipreg; C:\Windows\System32\drivers\tcpipreg.sys [35328 2010-11-20] () [File not signed]
S3 TDPIPE; C:\Windows\System32\drivers\tdpipe.sys [18432 2010-11-20] () [File not signed]
S3 TDTCP; C:\Windows\System32\drivers\tdtcp.sys [24576 2012-02-17] () [File not signed]
R1 tdx; C:\Windows\System32\DRIVERS\tdx.sys [74752 2010-11-20] () [File not signed]
R1 TermDD; C:\Windows\system32\drivers\termdd.sys [53120 2010-11-20] () [File not signed]
S3 tssecsrv; C:\Windows\System32\DRIVERS\tssecsrv.sys [31232 2010-11-20] () [File not signed]
S3 TsUsbFlt; C:\Windows\System32\drivers\tsusbflt.sys [52224 2010-11-20] () [File not signed]
R3 tunnel; C:\Windows\System32\DRIVERS\tunnel.sys [108544 2010-11-20] () [File not signed]
S3 uagp35; C:\Windows\system32\DRIVERS\uagp35.sys [55888 2009-07-13] () [File not signed]
S4 udfs; C:\Windows\System32\DRIVERS\udfs.sys [246784 2010-11-20] () [File not signed]
S3 uliagpkx; C:\Windows\system32\drivers\uliagpkx.sys [57424 2009-07-13] () [File not signed]
R3 umbus; C:\Windows\system32\drivers\umbus.sys [39936 2010-11-20] () [File not signed]
S3 UmPass; C:\Windows\system32\DRIVERS\umpass.sys [8192 2009-07-13] () [File not signed]
S3 usbccgp; C:\Windows\System32\DRIVERS\usbccgp.sys [75776 2010-11-20] () [File not signed]
S3 usbcir; C:\Windows\system32\drivers\usbcir.sys [86016 2009-07-13] () [File not signed]
R3 usbehci; C:\Windows\system32\drivers\usbehci.sys [42496 2010-11-20] () [File not signed]
R3 usbhub; C:\Windows\system32\drivers\usbhub.sys [258560 2010-11-20] () [File not signed]
S3 usbohci; C:\Windows\system32\drivers\usbohci.sys [20480 2009-07-13] () [File not signed]
R3 usbprint; C:\Windows\System32\DRIVERS\usbprint.sys [19968 2009-07-13] () [File not signed]
R3 usbscan; C:\Windows\System32\DRIVERS\usbscan.sys [35840 2009-07-13] () [File not signed]
R3 USBSTOR; C:\Windows\System32\DRIVERS\USBSTOR.SYS [76288 2010-11-20] () [File not signed]
S3 usbuhci; C:\Windows\system32\drivers\usbuhci.sys [24064 2009-07-13] () [File not signed]
S3 usbvideo; C:\Windows\System32\Drivers\usbvideo.sys [146432 2010-11-20] () [File not signed]
R0 vdrvroot; C:\Windows\System32\drivers\vdrvroot.sys [32832 2009-07-13] () [File not signed]
S3 vga; C:\Windows\System32\DRIVERS\vgapnp.sys [26112 2009-07-13] () [File not signed]
R1 VgaSave; C:\Windows\System32\drivers\vga.sys [25088 2009-07-13] () [File not signed]
S3 vhdmp; C:\Windows\system32\drivers\vhdmp.sys [160128 2010-11-20] () [File not signed]
S3 viaagp; C:\Windows\system32\drivers\viaagp.sys [53328 2009-07-13] () [File not signed]
S3 ViaC7; C:\Windows\system32\DRIVERS\viac7.sys [52736 2009-07-13] () [File not signed]
S3 viaide; C:\Windows\system32\drivers\viaide.sys [16976 2009-07-13] () [File not signed]
R0 vmbus; C:\Windows\System32\drivers\vmbus.sys [175360 2010-11-20] () [File not signed]
S3 VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [17920 2010-11-20] () [File not signed]
R0 volmgr; C:\Windows\System32\drivers\volmgr.sys [53120 2010-11-20] () [File not signed]
R0 volmgrx; C:\Windows\System32\drivers\volmgrx.sys [297040 2009-07-13] () [File not signed]
R0 volsnap; C:\Windows\System32\drivers\volsnap.sys [245632 2010-11-20] () [File not signed]
S3 vsmraid; C:\Windows\system32\DRIVERS\vsmraid.sys [141904 2009-07-13] () [File not signed]
