Windows 7: Verschlüsselungs-Virus CryptoWall
Guten Tag,
Bei einem PC bei uns zu Hause, kann man auf verschiedene Dateien nicht mehr zugreifen. Zudem wurden in mehreren Verzeichnissen Dateien mit dem Namen "HELP_DECRYPT" erstellt.
Es scheint sich dabei um einen Virus mit dem Namen CryptoWall zu handeln.
Ich hoffe es kann mir hier jemand helfen.
Hierzu habe ich bereits die Logfiles erstellt:
Defogger:
defogger_disable: Code:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 17:36 on 01/05/2015 (Moritz)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
HKCU:DAEMON Tools Lite -> Removed
Checking for services/drivers...
-=E.O.F=-
Addition: Code:
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 29-04-2015 01
Ran by Moritz at 2015-05-01 17:41:31
Running from C:\Users\Moritz\Downloads
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-3034795617-3668048000-2035637637-500 - Administrator - Disabled)
Gabi (S-1-5-21-3034795617-3668048000-2035637637-1002 - Administrator - Enabled) => C:\Users\Gabi
Gast (S-1-5-21-3034795617-3668048000-2035637637-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3034795617-3668048000-2035637637-1005 - Limited - Enabled)
Lukas (S-1-5-21-3034795617-3668048000-2035637637-1000 - Administrator - Enabled) => C:\Users\Lukas
Moritz (S-1-5-21-3034795617-3668048000-2035637637-1003 - Administrator - Enabled) => C:\Users\Moritz
Test (S-1-5-21-3034795617-3668048000-2035637637-1006 - Administrator - Enabled) => C:\Users\Test
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Flash Player 17 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Photoshop 7.0 (HKLM\...\Adobe Photoshop 7.0) (Version: 7.0 - Adobe Systems, Inc.)
Adobe Reader XI (11.0.10) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Age of Empires II: HD Edition (HKLM\...\Steam App 221380) (Version: - Hidden Path Entertainment, Ensemble Studios)
Age of Empires III - The Asian Dynasties (HKLM\...\InstallShield_{C43C1415-3DFC-4089-9A32-0BECF28A6046}) (Version: 1.00.0000 - Microsoft Game Studios)
Age of Empires III - The Asian Dynasties (Version: 1.00.0000 - Microsoft Game Studios) Hidden
Age of Empires III - The WarChiefs (HKLM\...\InstallShield_{1C08A24C-B168-407E-A826-68FAF5F20710}) (Version: 1.00.0000 - Microsoft Game Studios)
Age of Empires III - The WarChiefs (Version: 1.00.0000 - Microsoft Game Studios) Hidden
Age of Empires III (HKLM\...\InstallShield_{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}) (Version: 1.00.0000 - Microsoft Game Studios)
Age of Empires III (Version: 1.00.0000 - Microsoft Game Studios) Hidden
AMD Catalyst Install Manager (HKLM\...\{C2796CF4-6517-00C1-9F70-6A9C50680D29}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
Audacity 2.0.5 (HKLM\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
Avira (HKLM\...\{d8490d5d-0f24-4000-b2e4-4b500a9a704d}) (Version: 1.1.35.25717 - Avira Operations GmbH & Co. KG)
Avira (Version: 1.1.35.25717 - Avira Operations GmbH & Co. KG) Hidden
Avira Antivirus (HKLM\...\Avira Antivirus) (Version: 15.0.9.504 - Avira Operations GmbH & Co. KG)
Avira Browser Safety (HKLM\...\{9E10EA90-5E97-43B7-A246-FC7B4F5E9493}) (Version: 1.4.5.509 - Avira Operations GmbH & Co KG)
Borderlands 2 Mechromancer Pack DLC 1.00 (HKLM\...\Borderlands 2 Mechromancer Pack DLC 1.00) (Version: - )
Brother MFL-Pro Suite DCP-135C (HKLM\...\{A3FEC306-FBFF-4B0D-95B9-F9C67C65079E}) (Version: 1.0.2.0 - Brother Industries, Ltd.)
