|
Plagegeister aller Art und deren Bekämpfung: Windows-Verschlüsselungstrojaner ! Gelöscht, aber wie Daten wieder entschlüsseln.Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
18.06.2012, 23:03 | #1 |
| Windows-Verschlüsselungstrojaner ! Gelöscht, aber wie Daten wieder entschlüsseln. Liebes Board-Team, seit gestern habe ich so einen Windows-Verschlüsselungstrojaner bekommen. Hatte ne Spam-Mail, 6845,32€ Rechnung, Anhang mit angeblicher Rechnung als Word-Datei geöffnet. Das Ganze war aber eine MS-Dos-Anwendung. Danach habe ich mein Netbook so gelassen und später als ich zurückkam, kam so ein anderes Bildschirm, das von mir einen Code verlangte und so um die 100 €, damit alles wieder funktioniert. Ich habe vieles versucht, am Ende geschafft wieder Zugang zum Computer zu bekommen und mit Antivirus den Trojaner gelöscht (waren so 8 Trojaner). Das Problem aber: Wichtigste Daten von mir sind aber nun verschlüsselt. Ich kann sie nicht entschlüsseln. Ich habe diverse Entschlüsseler ausprobiert: Kaspersky Rannoh Kaspersky Avira einige von hier. Zudem habe ich gelesen, das andere auch das Problem haben, aber vlt. ist mein Problem doch individuell. Ich habe Namen umgeändert (bspw. docdateien in .doc,aber es kommt keine normalen Schriftzeichen) Meine Daten liegen verschlüsselt mit komplexer Benennung. Wie kann ich die Daten wieder nutzbar machen und entschlüsseln? Das Gute: Die Daten haben noch ihre ursprüngliche Datei-Größe, was auf keinen Verlust hinweist. Wenn ich nur diesen Trojaner-Producer in die Hände bekommen würde (meine wichtigsten Daten für mein Täglich-Brot sind verschlüsselt) Was soll ich schicken? Wie kann ich die Daten wieder entschlüsseln? Help Was soll ich schicken? Wie kann ich die Daten wieder entschlüsseln? Help |
20.06.2012, 08:13 | #2 |
/// Malwareteam | Windows-Verschlüsselungstrojaner ! Gelöscht, aber wie Daten wieder entschlüsseln. Die Zeit, die du für deine wiederholte, sinnfreie Nerverei verschwendet hast, hättest du besser zum Lesen verwendet!
__________________Themen ohne die nötigen Logs haben hier die niedrigste Priorität und werden dann bearbeitet, wenn nichts anderes zu tun ist - momentan also nie! Was die Entschlüsselung deiner Daten angeht, da siehts momentan ziemlich düster aus! Link dazu
__________________ |
21.06.2012, 13:50 | #3 | |
| Windows-Verschlüsselungstrojaner ! Gelöscht, aber wie Daten wieder entschlüsseln.Zitat:
Es war weder sinnfrei noch habe ich jemanden genervt. Ich wusste nicht, dass man hier Logs braucht. Anstatt mich noch mehr niederzumachen als dass ich schon wegen den verschlüsselten Daten bin, ist es für einen Teammitglied angebrachter den ersten Beitrag eines neuen Users zu begrüßen. Aber es gibt auch freundlichere Teammitglieder, wie ich gesehen habe |
21.06.2012, 13:59 | #4 | |
/// Malwareteam | Windows-Verschlüsselungstrojaner ! Gelöscht, aber wie Daten wieder entschlüsseln.Zitat:
Und ich glaube nicht, dass ich mich von dir zurechtweisen lassen muss nachdem du gleich gegen mehrere Forenregeln verstoßen hast.
__________________ Kein Asylrecht für Trojaner! Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
21.06.2012, 14:52 | #5 |
/// Malwareteam | Windows-Verschlüsselungstrojaner ! Gelöscht, aber wie Daten wieder entschlüsseln. Ich muss mich bei dir entschuldigen - offensichtlich beruht meine Vermutung auf einem Darstellungsfehler des Boards, also ist es mein Fehler! Tut mir leid! Mein Name ist Marius und ich werde dir bei deinem Problem helfen. Eines vorneweg: Hinweis: Wir können hier nie dafür garantieren, dass wir sämtliche Reste von Schadsoftware gefunden haben. Eine Formatierung ist meist der schnellste und immer der sicherste Weg. Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass dein Rechner clean ist. Eine Bereinigung ist mitunter mit viel Arbeit für dich verbunden.
Vista und Win7 User Alle Tools mit Rechtsklick --> "als Administrator ausführen" starten. Mit welchem Antivirus hast du denn die Trojaner gelöscht? Bitte poste mir die Logdatei, in der die Entfernungen dokumentiert sind, da ich wissen muss, was entfernt wurde, um weitere Schritte planen zu können!
__________________ Kein Asylrecht für Trojaner! Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
21.06.2012, 15:41 | #6 |
| Windows-Verschlüsselungstrojaner ! Gelöscht, aber wie Daten wieder entschlüsseln. Hi Marius nein, du musst dich nicht von mir zurechtweisen lassen darum ging es mir nie. Vergessen wir die Sache. Ich habe Windows 7. Gelöscht habe ich die Viren zuerst mit Malewarebytes-Antimalware (sollen 8 Trojaner gewesen sein) und dann ESET (0 Trojaner). Die Trojaner waren: Trojan.Ransom.AMNGen Hijack.Regedit Security.Hijack Hijack Regedit Pum.Hijack.Redegit Pum.Hijack.TaskManager Logs kann ich gerade nicht posten, weil ich heute die Antivirenprogramme gelöscht habe. Mein Computer funktioniert wieder einwandfrei. Die Mail habe ich (leider) gelöscht. Ich hätte sie lieber an einen Experten schicken sollen, der eine Lösung dagegen baut. Ich habe gelesen, dass es noch keinen Entschlüsseler für meine verschlüsselten Daten gibt. Danke dennoch für die Hilfsbereitschaft !!! Geändert von fight_trojan (21.06.2012 um 16:03 Uhr) |
21.06.2012, 21:22 | #7 |
/// Malwareteam | Windows-Verschlüsselungstrojaner ! Gelöscht, aber wie Daten wieder entschlüsseln. Also, wir können (und sollten!) deinen Rechner auf etwaige noch vorhandene Schadsoftware prüfen. Für die verschlüsselten Daten gibt es derzeit teilweise Workarounds zur Reparatur - eine vollständige Entschlüsselung ist wohl erst möglich, wenn die Übeltäter bzw deren Server irgendwann mal kassiert werden... Schritt 1: defogger Downloade Dir bitte defogger von jpshortstuff auf Deinem Desktop.
Klicke den Re-enable Button nicht ohne Anweisung. Schritt 2: OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden)
Schritt 3: Scan mit TDSS-Killer Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts "fixen" sondern nur einen Scan Report sehen. Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ Kein Asylrecht für Trojaner! Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
22.06.2012, 12:05 | #8 |
| Windows-Verschlüsselungstrojaner ! Gelöscht, aber wie Daten wieder entschlüsseln. So, folgendes: OTL.txt Code:
ATTFilter OTL logfile created on: 6/22/2012 12:44:20 PM - Run 2 OTL by OldTimer - Version 3.2.51.0 Folder = C:\Users\PC\Desktop\Download Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1.99 Gb Total Physical Memory | 1.32 Gb Available Physical Memory | 66.50% Memory free 3.98 Gb Paging File | 2.86 Gb Available in Paging File | 71.89% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files Drive C: | 85.00 Gb Total Space | 35.55 Gb Free Space | 41.82% Space Free | Partition Type: NTFS Drive D: | 127.79 Gb Total Space | 112.02 Gb Free Space | 87.66% Space Free | Partition Type: NTFS Computer Name: PC-PC | User Name: PC | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\PC\Desktop\Download\OTL.exe (OldTimer Tools) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Programme\Yuna Software\Messenger Plus!\PlusService.exe (Yuna Software) PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp.) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Programme\Samsung\SFB\SmartRestarter.exe (Samsung Electronics Co., Ltd.) PRC - C:\Programme\WIDCOMM\Bluetooth Software\BTStackServer.exe (Broadcom Corporation.) PRC - C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) PRC - C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.) PRC - C:\Programme\Samsung\Easy Display Manager\dmhkcore.exe (Samsung Electronics Co., Ltd.) PRC - C:\Programme\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.) PRC - C:\Programme\Elantech\ETDCtrlHelper.exe (ELAN Microelectronics Corp.) PRC - C:\Programme\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe (Samsung Electronics Co., Ltd.) PRC - C:\Programme\Samsung\Samsung Update Plus\SUPNotifier.exe () PRC - C:\Programme\Samsung\Samsung Recovery Solution 4\WCScheduler.exe (SEC) PRC - C:\Programme\Samsung\Samsung Support Center\SSCKbdHk.exe (SAMSUNG Electronics) PRC - C:\Windows\System32\PrintIsolationHost.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) PRC - C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation) ========== Modules (No Company Name) ========== MOD - C:\Programme\Mozilla Firefox\mozjs.dll () MOD - C:\Windows\System32\Macromed\Flash\NPSWF32.dll () MOD - C:\Programme\Samsung\Samsung Update Plus\SUPNotifier.exe () MOD - C:\Programme\Samsung\Samsung Update Plus\HMXML.dll () MOD - C:\Programme\Samsung\Easy Display Manager\HookDllPS2.dll () ========== Win32 Services (SafeList) ========== SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (fsssvc) -- C:\Programme\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation) SRV - (wlidsvc) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) SRV - (btwdins) -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation) SRV - (Microsoft Office Groove Audit Service) -- C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation) SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (catchme) -- C:\Users\PC\AppData\Local\Temp\catchme.sys File not found DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH) DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (yukonw7) -- C:\Windows\System32\drivers\yk62x86.sys () DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/06/17 10:53:05 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/06/06 12:43:11 | 000,000,000 | ---D | M] [2012/01/12 19:52:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\PC\AppData\Roaming\mozilla\Extensions [2012/06/03 18:07:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\PC\AppData\Roaming\mozilla\Firefox\Profiles\zwyzwftw.default\extensions [2012/03/30 18:09:43 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\PC\AppData\Roaming\mozilla\Firefox\Profiles\zwyzwftw.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2012/02/20 18:15:59 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012/06/03 18:07:06 | 000,634,964 | ---- | M] () (No name found) -- C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZWYZWFTW.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI [2012/06/17 10:53:04 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012/06/17 10:52:57 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012/06/17 10:52:57 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012/06/17 10:52:57 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012/06/17 10:52:57 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012/06/17 10:52:57 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012/06/17 10:52:57 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2012/06/03 19:10:22 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [ETDWare] C:\Programme\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.) O4 - HKLM..\Run: [PlusService] C:\Programme\Yuna Software\Messenger Plus!\PlusService.exe (Yuna Software) O4 - HKLM..