| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Win32/Small.CA-Virus - Windows7 WartungscentermeldungWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
12.06.2013, 00:01
| #1 |
| |  Win32/Small.CA-Virus - Windows7 Wartungscentermeldung Hallo allerseits, gester Abend bekam ich plötzlich, direkt nach Start von Windows eine "kritische Fehlermeldung" in der stand, dass der PC in einer Minute neugestartet werden müsste. Nach dem Neustart erhielt ich dann die Fehlermeldung vom Windows-Wartungscenter, dass ich den "Win32/Small.CA-Virus" entfernen sollte und dass dieser 1x zum nicht korrektem des PCi geführt hat. Der PC funktioniert aber zur Zeit einwandfrei und die Fehlermeldung im Wartungscenter wurde automatisch archiviert. Eine Überprüfung mit dem Windowsdefender, Malwarebytes Anti-Malware als auch durch Sophos ergab keine Funde. Daher habe ich dann wie im Forum erklärt die 3 Schritte durchgeführt der Anleitung durchgeführt. Hier dazu die Logfiles: OTL.txt Code:
ATTFilter OTL logfile created on: 11.06.2013 21:39:00 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Downloads 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,96 Gb Total Physical Memory | 1,04 Gb Available Physical Memory | 52,93% Memory free 3,92 Gb Paging File | 2,75 Gb Available in Paging File | 70,15% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 137,82 Gb Total Space | 32,37 Gb Free Space | 23,49% Space Free | Partition Type: NTFS Drive D: | 9,77 Gb Total Space | 3,95 Gb Free Space | 40,46% Space Free | Partition Type: NTFS Computer Name: *** | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.06.11 21:38:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Downloads\OTL.exe PRC - [2013.03.21 19:42:03 | 002,890,232 | ---- | M] (Sophos Limited) -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe PRC - [2013.02.13 20:33:11 | 000,237,048 | ---- | M] (Sophos Limited) -- C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe PRC - [2013.02.13 20:33:09 | 000,929,272 | ---- | M] (Sophos Limited) -- C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe PRC - [2013.02.13 20:31:45 | 000,217,592 | ---- | M] (Sophos Limited) -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe PRC - [2012.11.20 19:11:02 | 000,159,296 | ---- | M] (Sophos Limited) -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe PRC - [2012.09.23 12:41:45 | 000,357,400 | ---- | M] (Sophos Limited) -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe PRC - [2011.03.04 13:45:08 | 001,529,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe ========== Modules (No Company Name) ========== MOD - [2012.08.27 22:33:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2012.08.27 22:33:08 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ========== Services (SafeList) ========== SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV:64bit: - [2007.04.19 15:43:56 | 000,566,192 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxczcoms.exe -- (lxcz_device) SRV - [2013.06.11 20:42:37 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.05.20 10:58:14 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.03.21 19:42:03 | 002,890,232 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe -- (swi_service) SRV - [2013.02.28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2013.02.13 20:33:11 | 000,237,048 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe -- (Sophos AutoUpdate Service) SRV - [2013.02.13 20:31:45 | 000,217,592 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe -- (SAVAdminService) SRV - [2012.12.04 16:21:03 | 002,010,688 | ---- | M] (Sophos Limited) [Auto | Stopped] -- C:\ProgramData\Sophos\Web Intelligence\swi_update_64.exe -- (swi_update_64) SRV - [2012.11.20 19:11:02 | 000,159,296 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe -- (SAVService) SRV - [2012.09.23 12:41:45 | 000,357,400 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe -- (Sophos Web Control Service) SRV - [2011.03.04 13:45:08 | 001,529,856 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2007.04.19 15:43:42 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWOW64\lxczcoms.exe -- (lxcz_device) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.11.20 19:12:09 | 000,154,952 | ---- | M] (Sophos Limited) [File_System | System | Running] -- C:\Windows\SysNative\drivers\savonaccess.sys -- (SAVOnAccess) DRV:64bit: - [2012.09.23 12:43:42 | 000,036,640 | ---- | M] (Sophos Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdcfilter.sys -- (sdcfilter) DRV:64bit: - [2012.09.23 12:37:09 | 000,025,608 | ---- | M] (Sophos Plc) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\SophosBootDriver.sys -- (SophosBootDriver) DRV:64bit: - [2012.08.23 16:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2012.08.23 16:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2012.08.21 14:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2012.07.09 14:42:54 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.03.04 13:51:50 | 000,306,536 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CVPNDRVA.sys -- (CVPNDRVA) DRV:64bit: - [2011.02.11 19:16:38 | 010,628,640 