Call of Juarez - Bound in Blood (HKLM\...\InstallShield_{FEFAF112-4DA8-479C-89E2-7DE25091711A}) (Version: 1.00.0000 - Ubisoft)
Call of Juarez - Bound in Blood (Version: 1.00.0000 - Ubisoft) Hidden
CPUID HWMonitor 1.25 (HKLM\...\CPUID HWMonitor_is1) (Version: - )
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 4.48.1.0347 - Disc Soft Ltd)
Dead Space (HKLM\...\Steam App 17470) (Version: - EA Redwood Shores)
Die Schlacht um Mittelerde(tm) (HKLM\...\{3F290582-3F4E-4B96-009C-E0BABAA40C42}) (Version: - )
Die Sims™ 3 "Erstelle eine Welt"-Tool - Beta (HKLM\...\{65761BAE-11E8-48FE-B30F-1F01011AB906}) (Version: 1.19.6 - Electronic Arts)
Die Sims™ 3 (HKLM\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.67.2 - Electronic Arts)
DriverToolkit version 8.3.0.0 (HKLM\...\{D66BF89F-B0A2-48F5-A2E4-242EB645AB76}_is1) (Version: 8.3.0.0 - Megaify Software)
DriverTurbo (HKLM\...\DriverTurbo) (Version: 3.2.0 - DeskToolsSoft)
EasySaver B9.0904.1 (HKLM\...\{07300F01-89CA-4CF8-92BD-2A605EB83C95}) (Version: 1.00.0000 - Gigabyte)
Fallout 3 (HKU\{9A2B1544-B686-49b1-B20D-D3EEAFBD9D68}\...\{974C4B12-4D02-4879-85E0-61C95CC63E9E}) (Version: 1.00.0000 - Bethesda Softworks)
Fallout 3 (HKU\{DD542A67-74BE-4779-8A59-D9178AFB2D57}\...\{974C4B12-4D02-4879-85E0-61C95CC63E9E}) (Version: 1.00.0000 - Bethesda Softworks)
Fallout 3 (HKU\S-1-5-21-3034795617-3668048000-2035637637-1003\...\{974C4B12-4D02-4879-85E0-61C95CC63E9E}) (Version: 1.00.0000 - Bethesda Softworks)
Fallout New Vegas Ultimate Edition (HKLM\...\Fallout New Vegas Ultimate Edition_is1) (Version: - )
FLV Player (HKU\{DD542A67-74BE-4779-8A59-D9178AFB2D57}\...\FLV Player) (Version: 1.1 - Somoto Ltd.) <==== ATTENTION
Fotogalerie (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Grand Theft Auto IV (HKLM\...\{579BA58C-F33D-4970-9953-B94B43768AC3}) (Version: 1.00.0000 - Rockstar Games)
Grand Theft Auto IV (Version: 1.0.0013.131 - Rockstar Games Inc.) Hidden
Java 8 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Java 8 Update 40 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
LG United Mobile Drivers (HKLM\...\{0C1879C1-B74A-4C6D-8880-E3F54B78E816}) (Version: 3.7.1.0 - LG Electronics)
LogMeIn Hamachi (HKLM\...\LogMeIn Hamachi) (Version: 2.2.0.328 - LogMeIn, Inc.)
LogMeIn Hamachi (Version: 2.2.0.328 - LogMeIn, Inc.) Hidden
Logon Screen (HKLM\...\{1730D13B-7517-4321-A88B-64627CF67CDC}_is1) (Version: - Daniel Rebelo)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM\...\{59E4543A-D49D-4489-B445-473D763C79AF}) (Version: 2.0.672.0 - Microsoft Corporation)
Microsoft Halo Trial (HKLM\...\Halo Trial) (Version: - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0014-0000-0000-0000000FF1CE}_PRO_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Professional 2007 (HKLM\...\PRO) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.7.205.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Minecraft (HKLM\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Mirror's Edge (HKLM\...\Steam App 17410) (Version: - DICE)
Movie Maker (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mozilla Firefox 37.0.2 (x86 de) (HKLM\...\Mozilla Firefox 37.0.2 (x86 de)) (Version: 37.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla)
MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Need for Speed™ ProStreet (HKLM\...\{2E1A71D5-7897-4F3F-B0E3-B412C86A646D}) (Version: 1.0.1.0 - Electronic Arts)
NVIDIA PhysX v8.10.17 (HKLM\...\{E4D15328-8C89-484B-B9AA-F5BE9EA6D01C}) (Version: 8.10.17 - NVIDIA Corporation)
Oblivion (HKLM\...\{C66BF9FD-D367-4E13-8EB8-385FFEA20DB3}) (Version: 1.2.0416 - Bethesda Softworks)
Origin (HKLM\...\Origin) (Version: 8.4.1.210 - Electronic Arts, Inc.)
PDF Architect (HKLM\...\{064A929A-4DE8-40CF-A901-BD40C14E4D25}) (Version: 1.1.83.9982 - pdfforge GmbH)
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.2 - pdfforge)
PhotoScape (HKLM\...\PhotoScape) (Version: - )
PunkBuster Services (HKLM\...\PunkBusterSvc) (Version: 0.990 - Even Balance, Inc.)
Realtek Ethernet Controller Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0008 - Realtek)
Realtek HDMI Audio Driver for ATI (HKLM\...\{5449FB4F-1802-4D5B-A6D8-087DB1142147}) (Version: 6.0.1.5897 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5919 - Realtek Semiconductor Corp.)