\Run: [Smart File Advisor] C:\Program Files\Smart File Advisor\sfa.exe (Filefacts.net) O4 - Startup: C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: = O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 141.2.22.74 141.2.149.10 141.2.86.211 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8887E514-3C3B-4C11-A12C-0AF78DF05D82}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9E40816D-B96C-4AAA-A82B-58E8F200F160}: DhcpNameServer = 141.2.22.74 141.2.149.10 141.2.86.211 O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012/06/22 12:44:59 | 002,128,472 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\PC\Desktop\tdsskiller.exe [2012/06/22 09:22:46 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Local\{180FDF85-8438-4680-9582-6D8E1CCED99F} [2012/06/22 09:22:15 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Local\{63868D33-959E-4B16-BBA7-2958F54F90D8} [2012/06/21 10:10:52 | 000,045,080 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wups2.dll [2012/06/21 10:10:51 | 002,422,272 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wucltux.dll [2012/06/21 10:10:26 | 000,577,048 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wuapi.dll [2012/06/21 10:10:26 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wudriver.dll [2012/06/21 10:10:26 | 000,035,864 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wups.dll [2012/06/21 10:10:03 | 000,171,904 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wuwebv.dll [2012/06/21 10:10:03 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wuapp.exe [2012/06/21 09:09:36 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Local\{05AF71CB-9055-4CF4-85A5-6D4EE79BF61D} [2012/06/20 12:54:50 | 000,000,000 | ---D | C] -- C:\Users\PC\Desktop\Neu [2012/06/20 09:02:41 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Local\{9DC7852B-E205-4E96-8484-9AF1B33208DA} [2012/06/19 21:13:29 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Local\Recovery Toolbox for PDF [2012/06/18 23:43:24 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Local\{46A5AE9C-E174-44EE-9B45-5E6AC6998FDB} [2012/06/18 23:08:43 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Local\Recovery Toolbox for Word [2012/06/17 22:43:45 | 002,824,704 | ---- | C] (Askey Computer Corporation.) -- C:\windows\System32\AInst3141.exe [2012/06/17 19:21:33 | 000,000,000 | ---D | C] -- C:\Program Files\Smart File Advisor [2012/06/17 19:09:48 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Local\{2DF32E20-5B0C-469F-8C9B-A52AC1B13F2F} [2012/06/17 14:10:08 | 000,000,000 | ---D | C] -- C:\windows\System32\SPReview [2012/06/17 14:08:12 | 000,000,000 | ---D | C] -- C:\windows\System32\EventProviders [2012/06/17 12:50:36 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Local\{33C1B128-F544-46F9-A08A-9073E10D9E5C} [2012/06/17 12:37:24 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Local\{90D40C09-388A-4897-ACF9-404EEB215DD1} [2012/06/16 10:50:27 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Local\{13857333-B4F8-4013-B013-965C1C85ADAB} [2012/06/15 22:49:57 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Local\{568577D7-A75D-4116-838A-A8993065B68D} [2012/06/13 10:54:03 | 000,627,712 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeeds.dll [2012/06/13 10:54:00 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieui.dll [2012/06/13 10:54:00 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jsproxy.dll [2012/06/13 10:53:59 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mshtml.tlb [2012/06/13 10:53:59 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\url.dll [2012/06/13 10:53:57 | 002,343,936 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\win32k.sys [2012/06/13 10:53:55 | 000,129,536 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\rdpcorekmts.dll [2012/06/13 10:53:55 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\rdpwsx.dll [2012/06/13 10:53:55 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\rdrmemptylst.exe [2012/06/06 12:42:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe [2012/06/06 12:42:37 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe [2012/06/03 21:22:10 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\fsquirt.exe [2012/06/03 21:21:48 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ntkrnlpa.exe [2012/06/03 21:21:47 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ntoskrnl.exe [2012/06/03 21:21:43 | 001,077,248 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\DWrite.dll [2012/06/03 19:22:24 | 000,000,000 | ---D | C] -- C:\windows\temp [2012/06/03 19:12:57 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2012/06/03 19:10:02 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Local\temp [2012/06/03 18:54:36 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe [2012/06/03 18:54:36 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe [2012/06/03 18:54:36 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe [2012/06/03 18:54:22 | 000,000,000 | ---D | C] -- C:\windows\ERDNT [2012/06/03 18:52:29 | 000,000,000 | ---D | C] -- C:\Qoobox [2012/06/03 18:26:29 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Local\{B990C4B4-D894-49EA-89D9-A7E91F8F0041} [2012/06/03 16:04:48 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Roaming\Malwarebytes [2012/06/03 16:04:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012/06/02 08:21:21 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Local\{2E5CCA32-8C43-46AE-9CEC-358BE92153B5} [2012/05/28 09:09:13 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Local\{048D1366-E441-48C8-AB0D-4599215C6364} [2012/05/28 09:08:39 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Local\{FA69435B-9B98-4F46-9E2F-E595912D39E4} [2012/05/27 23:03:31 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Local\{ECD18DDD-D155-4563-83B4-2EFC15DE57A0} [2012/05/27 23:03:17 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Local\{2E391DFD-BD53-4DEB-9520-F77767B03345} [2012/05/25 08:36:50 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Local\{3348CFF1-E1B7-45B1-9C44-FD67A622853E} [2012/05/24 10:08:52 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Local\{CAF95BB7-0855-41F1-8719-BD3A42565E0C} ========== Files - Modified Within 30 Days ========== [2012/06/22 12:45:16 | 002,128,472 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\PC\Desktop\tdsskiller.exe [2012/06/22 12:42:33 | 000,000,000 | ---- | M] () -- C:\Users\PC\defogger_reenable [2012/06/22 12:32:10 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2012/06/22 09:27:53 | 000,010,272 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/06/22 09:27:53 | 000,010,272 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/06/22 09:23:23 | 000,647,376 | ---- | M] () -- C:\windows\System32\perfh007.dat [2012/06/22 09:23:23 | 000,610,094 | ---- | M] () -- C:\windows\System32\perfh009.dat [2012/06/22 09:23:23 | 000,127,404 | ---- | M] () -- C:\windows\System32\perfc007.dat [2012/06/22 09:23:23 | 000,104,412 | ---- | M] () -- C:\windows\System32\perfc009.dat [2012/06/22 08:19:57 | 2136,260,608 | -HS- | M] () -- C:\hiberfil.sys [2012/06/17 14:43:22 | 000,443,920 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT [2012/06/17 14:25:58 | 000,152,576 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\msclmd.dll [2012/06/03 19:10:22 | 000,000,027 | ---- | M] () -- C:\windows\System32\drivers\etc\hosts [2012/06/03 00:19:33 | 000,045,080 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\wups2.dll [2012/06/03 00:19:32 | 000,035,864 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\wups.dll [2012/06/03 00:19:23 | 000,577,048 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\wuapi.dll [2012/06/03 00:12:32 | 002,422,272 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\wucltux.dll [2012/06/03 00:12:13 | 000,088,576 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\wudriver.dll [2012/06/02 15:19:42 | 000,171,904 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\wuwebv.dll [2012/06/02 15:12:20 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\wuapp.exe [2012/06/02 12:53:52 | 000,000,000 | ---- | M] () -- C:\Users\PC\otQOyVrusnxqfEtAUn ========== Files Created - No Company Name ========== [2012/06/22 12:42:33 | 000,000,000 | ---- | C] () -- C:\Users\PC\defogger_reenable [2012/06/06 12:43:12 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk [2012/06/03 18:54:36 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe [2012/06/03 18:54:36 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe [2012/06/03 18:54:36 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe [2012/06/03 18:54:36 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe [2012/06/03 18:54:36 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe [2012/06/02 12:53:52 | 000,000,000 | ---- | C] () -- C:\Users\PC\otQOyVrusnxqfEtAUn [2012/03/17 03:55:36 | 000,002,048 | -HS- | C] () -- C:\windows\Installer\{80defd8e-a8cc-ad9f-6356-a02873f96759}\@ [2012/03/17 03:55:36 | 000,002,048 | -HS- | C] () -- C:\Users\PC\AppData\Local\{80defd8e-a8cc-ad9f-6356-a02873f96759}\@ [2012/02/21 17:21:59 | 000,004,096 | -H-- | C] () -- C:\Users\PC\AppData\Local\keyfile3.drm ========== Alternate Data Streams ========== @Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:8530A643 @Alternate Data Stream - 116 bytes -> C:\ProgramData\Temp:2430E4FC < End of report > Code:
ATTFilter OTL Extras logfile created on: 6/22/2012 12:44:20 PM - Run 2 OTL by OldTimer - Version 3.2.51.0 Folder = C:\Users\PC\Desktop\Download Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1.99 Gb Total Physical Memory | 1.32 Gb Available Physical Memory | 66.50% Memory free 3.98 Gb Paging File | 2.86 Gb Available in Paging File | 71.89% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files Drive C: | 85.00 Gb Total Space | 35.55 Gb Free Space | 41.82% Space Free | Partition Type: NTFS Drive D: | 127.79 Gb Total Space | 112.02 Gb Free Space | 87.66% Space Free | Partition Type: NTFS Computer Name: PC-PC | User Name: PC | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- "C:\Program Files\Smart File Advisor\sfa.exe" /unknown "%1" (Filefacts.net) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system | "{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system | "{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system | "{0E5D3651-4689-4241-9B50-41DA157220D3}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | "{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system | "{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system | "{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system | "{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system | "{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system | "{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system | "{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system | "{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system | "{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{3506C5A1-DC00-4E18-90AD-953A3B482900}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{70A90FDB-4073-48AB-AA76-BFD30E237D73}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | "{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{A92742E6-B06B-4B49-8484-4A4A8ED4AD0D}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | "{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{B5D52F4D-39AC-4A23-8BB8-41D0EE3E4DAC}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system | "{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "TCP Query User{78D35DA2-3D78-461A-A9DB-2D8EC810B93A}C:\program files\windows live\messenger\msnmsgr.exe" = protocol=6 | dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "UDP Query User{8C59AF7E-8CEF-4EBC-9E9C-FE8EC56E7554}C:\program files\windows live\messenger\msnmsgr.exe" = protocol=17 | dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution 4 "{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager "{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger "{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{26A24AE4-039D-4CA4-87B4-2F83216029FF}" = Java(TM) 6 Update 29 "{2D6E3D97-1FDF-4993-AC75-72F59EC445C5}" = Windows Live Family Safety "{2DDC70C1-C77A-4D08-89D2-9AB648504533}" = Easy Content Share "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack "{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = WIDCOMM Bluetooth Software "{45535A5E-1F81-4F35-BE1D-43D10A7D03B4}" = Easy Resolution Manager "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync "{607DA1C8-34EC-4D7A-AD83-F8E5C70736DF}" = EasyBatteryManager "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{749BDD29-D756-4B9B-8022-3E666A24C13F}" = Samsung Support Center "{77F45ECD-FAFC-45A8-8896-CFFB139DAAA3}" = Fast Booting SW "{7A25D130-4EC8-11E1-BEA4-B8AC6F97B88E}" = Google Earth "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{853F8A41-A3C9-43FA-87FA-1AE74FC6F3F7}" = BatteryLifeExtender "{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007 "{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007 "{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007 "{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007 "{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00B2-0407-0000-0000000FF1CE}" = Microsoft – Speichern als PDF oder XPS – Add-In für 2007 Microsoft Office-Programme "{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007 "{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager "{92D50865-FC60-4EA8-BA7A-5581B0D13EFB}" = ChargeableUSB "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{A5C8BFF2-0044-4500-8BB5-BEB0D2335885}" = REALTEK PCIE Wireless LAN Software "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch "{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter "{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie "{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail "{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide "{BD136CE7-6666-4273-A056-8D92F8625AAB}" = Sun ODF Plugin for Microsoft Office 3.2 "{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common "{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2 "{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}" = Samsung Update Plus "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{DDF38EE7-3A53-4B4C-8924-CFFDF906091A}" = EasyFileShare "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger "{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F5A4F780-DF0C-444F-BA82-637CCF5C8052}" = Windows Live Family Safety "{F771F1D4-EDD4-4D68-82DC-811583C099CD}" = Easy Network Manager "{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Avira AntiVir Desktop" = Avira Free Antivirus "Broadcom 802.11 Network Adapter" = Broadcom 802.11 Network Adapter "Elantech" = ETDWare PS/2-x86 7.0.7.0_WHQL "ENTERPRISE" = Microsoft Office Enterprise 2007 "HDMI" = Intel(R) Graphics Media Accelerator Driver "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "Marvell Miniport Driver" = Marvell Miniport Driver "Messenger Plus!" = Messenger Plus! 5 "Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "Smart File Advisor_is1" = Smart File Advisor 1.1.1 "WinLiveSuite" = Windows Live Essentials "WinRAR archiver" = WinRAR 4.10 (32-Bit) ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 6/17/2012 8:10:58 AM | Computer Name = PC-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: rannohdecryptor.exe, Version: 1.1.0.0, Zeitstempel: 0x4f9eaaf1 Name des fehlerhaften Moduls: rannohdecryptor.exe, Version: 1.1.0.0, Zeitstempel: 0x4f9eaaf1 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0001d881 ID des fehlerhaften Prozesses: 0x2494 Startzeit der fehlerhaften Anwendung: 0x01cd4c823de772c5 Pfad der fehlerhaften Anwendung: E:\rannohdecryptor.exe Pfad des fehlerhaften Moduls: E:\rannohdecryptor.exe Berichtskennung: 7eaca7e0-b875-11e1-947b-9efc9a8bb4cb Error - 6/17/2012 8:44:25 AM | Computer Name = PC-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 6/17/2012 8:48:18 AM | Computer Name = PC-PC | Source = ESENT | ID = 494 Description = services (596) Bei der Datenbankwiederherstellung ist ein Fehler aufgetreten (Fehler -1216), da Verweise auf Datenbank "C:\WINDOWS\Security\Database\secedit.sdb" festgestellt wurden, die nicht mehr vorhanden ist. Die Datenbank wurde nicht sauber heruntergefahren, bevor sie entfernt (oder möglicherweise verschoben oder umbenannt) wurde. Das Datenbankmodul lässt den Abschluss der Wiederherstellung für diese Instanz erst dann zu, wenn die fehlende Datenbank wieder verfügbar gemacht wird. Wenn die Datenbank tatsächlich nicht mehr verfügbar oder nicht mehr erforderlich ist, finden Sie Informationen zum Beheben dieses Fehlers in der Microsoft Knowledge Base oder unter dem Link "Weitere Informationen" am Ende dieser Meldung. Error - 6/17/2012 8:48:18 AM | Computer Name = PC-PC | Source = ESENT | ID = 454 Description = services (596) Bei Datenbankwiederherstellung trat ein unerwarteter Fehler -1216 auf. Error - 6/17/2012 8:55:26 AM | Computer Name = PC-PC | Source = ESENT | ID = 215 Description = WinMail (3864) WindowsMail0: Die Sicherung wurde abgebrochen, weil sie vom Client angehalten wurde, oder weil die Verbindung mit dem Client unterbrochen wurde. Error - 6/17/2012 8:56:48 AM | Computer Name = PC-PC | Source = Avira Antivirus | ID = 4118 Description = AUSNAHMEFEHLER beim Aufruf der Funktion AVEPROC_TestFile() für die Datei C:\Program Files\CyberLink\YouCam\CLLogo.jpg. [ACCESS_VIOLATION Exception!! EIP = 0x13e5c92] Bitte Avira informieren und die obige Datei übersenden! Error - 6/17/2012 9:09:23 AM | Computer Name = PC-PC | Source = VSS | ID = 8194 Description = Error - 6/17/2012 9:30:28 AM | Computer Name = PC-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 6/17/2012 9:30:45 AM | Computer Name = PC-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 6/17/2012 11:11:56 AM | Computer Name = PC-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: msnmsgr.exe, Version: 15.4.3555.308, Zeitstempel: 0x4f596cbb Name des fehlerhaften Moduls: YCWebCameraSource.ax, Version: 2.0.10175.3910, Zeitstempel: 0x4b9715b8 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000c9d8 ID des fehlerhaften Prozesses: 0xb98 Startzeit der fehlerhaften Anwendung: 0x01cd4c9b532e7b63 Pfad der fehlerhaften Anwendung: C:\Program Files\Windows Live\Messenger\msnmsgr.exe Pfad des fehlerhaften Moduls: C:\Program Files\CyberLink\YouCam\YCWebCameraSource.ax Berichtskennung: c6d8dffd-b88e-11e1-9628-ae09c62fcaef [ OSession Events ] Error - 2/19/2012 1:37:21 PM | Computer Name = PC-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6211.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 25173 seconds with 10440 seconds of active time. This session ended with a crash. Error - 2/19/2012 2:15:15 PM | Computer Name = PC-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6211.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 2243 seconds with 1740 seconds of active time. This session ended with a crash. Error - 3/27/2012 11:54:11 AM | Computer Name = PC-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 17512 seconds with 7800 seconds of active time. This session ended with a crash. [ System Events ] Error - 5/21/2012 8:29:55 AM | Computer Name = PC-PC | Source = Service Control Manager | ID = 7011 Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst ShellHWDetection erreicht. Error - 5/21/2012 10:24:16 AM | Computer Name = PC-PC | Source = Service Control Manager | ID = 7011 Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst AntiVirSchedulerService erreicht. Error - 5/21/2012 11:00:11 AM | Computer Name = PC-PC | Source = Service Control Manager | ID = 7011 Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst ShellHWDetection erreicht. Error - 5/21/2012 12:59:18 PM | Computer Name = PC-PC | Source = Service Control Manager | ID = 7011 Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst AntiVirSchedulerService erreicht. Error - 5/21/2012 5:55:52 PM | Computer Name = PC-PC | Source = Service Control Manager | ID = 7011 Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst Wlansvc erreicht. Error - 5/22/2012 2:05:56 AM | Computer Name = PC-PC | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: cdrom Error - 5/22/2012 2:06:42 AM | Computer Name = PC-PC | Source = DCOM | ID = 10005 Description = Error - 5/22/2012 2:06:42 AM | Computer Name = PC-PC | Source = Service Control Manager | ID = 7009 Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows Modules Installer erreicht. Error - 5/22/2012 2:06:42 AM | Computer Name = PC-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Windows Modules Installer" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error - 5/22/2012 2:06:43 AM | Computer Name = PC-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1000 Description = Fehler bei der CBS-Clientinitialisierung. Letzter Fehler: 0x8007041d < End of report > Code:
ATTFilter 12:45:48.0524 5068 TDSS rootkit removing tool 2.7.41.0 Jun 20 2012 20:53:32 12:45:49.0068 5068 ============================================================ 12:45:49.0068 5068 Current date / time: 2012/06/22 12:45:49.0068 12:45:49.0069 5068 SystemInfo: 12:45:49.0069 5068 12:45:49.0069 5068 OS Version: 6.1.7601 ServicePack: 1.0 12:45:49.0069 5068 Product type: Workstation 12:45:49.0069 5068 ComputerName: PC-PC 12:45:49.0070 5068 UserName: PC 12:45:49.0070 5068 Windows directory: C:\windows 12:45:49.0070 5068 System windows directory: C:\windows 12:45:49.0070 5068 Processor architecture: Intel x86 12:45:49.0070 5068 Number of processors: 2 12:45:49.0070 5068 Page size: 0x1000 12:45:49.0070 5068 Boot type: Normal boot 12:45:49.0070 5068 ============================================================ 12:45:50.0961 5068 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050 12:45:50.0999 5068 ============================================================ 12:45:50.0999 5068 \Device\Harddisk0\DR0: 12:45:51.0032 5068 MBR partitions: 12:45:51.0032 5068 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2800800, BlocksNum 0x32000 12:45:51.0032 5068 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2832800, BlocksNum 0xAA00000 12:45:51.0066 5068 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xD233000, BlocksNum 0xFF92000 12:45:51.0066 5068 ============================================================ 12:45:51.0273 5068 C: <-> \Device\Harddisk0\DR0\Partition1 12:45:51.0338 5068 D: <-> \Device\Harddisk0\DR0\Partition2 12:45:51.0339 5068 ============================================================ 12:45:51.0339 5068 Initialize success 12:45:51.0339 5068 ============================================================ 13:01:01.0918 1692 ============================================================ 13:01:01.0918 1692 Scan started 13:01:01.0918 1692 Mode: Manual; TDLFS; 13:01:01.0918 1692 ============================================================ 13:01:03.0781 1692 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\windows\system32\drivers\1394ohci.sys 13:01:03.0785 1692 1394ohci - ok 13:01:03.0892 1692 ACPI (cea80c80bed809aa0da6febc04733349) C:\windows\system32\drivers\ACPI.sys 13:01:03.0898 1692 ACPI - ok 13:01:03.0980 1692 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\windows\system32\drivers\acpipmi.sys 13:01:03.0981 1692 AcpiPmi - ok 13:01:04.0115 1692 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe 13:01:04.0119 1692 AdobeARMservice - ok 13:01:04.0274 1692 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\windows\system32\DRIVERS\adp94xx.sys 13:01:04.0282 1692 adp94xx - ok 13:01:04.0419 1692 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\windows\system32\DRIVERS\adpahci.sys 13:01:04.0429 1692 adpahci - ok 13:01:04.0484 1692 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\windows\system32\DRIVERS\adpu320.sys 13:01:04.0486 1692 adpu320 - ok 13:01:04.0532 1692 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\windows\System32\aelupsvc.dll 13:01:04.0535 1692 AeLookupSvc - ok 13:01:04.0647 1692 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\windows\system32\drivers\afd.sys 13:01:04.0654 1692 AFD - ok 13:01:04.0714 1692 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\windows\system32\drivers\agp440.sys 13:01:04.0716 1692 agp440 - ok 13:01:04.0791 1692 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\windows\system32\DRIVERS\djsvs.sys 13:01:04.0793 1692 aic78xx - ok 13:01:04.0856 1692 ALG (18a54e132947cd98fea9accc57f98f13) C:\windows\System32\alg.exe 13:01:04.0858 1692 ALG - ok 13:01:04.0913 1692 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\windows\system32\drivers\aliide.sys 13:01:04.0915 1692 aliide - ok 13:01:04.0945 1692 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\windows\system32\drivers\amdagp.sys 13:01:04.0947 1692 amdagp - ok 13:01:05.0001 1692 amdide (cd5914170297126b6266860198d1d4f0) C:\windows\system32\drivers\amdide.sys 13:01:05.0002 1692 amdide - ok 13:01:05.0053 1692 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\windows\system32\DRIVERS\amdk8.sys 13:01:05.0055 1692 AmdK8 - ok 13:01:05.0089 1692 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\windows\system32\DRIVERS\amdppm.sys 13:01:05.0090 1692 AmdPPM - ok 13:01:05.0159 1692 amdsata (e7f4d42d8076ec60e21715cd11743a0d) C:\windows\system32\drivers\amdsata.sys 13:01:05.0162 1692 amdsata - ok 13:01:05.0218 1692 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\windows\system32\DRIVERS\amdsbs.sys 13:01:05.0220 1692 amdsbs - ok 13:01:05.0250 1692 amdxata (146459d2b08bfdcbfa856d9947043c81) C:\windows\system32\drivers\amdxata.sys 13:01:05.0251 1692 amdxata - ok 13:01:05.0422 1692 AntiVirSchedulerService (466a0d95960dad3222c896d2cea99993) C:\Program Files\Avira\AntiVir Desktop\sched.exe 13:01:05.0426 1692 AntiVirSchedulerService - ok 13:01:05.0483 1692 AntiVirService (a489be6bb0aa1ff406b488b60542314b) C:\Program Files\Avira\AntiVir Desktop\avguard.exe 13:01:05.0486 1692 AntiVirService - ok 13:01:05.0545 1692 AppID (aea177f783e20150ace5383ee368da19) C:\windows\system32\drivers\appid.sys 13:01:05.0547 1692 AppID - ok 13:01:05.0606 1692 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\windows\System32\appidsvc.dll 13:01:05.0609 1692 AppIDSvc - ok 13:01:05.0657 1692 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\windows\System32\appinfo.dll 13:01:05.0659 1692 Appinfo - ok 13:01:05.0760 1692 arc (2932004f49677bd84dbc72edb754ffb3) C:\windows\system32\DRIVERS\arc.sys 13:01:05.0762 1692 arc - ok 13:01:05.0796 1692 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\windows\system32\DRIVERS\arcsas.sys 13:01:05.0797 1692 arcsas - ok 13:01:05.0838 1692 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\windows\system32\DRIVERS\asyncmac.sys 