S3 vwifibus; C:\Windows\System32\drivers\vwifibus.sys [19968 2009-07-13] () [File not signed]
S3 WacomPen; C:\Windows\system32\DRIVERS\wacompen.sys [21632 2009-07-13] () [File not signed]
S3 WANARP; C:\Windows\System32\DRIVERS\wanarp.sys [63488 2010-11-20] () [File not signed]
R1 Wanarpv6; C:\Windows\System32\DRIVERS\wanarp.sys [63488 2010-11-20] () [File not signed]
S3 Wd; C:\Windows\system32\DRIVERS\wd.sys [19024 2009-07-13] () [File not signed]
R0 Wdf01000; C:\Windows\System32\drivers\Wdf01000.sys [445008 2009-07-13] () [File not signed]
R1 WfpLwf; C:\Windows\System32\DRIVERS\wfplwf.sys [9728 2009-07-13] () [File not signed]
S3 WIMMount; C:\Windows\System32\drivers\wimmount.sys [19008 2009-07-13] () [File not signed]
S3 WinUsb; C:\Windows\System32\DRIVERS\WinUsb.sys [35968 2010-11-20] () [File not signed]
S3 WmiAcpi; C:\Windows\system32\drivers\wmiacpi.sys [11264 2009-07-13] () [File not signed]
S4 ws2ifsl; C:\Windows\system32\drivers\ws2ifsl.sys [16384 2009-07-13] () [File not signed]
R3 WudfPf; C:\Windows\System32\drivers\WudfPf.sys [92672 2010-11-20] () [File not signed]
R3 WUDFRd; C:\Windows\System32\DRIVERS\WUDFRd.sys [132224 2010-11-20] () [File not signed]
U5 548bdadaaeecaa26; C:\Windows\System32\Drivers\548bdadaaeecaa26.sys [85632 2015-05-11] () <===== ATTENTION Necurs Rootkit?
U5 BattC; C:\Windows\System32\Drivers\BattC.sys [25168 2009-07-13] () [File not signed]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-05-13 14:00 - 2015-05-13 14:00 - 00036557 _____ () C:\Users\shaka\Downloads\FRST.txt
2015-05-13 14:00 - 2015-05-13 14:00 - 00000000 ____D () C:\FRST
2015-05-13 13:59 - 2015-05-13 13:59 - 01141248 _____ (Farbar) C:\Users\shaka\Downloads\FRST.exe
2015-05-13 13:59 - 2015-05-13 13:59 - 00014196 _____ () C:\Users\shaka\Downloads\defogger_disable.log
2015-05-13 13:59 - 2015-05-13 13:59 - 00000000 _____ () C:\Users\shaka\defogger_reenable
2015-05-13 13:58 - 2015-05-13 13:58 - 00050477 _____ () C:\Users\shaka\Downloads\Defogger.exe
2015-05-13 13:54 - 2015-05-13 13:54 - 00000000 ____D () C:\Program Files\ESET
2015-05-13 13:51 - 2015-05-13 13:51 - 02347384 _____ (ESET) C:\Users\shaka\Downloads\esetsmartinstaller_deu.exe
2015-05-13 13:16 - 2015-05-13 13:16 - 00000000 ____D () C:\Windows\system32\appmgmt
2015-05-13 12:42 - 2015-05-13 12:42 - 00001308 _____ () C:\Users\shaka\Desktop\AdwCleaner[S3].txt
2015-05-13 11:52 - 2015-05-13 11:52 - 00001190 _____ () C:\Users\shaka\Desktop\AdwCleaner[S2].txt
2015-05-13 11:36 - 2015-05-13 11:36 - 00000951 _____ () C:\Users\Public\Desktop\AVG 2015.lnk
2015-05-13 11:36 - 2015-05-13 11:36 - 00000000 ____D () C:\Users\shaka\AppData\Roaming\AVG2015
2015-05-13 11:36 - 2015-05-13 11:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-05-13 11:35 - 2015-05-13 11:36 - 00000000 ____D () C:\ProgramData\AVG2015
2015-05-13 11:35 - 2015-05-13 11:35 - 00000000 ___HD () C:\$AVG
2015-05-13 11:34 - 2015-05-13 11:34 - 00000000 ____D () C:\Program Files\AVG
2015-05-13 11:33 - 2015-05-13 11:36 - 00000000 ____D () C:\Users\shaka\AppData\Local\Avg2015
2015-05-13 11:23 - 2015-05-13 11:33 - 171931928 _____ (AVG Technologies) C:\Users\shaka\Downloads\avg_free_x86_all_2015_ltst_222_5941 (1).exe