RollerCoaster Tycoon 2 (HKLM\...\{72DF62BD-FF36-424E-AA5F-D89BAFF2C249}) (Version: - )
SIW version 2010.07.14 (HKLM\...\{AB67580-257C-45FF-B8F4-C8C30682091A}_is1) (Version: 2010.07.14 - Topala Software Solutions)
Skype™ 7.0 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Spotify (HKU\{9A2B1544-B686-49b1-B20D-D3EEAFBD9D68}\...\Spotify) (Version: 1.0.4.90.g0b6df40b - Spotify AB)
Spotify (HKU\{DD542A67-74BE-4779-8A59-D9178AFB2D57}\...\Spotify) (Version: 1.0.4.90.g0b6df40b - Spotify AB)
Steam (HKLM\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Stronghold (HKLM\...\{C917BA70-28A3-4C74-B163-41FD8C8E1A5A}) (Version: - )
System Requirements Lab (HKLM\...\{0F659036-14C7-4622-9505-35A0DC93526A}) (Version: 6.1.3.0 - Husdawg, LLC)
System Requirements Lab Detection (HKLM\...\{E8E21BE2-5879-4DD9-8162-8AC84D344524}) (Version: 6.1.1.0 - Husdawg, LLC)
The Walking Dead (HKLM\...\Steam App 207610) (Version: - )
The Witcher Enhanced Edition (HKLM\...\{F138762F-5A1F-4CF0-A5E1-1588EF6088A4}) (Version: 1.00.0000 - CD Projekt Red)
TmUnitedForever Update 2010-03-15 (HKLM\...\TmUnitedForever_is1) (Version: - Nadeo)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0014-0000-0000-0000000FF1CE}_PRO_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_PRO_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM\...\{90120000-001A-0407-0000-0000000FF1CE}_PRO_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_PRO_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_PRO_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
VirtualCloneDrive (HKLM\...\VirtualCloneDrive) (Version: - Elaborate Bytes)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.0 - VideoLAN)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
WinRAR 5.21 (32-Bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-3034795617-3668048000-2035637637-1003_Classes\CLSID\{1c492e6a-2803-5ed7-83e1-1b1d4d41eb39}\InprocServer32 -> C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll No File
==================== Restore Points =========================
19-04-2015 19:00:37 Windows-Sicherung
19-04-2015 21:09:30 Windows Update
24-04-2015 14:01:36 Windows Update
26-04-2015 19:00:47 Windows-Sicherung
27-04-2015 18:38:58 Windows Update
01-05-2015 11:51:22 Windows Update
01-05-2015 17:14:12 Entfernt Browser Configuration Utility
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {0D633EC5-2F65-437A-A4A5-38F913F9CF39} - System32\Tasks\{707ACF9D-EB78-46A3-A1C2-01C6172B8891} => D:\Programme\gta vice city - Kopie\gta-vc.exe [2003-05-09] ()
Task: {1B1D4049-0DCC-4053-B1D5-03218731A41A} - \Security Center Update - 593052520 No Task File <==== ATTENTION
Task: {59A2FCB7-440D-433A-BF03-60737133B3DA} - System32\Tasks\DriverToolkit Autorun => D:\Programme\DriverToolkit\DriverToolkit.exe [2014-04-30] (Megaify Software Co., Ltd.)
Task: {5B81BDB6-49A0-44D6-91AE-70EE2C8C5357} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {6B825C50-FF73-4ADA-994B-6574783BA8BB} - System32\Tasks\{DA4CD22D-E533-4044-BB7C-D33B1BD112A0} => D:\Programme\gta vice city - Kopie\gta-vc.exe [2003-05-09] ()
Task: {933523FE-F936-4677-83CE-948A0C7A7B98} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-25] (Microsoft Corporation)
Task: {B96D4630-42D6-4F5C-B39E-D0026393A422} - System32\Tasks\{B8E2393D-709B-4726-ADF8-E32F927E655E} => pcalua.exe -a D:\Programme\Brother\mflpro\Data\Disk1\setup.exe -d D:\Programme\Brother\mflpro\Data\Disk1
Task: {C2864CA7-EDAF-45FB-B666-E1C92752FE9A} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {C701610F-219B-4348-94F5-D27F27AA454E} - System32\Tasks\Avira Browser Safety Updater Task => C:\Program Files\Avira\Browser Safety\AviraBrowserSafetyUpdater.exe [2015-03-11] (Avira Operations GmbH & Co. KG)
Task: {CEE1BF6C-44F0-46A5-B874-F1DAC3DDD76B} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {D97A268E-9A9E-4D97-B00A-1EED6E63FC2C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-15] (Adobe Systems Incorporated)
Task: {E35C1D18-5FF6-45D2-8A7C-3742A61CA0BD} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DriverToolkit Autorun.job => D:\Programme\DriverToolkit\DriverToolkit.exe
==================== Loaded Modules (whitelisted) ==============
2013-12-27 23:03 - 2009-08-24 15:38 - 00068136 _____ () C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE
2013-12-27 23:03 - 2009-03-13 12:30 - 00109096 _____ () C:\Program Files\Gigabyte\EasySaver\YCC.DLL
2014-02-25 19:33 - 2014-10-28 00:01 - 00066872 _____ () C:\Windows\system32\PnkBstrA.exe
2014-01-12 19:33 - 2009-02-27 17:38 - 00139264 ____R () C:\Program Files\Brother\BrUtilities\BrLogAPI.dll
2013-12-29 19:16 - 2002-04-22 04:15 - 00139264 ____N () C:\Program Files\Common Files\Adobe\Shell\psicon.dll
2013-12-06 17:04 - 2013-12-06 17:04 - 00095744 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2015-05-01 17:29 - 2015-05-01 17:29 - 00050477 _____ () C:\Users\Moritz\Downloads\Defogger.exe
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"