13:01:05.0839 1692 AsyncMac - ok 13:01:05.0892 1692 atapi (338c86357871c167a96ab976519bf59e) C:\windows\system32\drivers\atapi.sys 13:01:05.0893 1692 atapi - ok 13:01:06.0045 1692 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\windows\System32\Audiosrv.dll 13:01:06.0058 1692 AudioEndpointBuilder - ok 13:01:06.0084 1692 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\windows\System32\Audiosrv.dll 13:01:06.0095 1692 Audiosrv - ok 13:01:06.0147 1692 avgntflt (d5541f0afb767e85fc412fc609d96a74) C:\windows\system32\DRIVERS\avgntflt.sys 13:01:06.0148 1692 avgntflt - ok 13:01:06.0231 1692 avipbb (7d967a682d4694df7fa57d63a2db01fe) C:\windows\system32\DRIVERS\avipbb.sys 13:01:06.0233 1692 avipbb - ok 13:01:06.0272 1692 avkmgr (271cfd1a989209b1964e24d969552bf7) C:\windows\system32\DRIVERS\avkmgr.sys 13:01:06.0273 1692 avkmgr - ok 13:01:06.0339 1692 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\windows\System32\AxInstSV.dll 13:01:06.0341 1692 AxInstSV - ok 13:01:06.0486 1692 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\windows\system32\DRIVERS\bxvbdx.sys 13:01:06.0495 1692 b06bdrv - ok 13:01:06.0593 1692 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\windows\system32\DRIVERS\b57nd60x.sys 13:01:06.0598 1692 b57nd60x - ok 13:01:07.0230 1692 BCM43XX (f4d388dc3ff004aee886762d5cec7783) C:\windows\system32\DRIVERS\bcmwl6.sys 13:01:07.0260 1692 BCM43XX - ok 13:01:07.0498 1692 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\windows\System32\bdesvc.dll 13:01:07.0502 1692 BDESVC - ok 13:01:07.0575 1692 Beep (505506526a9d467307b3c393dedaf858) C:\windows\system32\drivers\Beep.sys 13:01:07.0577 1692 Beep - ok 13:01:07.0743 1692 BFE (1e2bac209d184bb851e1a187d8a29136) C:\windows\System32\bfe.dll 13:01:07.0757 1692 BFE - ok 13:01:07.0895 1692 BITS (e585445d5021971fae10393f0f1c3961) C:\windows\system32\qmgr.dll 13:01:07.0919 1692 BITS - ok 13:01:07.0962 1692 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\windows\system32\DRIVERS\blbdrive.sys 13:01:07.0963 1692 blbdrive - ok 13:01:08.0014 1692 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\windows\system32\DRIVERS\bowser.sys 13:01:08.0016 1692 bowser - ok 13:01:08.0041 1692 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\windows\system32\DRIVERS\BrFiltLo.sys 13:01:08.0042 1692 BrFiltLo - ok 13:01:08.0055 1692 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\windows\system32\DRIVERS\BrFiltUp.sys 13:01:08.0057 1692 BrFiltUp - ok 13:01:08.0099 1692 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\windows\system32\DRIVERS\bridge.sys 13:01:08.0101 1692 BridgeMP - ok 13:01:08.0161 1692 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\windows\System32\browser.dll 13:01:08.0167 1692 Browser - ok 13:01:08.0254 1692 Brserid (845b8ce732e67f3b4133164868c666ea) C:\windows\System32\Drivers\Brserid.sys 13:01:08.0258 1692 Brserid - ok 13:01:08.0282 1692 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\windows\System32\Drivers\BrSerWdm.sys 13:01:08.0284 1692 BrSerWdm - ok 13:01:08.0308 1692 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\windows\System32\Drivers\BrUsbMdm.sys 13:01:08.0309 1692 BrUsbMdm - ok 13:01:08.0325 1692 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\windows\System32\Drivers\BrUsbSer.sys 13:01:08.0327 1692 BrUsbSer - ok 13:01:08.0421 1692 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\windows\system32\drivers\BthEnum.sys 13:01:08.0424 1692 BthEnum - ok 13:01:08.0487 1692 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\windows\system32\DRIVERS\bthmodem.sys 13:01:08.0489 1692 BTHMODEM - ok 13:01:08.0543 1692 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\windows\system32\DRIVERS\bthpan.sys 13:01:08.0545 1692 BthPan - ok 13:01:08.0648 1692 BTHPORT (c2fbf6d271d9a94d839c416bf186ead9) C:\windows\System32\Drivers\BTHport.sys 13:01:08.0655 1692 BTHPORT - ok 13:01:08.0713 1692 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\windows\system32\bthserv.dll 13:01:08.0717 1692 bthserv - ok 13:01:08.0749 1692 BTHUSB (c81e9413a25a439f436b1d4b6a0cf9e9) C:\windows\System32\Drivers\BTHUSB.sys 13:01:08.0751 1692 BTHUSB - ok 13:01:08.0855 1692 btwampfl (7061fe1715e5aded120fe4c608609357) C:\windows\system32\drivers\btwampfl.sys 13:01:08.0861 1692 btwampfl - ok 13:01:08.0930 1692 btwaudio (a95b2fb3ca7b555b5cb306153f48ced8) C:\windows\system32\drivers\btwaudio.sys 13:01:08.0932 1692 btwaudio - ok 13:01:08.0986 1692 btwavdt (1f9cd885f1c548be93962ccabdb632e4) C:\windows\system32\drivers\btwavdt.sys 13:01:08.0989 1692 btwavdt - ok 13:01:09.0218 1692 btwdins (9634e2b260aa445ef6b83731ac6ee5ac) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe 13:01:09.0233 1692 btwdins - ok 13:01:09.0292 1692 btwl2cap (de53089f0678cb5f0afeb867acb0fb05) C:\windows\system32\DRIVERS\btwl2cap.sys 13:01:09.0294 1692 btwl2cap - ok 13:01:09.0315 1692 btwrchid (a2d6c7b7b62a6c42dcb01204a6bd6fc2) C:\windows\system32\DRIVERS\btwrchid.sys 13:01:09.0317 1692 btwrchid - ok 13:01:09.0451 1692 catchme - ok 13:01:09.0511 1692 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\windows\system32\DRIVERS\cdfs.sys 13:01:09.0513 1692 cdfs - ok 13:01:09.0590 1692 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\windows\system32\drivers\cdrom.sys 13:01:09.0593 1692 cdrom - ok 13:01:09.0662 1692 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\windows\System32\certprop.dll 13:01:09.0665 1692 CertPropSvc - ok 13:01:09.0712 1692 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\windows\system32\DRIVERS\circlass.sys 13:01:09.0714 1692 circlass - ok 13:01:09.0799 1692 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\windows\system32\CLFS.sys 13:01:09.0808 1692 CLFS - ok 13:01:09.0927 1692 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 13:01:09.0931 1692 clr_optimization_v2.0.50727_32 - ok 13:01:09.0982 1692 CmBatt (dea805815e587dad1dd2c502220b5616) C:\windows\system32\DRIVERS\CmBatt.sys 13:01:09.0984 1692 CmBatt - ok 13:01:10.0023 1692 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\windows\system32\drivers\cmdide.sys 13:01:10.0024 1692 cmdide - ok 13:01:10.0144 1692 CNG (6427525d76f61d0c519b008d3680e8e7) C:\windows\system32\Drivers\cng.sys 13:01:10.0150 1692 CNG - ok 13:01:10.0201 1692 Compbatt (a6023d3823c37043986713f118a89bee) C:\windows\system32\DRIVERS\compbatt.sys 13:01:10.0202 1692 Compbatt - ok 13:01:10.0271 1692 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\windows\system32\drivers\CompositeBus.sys 13:01:10.0275 1692 CompositeBus - ok 13:01:10.0302 1692 COMSysApp - ok 13:01:10.0336 1692 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\windows\system32\DRIVERS\crcdisk.sys 13:01:10.0337 1692 crcdisk - ok 13:01:10.0435 1692 CryptSvc (a585bebf7d054bd9618eda0922d5484a) C:\windows\system32\cryptsvc.dll 13:01:10.0442 1692 CryptSvc - ok 13:01:10.0543 1692 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\windows\system32\rpcss.dll 13:01:10.0556 1692 DcomLaunch - ok 13:01:10.0639 1692 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\windows\System32\defragsvc.dll 13:01:10.0647 1692 defragsvc - ok 13:01:10.0980 1692 DfsC (f024449c97ec1e464aaffda18593db88) C:\windows\system32\Drivers\dfsc.sys 13:01:10.0982 1692 DfsC - ok 13:01:11.0119 1692 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\windows\system32\dhcpcore.dll 13:01:11.0129 1692 Dhcp - ok 13:01:11.0184 1692 discache (1a050b0274bfb3890703d490f330c0da) C:\windows\system32\drivers\discache.sys 13:01:11.0186 1692 discache - ok 13:01:11.0238 1692 Disk (565003f326f99802e68ca78f2a68e9ff) C:\windows\system32\DRIVERS\disk.sys 13:01:11.0239 1692 Disk - ok 13:01:11.0304 1692 Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\windows\System32\dnsrslvr.dll 13:01:11.0310 1692 Dnscache - ok 13:01:11.0392 1692 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\windows\System32\dot3svc.dll 13:01:11.0398 1692 dot3svc - ok 13:01:11.0473 1692 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\windows\system32\dps.dll 13:01:11.0478 1692 DPS - ok 13:01:11.0524 1692 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\windows\system32\drivers\drmkaud.sys 13:01:11.0525 1692 drmkaud - ok 13:01:11.0707 1692 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\windows\System32\drivers\dxgkrnl.sys 13:01:11.0720 1692 DXGKrnl - ok 13:01:11.0785 1692 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\windows\System32\eapsvc.dll 13:01:11.0792 1692 EapHost - ok 13:01:12.0443 1692 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\windows\system32\DRIVERS\evbdx.sys 13:01:12.0502 1692 ebdrv - ok 13:01:12.0727 1692 EFS (81951f51e318aecc2d68559e47485cc4) C:\windows\System32\lsass.exe 13:01:12.0733 1692 EFS - ok 13:01:12.0927 1692 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\windows\system32\DRIVERS\elxstor.sys 13:01:12.0937 1692 elxstor - ok 13:01:12.0983 1692 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\windows\system32\drivers\errdev.sys 13:01:12.0984 1692 ErrDev - ok 13:01:13.0080 1692 ETD (df4f000cfc05dec947d928a8f3adcd7a) C:\windows\system32\DRIVERS\ETD.sys 13:01:13.0082 1692 ETD - ok 13:01:13.0194 1692 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\windows\system32\es.dll 13:01:13.0204 1692 EventSystem - ok 13:01:13.0268 1692 exfat (2dc9108d74081149cc8b651d3a26207f) C:\windows\system32\drivers\exfat.sys 13:01:13.0271 1692 exfat - ok 13:01:13.0324 1692 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\windows\system32\drivers\fastfat.sys 13:01:13.0329 1692 fastfat - ok 13:01:13.0497 1692 Fax (967ea5b213e9984cbe270205df37755b) C:\windows\system32\fxssvc.exe 13:01:13.0511 1692 Fax - ok 13:01:13.0551 1692 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\windows\system32\DRIVERS\fdc.sys 13:01:13.0552 1692 fdc - ok 13:01:13.0581 1692 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\windows\system32\fdPHost.dll 13:01:13.0586 1692 fdPHost - ok 13:01:13.0619 1692 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\windows\system32\fdrespub.dll 13:01:13.0625 1692 FDResPub - ok 13:01:13.0656 1692 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\windows\system32\drivers\fileinfo.sys 13:01:13.0659 1692 FileInfo - ok 13:01:13.0692 1692 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\windows\system32\drivers\filetrace.sys 13:01:13.0695 1692 Filetrace - ok 13:01:13.0721 1692 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\windows\system32\DRIVERS\flpydisk.sys 13:01:13.0725 1692 flpydisk - ok 13:01:13.0823 1692 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\windows\system32\drivers\fltmgr.sys 13:01:13.0828 1692 FltMgr - ok 13:01:14.0086 1692 FontCache (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\windows\system32\FntCache.dll 13:01:14.0111 1692 FontCache - ok 13:01:14.0250 1692 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe 13:01:14.0252 1692 FontCache3.0.0.0 - ok 13:01:14.0298 1692 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\windows\system32\drivers\FsDepends.sys 13:01:14.0301 1692 FsDepends - ok 13:01:14.0356 1692 fssfltr (b0082808a6856a252f7cdd939892ce50) C:\windows\system32\DRIVERS\fssfltr.sys 13:01:14.0357 1692 fssfltr - ok 13:01:14.0854 1692 fsssvc (28ddeeec44e988657b732cf404d504cb) C:\Program Files\Windows Live\Family Safety\fsssvc.exe 13:01:14.0878 1692 fsssvc - ok 13:01:15.0118 1692 Fs_Rec (7dae5ebcc80e45d3253f4923dc424d05) C:\windows\system32\drivers\Fs_Rec.sys 13:01:15.0122 1692 Fs_Rec - ok 13:01:15.0235 1692 fvevol (8a73e79089b282100b9393b644cb853b) C:\windows\system32\DRIVERS\fvevol.sys 13:01:15.0239 1692 fvevol - ok 13:01:15.0297 1692 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\windows\system32\DRIVERS\gagp30kx.sys 13:01:15.0298 1692 gagp30kx - ok 13:01:15.0488 1692 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\windows\System32\gpsvc.dll 13:01:15.0516 1692 gpsvc - ok 13:01:15.0576 1692 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\windows\system32\drivers\hcw85cir.sys 13:01:15.0578 1692 hcw85cir - ok 13:01:15.0714 1692 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\windows\system32\drivers\HdAudio.sys 13:01:15.0718 1692 HdAudAddService - ok 13:01:15.0792 1692 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\windows\system32\drivers\HDAudBus.sys 13:01:15.0794 1692 HDAudBus - ok 13:01:15.0846 1692 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\windows\system32\DRIVERS\HidBatt.sys 13:01:15.0848 1692 HidBatt - ok 13:01:15.0890 1692 HidBth (89448f40e6df260c206a193a4683ba78) C:\windows\system32\DRIVERS\hidbth.sys 13:01:15.0892 1692 HidBth - ok 13:01:15.0943 