2015-05-13 10:41 - 2015-05-13 12:43 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-13 10:41 - 2015-05-13 10:41 - 00001060 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-05-13 10:41 - 2015-05-13 10:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2015-05-13 10:40 - 2015-05-13 10:41 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware
2015-05-13 10:40 - 2015-05-13 10:40 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-05-13 10:40 - 2015-04-14 09:37 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-05-13 10:40 - 2015-04-14 09:37 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-05-13 10:40 - 2015-04-14 09:37 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-05-13 10:34 - 2015-05-13 10:35 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\shaka\Desktop\mbam-setup-2.1.6.1022.exe
2015-05-13 10:24 - 2015-05-13 10:24 - 00001070 _____ () C:\Users\shaka\Desktop\AdwCleaner[S1].txt
2015-05-13 10:14 - 2015-05-13 10:14 - 00002624 _____ () C:\Users\shaka\Desktop\AdwCleaner[S0].txt
2015-05-13 10:13 - 2015-05-13 10:13 - 00000000 ____D () C:\Windows\pss
2015-05-13 09:47 - 2015-05-13 12:38 - 00000000 ____D () C:\AdwCleaner
2015-05-13 09:44 - 2015-05-13 09:45 - 02209792 _____ () C:\Users\shaka\Desktop\AdwCleaner_4.204.exe
2015-05-12 23:00 - 2015-05-13 11:06 - 00000000 ____D () C:\ProgramData\AVAST Software
2015-05-12 22:59 - 2015-05-12 23:00 - 05499960 _____ (Avast Software s.r.o.) C:\Users\shaka\Downloads\avast_free_antivirus_setup_online.exe
2015-05-12 20:37 - 2015-05-12 20:37 - 00000000 __SHD () C:\ProgramData\Windows Search 5.3.10
2015-05-12 17:58 - 2015-05-12 17:58 - 00008646 _____ () C:\Users\shaka\HELP_DECRYPT.HTML
2015-05-12 17:58 - 2015-05-12 17:58 - 00008646 _____ () C:\Users\shaka\Documents\HELP_DECRYPT.HTML
2015-05-12 17:58 - 2015-05-12 17:58 - 00004266 _____ () C:\Users\shaka\HELP_DECRYPT.TXT
2015-05-12 17:58 - 2015-05-12 17:58 - 00004266 _____ () C:\Users\shaka\Documents\HELP_DECRYPT.TXT
2015-05-12 17:58 - 2015-05-12 17:58 - 00000296 _____ () C:\Users\shaka\HELP_DECRYPT.URL
2015-05-12 17:58 - 2015-05-12 17:58 - 00000296 _____ () C:\Users\shaka\Documents\HELP_DECRYPT.URL
2015-05-12 13:53 - 2015-05-12 13:53 - 00000000 ____D () C:\Users\shaka\AppData\Roaming\Mozilla
2015-05-12 13:53 - 2015-05-12 13:53 - 00000000 ____D () C:\Users\shaka\AppData\Roaming\Avira
2015-05-12 13:52 - 2015-03-27 14:22 - 00028520 _____ (Avira GmbH) C:\Windows\system32\Drivers\ssmdrv.sys
2015-05-12 13:52 - 2015-03-27 14:21 - 00136216 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-05-12 13:52 - 2015-03-27 14:21 - 00105864 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-05-12 13:52 - 2015-03-27 14:21 - 00037896 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2015-05-12 13:52 - 2015-03-27 14:21 - 00037352 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2015-05-12 13:43 - 2015-05-12 22:53 - 00000000 ____D () C:\ProgramData\Avira
2015-05-12 13:41 - 2015-05-12 13:41 - 04734040 _____ (Avira Operations GmbH & Co. KG) C:\Users\shaka\Downloads\avira_es_av_55522e78a06f2__ws1.exe
2015-05-12 13:39 - 2015-05-12 13:39 - 00188416 _____ () C:\Users\shaka\AppData\Roaming\Setup.exe
2015-05-12 13:39 - 2015-05-12 13:39 - 00000293 _____ () C:\Users\shaka\AppData\Roaming\8178audayu1bjiao
2015-05-12 10:53 - 2015-05-12 10:53 - 00008646 _____ () C:\Users\shaka\AppData\Roaming\HELP_DECRYPT.HTML