==================== EXE Association (whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, the associated entry will be removed from the registry.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3034795617-3668048000-2035637637-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\Moritz\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\{9A2B1544-B686-49b1-B20D-D3EEAFBD9D68}\Control Panel\Desktop\\Wallpaper -> C:\Users\Gabi\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\{DD542A67-74BE-4779-8A59-D9178AFB2D57}\Control Panel\Desktop\\Wallpaper -> C:\Users\Lukas\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.2.1
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\startupreg: DAEMON Tools Lite => "D:\Programme\DAEMON Tools\DTLite.exe" -autorun
MSCONFIG\startupreg: EA Core => "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
MSCONFIG\startupreg: filesfrog_apt_flvplayer => "C:\Users\Lukas\AppData\Local\Temp\\BI_RunOnce.exe" /initurl hxxp://bi.bisrv.com/:affid:/:sid:/:uid:? /affid "filesfrog_apt_flvplayer" /id "flvplayerqjgi" /name "FLV Player Update" /uniqid FLVPlayerUpdate_downloader_by_FLVPlayerUpdate ${CUSTOM_ARGS} /uuid 30464336-3934-3337-3842-4143FFFFFFFF /biosserial /biosversion GBT - 42302e31 /csname GA-MA785GMT-UD2H
MSCONFIG\startupreg: FLV Player => C:\Users\Lukas\AppData\Local\WebPlayer\FLV Player\WebPlayer.exe
MSCONFIG\startupreg: LogMeIn Hamachi Ui => "D:\Programme\Hamachi\hamachi-2-ui.exe" --auto-start
MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: Spotify => "C:\Users\Lukas\AppData\Roaming\Spotify\Spotify.exe" -autostart -minimized
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Lukas\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
==================== FirewallRules (whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
FirewallRules: [{4DFD7A01-3EEF-4216-B804-F0AA5368708C}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{FC486E40-AB7D-405B-98AA-7271A4F70209}] => (Allow) C:\Program Files\Microsoft Office\Office12\outlook.exe
FirewallRules: [{0F892E9C-BDA2-4677-98B8-22BDFB9A3D58}] => (Allow) C:\Program Files\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{3E90F450-CEA3-4DFB-AAFC-80E877966636}] => (Allow) LPort=2869
FirewallRules: [{593396A8-2A03-4217-9188-EF6C25AFC724}] => (Allow) LPort=1900
FirewallRules: [{E1390C1B-B301-4ADE-9018-7D02681884A4}] => (Allow) D:\Programme\Age of Empires III\age3x.exe
FirewallRules: [{057A0B77-F20F-4B5A-95D7-C82A561B110E}] => (Allow) D:\Programme\Age of Empires III\age3x.exe
FirewallRules: [{6B4FA9FD-5754-4214-8D48-46328D5176BD}] => (Allow) D:\Programme\Age of Empires III\age3y.exe
FirewallRules: [{9599EF54-A4BD-44BF-8B04-9C56099558BC}] => (Allow) D:\Programme\Age of Empires III\age3y.exe
FirewallRules: [{0C5DE31A-B6A7-4E63-B6D6-B560FCF578C1}] => (Allow) D:\Programme\GTA IV\Grand Theft Auto IV\LaunchGTAIV.exe
FirewallRules: [{3129532A-C172-404D-8C27-BE77EF083329}] => (Allow) D:\Programme\GTA IV\Grand Theft Auto IV\LaunchGTAIV.exe
FirewallRules: [TCP Query User{451D60B1-D629-48D7-BDF9-53536B086C48}D:\programme\far cry 2\bin\farcry2.exe] => (Allow) D:\programme\far cry 2\bin\farcry2.exe
FirewallRules: [UDP Query User{8CEDC758-D0DD-431F-84D6-8E777BCFFB4A}D:\programme\far cry 2\bin\farcry2.exe] => (Allow) D:\programme\far cry 2\bin\farcry2.exe
FirewallRules: [{899C6AC0-B19F-4EFB-9E86-921236E7AB33}] => (Allow) D:\Programme\CoJ\CoJBiBGame_x86.exe
FirewallRules: [{DA4F31B5-FFCD-4DCB-A410-F8D65B0B1858}] => (Allow) D:\Programme\CoJ\CoJBiBGame_x86.exe
FirewallRules: [{D2030D6D-FBF6-4CD9-9CE5-B7C4043945F9}] => (Allow) C:\Windows\System32\PnkBstrA.exe
FirewallRules: [{4D17B666-470E-4139-9037-5A7E70852D8B}] => (Allow) C:\Windows\System32\PnkBstrA.exe
FirewallRules: [{23B8E0A9-4043-4B40-AC0F-558940A42DF2}] => (Allow) C:\Windows\System32\PnkBstrB.exe
FirewallRules: [{146B600F-2CF7-49D7-804A-B41D380F05ED}] => (Allow) C:\Windows\System32\PnkBstrB.exe
FirewallRules: [TCP Query User{9E224BB7-3C8C-407C-AB86-CFD3782E9AAA}C:\windows\system32\rundll32.exe] => (Block) C:\windows\system32\rundll32.exe
FirewallRules: [UDP Query User{8C2C8A2E-2C22-4B58-B3D2-C1B0DE692482}C:\windows\system32\rundll32.exe] => (Block) C:\windows\system32\rundll32.exe
FirewallRules: [TCP Query User{45B91433-8BED-4428-9CE4-BA21A930CBDF}D:\programme\cod4modernwarfare\cod4modern warfare\cod4 crack\iw3mp.exe] => (Allow) D:\programme\cod4modernwarfare\cod4modern warfare\cod4 crack\iw3mp.exe
FirewallRules: [UDP Query User{AB133176-1EED-4CC5-98BB-518B38D96B48}D:\programme\cod4modernwarfare\cod4modern warfare\cod4 crack\iw3mp.exe] => (Allow) D:\programme\cod4modernwarfare\cod4modern warfare\cod4 crack\iw3mp.exe
FirewallRules: [TCP Query User{B0AC8F66-3FDE-4BF9-A9BB-718FB292195D}D:\programme\cod4modernwarfare\cod4modern warfare\cod4 crack\iw3mp_crack 2.exe] => (Allow) D:\programme\cod4modernwarfare\cod4modern warfare\cod4 crack\iw3mp_crack 2.exe
FirewallRules: [UDP Query User{8BBFE95F-50E3-4BE9-851C-40A45A2B4BB4}D:\programme\cod4modernwarfare\cod4modern warfare\cod4 crack\iw3mp_crack 2.exe] => (Allow) D:\programme\cod4modernwarfare\cod4modern warfare\cod4 crack\iw3mp_crack 2.exe