1692 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\windows\system32\DRIVERS\hidir.sys 13:01:15.0945 1692 HidIr - ok 13:01:15.0994 1692 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\windows\System32\hidserv.dll 13:01:16.0003 1692 hidserv - ok 13:01:16.0079 1692 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\windows\system32\drivers\hidusb.sys 13:01:16.0081 1692 HidUsb - ok 13:01:16.0162 1692 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\windows\system32\kmsvc.dll 13:01:16.0173 1692 hkmsvc - ok 13:01:16.0266 1692 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\windows\system32\ListSvc.dll 13:01:16.0279 1692 HomeGroupListener - ok 13:01:16.0380 1692 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\windows\system32\provsvc.dll 13:01:16.0394 1692 HomeGroupProvider - ok 13:01:16.0476 1692 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\windows\system32\drivers\HpSAMD.sys 13:01:16.0481 1692 HpSAMD - ok 13:01:16.0661 1692 HTTP (871917b07a141bff43d76d8844d48106) C:\windows\system32\drivers\HTTP.sys 13:01:16.0670 1692 HTTP - ok 13:01:16.0727 1692 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\windows\system32\drivers\hwpolicy.sys 13:01:16.0729 1692 hwpolicy - ok 13:01:16.0829 1692 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\windows\system32\drivers\i8042prt.sys 13:01:16.0832 1692 i8042prt - ok 13:01:16.0961 1692 iaStor (d483687eace0c065ee772481a96e05f5) C:\windows\system32\DRIVERS\iaStor.sys 13:01:16.0968 1692 iaStor - ok 13:01:17.0101 1692 iaStorV (a3cae5d281db4cff7cff8233507ee5ad) C:\windows\system32\drivers\iaStorV.sys 13:01:17.0110 1692 iaStorV - ok 13:01:17.0417 1692 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 13:01:17.0437 1692 idsvc - ok 13:01:18.0548 1692 igfx (99469637d568076ea5664daa8463c2e3) C:\windows\system32\DRIVERS\igdkmd32.sys 13:01:18.0605 1692 igfx - ok 13:01:18.0870 1692 iirsp (4173ff5708f3236cf25195fecd742915) C:\windows\system32\DRIVERS\iirsp.sys 13:01:18.0872 1692 iirsp - ok 13:01:19.0055 1692 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\windows\System32\ikeext.dll 13:01:19.0070 1692 IKEEXT - ok 13:01:19.0761 1692 IntcAzAudAddService (f4427e5df32cde359b2e2e5512d18001) C:\windows\system32\drivers\RTKVHDA.sys 13:01:19.0812 1692 IntcAzAudAddService - ok 13:01:20.0100 1692 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\windows\system32\drivers\intelide.sys 13:01:20.0101 1692 intelide - ok 13:01:20.0160 1692 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\windows\system32\DRIVERS\intelppm.sys 13:01:20.0161 1692 intelppm - ok 13:01:20.0213 1692 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\windows\system32\ipbusenum.dll 13:01:20.0218 1692 IPBusEnum - ok 13:01:20.0249 1692 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\windows\system32\DRIVERS\ipfltdrv.sys 13:01:20.0251 1692 IpFilterDriver - ok 13:01:20.0420 1692 iphlpsvc (4d65a07b795d6674312f879d09aa7663) C:\windows\System32\iphlpsvc.dll 13:01:20.0438 1692 iphlpsvc - ok 13:01:20.0503 1692 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\windows\system32\drivers\IPMIDrv.sys 13:01:20.0505 1692 IPMIDRV - ok 13:01:20.0561 1692 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\windows\system32\drivers\ipnat.sys 13:01:20.0563 1692 IPNAT - ok 13:01:20.0593 1692 IRENUM (42996cff20a3084a56017b7902307e9f) C:\windows\system32\drivers\irenum.sys 13:01:20.0595 1692 IRENUM - ok 13:01:20.0637 1692 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\windows\system32\drivers\isapnp.sys 13:01:20.0639 1692 isapnp - ok 13:01:20.0760 1692 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\windows\system32\drivers\msiscsi.sys 13:01:20.0764 1692 iScsiPrt - ok 13:01:20.0846 1692 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\windows\system32\drivers\kbdclass.sys 13:01:20.0849 1692 kbdclass - ok 13:01:20.0918 1692 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\windows\system32\drivers\kbdhid.sys 13:01:20.0921 1692 kbdhid - ok 13:01:20.0980 1692 KeyIso (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe 13:01:20.0987 1692 KeyIso - ok 13:01:21.0047 1692 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\windows\system32\Drivers\ksecdd.sys 13:01:21.0049 1692 KSecDD - ok 13:01:21.0117 1692 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\windows\system32\Drivers\ksecpkg.sys 13:01:21.0120 1692 KSecPkg - ok 13:01:21.0225 1692 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\windows\system32\msdtckrm.dll 13:01:21.0241 1692 KtmRm - ok 13:01:21.0352 1692 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\windows\System32\srvsvc.dll 13:01:21.0369 1692 LanmanServer - ok 13:01:21.0436 1692 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\windows\System32\wkssvc.dll 13:01:21.0447 1692 LanmanWorkstation - ok 13:01:21.0515 1692 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\windows\system32\DRIVERS\lltdio.sys 13:01:21.0517 1692 lltdio - ok 13:01:21.0600 1692 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\windows\System32\lltdsvc.dll 13:01:21.0607 1692 lltdsvc - ok 13:01:21.0638 1692 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\windows\System32\lmhsvc.dll 13:01:21.0643 1692 lmhosts - ok 13:01:21.0693 1692 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\windows\system32\DRIVERS\lsi_fc.sys 13:01:21.0696 1692 LSI_FC - ok 13:01:21.0754 1692 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\windows\system32\DRIVERS\lsi_sas.sys 13:01:21.0757 1692 LSI_SAS - ok 13:01:21.0791 1692 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\windows\system32\DRIVERS\lsi_sas2.sys 13:01:21.0794 1692 LSI_SAS2 - ok 13:01:21.0849 1692 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\windows\system32\DRIVERS\lsi_scsi.sys 13:01:21.0852 1692 LSI_SCSI - ok 13:01:21.0928 1692 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\windows\system32\drivers\luafv.sys 13:01:21.0936 1692 luafv - ok 13:01:21.0980 1692 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\windows\system32\DRIVERS\megasas.sys 13:01:21.0982 1692 megasas - ok 13:01:22.0072 1692 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\windows\system32\DRIVERS\MegaSR.sys 13:01:22.0078 1692 MegaSR - ok 13:01:22.0256 1692 Microsoft Office Groove Audit Service (7c4c76b39d5525c4a465e0be32528e19) C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe 13:01:22.0260 1692 Microsoft Office Groove Audit Service - ok 13:01:22.0345 1692 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\windows\system32\mmcss.dll 13:01:22.0354 1692 MMCSS - ok 13:01:22.0395 1692 Modem (f001861e5700ee84e2d4e52c712f4964) C:\windows\system32\drivers\modem.sys 13:01:22.0397 1692 Modem - ok 13:01:22.0459 1692 monitor (79d10964de86b292320e9dfe02282a23) C:\windows\system32\DRIVERS\monitor.sys 13:01:22.0461 1692 monitor - ok 13:01:22.0544 1692 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\windows\system32\drivers\mouclass.sys 13:01:22.0546 1692 mouclass - ok 13:01:22.0615 1692 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\windows\system32\DRIVERS\mouhid.sys 13:01:22.0617 1692 mouhid - ok 13:01:22.0676 1692 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\windows\system32\drivers\mountmgr.sys 13:01:22.0679 1692 mountmgr - ok 13:01:22.0803 1692 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe 13:01:22.0806 1692 MozillaMaintenance - ok 13:01:22.0875 1692 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\windows\system32\drivers\mpio.sys 13:01:22.0878 1692 mpio - ok 13:01:22.0943 1692 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\windows\system32\drivers\mpsdrv.sys 13:01:22.0946 1692 mpsdrv - ok 13:01:23.0135 1692 MpsSvc (9835584e999d25004e1ee8e5f3e3b881) C:\windows\system32\mpssvc.dll 13:01:23.0153 1692 MpsSvc - ok 13:01:23.0235 1692 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\windows\system32\drivers\mrxdav.sys 13:01:23.0238 1692 MRxDAV - ok 13:01:23.0319 1692 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\windows\system32\DRIVERS\mrxsmb.sys 13:01:23.0322 1692 mrxsmb - ok 13:01:23.0392 1692 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\windows\system32\DRIVERS\mrxsmb10.sys 13:01:23.0395 1692 mrxsmb10 - ok 13:01:23.0458 1692 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\windows\system32\DRIVERS\mrxsmb20.sys 13:01:23.0461 1692 mrxsmb20 - ok 13:01:23.0505 1692 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\windows\system32\drivers\msahci.sys 13:01:23.0507 1692 msahci - ok 13:01:23.0569 1692 msdsm (55055f8ad8be27a64c831322a780a228) C:\windows\system32\drivers\msdsm.sys 13:01:23.0571 1692 msdsm - ok 13:01:23.0644 1692 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\windows\System32\msdtc.exe 13:01:23.0654 1692 MSDTC - ok 13:01:23.0708 1692 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\windows\system32\drivers\Msfs.sys 13:01:23.0710 1692 Msfs - ok 13:01:23.0728 1692 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\windows\System32\drivers\mshidkmdf.sys 13:01:23.0729 1692 mshidkmdf - ok 13:01:23.0773 1692 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\windows\system32\drivers\msisadrv.sys 13:01:23.0774 1692 msisadrv - ok 13:01:23.0851 1692 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\windows\system32\iscsiexe.dll 13:01:23.0856 1692 MSiSCSI - ok 13:01:23.0867 1692 msiserver - ok 13:01:23.0940 1692 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\windows\system32\drivers\MSKSSRV.sys 13:01:23.0942 1692 MSKSSRV - ok 13:01:23.0982 1692 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\windows\system32\drivers\MSPCLOCK.sys 13:01:23.0983 1692 MSPCLOCK - ok 13:01:24.0009 1692 MSPQM (f456e973590d663b1073e9c463b40932) C:\windows\system32\drivers\MSPQM.sys 13:01:24.0011 1692 MSPQM - ok 13:01:24.0067 1692 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\windows\system32\drivers\MsRPC.sys 13:01:24.0072 1692 MsRPC - ok 13:01:24.0131 1692 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\windows\system32\drivers\mssmbios.sys 13:01:24.0133 1692 mssmbios - ok 13:01:24.0168 1692 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\windows\system32\drivers\MSTEE.sys 13:01:24.0170 1692 MSTEE - ok 13:01:24.0210 1692 MTConfig (33599130f44e1f34631cea241de8ac84) C:\windows\system32\DRIVERS\MTConfig.sys 13:01:24.0211 1692 MTConfig - ok 13:01:24.0242 1692 Mup (159fad02f64e6381758c990f753bcc80) C:\windows\system32\Drivers\mup.sys 13:01:24.0245 1692 Mup - ok 13:01:24.0350 1692 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\windows\system32\qagentRT.dll 13:01:24.0372 1692 napagent - ok 13:01:24.0473 1692 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\windows\system32\DRIVERS\nwifi.sys 13:01:24.0480 1692 NativeWifiP - ok 13:01:24.0696 1692 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\windows\system32\drivers\ndis.sys 13:01:24.0711 1692 NDIS - ok 13:01:24.0752 1692 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\windows\system32\DRIVERS\ndiscap.sys 13:01:24.0755 1692 NdisCap - ok 13:01:24.0793 1692 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\windows\system32\DRIVERS\ndistapi.sys 13:01:24.0795 1692 NdisTapi - ok 13:01:24.0852 1692 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\windows\system32\DRIVERS\ndisuio.sys 13:01:24.0855 1692 Ndisuio - ok 13:01:24.0918 1692 NdisWan (38fbe267e7e6983311179230facb1017) C:\windows\system32\DRIVERS\ndiswan.sys 13:01:24.0921 1692 NdisWan - ok 13:01:24.0981 1692 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\windows\system32\drivers\NDProxy.sys 13:01:24.0984 1692 NDProxy - ok 13:01:25.0033 1692 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\windows\system32\DRIVERS\netbios.sys 13:01:25.0035 1692 NetBIOS - ok 13:01:25.0112 1692 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\windows\system32\DRIVERS\netbt.sys 13:01:25.0116 1692 NetBT - ok 13:01:25.0155 1692 Netlogon (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe 13:01:25.0162 1692 Netlogon - ok 13:01:25.0305 1692 Netman (7cccfca7510684768da22092d1fa4db2) C:\windows\System32\netman.dll 13:01:25.0335 1692 Netman - ok 13:01:25.0455 1692 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\windows\System32\netprofm.dll 13:01:25.0467 1692 netprofm - ok 13:01:25.0588 1692 NetTcpPortSharing (f476ec40033cdb91efbe73eb99b8362d) C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe 13:01:25.0591 1692 NetTcpPortSharing - ok 13:01:25.0689 1692 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\windows\system32\DRIVERS\nfrd960.sys 13:01:25.0691 1692 nfrd960 - ok 13:01:25.0819 1692 NlaSvc (912084381d30d8b89ec4e293053f4710) C:\windows\System32\nlasvc.dll 13:01:25.0832 1692 NlaSvc - ok 13:01:25.0895 1692 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\windows\system32\drivers\Npfs.sys 13:01:25.0897 1692 Npfs - ok 13:01:25.0942 1692 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\windows\system32\nsisvc.dll 13:01:25.0951 1692 nsi - ok 13:01:26.0012 1692 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\windows\system32\drivers\nsiproxy.sys 13:01:26.0015 1692 nsiproxy - ok 13:01:26.0335 1692 Ntfs (33c3093d09017cfe2e219f2472bff6eb) C:\windows\system32\drivers\Ntfs.sys 13:01:26.0354 1692 Ntfs - ok 13:01:26.0402 1692 Null (f9756a98d69098dca8945d62858a812c) C:\windows\system32\drivers\Null.sys 13:01:26.0403 1692 Null - ok 13:01:26.0490 1692 nvraid (af2eec9580c1d32fb7eaf105d9784061) C:\windows\system32\drivers\nvraid.sys 13:01:26.0492 1692 nvraid - ok 13:01:26.0542 1692 nvstor (9283c58ebaa2618f93482eb5dabcec82) C:\windows\system32\drivers\nvstor.sys 13:01:26.0544 1692 nvstor - ok 13:01:26.0597 1692 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\windows\system32\drivers\nv_agp.sys 13:01:26.0599 1692 nv_agp - ok 13:01:26.0792 1692 odserv (1f0e05dff4f5a833168e49be1256f002) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE 13:01:26.0803 1692 odserv - ok 13:01:26.0859 1692 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\windows\system32\drivers\ohci1394.sys 13:01:26.0861 1692 ohci1394 - ok 13:01:26.0957 1692 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE 13:01:26.0961 1692 ose - ok 13:01:27.0070 1692 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\windows\system32\pnrpsvc.dll 13:01:27.0092 1692 p2pimsvc - ok 13:01:27.0219 1692 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\windows\system32\p2psvc.dll 13:01:27.0237 1692 p2psvc - ok 13:01:27.0285 1692 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\windows\system32\DRIVERS\parport.sys 13:01:27.0287 1692 Parport - ok 13:01:27.0332 1692 partmgr (3f34a1b4c5f6475f320c275e63afce9b) C:\windows\system32\drivers\partmgr.sys 13:01:27.0334 1692 partmgr - ok 13:01:27.0362 1692 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\windows\system32\DRIVERS\parvdm.sys 13:01:27.0363 1692 Parvdm - ok 13:01:27.0420 1692 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\windows\System32\pcasvc.dll 13:01:27.0429 1692 PcaSvc - ok 13:01:27.0503 1692 pci (673e55c3498eb970088e812ea820aa8f) C:\windows\system32\drivers\pci.sys 13:01:27.0505 1692 pci - ok 13:01:27.0543 1692 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\windows\system32\drivers\pciide.sys 13:01:27.0544 1692 pciide - ok 13:01:27.0620 1692 pcmcia (f396431b31693e71e8a80687ef523506) C:\windows\system32\DRIVERS\pcmcia.sys 13:01:27.0623 1692 pcmcia - ok 13:01:27.0652 1692 pcw (250f6b43d2b613172035c6747aeeb19f) C:\windows\system32\drivers\pcw.sys 13:01:27.0654 1692 pcw - ok 13:01:27.0806 1692 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\windows\system32\drivers\peauth.sys 13:01:27.0820 1692 PEAUTH - ok 13:01:28.0230 1692 pla (414bba67a3ded1d28437eb66aeb8a720) C:\windows\system32\pla.dll 13:01:28.0271 1692 pla - ok 13:01:28.0604 1692 PlugPlay (ec7bc28d207da09e79b3e9faf8b232ca) C:\windows\system32\umpnpmgr.dll 13:01:28.0622 1692 PlugPlay - ok 13:01:28.0674 1692 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\windows\system32\pnrpauto.dll 13:01:28.0684 1692 PNRPAutoReg - ok 13:01:28.0774 1692 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\windows\system32\pnrpsvc.dll 13:01:28.0788 1692 PNRPsvc - ok 13:01:28.0947 1692 PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\windows\System32\ipsecsvc.dll 13:01:28.0961 1692 PolicyAgent - ok 13:01:29.0076 1692 Power (f87d30e72e03d579a5199ccb3831d6ea) C:\windows\system32\umpo.dll 13:01:29.0092 1692 Power - ok 13:01:29.0224 1692 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\windows\system32\DRIVERS\raspptp.sys 13:01:29.0228 1692 PptpMiniport - ok 13:01:29.0286 1692 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\windows\system32\DRIVERS\processr.sys 13:01:29.0293 1692 Processor - ok 13:01:29.0400 1692 ProfSvc (43ca4ccc22d52fb58e8988f0198851d0) C:\windows\system32\profsvc.dll 13:01:29.0413 1692 ProfSvc - ok 13:01:29.0454 1692 ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe 13:01:29.0461 1692 ProtectedStorage - ok 13:01:29.0531 1692 Psched (6270ccae2a86de6d146529fe55b3246a) C:\windows\system32\DRIVERS\pacer.sys 13:01:29.0536 1692 Psched - ok 13:01:29.0876 1692 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\windows\system32\DRIVERS\ql2300.sys 13:01:29.0900 1692 ql2300 - ok 13:01:30.0154 1692 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\windows\system32\DRIVERS\ql40xx.sys 13:01:30.0158 1692 ql40xx - ok 13:01:30.0234 1692 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\windows\system32\qwave.dll 13:01:30.0244 1692 QWAVE - ok 13:01:30.0286 1692 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\windows\system32\drivers\qwavedrv.sys 13:01:30.0288 1692 QWAVEdrv - ok 13:01:30.0308 1692 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\windows\system32\DRIVERS\rasacd.sys 13:01:30.0310 1692 RasAcd - ok 13:01:30.0375 1692 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\windows\system32\DRIVERS\AgileVpn.sys 13:01:30.0377 1692 RasAgileVpn - ok 13:01:30.0431 1692 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\windows\System32\rasauto.dll 13:01:30.0440 1692 RasAuto - ok 13:01:30.0487 1692 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\windows\system32\DRIVERS\rasl2tp.sys 13:01:30.0489 1692 Rasl2tp - ok 13:01:30.0604 1692 RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\windows\System32\rasmans.dll 13:01:30.0624 1692 RasMan - ok 13:01:30.0684 1692 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\windows\system32\DRIVERS\raspppoe.sys 13:01:30.0688 1692 RasPppoe - ok 13:01:30.0751 1692 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\windows\system32\DRIVERS\rassstp.sys 13:01:30.0755 1692 RasSstp - ok 13:01:30.0881 1692 rdbss (d528bc58a489409ba40334ebf96a311b) C:\windows\system32\DRIVERS\rdbss.sys 13:01:30.0887 1692 rdbss - ok 13:01:30.0934 1692 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\windows\system32\DRIVERS\rdpbus.sys 13:01:30.0935 1692 rdpbus - ok 13:01:30.0981 1692 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\windows\system32\DRIVERS\RDPCDD.sys 13:01:30.0983 1692 RDPCDD - ok 13:01:31.0024 1692 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\windows\system32\drivers\rdpencdd.sys 13:01:31.0026 1692 RDPENCDD - ok 13:01:31.0056 1692 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\windows\system32\drivers\rdprefmp.sys 13:01:31.0058 1692 RDPREFMP - ok 13:01:31.0121 1692 RDPWD (f031683e6d1fea157abb2ff260b51e61) C:\windows\system32\drivers\RDPWD.sys 13:01:31.0126 1692 RDPWD - ok 13:01:31.0234 1692 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\windows\system32\drivers\rdyboost.sys 13:01:31.0239 1692 rdyboost - ok 13:01:31.0324 1692 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\windows\System32\mprdim.dll 13:01:31.0333 1692 RemoteAccess - ok 13:01:31.0415 1692 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\windows\system32\regsvc.dll 13:01:31.0429 1692 RemoteRegistry - ok 13:01:31.0517 1692 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\windows\system32\DRIVERS\rfcomm.sys 13:01:31.0519 1692 RFCOMM - ok 13:01:31.0564 1692 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\windows\System32\RpcEpMap.dll 13:01:31.0573 1692 RpcEptMapper - ok 13:01:31.0619 1692 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\windows\system32\locator.exe 13:01:31.0624 1692 RpcLocator - ok 13:01:31.0739 1692 RpcSs (7660f01d3b38aca1747e397d21d790af) C:\windows\system32\rpcss.dll 13:01:31.0754 1692 RpcSs - ok 13:01:31.0825 1692 rspndr (032b0d36ad92b582d869879f5af5b928) C:\windows\system32\DRIVERS\rspndr.sys 13:01:31.0828 1692 rspndr - ok 13:01:31.0913 1692 RTL8167 (7dfd48e24479b68b258d8770121155a0) C:\windows\system32\DRIVERS\Rt86win7.sys 13:01:31.0920 1692 RTL8167 - ok 13:01:31.0990 1692 SABI (6e5fbb7cbaec47038b945d5e9b144a64) C:\windows\system32\Drivers\SABI.sys 13:01:31.0992 1692 SABI - ok 13:01:32.0042 1692 SamSs (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe 13:01:32.0048 1692 SamSs - ok 13:01:32.0121 1692 sbp2port (05d860da1040f111503ac416ccef2bca) C:\windows\system32\drivers\sbp2port.sys 13:01:32.0125 1692 sbp2port - ok 13:01:32.0205 1692 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\windows\System32\SCardSvr.dll 13:01:32.0213 1692 SCardSvr - ok 13:01:32.0264 1692 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\windows\system32\DRIVERS\scfilter.sys 13:01:32.0266 1692 scfilter - ok 13:01:32.0482 1692 Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\windows\system32\schedsvc.dll 13:01:32.0501 1692 Schedule - ok 13:01:32.0558 1692 SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\windows\System32\certprop.dll 13:01:32.0561 1692 SCPolicySvc - ok 13:01:32.0637 1692 SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\windows\System32\SDRSVC.dll 13:01:32.0645 1692 SDRSVC - ok 13:01:32.0697 1692 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\windows\system32\drivers\secdrv.sys 13:01:32.0699 1692 secdrv - ok 13:01:32.0751 1692 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\windows\system32\seclogon.dll 13:01:32.0762 1692 seclogon - ok 13:01:32.0815 1692 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\windows\system32\sens.dll 13:01:32.0823 1692 SENS - ok 13:01:32.0855 1692 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\windows\system32\DRIVERS\serenum.sys 13:01:32.0857 1692 Serenum - ok 13:01:32.0919 1692 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\windows\system32\DRIVERS\serial.sys 13:01:32.0923 1692 Serial - ok 13:01:32.0965 1692 sermouse (79bffb520327ff916a582dfea17aa813) C:\windows\system32\DRIVERS\sermouse.sys 13:01:32.0967 1692 sermouse - ok 13:01:33.0041 1692 SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\windows\system32\sessenv.dll 13:01:33.0053 1692 SessionEnv - ok 13:01:33.0104 1692 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\windows\system32\drivers\sffdisk.sys 13:01:33.0106 1692 sffdisk - ok 13:01:33.0133 1692 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\windows\system32\drivers\sffp_mmc.sys 13:01:33.0135 1692 sffp_mmc - ok 13:01:33.0160 1692 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\windows\system32\drivers\sffp_sd.sys 13:01:33.0162 1692 sffp_sd - ok 13:01:33.0202 1692 sfloppy (db96666cc8312ebc45032f30b007a547) C:\windows\system32\DRIVERS\sfloppy.sys 13:01:33.0204 1692 sfloppy - ok 13:01:33.0336 1692 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\windows\System32\ipnathlp.dll 13:01:33.0348 1692 SharedAccess - ok 13:01:33.0467 1692 ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\windows\System32\shsvcs.dll 13:01:33.0485 1692 ShellHWDetection - ok 13:01:33.0549 1692 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\windows\system32\drivers\sisagp.sys 13:01:33.0552 1692 sisagp - ok 13:01:33.0633 1692 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\windows\system32\DRIVERS\SiSRaid2.sys 13:01:33.0636 1692 SiSRaid2 - ok 13:01:33.0673 1692 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\windows\system32\DRIVERS\sisraid4.sys 13:01:33.0676 1692 SiSRaid4 - ok 13:01:33.0719 1692 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\windows\system32\DRIVERS\smb.sys 13:01:33.0721 1692 Smb - ok 13:01:33.0765 1692 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\windows\System32\snmptrap.exe 13:01:33.0772 1692 SNMPTRAP - ok 13:01:33.0789 1692 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\windows\system32\drivers\spldr.sys 13:01:33.0791 1692 spldr - ok 13:01:33.0924 1692 Spooler (866a43013535dc8587c258e43579c764) C:\windows\System32\spoolsv.exe 13:01:33.0943 1692 Spooler - ok 13:01:34.0662 1692 sppsvc (cf87a1de791347e75b98885214ced2b8) C:\windows\system32\sppsvc.exe 13:01:34.0721 1692 sppsvc - ok 13:01:34.0957 1692 sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\windows\system32\sppuinotify.dll 13:01:34.0965 1692 sppuinotify - ok 13:01:35.0097 1692 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\windows\system32\DRIVERS\srv.sys 13:01:35.0104 1692 srv - ok 13:01:35.0178 1692 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\windows\system32\DRIVERS\srv2.sys 13:01:35.0186 1692 srv2 - ok 13:01:35.0238 1692 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\windows\system32\DRIVERS\srvnet.sys 13:01:35.0241 1692 