2015-05-12 10:53 - 2015-05-12 10:53 - 00008646 _____ () C:\Users\shaka\AppData\Local\HELP_DECRYPT.HTML
2015-05-12 10:53 - 2015-05-12 10:53 - 00008646 _____ () C:\Users\shaka\AppData\HELP_DECRYPT.HTML
2015-05-12 10:53 - 2015-05-12 10:53 - 00004266 _____ () C:\Users\shaka\AppData\Roaming\HELP_DECRYPT.TXT
2015-05-12 10:53 - 2015-05-12 10:53 - 00004266 _____ () C:\Users\shaka\AppData\Local\HELP_DECRYPT.TXT
2015-05-12 10:53 - 2015-05-12 10:53 - 00004266 _____ () C:\Users\shaka\AppData\HELP_DECRYPT.TXT
2015-05-12 10:53 - 2015-05-12 10:53 - 00000296 _____ () C:\Users\shaka\AppData\Roaming\HELP_DECRYPT.URL
2015-05-12 10:53 - 2015-05-12 10:53 - 00000296 _____ () C:\Users\shaka\AppData\Local\HELP_DECRYPT.URL
2015-05-12 10:53 - 2015-05-12 10:53 - 00000296 _____ () C:\Users\shaka\AppData\HELP_DECRYPT.URL
2015-05-12 10:52 - 2015-05-12 10:52 - 00008646 _____ () C:\ProgramData\HELP_DECRYPT.HTML
2015-05-12 10:52 - 2015-05-12 10:52 - 00004266 _____ () C:\ProgramData\HELP_DECRYPT.TXT
2015-05-12 10:52 - 2015-05-12 10:52 - 00000296 _____ () C:\ProgramData\HELP_DECRYPT.URL
2015-05-11 11:14 - 2015-05-11 11:14 - 00085632 _____ () C:\Windows\system32\Drivers\548bdadaaeecaa26.sys
2015-05-11 11:13 - 2015-05-13 13:00 - 00000000 ___HD () C:\ProgramData\{D9E629DC-CB1C-4A97-9900-81922B4EFFD4}
2015-04-15 13:05 - 2015-04-15 13:05 - 00206816 _____ () C:\Windows\system32\Drivers\avgldx86.sys
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-05-13 13:59 - 2013-04-13 12:00 - 00000000 ____D () C:\Users\shaka
2015-05-13 13:31 - 2013-06-27 17:24 - 00001024 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-13 13:18 - 2009-07-14 01:34 - 00014720 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-13 13:18 - 2009-07-14 01:34 - 00014720 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-13 13:17 - 2013-06-27 17:24 - 00000000 ____D () C:\Users\shaka\AppData\Local\Google
2015-05-13 13:17 - 2013-06-27 17:24 - 00000000 ____D () C:\Program Files\Google
2015-05-13 13:16 - 2013-04-13 20:48 - 00000000 ____D () C:\ProgramData\Adobe
2015-05-13 13:11 - 2013-06-27 17:24 - 00001020 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-13 13:11 - 2013-04-13 19:52 - 00745992 _____ () C:\Windows\PFRO.log
2015-05-13 13:11 - 2009-07-14 01:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-13 13:11 - 2009-07-14 01:39 - 00064582 _____ () C:\Windows\setupact.log
2015-05-13 11:59 - 2013-04-13 20:37 - 00000000 ____D () C:\ProgramData\MFAData
2015-05-13 11:46 - 2009-07-14 05:57 - 00000000 ____D () C:\Windows\ShellNew
2015-05-13 11:33 - 2013-04-13 21:24 - 00000000 ____D () C:\Users\shaka\AppData\Roaming\Skype
2015-05-13 11:01 - 2009-07-14 05:43 - 00000000 ____D () C:\Windows\DigitalLocker
2015-05-13 10:49 - 2009-07-13 23:37 - 00000000 ____D () C:\Windows\tracing
2015-05-13 09:36 - 2013-04-13 12:01 - 01423566 _____ () C:\Windows\WindowsUpdate.log
2015-05-12 21:32 - 2013-04-13 19:34 - 00000000 ____D () C:\TempEI4
2015-05-12 20:18 - 2013-08-20 14:23 - 00000000 ____D () C:\Users\shaka\AppData\Roaming\Dropbox
2015-05-12 18:20 - 2013-04-22 15:19 - 00000000 ____D () C:\SRII
2015-05-12 18:17 - 2013-04-22 15:18 - 00000000 ____D () C:\Delta del Paraná
2015-05-12 18:03 - 2013-08-20 14:26 - 00000000 ___RD () C:\Users\shaka\Dropbox
2015-05-12 17:58 - 2013-04-17 11:01 - 00000000 ____D () C:\Users\shaka\Documents\Mis escaneos