FirewallRules: [TCP Query User{4BBA9524-241F-42DB-8DB3-9A893516298E}D:\programme\tmunitedforever\tmforever.exe] => (Allow) D:\programme\tmunitedforever\tmforever.exe
FirewallRules: [UDP Query User{0E5B1799-FD27-4864-81A1-539AA15D1A3C}D:\programme\tmunitedforever\tmforever.exe] => (Allow) D:\programme\tmunitedforever\tmforever.exe
FirewallRules: [TCP Query User{FAFB0079-FEA0-4192-BB86-78F22C150124}D:\programme\cod4modernwarfare\cod4modern warfare\cod4 crack\iw3mp.exe] => (Allow) D:\programme\cod4modernwarfare\cod4modern warfare\cod4 crack\iw3mp.exe
FirewallRules: [UDP Query User{89FAEA32-F446-4889-83C5-356E0B6A879C}D:\programme\cod4modernwarfare\cod4modern warfare\cod4 crack\iw3mp.exe] => (Allow) D:\programme\cod4modernwarfare\cod4modern warfare\cod4 crack\iw3mp.exe
FirewallRules: [TCP Query User{DE85921C-FBB1-4288-A3B6-1C305C879A13}D:\programme\halo\halo.exe] => (Allow) D:\programme\halo\halo.exe
FirewallRules: [UDP Query User{7AB517D2-F1E0-4734-8F28-D9C26651F785}D:\programme\halo\halo.exe] => (Allow) D:\programme\halo\halo.exe
FirewallRules: [TCP Query User{30924272-0CCE-48F5-90CA-E20B09C7BC93}D:\programme\flatout2\flatout2.exe] => (Allow) D:\programme\flatout2\flatout2.exe
FirewallRules: [UDP Query User{3F2FB8B1-38A6-4881-940C-165A18EDE252}D:\programme\flatout2\flatout2.exe] => (Allow) D:\programme\flatout2\flatout2.exe
FirewallRules: [TCP Query User{D1850E38-4BF4-48EC-93D0-F54749E80968}D:\programme\star wars battlefront i\gamedata\battlefront.exe] => (Block) D:\programme\star wars battlefront i\gamedata\battlefront.exe
FirewallRules: [UDP Query User{FCD67094-3673-4571-8F5D-8562EA93D5FA}D:\programme\star wars battlefront i\gamedata\battlefront.exe] => (Block) D:\programme\star wars battlefront i\gamedata\battlefront.exe
FirewallRules: [TCP Query User{92C5BBE5-0AEF-4AC0-84B8-296D38DFBBB3}D:\programme\warcraft iii\war3.exe] => (Allow) D:\programme\warcraft iii\war3.exe
FirewallRules: [UDP Query User{459051ED-C241-43C3-8DF5-07ED77A8D74B}D:\programme\warcraft iii\war3.exe] => (Allow) D:\programme\warcraft iii\war3.exe
FirewallRules: [TCP Query User{4052B310-4474-4602-ABB9-570FE8155034}D:\programme\battlefield 2\bf2.exe] => (Block) D:\programme\battlefield 2\bf2.exe
FirewallRules: [UDP Query User{D491E78F-73EF-45A6-9A10-F27A62D0D2E4}D:\programme\battlefield 2\bf2.exe] => (Block) D:\programme\battlefield 2\bf2.exe
FirewallRules: [TCP Query User{369EFFB3-24F1-48BB-8B23-41522CDD6123}D:\programme\maniaplanet\maniaplanet.exe] => (Allow) D:\programme\maniaplanet\maniaplanet.exe
FirewallRules: [UDP Query User{31A67F3B-55EF-4C75-8297-501AB4DBB5E9}D:\programme\maniaplanet\maniaplanet.exe] => (Allow) D:\programme\maniaplanet\maniaplanet.exe
FirewallRules: [TCP Query User{9B9F13E2-0281-4F3B-863E-0D63277C3A86}C:\windows\system32\rundll32.exe] => (Block) C:\windows\system32\rundll32.exe
FirewallRules: [UDP Query User{CAA1659F-DEC7-4E85-AD1D-9412B86AB012}C:\windows\system32\rundll32.exe] => (Block) C:\windows\system32\rundll32.exe
FirewallRules: [{DB4AD035-B7EB-4896-90FB-7EB99188ADD5}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{C714269E-9759-4CC5-B2FA-1595E8B10D18}] => (Allow) D:\Programme\Steam\Steam.exe
FirewallRules: [{0B33E448-25E9-4279-A5D9-48C1837E0091}] => (Allow) D:\Programme\Steam\Steam.exe
FirewallRules: [{6F8A5B7A-66CE-47F9-8438-E893748C1F89}] => (Allow) D:\Programme\Steam\bin\steamwebhelper.exe
FirewallRules: [{A9B3A386-8746-498E-B338-28311CB7963C}] => (Allow) D:\Programme\Steam\bin\steamwebhelper.exe
FirewallRules: [{7F59FF28-965D-44CD-81C0-8083BF3126C1}] => (Allow) D:\Programme\Steam\steamapps\common\The Walking Dead\WalkingDead101.exe
FirewallRules: [{16C12DB8-66CD-47BD-85CE-D60367C02A73}] => (Allow) D:\Programme\Steam\steamapps\common\The Walking Dead\WalkingDead101.exe
FirewallRules: [{905FEAAD-F70E-4E18-9658-3C491A3DDA85}] => (Allow) D:\Programme\Steam\steamapps\common\Dead Space\Dead Space.exe
FirewallRules: [{EF643075-5D78-454B-A613-9A2F749C1AC2}] => (Allow) D:\Programme\Steam\steamapps\common\Dead Space\Dead Space.exe
FirewallRules: [{14A1B591-4D18-4D47-8572-05625FDCCDF7}] => (Allow) D:\Programme\SuM\game.dat
FirewallRules: [{6E97367F-3447-4ABC-88D2-AB30AE3DDF30}] => (Allow) D:\Programme\SuM\game.dat
FirewallRules: [{E0F00FE8-8BA5-43EB-9763-6DFFABD66DBC}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{CFF3A21D-A83C-4602-B3BF-9AF74C9A534E}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{17205C02-A781-4050-B189-BBCBBF163321}] => (Allow) D:\Programme\Steam\steamapps\common\mirrors edge\Binaries\MirrorsEdge.exe
FirewallRules: [{2C13E30A-96AE-4317-ABC0-D4299026FC7C}] => (Allow) D:\Programme\Steam\steamapps\common\mirrors edge\Binaries\MirrorsEdge.exe
FirewallRules: [{8BA852A7-52B7-4351-96F3-B5C2C81445B4}] => (Allow) D:\Programme\Steam\steamapps\common\Age2HD\Launcher.exe
FirewallRules: [{EE8A8DC0-3EFB-453B-861F-A0BD746394FC}] => (Allow) D:\Programme\Steam\steamapps\common\Age2HD\Launcher.exe