srvnet - ok 13:01:35.0311 1692 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\windows\System32\ssdpsrv.dll 13:01:35.0327 1692 SSDPSRV - ok 13:01:35.0388 1692 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\windows\system32\DRIVERS\ssmdrv.sys 13:01:35.0391 1692 ssmdrv - ok 13:01:35.0434 1692 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\windows\system32\sstpsvc.dll 13:01:35.0461 1692 SstpSvc - ok 13:01:35.0505 1692 stexstor (db32d325c192b801df274bfd12a7e72b) C:\windows\system32\DRIVERS\stexstor.sys 13:01:35.0506 1692 stexstor - ok 13:01:35.0653 1692 StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\windows\System32\wiaservc.dll 13:01:35.0678 1692 StiSvc - ok 13:01:35.0732 1692 swenum (e58c78a848add9610a4db6d214af5224) C:\windows\system32\drivers\swenum.sys 13:01:35.0733 1692 swenum - ok 13:01:35.0835 1692 swprv (a28bd92df340e57b024ba433165d34d7) C:\windows\System32\swprv.dll 13:01:35.0848 1692 swprv - ok 13:01:36.0139 1692 SysMain (36650d618ca34c9d357dfd3d89b2c56f) C:\windows\system32\sysmain.dll 13:01:36.0170 1692 SysMain - ok 13:01:36.0243 1692 TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\windows\System32\TabSvc.dll 13:01:36.0256 1692 TabletInputService - ok 13:01:36.0358 1692 TapiSrv (613bf4820361543956909043a265c6ac) C:\windows\System32\tapisrv.dll 13:01:36.0373 1692 TapiSrv - ok 13:01:36.0417 1692 TBS (b799d9fdb26111737f58288d8dc172d9) C:\windows\System32\tbssvc.dll 13:01:36.0426 1692 TBS - ok 13:01:36.0805 1692 Tcpip (7fa2e0f8b072bd04b77b421480b6cc22) C:\windows\system32\drivers\tcpip.sys 13:01:36.0823 1692 Tcpip - ok 13:01:36.0870 1692 TCPIP6 (7fa2e0f8b072bd04b77b421480b6cc22) C:\windows\system32\DRIVERS\tcpip.sys 13:01:36.0887 1692 TCPIP6 - ok 13:01:36.0954 1692 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\windows\system32\drivers\tcpipreg.sys 13:01:36.0956 1692 tcpipreg - ok 13:01:37.0017 1692 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\windows\system32\drivers\tdpipe.sys 13:01:37.0018 1692 TDPIPE - ok 13:01:37.0034 1692 TDTCP (2c2c5afe7ee4f620d69c23c0617651a8) C:\windows\system32\drivers\tdtcp.sys 13:01:37.0037 1692 TDTCP - ok 13:01:37.0118 1692 tdx (b459575348c20e8121d6039da063c704) C:\windows\system32\DRIVERS\tdx.sys 13:01:37.0120 1692 tdx - ok 13:01:37.0174 1692 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\windows\system32\drivers\termdd.sys 13:01:37.0176 1692 TermDD - ok 13:01:37.0318 1692 TermService (382c804c92811be57829d8e550a900e2) C:\windows\System32\termsrv.dll 13:01:37.0337 1692 TermService - ok 13:01:37.0391 1692 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\windows\system32\themeservice.dll 13:01:37.0399 1692 Themes - ok 13:01:37.0441 1692 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\windows\system32\mmcss.dll 13:01:37.0448 1692 THREADORDER - ok 13:01:37.0499 1692 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\windows\System32\trkwks.dll 13:01:37.0512 1692 TrkWks - ok 13:01:37.0642 1692 TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\windows\servicing\TrustedInstaller.exe 13:01:37.0646 1692 TrustedInstaller - ok 13:01:37.0700 1692 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\windows\system32\DRIVERS\tssecsrv.sys 13:01:37.0702 1692 tssecsrv - ok 13:01:37.0792 1692 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\windows\system32\drivers\tsusbflt.sys 13:01:37.0794 1692 TsUsbFlt - ok 13:01:37.0878 1692 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\windows\system32\DRIVERS\tunnel.sys 13:01:37.0882 1692 tunnel - ok 13:01:37.0926 1692 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\windows\system32\DRIVERS\uagp35.sys 13:01:37.0929 1692 uagp35 - ok 13:01:38.0021 1692 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\windows\system32\DRIVERS\udfs.sys 13:01:38.0025 1692 udfs - ok 13:01:38.0083 1692 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\windows\system32\UI0Detect.exe 13:01:38.0092 1692 UI0Detect - ok 13:01:38.0143 1692 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\windows\system32\drivers\uliagpkx.sys 13:01:38.0145 1692 uliagpkx - ok 13:01:38.0223 1692 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\windows\system32\drivers\umbus.sys 13:01:38.0224 1692 umbus - ok 13:01:38.0259 1692 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\windows\system32\DRIVERS\umpass.sys 13:01:38.0261 1692 UmPass - ok 13:01:38.0350 1692 upnphost (833fbb672460efce8011d262175fad33) C:\windows\System32\upnphost.dll 13:01:38.0369 1692 upnphost - ok 13:01:38.0421 1692 usbccgp (7e72e7d7e0757d59481d530fd2b0bfae) C:\windows\system32\drivers\usbccgp.sys 13:01:38.0423 1692 usbccgp - ok 13:01:38.0468 1692 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\windows\system32\drivers\usbcir.sys 13:01:38.0471 1692 usbcir - ok 13:01:38.0510 1692 usbehci (cfbce999c057d78979a181c9c60f208e) C:\windows\system32\drivers\usbehci.sys 13:01:38.0512 1692 usbehci - ok 13:01:38.0599 1692 usbhub (9d22aad9ac6a07c691a1113e5f860868) C:\windows\system32\drivers\usbhub.sys 13:01:38.0603 1692 usbhub - ok 13:01:38.0642 1692 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\windows\system32\drivers\usbohci.sys 13:01:38.0646 1692 usbohci - ok 13:01:38.0698 1692 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\windows\system32\DRIVERS\usbprint.sys 13:01:38.0699 1692 usbprint - ok 13:01:38.0742 1692 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\windows\system32\DRIVERS\usbscan.sys 13:01:38.0744 1692 usbscan - ok 13:01:38.0788 1692 USBSTOR (bf63ebfc6979fefb2bc03df7989a0c1a) C:\windows\system32\drivers\USBSTOR.SYS 13:01:38.0790 1692 USBSTOR - ok 13:01:38.0818 1692 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\windows\system32\drivers\usbuhci.sys 13:01:38.0819 1692 usbuhci - ok 13:01:38.0920 1692 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\windows\System32\Drivers\usbvideo.sys 13:01:38.0925 1692 usbvideo - ok 13:01:38.0970 1692 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\windows\System32\uxsms.dll 13:01:38.0979 1692 UxSms - ok 13:01:39.0020 1692 VaultSvc (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe 13:01:39.0025 1692 VaultSvc - ok 13:01:39.0070 1692 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\windows\system32\drivers\vdrvroot.sys 13:01:39.0073 1692 vdrvroot - ok 13:01:39.0192 1692 vds (c3cd30495687c2a2f66a65ca6fd89be9) C:\windows\System32\vds.exe 13:01:39.0214 1692 vds - ok 13:01:39.0265 1692 vga (17c408214ea61696cec9c66e388b14f3) C:\windows\system32\DRIVERS\vgapnp.sys 13:01:39.0267 1692 vga - ok 13:01:39.0292 1692 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\windows\System32\drivers\vga.sys 13:01:39.0294 1692 VgaSave - ok 13:01:39.0353 1692 vhdmp (5461686cca2fda57b024547733ab42e3) C:\windows\system32\drivers\vhdmp.sys 13:01:39.0356 1692 vhdmp - ok 13:01:39.0417 1692 viaagp (c829317a37b4bea8f39735d4b076e923) C:\windows\system32\drivers\viaagp.sys 13:01:39.0420 1692 viaagp - ok 13:01:39.0471 1692 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\windows\system32\DRIVERS\viac7.sys 13:01:39.0473 1692 ViaC7 - ok 13:01:39.0508 1692 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\windows\system32\drivers\viaide.sys 13:01:39.0510 1692 viaide - ok 13:01:39.0553 1692 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\windows\system32\drivers\volmgr.sys 13:01:39.0554 1692 volmgr - ok 13:01:39.0639 1692 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\windows\system32\drivers\volmgrx.sys 13:01:39.0646 1692 volmgrx - ok 13:01:39.0753 1692 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\windows\system32\drivers\volsnap.sys 13:01:39.0760 1692 volsnap - ok 13:01:39.0843 1692 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\windows\system32\DRIVERS\vsmraid.sys 13:01:39.0846 1692 vsmraid - ok 13:01:40.0097 1692 VSS (209a3b1901b83aeb8527ed211cce9e4c) C:\windows\system32\vssvc.exe 13:01:40.0127 1692 VSS - ok 13:01:40.0161 1692 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\windows\system32\DRIVERS\vwifibus.sys 13:01:40.0163 1692 vwifibus - ok 13:01:40.0215 1692 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\windows\system32\DRIVERS\vwififlt.sys 13:01:40.0217 1692 vwififlt - ok 13:01:40.0269 1692 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\windows\system32\DRIVERS\vwifimp.sys 13:01:40.0271 1692 vwifimp - ok 13:01:40.0362 1692 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\windows\system32\w32time.dll 13:01:40.0381 1692 W32Time - ok 13:01:40.0433 1692 WacomPen (de3721e89c653aa281428c8a69745d90) C:\windows\system32\DRIVERS\wacompen.sys 13:01:40.0435 1692 WacomPen - ok 13:01:40.0510 1692 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\windows\system32\DRIVERS\wanarp.sys 13:01:40.0512 1692 WANARP - ok 13:01:40.0525 1692 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\windows\system32\DRIVERS\wanarp.sys 13:01:40.0528 1692 Wanarpv6 - ok 13:01:40.0817 1692 wbengine (691e3285e53dca558e1a84667f13e15a) C:\windows\system32\wbengine.exe 13:01:40.0850 1692 wbengine - ok 13:01:40.0922 1692 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\windows\System32\wbiosrvc.dll 13:01:40.0931 1692 WbioSrvc - ok 13:01:41.0026 1692 wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) C:\windows\System32\wcncsvc.dll 13:01:41.0038 1692 wcncsvc - ok 13:01:41.0070 1692 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\windows\System32\WcsPlugInService.dll 13:01:41.0078 1692 WcsPlugInService - ok 13:01:41.0158 1692 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\windows\system32\DRIVERS\wd.sys 13:01:41.0161 1692 Wd - ok 13:01:41.0280 1692 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\windows\system32\drivers\Wdf01000.sys 13:01:41.0288 1692 Wdf01000 - ok 13:01:41.0328 1692 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\windows\system32\wdi.dll 13:01:41.0338 1692 WdiServiceHost - ok 13:01:41.0348 1692 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\windows\system32\wdi.dll 13:01:41.0360 1692 WdiSystemHost - ok 13:01:41.0439 1692 WebClient (a9d880f97530d5b8fee278923349929d) C:\windows\System32\webclnt.dll 13:01:41.0456 1692 WebClient - ok 13:01:41.0536 1692 Wecsvc (760f0afe937a77cff27153206534f275) C:\windows\system32\wecsvc.dll 13:01:41.0545 1692 Wecsvc - ok 13:01:41.0586 1692 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\windows\System32\wercplsupport.dll 13:01:41.0597 1692 wercplsupport - ok 13:01:41.0650 1692 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\windows\System32\WerSvc.dll 13:01:41.0663 1692 WerSvc - ok 13:01:41.0723 1692 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\windows\system32\DRIVERS\wfplwf.sys 13:01:41.0725 1692 WfpLwf - ok 13:01:41.0751 1692 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\windows\system32\drivers\wimmount.sys 13:01:41.0755 1692 WIMMount - ok 13:01:42.0007 1692 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll 13:01:42.0025 1692 WinDefend - ok 13:01:42.0043 1692 WinHttpAutoProxySvc - ok 13:01:42.0194 1692 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\windows\system32\wbem\WMIsvc.dll 13:01:42.0200 1692 Winmgmt - ok 13:01:42.0486 1692 WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\windows\system32\WsmSvc.dll 13:01:42.0519 1692 WinRM - ok 13:01:42.0641 1692 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\windows\system32\DRIVERS\WinUsb.sys 13:01:42.0643 1692 WinUsb - ok 13:01:42.0843 1692 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\windows\System32\wlansvc.dll 13:01:42.0874 1692 Wlansvc - ok 13:01:43.0304 1692 wlidsvc (fb01d4ae207b9efdbabfc55dc95c7e31) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 13:01:43.0332 1692 wlidsvc - ok 13:01:43.0569 1692 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\windows\system32\drivers\wmiacpi.sys 13:01:43.0573 1692 WmiAcpi - ok 13:01:43.0706 1692 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\windows\system32\wbem\WmiApSrv.exe 13:01:43.0712 1692 wmiApSrv - ok 13:01:44.0045 1692 WMPNetworkSvc (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe 13:01:44.0072 1692 WMPNetworkSvc - ok 13:01:44.0102 1692 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\windows\System32\wpcsvc.dll 13:01:44.0111 1692 WPCSvc - ok 13:01:44.0170 1692 WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) C:\windows\system32\wpdbusenum.dll 13:01:44.0181 1692 WPDBusEnum - ok 13:01:44.0280 1692 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\windows\system32\drivers\ws2ifsl.sys 13:01:44.0284 1692 ws2ifsl - ok 13:01:44.0332 1692 wscsvc (6f5d49efe0e7164e03ae773a3fe25340) C:\windows\system32\wscsvc.dll 13:01:44.0343 1692 wscsvc - ok 13:01:44.0354 1692 WSearch - ok 13:01:44.0795 1692 wuauserv (fc3ec24fce372c89423e015a2ac1a31e) C:\windows\system32\wuaueng.dll 13:01:44.0834 1692 wuauserv - ok 13:01:45.0092 1692 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\windows\system32\drivers\WudfPf.sys 13:01:45.0097 1692 WudfPf - ok 13:01:45.0168 1692 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\windows\system32\DRIVERS\WUDFRd.sys 13:01:45.0171 1692 WUDFRd - ok 13:01:45.0245 1692 wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) C:\windows\System32\WUDFSvc.dll 13:01:45.0254 1692 wudfsvc - ok 13:01:45.0333 1692 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\windows\System32\wwansvc.dll 13:01:45.0350 1692 WwanSvc - ok 13:01:45.0476 1692 yukonw7 (30b73eb97218a16cbc6de535782a1b35) C:\windows\system32\DRIVERS\yk62x86.sys 13:01:45.0483 1692 yukonw7 - ok 13:01:45.0571 1692 MBR (0x1B8) (2e5debb2116b3417023e0d6562d7ed07) \Device\Harddisk0\DR0 13:01:46.0708 1692 \Device\Harddisk0\DR0 - ok 13:01:46.0746 1692 Boot (0x1200) (e212ca20377ac4a866e40b1f57bb20c2) \Device\Harddisk0\DR0\Partition0 13:01:46.0752 1692 \Device\Harddisk0\DR0\Partition0 - ok 13:01:46.0777 1692 Boot (0x1200) (473ef0fcb68cf5570602911da66025ef) \Device\Harddisk0\DR0\Partition1 13:01:46.0781 1692 \Device\Harddisk0\DR0\Partition1 - ok 13:01:46.0811 1692 Boot (0x1200) (ad89082cf592c6c5a5a66a59f51971b7) \Device\Harddisk0\DR0\Partition2 13:01:46.0816 1692 \Device\Harddisk0\DR0\Partition2 - ok 13:01:46.0817 1692 ============================================================ 13:01:46.0817 1692 Scan finished 13:01:46.0817 1692 ============================================================ 13:01:46.0854 3508 Detected object count: 0 13:01:46.0854 3508 Actual detected object count: 0 |