2015-05-12 17:32 - 2015-03-16 09:55 - 00000000 ____D () C:\Users\shaka\Tracing
2015-05-12 15:33 - 2009-07-14 01:52 - 00000000 ____D () C:\Windows\system32\FxsTmp
2015-05-12 10:53 - 2014-02-27 13:52 - 00000000 ____D () C:\Users\shaka\AppData\Local\Skype
2015-05-12 10:53 - 2013-04-16 10:38 - 00000000 ____D () C:\Users\shaka\AppData\Local\HP
2015-05-12 10:53 - 2013-04-16 10:29 - 00000000 ____D () C:\Users\shaka\AppData\Roaming\Adobe
2015-05-12 10:53 - 2013-04-16 10:28 - 00000000 ____D () C:\Users\shaka\AppData\Roaming\HP
2015-05-12 10:52 - 2013-04-22 15:19 - 00000000 ____D () C:\Shaka
2015-05-12 10:52 - 2013-04-22 15:18 - 00000000 ____D () C:\Fuska
2015-05-05 14:28 - 2013-04-13 12:03 - 01530242 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-01 09:32 - 2013-04-13 21:24 - 00000000 ____D () C:\ProgramData\Skype
==================== Files in the root of some directories =======
2015-05-12 13:39 - 2015-05-12 13:39 - 0000293 _____ () C:\Users\shaka\AppData\Roaming\8178audayu1bjiao
2015-05-12 10:53 - 2015-05-12 10:53 - 0008646 _____ () C:\Users\shaka\AppData\Roaming\HELP_DECRYPT.HTML
2015-05-12 10:53 - 2015-05-12 10:53 - 0045436 _____ () C:\Users\shaka\AppData\Roaming\HELP_DECRYPT.PNG
2015-05-12 10:53 - 2015-05-12 10:53 - 0004266 _____ () C:\Users\shaka\AppData\Roaming\HELP_DECRYPT.TXT
2015-05-12 10:53 - 2015-05-12 10:53 - 0000296 _____ () C:\Users\shaka\AppData\Roaming\HELP_DECRYPT.URL
2015-02-06 16:39 - 2015-02-06 16:39 - 0000824 _____ () C:\Users\shaka\AppData\Roaming\my_stuff.gif
2015-02-06 16:40 - 2015-02-06 16:40 - 0000554 _____ () C:\Users\shaka\AppData\Roaming\re.gif
2015-05-12 13:39 - 2015-05-12 13:39 - 0188416 _____ () C:\Users\shaka\AppData\Roaming\Setup.exe
2015-05-12 10:53 - 2015-05-12 10:53 - 0008646 _____ () C:\Users\shaka\AppData\Local\HELP_DECRYPT.HTML
2015-05-12 10:53 - 2015-05-12 10:53 - 0045436 _____ () C:\Users\shaka\AppData\Local\HELP_DECRYPT.PNG
2015-05-12 10:53 - 2015-05-12 10:53 - 0004266 _____ () C:\Users\shaka\AppData\Local\HELP_DECRYPT.TXT
2015-05-12 10:53 - 2015-05-12 10:53 - 0000296 _____ () C:\Users\shaka\AppData\Local\HELP_DECRYPT.URL
2015-05-12 10:52 - 2015-05-12 10:52 - 0008646 _____ () C:\ProgramData\HELP_DECRYPT.HTML
2015-05-12 10:52 - 2015-05-12 10:52 - 0045436 _____ () C:\ProgramData\HELP_DECRYPT.PNG
2015-05-12 10:52 - 2015-05-12 10:52 - 0004266 _____ () C:\ProgramData\HELP_DECRYPT.TXT
2015-05-12 10:52 - 2015-05-12 10:52 - 0000296 _____ () C:\ProgramData\HELP_DECRYPT.URL
2013-04-16 10:17 - 2013-04-16 10:28 - 0000357 _____ () C:\ProgramData\hpzinstall.log
Some content of TEMP:
====================
C:\Users\shaka\AppData\Local\Temp\avgnt.exe
C:\Users\shaka\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpblnf9z.dll
C:\Users\shaka\AppData\Local\Temp\FlashPlayerUpdate.exe
C:\Users\shaka\AppData\Local\Temp\FP_AX_MSI_INSTALLER.exe
C:\Users\shaka\AppData\Local\Temp\ose00000.exe
C:\Users\shaka\AppData\Local\Temp\Quarantine.exe
C:\Users\shaka\AppData\Local\Temp\SkypeSetup.exe
C:\Users\shaka\AppData\Local\Temp\sqlite3.dll
C:\Users\shaka\AppData\Local\Temp\_is7D49.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys
[2013-04-15 08:10] - [2010-11-20 09:30] - 0245632 ____A () D41D8CD98F00B204E9800998ECF8427E
C:\Windows\system32\Drivers\volsnap.sys No Company Name <===== ATTENTION!