FirewallRules: [TCP Query User{D4A8C46F-0184-48C1-8566-8A47BE19BE6C}D:\programme\minecraft\runtime\jre-x32\1.8.0_25\bin\javaw.exe] => (Allow) D:\programme\minecraft\runtime\jre-x32\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{394CE32A-5ADE-468D-BD8B-628CD62D1F7A}D:\programme\minecraft\runtime\jre-x32\1.8.0_25\bin\javaw.exe] => (Allow) D:\programme\minecraft\runtime\jre-x32\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{53E71BA3-CEF9-4B44-B354-6B15DFA835B5}C:\users\gabi\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\gabi\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{05F96E0F-5010-40AB-8A7F-0C6218781580}C:\users\gabi\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\gabi\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{E7D1C7C0-BD08-473B-A0DC-8376F20002A3}D:\programme\age of empires ii\age2_x1\age2_x1.exe] => (Allow) D:\programme\age of empires ii\age2_x1\age2_x1.exe
FirewallRules: [UDP Query User{9BD9F063-D684-48B4-A3E5-B33A21710BC8}D:\programme\age of empires ii\age2_x1\age2_x1.exe] => (Allow) D:\programme\age of empires ii\age2_x1\age2_x1.exe
FirewallRules: [TCP Query User{CE82454A-7FFF-4D84-ABA2-8CA28AF781E4}C:\windows\system32\dplaysvr.exe] => (Allow) C:\windows\system32\dplaysvr.exe
FirewallRules: [UDP Query User{FB032A79-CED0-4736-ABB4-3324436C4059}C:\windows\system32\dplaysvr.exe] => (Allow) C:\windows\system32\dplaysvr.exe
FirewallRules: [{7F574DA6-2860-4351-A2F3-A3BD56DB4CAE}] => (Block) C:\windows\system32\dplaysvr.exe
FirewallRules: [{D8ABA910-D1EE-4E7B-994D-3C45B0EBC951}] => (Block) C:\windows\system32\dplaysvr.exe
FirewallRules: [{814E7922-C349-4815-BCA7-357DFE36D531}] => (Block) D:\programme\age of empires ii\age2_x1\age2_x1.exe
FirewallRules: [{30BD490E-D23D-4473-83C8-917BC0B3A4C6}] => (Block) D:\programme\age of empires ii\age2_x1\age2_x1.exe
FirewallRules: [TCP Query User{BC514360-09C4-47DE-A87A-75F0DB2ADCEC}D:\programme\stronghold crusader\stronghold crusader.exe] => (Allow) D:\programme\stronghold crusader\stronghold crusader.exe
FirewallRules: [UDP Query User{0E6AA846-7FD0-4F66-BBDD-A45C1132424C}D:\programme\stronghold crusader\stronghold crusader.exe] => (Allow) D:\programme\stronghold crusader\stronghold crusader.exe
FirewallRules: [TCP Query User{36FA0B92-041D-4EF4-BBE1-685BC6C7D869}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{05212C80-75B0-40E3-8C18-4602497AC720}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{529646D0-0429-45CC-801F-AA5839FA4973}C:\users\lukas\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\lukas\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{E44D14F3-219D-4DBD-86C4-44A0B7F14DD5}C:\users\lukas\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\lukas\appdata\roaming\spotify\spotify.exe
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (05/01/2015 05:34:49 PM) (Source: MsiInstaller) (EventID: 10005) (User: Lukas-PC)
Description: Produkt: Shopping App by Ask -- Fehler 25001. Die folgenden Anwendungen sollten geschlossen werden, bevor Sie mit der Deinstallation fortfahren:
Mozilla Firefox
Error: (05/01/2015 05:34:24 PM) (Source: MsiInstaller) (EventID: 10005) (User: Lukas-PC)
Description: Produkt: Shopping App by Ask -- Fehler 25001. Die folgenden Anwendungen sollten geschlossen werden, bevor Sie mit der Deinstallation fortfahren:
Mozilla Firefox
Error: (05/01/2015 05:34:23 PM) (Source: MsiInstaller) (EventID: 10005) (User: Lukas-PC)
Description: Produkt: Shopping App by Ask -- Fehler 25001. Die folgenden Anwendungen sollten geschlossen werden, bevor Sie mit der Deinstallation fortfahren:
Mozilla Firefox
Error: (05/01/2015 05:34:23 PM) (Source: MsiInstaller) (EventID: 10005) (User: Lukas-PC)
Description: Produkt: Shopping App by Ask -- Fehler 25001. Die folgenden Anwendungen sollten geschlossen werden, bevor Sie mit der Deinstallation fortfahren:
Mozilla Firefox
Error: (05/01/2015 05:34:21 PM) (Source: MsiInstaller) (EventID: 10005) (User: Lukas-PC)
Description: Produkt: Shopping App by Ask -- Fehler 25001. Die folgenden Anwendungen sollten geschlossen werden, bevor Sie mit der Deinstallation fortfahren:
Mozilla Firefox
Error: (05/01/2015 05:34:15 PM) (Source: MsiInstaller) (EventID: 10005) (User: Lukas-PC)
Description: Produkt: Shopping App by Ask -- Fehler 25001. Die folgenden Anwendungen sollten geschlossen werden, bevor Sie mit der Deinstallation fortfahren:
Mozilla Firefox
Error: (05/01/2015 05:34:15 PM) (Source: MsiInstaller) (EventID: 10005) (User: Lukas-PC)
Description: Produkt: Shopping App by Ask -- Fehler 25001. Die folgenden Anwendungen sollten geschlossen werden, bevor Sie mit der Deinstallation fortfahren:
Mozilla Firefox
Error: (05/01/2015 05:34:14 PM) (Source: MsiInstaller) (EventID: 10005) (User: Lukas-PC)
Description: Produkt: Shopping App by Ask -- Fehler 25001. Die folgenden Anwendungen sollten geschlossen werden, bevor Sie mit der Deinstallation fortfahren:
Mozilla Firefox
Error: (05/01/2015 05:34:14 PM) (Source: MsiInstaller) (EventID: 10005) (User: Lukas-PC)