26.06.2012, 07:31 | #9 |
/// Malwareteam | Windows-Verschlüsselungstrojaner ! Gelöscht, aber wie Daten wieder entschlüsseln. Gmer Bitte
__________________ Kein Asylrecht für Trojaner! Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
26.06.2012, 17:23 | #10 |
| Windows-Verschlüsselungstrojaner ! Gelöscht, aber wie Daten wieder entschlüsseln. Ich weiß nicht, was die Systemplatte ist, aber ich denke, du meinst, dass es die C-Festplatte ist (bei mir zumindestens), also wo die Systemdaten drin sind. Ich habe nur D-Festplatte untersucht. Nach der Untersuchung stand "Scan stopped" Als zip habe ich das log gespeichert (Anhang) |
27.06.2012, 12:47 | #11 | |
/// Malwareteam | Windows-Verschlüsselungstrojaner ! Gelöscht, aber wie Daten wieder entschlüsseln. Prima! Combofix Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!Downloade dir bitte Combofix von einem dieser Downloadspiegel Link 1 Link 2 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ Kein Asylrecht für Trojaner! Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
29.06.2012, 08:08 | #12 |
/// Malwareteam | Windows-Verschlüsselungstrojaner ! Gelöscht, aber wie Daten wieder entschlüsseln. Hallo, benötigst Du noch weiterhin Hilfe ? Sollte ich innerhalb der nächsten 24 Stunden keine Antwort von dir erhalten, werde ich dein Thema aus meinen Abos nehmen und bekomme dadurch keine Nachricht über neue Antworten. Das Verschwinden der Symptome bedeutet nicht, dass dein System schon sauber ist
__________________ Kein Asylrecht für Trojaner! Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
29.06.2012, 19:26 | #13 |
| Windows-Verschlüsselungstrojaner ! Gelöscht, aber wie Daten wieder entschlüsseln. sry, ich werde das machen. Ich bin leider auch mit anderen Sachen beschäftigt, aber ich werde Combofix-log gleich rüberschicken. So, hat ein bisschen gedauert. Combofix Code:
ATTFilter ComboFix 12-06-28.03 - PC 29.06.2012 20:33:58.2.2 - x86 Microsoft Windows 7 Starter 6.1.7601.1.1252.49.1031.18.2037.1266 [GMT 2:00] ausgeführt von:: c:\users\PC\Desktop\ComboFix.exe SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((( Dateien erstellt von 2012-05-28 bis 2012-06-29 )))))))))))))))))))))))))))))) . . 2012-06-29 18:46 . 2012-06-29 18:46 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-06-27 00:00 . 2012-05-31 03:41 6762896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3DF223F0-363F-4D3E-B921-66C21FFA3165}\mpengine.dll 2012-06-23 21:25 . 2009-11-19 01:34 19968 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\suge1pc.dll 2012-06-23 21:19 . 2006-09-18 11:05 73728 ----a-w- c:\windows\WiaInst.exe 2012-06-23 21:19 . 2006-09-18 11:05 41984 ------w- c:\windows\system32\drivers\DGIVECP.SYS 2012-06-23 21:19 . 2012-06-23 21:19 -------- d-----w- c:\windows\Samsung 2012-06-21 08:10 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-21 08:10 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll 2012-06-21 08:10 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll 2012-06-21 08:10 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-21 08:10 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll 2012-06-21 08:10 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll 2012-06-21 08:10 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll 2012-06-21 08:10 . 2012-06-02 13:19 171904 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-21 08:10 . 2012-06-02 13:12 33792 ----a-w- c:\windows\system32\wuapp.exe 2012-06-19 19:13 . 2012-06-19 19:26 -------- d-----w- c:\users\PC\AppData\Local\Recovery Toolbox for PDF 2012-06-18 21:08 . 2012-06-19 19:24 -------- d-----w- c:\users\PC\AppData\Local\Recovery Toolbox for Word 2012-06-17 20:44 . 2012-06-17 20:44 -------- d-----w- c:\windows\system32\wbem\it-IT 2012-06-17 20:44 . 2012-06-17 20:44 -------- d-----w- c:\windows\system32\wbem\fr-FR 2012-06-17 20:44 . 2012-06-17 20:44 -------- d-----w- c:\windows\system32\wbem\en-US 2012-06-17 20:43 . 2009-11-19 19:15 2824704 ----a-w- c:\windows\system32\AInst3141.exe 2012-06-17 19:56 . 2006-09-12 15:36 21256 ----a-w- c:\program files\Common Files\Microsoft Shared\Help\1031\hxdsui.dll 2012-06-17 17:21 . 2012-06-17 17:21 -------- d-----w- c:\program files\Smart File Advisor 2012-06-17 12:44 . 2012-06-17 12:44 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2012-06-17 12:10 . 2012-06-17 12:10 -------- d-----w- c:\windows\system32\SPReview 2012-06-17 12:08 . 2012-06-17 12:08 -------- d-----w- c:\windows\system32\EventProviders 2012-06-17 08:53 . 2012-06-17 08:53 421200 ----a-w- c:\program files\Mozilla Firefox\msvcp100.dll 2012-06-17 08:53 . 2012-06-17 08:53 770384 ----a-w- c:\program files\Mozilla Firefox\msvcr100.dll 2012-06-13 08:53 . 2012-04-20 03:16 1638912 ----a-w- c:\windows\system32\mshtml.tlb 2012-06-13 08:53 . 2012-05-15 01:05 2343936 ----a-w- c:\windows\system32\win32k.sys 2012-06-13 08:53 . 2012-04-26 04:45 58880 ----a-w- c:\windows\system32\rdpwsx.dll 2012-06-13 08:53 . 2012-04-26 04:45 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll 2012-06-13 08:53 . 2012-04-26 04:41 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe 2012-06-06 10:42 . 2012-06-06 10:42 -------- d-----w- c:\program files\Common Files\Adobe 2012-06-04 01:56 . 2012-03-01 05:46 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys 2012-06-04 01:56 . 2012-03-01 05:37 172544 ----a-w- c:\windows\system32\wintrust.dll 2012-06-04 01:56 . 2012-03-01 05:33 159232 ----a-w- c:\windows\system32\imagehlp.dll 2012-06-04 01:56 . 2012-03-01 05:29 5120 ----a-w- c:\windows\system32\wmi.dll 2012-06-03 19:22 . 2012-03-17 07:27 56176 ----a-w- c:\windows\system32\drivers\partmgr.sys 2012-06-03 19:22 . 2011-04-28 03:15 393728 ----a-w- c:\windows\system32\drivers\bthport.sys 2012-06-03 19:22 . 2011-04-28 03:15 60416 ----a-w- c:\windows\system32\drivers\BTHUSB.SYS 2012-06-03 19:22 . 2010-11-20 12:17 219648 ----a-w- c:\windows\system32\fsquirt.exe 2012-06-03 19:22 . 2012-03-30 10:23 1291632 ----a-w- c:\windows\system32\drivers\tcpip.sys 2012-06-03 19:22 . 2012-03-31 04:29 936960 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll 2012-06-03 19:21 . 2012-03-31 04:39 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-06-03 19:21 . 2012-03-31 04:39 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-06-03 19:21 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\system32\DWrite.dll 2012-06-03 17:10 . 2012-06-29 18:46 -------- d-----w- c:\users\PC\AppData\Local\temp 2012-06-03 14:04 . 2012-06-03 14:04 -------- d-----w- c:\users\PC\AppData\Roaming\Malwarebytes 2012-06-03 14:04 . 2012-06-03 14:04 -------- d-----w- c:\programdata\Malwarebytes . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-06-17 12:25 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll 2012-05-09 06:13 . 2012-01-12 17:41 83392 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2012-05-09 06:13 . 2012-01-12 17:41 137928 ----a-w- c:\windows\system32\drivers\avipbb.sys 2012-06-17 08:53 . 2012-02-20 07:18 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-04-22 141848] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-22 173592] "Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-22 150552] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-04-07 8555040] "ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2010-03-25 1891720] "UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-05-09 348624] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] "PlusService"="c:\program files\Yuna Software\Messenger Plus!\PlusService.exe" [2012-02-27 801792] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712] "Smart File Advisor"="c:\program files\Smart File Advisor\sfa.exe" [2011-04-04 280824] . c:\users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-4-7 828704] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "mixer1"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Power] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="" . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] 2012-03-08 16:50 4280184 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe . R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x] R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x] S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x] S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [x] S3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [x] S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x] S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x] S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [x] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc . . ------- Zusätzlicher Suchlauf ------- . uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm TCP: DhcpNameServer = 192.168.2.1 FF - ProfilePath - c:\users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\zwyzwftw.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/ . - - - - Entfernte verwaiste Registrierungseinträge - - - - . AddRemove-Samsung SCX-4200 Series - c:\program files\SAMSUNG\Samsung SCX-4200 Series\Install\Setup.exe . . . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . --------------------- Durch laufende Prozesse gestartete DLLs --------------------- . - - - - - - - > 'Explorer.exe'(3836) c:\program files\WIDCOMM\Bluetooth Software\btmmhook.dll . Zeit der Fertigstellung: 2012-06-29 20:54:07 ComboFix-quarantined-files.txt 2012-06-29 18:54 . Vor Suchlauf: 10 Verzeichnis(se), 38.143.537.152 Bytes frei Nach Suchlauf: 11 Verzeichnis(se), 38.037.987.328 Bytes frei . - - End Of File - - 9A32BC8420ABB5570596155F3F003952 |
03.07.2012, 08:40 | #14 |
/// Malwareteam | Windows-Verschlüsselungstrojaner ! Gelöscht, aber wie Daten wieder entschlüsseln. Sieht ganz gut aus - kontrollieren wir alles nochmal! Schritt 1: MBAM vollständig Downloade Dir bitte Malwarebytes
Schritt 2: ESET ESET Online Scanner
__________________ Kein Asylrecht für Trojaner! Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
05.07.2012, 11:02 | #15 |
/// Malwareteam | Windows-Verschlüsselungstrojaner ! Gelöscht, aber wie Daten wieder entschlüsseln. Hallo, benötigst Du noch weiterhin Hilfe ? Sollte ich innerhalb der nächsten 24 Stunden keine Antwort von dir erhalten, werde ich dein Thema aus meinen Abos nehmen und bekomme dadurch keine Nachricht über neue Antworten. Das Verschwinden der Symptome bedeutet nicht, dass dein System schon sauber ist
__________________ Kein Asylrecht für Trojaner! Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
Themen zu Windows-Verschlüsselungstrojaner ! Gelöscht, aber wie Daten wieder entschlüsseln. |
anderes, angeblicher, anhang, antivirus, ausprobiert, bildschirm, code, computer, daten, diverse, entschlüsseln, gelöscht, gestern, hinweis, namen, normalen, nutzbar, problem, rechnung, schlüsseln, versucht, vieles, würde, zeichen, zugang |