LastRegBack: 2015-05-05 12:12
==================== End Of Log ============================
Code:
ATTFilter # AdwCleaner v4.204 - Registro generado 13/05/2015 en 09:53:31
# Actualizado 12/05/2015 por Xplode
# Base de datos : 2015-05-12.2 [Local]
# Sistema operativo : Windows 7 Enterprise Service Pack 1 (x86)
# Nombre de usuario : shaka - OFICINA
# Ejecutado desde : C:\Users\shaka\Desktop\AdwCleaner_4.204.exe
# Opción : Limpiar
***** [ Servicios ] *****
***** [ Archivos / Carpetas ] *****
Carpeta Eliminar : C:\ProgramData\AVG Security Toolbar
Carpeta Eliminar : C:\ProgramData\Systweak
Carpeta Eliminar : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced System Protector
Carpeta Eliminar : C:\Program Files\Advanced System Protector
Carpeta Eliminar : C:\Users\shaka\AppData\LocalLow\AVG Nation toolbar
Carpeta Eliminar : C:\Users\shaka\AppData\Roaming\Systweak
Carpeta Eliminar : C:\Users\shaka\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcfenmboojpjinhpgggodefccipikbpd
Archivo Eliminar : C:\Windows\system32\roboot.exe
Archivo Eliminar : C:\Windows\system32\drivers\548bdadaaeecaa26.sys
***** [ Tareas programadas... ] *****
Tarea Eliminar : Advanced System Protector_startup
***** [ Accesos directos ] *****
***** [ Registro ] *****
Llave Eliminar : HKCU\Software\Google\Chrome\Extensions\fcfenmboojpjinhpgggodefccipikbpd
Llave Eliminar : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Llave Eliminar : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Llave Eliminar : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Llave Eliminar : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Llave Eliminar : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Llave Eliminar : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
Llave Eliminar : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Llave Eliminar : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Llave Eliminar : HKCU\Software\systweak
Llave Eliminar : HKLM\SOFTWARE\systweak
Llave Eliminar : HKU\.DEFAULT\Software\AVG Nation toolbar
***** [ Navegadores Web ] *****
-\\ Internet Explorer v9.0.8112.16476
-\\ Mozilla Firefox v
-\\ Google Chrome v42.0.2311.135
[C:\Users\shaka\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Eliminar [Extension] : fcfenmboojpjinhpgggodefccipikbpd
*************************
AdwCleaner[R0].txt - [2602 bytes] - [13/05/2015 09:48:42]
AdwCleaner[S0].txt - [2485 bytes] - [13/05/2015 09:53:31]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2544 bytes] ##########
Code:
ATTFilter # AdwCleaner v4.204 - Registro generado 13/05/2015 en 10:18:46
# Actualizado 12/05/2015 por Xplode
# Base de datos : 2015-05-12.2 [Local]
# Sistema operativo : Windows 7 Enterprise Service Pack 1 (x86)
# Nombre de usuario : shaka - OFICINA
# Ejecutado desde : C:\Users\shaka\Desktop\AdwCleaner_4.204.exe
# Opción : Limpiar
***** [ Servicios ] *****
***** [ Archivos / Carpetas ] *****
Archivo Eliminar : C:\Windows\system32\drivers\548bdadaaeecaa26.sys
***** [ Tareas programadas... ] *****
***** [ Accesos directos ] *****
***** [ Registro ] *****
***** [ Navegadores Web ] *****
-\\ Internet Explorer v9.0.8112.16476
-\\ Mozilla Firefox v