Description: Produkt: Shopping App by Ask -- Fehler 25001. Die folgenden Anwendungen sollten geschlossen werden, bevor Sie mit der Deinstallation fortfahren:
Mozilla Firefox
Error: (05/01/2015 05:34:14 PM) (Source: MsiInstaller) (EventID: 10005) (User: Lukas-PC)
Description: Produkt: Shopping App by Ask -- Fehler 25001. Die folgenden Anwendungen sollten geschlossen werden, bevor Sie mit der Deinstallation fortfahren:
Mozilla Firefox
System errors:
=============
Error: (05/01/2015 05:11:06 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "Windows Update" wurde nicht richtig gestartet.
Error: (05/01/2015 05:05:48 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Avira Service Host erreicht.
Error: (05/01/2015 05:05:16 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "atksgt" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1275
Error: (05/01/2015 05:05:16 PM) (Source: Application Popup) (EventID: 875) (User: )
Description: Treiber atksgt.sys konnte nicht geladen werden.
Error: (05/01/2015 02:31:20 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "FailureCommand" aufgrund folgenden Fehlers fehlgeschlagen:
%%5
Error: (05/01/2015 02:31:15 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "Start" aufgrund folgenden Fehlers fehlgeschlagen:
%%5
Error: (05/01/2015 02:20:27 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "atksgt" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1275
Error: (05/01/2015 02:20:27 PM) (Source: Application Popup) (EventID: 875) (User: )
Description: Treiber atksgt.sys konnte nicht geladen werden.
Error: (05/01/2015 00:56:39 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}
Error: (05/01/2015 00:54:54 PM) (Source: Schannel) (EventID: 4119) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung empfangen: 20.
Microsoft Office Sessions:
=========================
Error: (04/13/2015 08:25:38 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6718.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 3 seconds with 0 seconds of active time. This session ended with a crash.
Error: (06/26/2014 09:11:23 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6691.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 113 seconds with 60 seconds of active time. This session ended with a crash.
Error: (03/27/2014 05:11:07 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6690.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 2064 seconds with 0 seconds of active time. This session ended with a crash.
==================== Memory info ===========================
Processor: AMD Athlon(tm) II X2 250 Processor
Percentage of memory in use: 41%
Total physical RAM: 3325.09 MB
Available physical RAM: 1933.92 MB
Total Pagefile: 6648.48 MB
Available Pagefile: 4943.48 MB
Total Virtual: 2047.88 MB
Available Virtual: 1887.43 MB
==================== Drives ================================
Drive c: (SYS-C) (Fixed) (Total:112.6 GB) (Free:49.9 GB) NTFS
Drive d: (Data-D) (Fixed) (Total:585.94 GB) (Free:107.79 GB) NTFS
Drive f: (NFSPROSTREET) (CDROM) (Total:5.7 GB) (Free:0 GB) UDF
Drive g: (Daten-alt-G) (Fixed) (Total:174.29 GB) (Free:143.61 GB) NTFS
Drive i: (SYS-2-D) (Fixed) (Total:58.59 GB) (Free:45.86 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: D28D6E0C)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=112.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=585.9 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (Size: 232.9 GB) (Disk ID: 7AB23661)
Partition 1: (Not Active) - (Size=58.6 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=174.3 GB) - (Type=OF Extended)
==================== End Of Log ============================
Gmer: Code:
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-05-01 20:13:13
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\00000062 SEAGATE_ rev.__3. 698,64GB
Running: Gmer-19357.exe; Driver: C:\Users\Moritz\AppData\Local\Temp\kwloapow.sys
---- System - GMER 2.1 ----
SSDT 950BF38E ZwCreateSection
SSDT 950BF366 ZwCreateSymbolicLinkObject
SSDT 950BF36B ZwLoadDriver
SSDT 950BF361 ZwOpenSection
SSDT 950BF398 ZwRequestWaitReplyPort
SSDT 950BF393 ZwSetContextThread
SSDT 950BF39D ZwSetSecurityObject
SSDT 950BF370 ZwSetSystemInformation
SSDT 950BF3A2 ZwSystemDebugControl
SSDT 950BF32F ZwTerminateProcess
SSDT 950BF32A ZwWriteVirtualMemory
---- Kernel code sections - GMER 2.1 ----
.text ntkrnlpa.exe!ZwRequestWaitReplyPort + 1499 834899F5 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 834C3992 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 11F7 834CACDC 4 Bytes [8E, F3, 0B, 95]
.text ntkrnlpa.exe!KeRemoveQueueEx + 11FF 834CACE4 4 Bytes [66, F3, 0B, 95]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1313 834CADF8 4 Bytes [6B, F3, 0B, 95] {IMUL ESI, EBX, 0xb; XCHG EBP, EAX}
.text ntkrnlpa.exe!KeRemoveQueueEx + 13AF 834CAE94 4 Bytes [61, F3, 0B, 95]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1553 834CB038 4 Bytes [98, F3, 0B, 95]
.text ...