-\\ Google Chrome v42.0.2311.135
*************************
AdwCleaner[R0].txt - [2602 bytes] - [13/05/2015 09:48:42]
AdwCleaner[R1].txt - [1012 bytes] - [13/05/2015 10:17:47]
AdwCleaner[S0].txt - [2624 bytes] - [13/05/2015 09:53:31]
AdwCleaner[S1].txt - [933 bytes] - [13/05/2015 10:18:46]
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [991 bytes] ##########
Code:
ATTFilter # AdwCleaner v4.204 - Registro generado 13/05/2015 en 11:48:46
# Actualizado 12/05/2015 por Xplode
# Base de datos : 2015-05-12.2 [Local]
# Sistema operativo : Windows 7 Enterprise Service Pack 1 (x86)
# Nombre de usuario : shaka - OFICINA
# Ejecutado desde : C:\Users\shaka\Desktop\AdwCleaner_4.204.exe
# Opción : Limpiar
***** [ Servicios ] *****
***** [ Archivos / Carpetas ] *****
Archivo Eliminar : C:\Windows\system32\drivers\548bdadaaeecaa26.sys
***** [ Tareas programadas... ] *****
***** [ Accesos directos ] *****
***** [ Registro ] *****
***** [ Navegadores Web ] *****
-\\ Internet Explorer v9.0.8112.16476
-\\ Mozilla Firefox v
-\\ Google Chrome v42.0.2311.152
*************************
AdwCleaner[R0].txt - [2602 bytes] - [13/05/2015 09:48:42]
AdwCleaner[R1].txt - [1012 bytes] - [13/05/2015 10:17:47]
AdwCleaner[R2].txt - [1131 bytes] - [13/05/2015 11:47:51]
AdwCleaner[S0].txt - [2624 bytes] - [13/05/2015 09:53:31]
AdwCleaner[S1].txt - [1070 bytes] - [13/05/2015 10:18:46]
AdwCleaner[S2].txt - [1051 bytes] - [13/05/2015 11:48:46]
########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1110 bytes] ##########
Code:
ATTFilter # AdwCleaner v4.204 - Registro generado 13/05/2015 en 12:38:14
# Actualizado 12/05/2015 por Xplode
# Base de datos : 2015-05-12.2 [Local]
# Sistema operativo : Windows 7 Enterprise Service Pack 1 (x86)
# Nombre de usuario : shaka - OFICINA
# Ejecutado desde : C:\Users\shaka\Desktop\AdwCleaner_4.204.exe
# Opción : Limpiar
***** [ Servicios ] *****
***** [ Archivos / Carpetas ] *****
Archivo Eliminar : C:\Windows\system32\drivers\548bdadaaeecaa26.sys
***** [ Tareas programadas... ] *****
***** [ Accesos directos ] *****
***** [ Registro ] *****
***** [ Navegadores Web ] *****
-\\ Internet Explorer v9.0.8112.16476
-\\ Mozilla Firefox v
-\\ Google Chrome v42.0.2311.152
*************************
AdwCleaner[R0].txt - [2602 bytes] - [13/05/2015 09:48:42]
AdwCleaner[R1].txt - [1012 bytes] - [13/05/2015 10:17:47]
AdwCleaner[R2].txt - [1131 bytes] - [13/05/2015 11:47:51]
AdwCleaner[R3].txt - [1249 bytes] - [13/05/2015 12:37:33]
AdwCleaner[S0].txt - [2624 bytes] - [13/05/2015 09:53:31]
AdwCleaner[S1].txt - [1070 bytes] - [13/05/2015 10:18:46]
AdwCleaner[S2].txt - [1190 bytes] - [13/05/2015 11:48:46]
AdwCleaner[S3].txt - [1169 bytes] - [13/05/2015 12:38:14]
########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [1228 bytes] ##########
|
| Themen zu TR/Rootkit.Gen2 - Virenscanner wird deaktiviert - Metasploit 7 wird im Startmenue aktiviert - 5mk1owasew99.exe |
| adware, antivirus, avg, avira, browser, cpu, defender, desktop, explorer, helper, homepage, internet, internet explorer, langsam, mozilla, problem, rootkit, scan, security, services.exe, software, svchost.exe, system, udp, windows |
Baum-Darstellung