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x95E30000, 0x153F4A, 0xE8000020]
.text C:\Windows\system32\DRIVERS\lirsgt.sys section is writeable [0xA571F300, 0x1BCE, 0xE8000020]
---- Devices - GMER 2.1 ----
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys
---- Registry - GMER 2.1 ----
Reg HKLM\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\Servers\6C5B8739-D1F9-4A1B-A025-9C5885038414@IPAddress 127.0.0.1
Reg HKLM\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\Servers\780863E3-E1CD-4D2C-BE00-4AA12E151730@IPAddress ::1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\System\Active
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\System\Active@6DBE8818 1258
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PowerTracker\Data\2015-05-01@AC_MonitorOn_Duration 0x52 0x1F 0x00 0x00 ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PowerTracker\Data\2015-05-01@AC_MonitorOff_Duration 0xB7 0x05 0x00 0x00 ...
Reg HKLM\SOFTWARE\Microsoft\Windows Search\UsnNotifier\Windows\Catalogs\SystemIndex@{230A250C-6F35-11E3-85A5-806E6F6E6963} 3701785408
---- EOF - GMER 2.1 ----
Avira: Code:
Exportierte Ereignisse:
01.05.2015 20:14 [System-Scanner] Malware gefunden
Die Datei
'C:\Users\Lukas\AppData\Local\Temp\FLVPlayerUpdate_downloader_by_FLVPlayerUpdate
.exe'
enthielt einen Virus oder unerwünschtes Programm 'PUA/Somoto.Gen' [riskware].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '517256a2.qua'
verschoben!
01.05.2015 20:12 [System-Scanner] Malware gefunden
Die Datei 'C:\Users\Lukas\AppData\Local\Temp\BI_RunOnce.exe'
enthielt einen Virus oder unerwünschtes Programm 'PUA/Somoto.Gen2' [riskware].
Durchgeführte Aktion(en):
Die Datei wurde ignoriert.
01.05.2015 20:08 [Echtzeit-Scanner] Malware gefunden
In der Datei
'C:\Users\Lukas\AppData\Local\Temp\FLVPlayerUpdate_downloader_by_FLVPlayerUpdate
.exe'
wurde ein Virus oder unerwünschtes Programm 'PUA/Somoto.Gen' [riskware]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
01.05.2015 20:08 [Echtzeit-Scanner] Malware gefunden
In der Datei
'C:\Users\Lukas\AppData\Local\Temp\FLVPlayerUpdate_downloader_by_FLVPlayerUpdate
.exe'
wurde ein Virus oder unerwünschtes Programm 'PUA/Somoto.Gen' [riskware]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
01.05.2015 20:07 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Users\Lukas\AppData\Local\Temp\BI_RunOnce.exe'
wurde ein Virus oder unerwünschtes Programm 'PUA/Somoto.Gen2' [riskware]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
01.05.2015 20:06 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Users\Lukas\AppData\Local\Temp\BI_RunOnce.exe'
wurde ein Virus oder unerwünschtes Programm 'PUA/Somoto.Gen2' [riskware]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
01.05.2015 19:48 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Users\Lukas\AppData\Local\Temp\BI_RunOnce.exe'
wurde ein Virus oder unerwünschtes Programm 'PUA/Somoto.Gen2' [riskware]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
01.05.2015 19:47 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Users\Lukas\AppData\Local\Temp\BI_RunOnce.exe'
wurde ein Virus oder unerwünschtes Programm 'PUA/Somoto.Gen2' [riskware]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
01.05.2015 11:49 [System-Scanner] Malware gefunden
Die Datei 'C:\Users\Gabi\AppData\Roaming\Microsoft\Crypto\RSA\RSA3538802718.dll'
enthielt einen Virus oder unerwünschtes Programm 'TR/Agent.71680.136' [trojan].
Durchgeführte Aktion(en):
Beim Versuch eine Sicherungskopie der Datei anzulegen ist ein Fehler
aufgetreten und die Datei wurde nicht gelöscht. Fehlernummer: 26004.
Die Quelldatei konnte nicht gefunden werden.
Es wird versucht die Aktion mit Hilfe der ARK Library durchzuführen.
Die Datei konnte nicht ins Quarantäneverzeichnis verschoben werden!
Die Datei existiert nicht!
Da der FRST-Log zu groß war, habe ich ihn angehängt.
Mit freundlichen Grüßen
Moritz |
So funktioniert es:
Malwarebytes Anti-Malware