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 11:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2010.02.08 09:32:00 | 000,014,992 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CVirtA64.sys -- (CVirtA) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.08 00:45:50 | 002,769,400 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX) DRV:64bit: - [2009.06.10 23:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92) DRV:64bit: - [2009.06.10 23:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac) DRV:64bit: - [2009.06.10 23:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.01.19 20:32:22 | 000,334,344 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\acedrv11.sys -- (acedrv11) DRV:64bit: - [2008.11.16 19:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dne64x.sys -- (DNE) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 92 42 4C 96 FD 98 CD 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "about:home" FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files (x86)\VLC\npvlc.dll (VideoLAN) FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101721.dll (Amazon.com, Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.09.23 15:39:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2013.05.09 20:29:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\pezh5s41.default\extensions [2013.05.09 20:29:04 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\pezh5s41.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013.05.20 10:58:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions [2013.05.20 10:58:16 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL (Microsoft Corporation) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [lxczbmgr.exe] C:\Program Files (x86)\Lexmark 1200 Series\lxczbmgr.exe (Lexmark International, Inc.) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [ROC_ROC_NT] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT File not found O4 - HKLM..\Run: [Sophos AutoUpdate Monitor] C:\Program Files (x86)\Sophos\AutoUpdate\almon.exe (Sophos Limited) O4 - HKCU..\Run: [AdobeBridge] File not found O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000019 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited) O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.124.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{79100CAF-233B-429B-B8F0-931B166EC407}: DhcpNameServer = 10.124.0.1 O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~2.DLL) - C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~2.DLL (Sophos Limited) O20 - AppInit_DLLs: (C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~1.DLL) - C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Limited) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008.06.10 18:32:46 | 000,000,049 | -HS- | M] () - D:\AUTORUN.INF -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.06.11 20:20:21 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes [2013.06.11 20:20:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.06.11 20:20:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.06.11 20:20:01 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013.06.11 20:20:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013.05.20 10:57:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.06.11 21:42:03 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.06.11 21:36:56 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable [2013.06.11 20:20:07 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.06.11 20:16:37 | 000,014,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.06.11 20:16:37 | 000,014,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.06.11 20:07:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.06.11 20:07:38 | 1579,601,920 | -HS- | M] () -- C:\hiberfil.sys [2013.05.28 18:47:11 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.05.28 18:47:11 | 000,654,302 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.05.28 18:47:11 | 000,616,144 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.05.28 18:47:11 | 000,130,142 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.05.28 18:47:11 | 000,106,524 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.05.23 21:55:11 | 000,000,315 | ---- | M] () -- C:\Users\***\AppData\Roaming\burnaware.ini [2013.05.18 12:05:31 | 000,170,723 | ---- | M] () -- C:\Users\***\Documents\lousberglauf.xps [2013.05.16 08:35:24 | 005,033,392 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.06.11 21:36:56 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable [2013.06.11 20:20:07 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.05.18 12:05:29 | 000,170,723 | ---- | C] () -- C:\Users\***\Documents\lousberglauf.xps [2013.02.10 19:35:33 | 000,000,125 | -HS- | C] () -- C:\ProgramData\.zreglib [2012.12.22 13:33:13 | 000,000,315 | ---- | C] () -- C:\Users\***\AppData\Roaming\burnaware.ini [2012.10.25 20:55:16 | 000,003,584 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.10.24 18:51:52 | 000,000,076 | ---- | C] () -- C:\Users\***\AppData\Local\STAR.trace [2012.10.24 18:51:37 | 000,001,025 | ---- | C] () -- C:\Windows\SysWow64\sysprs7.dll [2012.10.24 18:51:37 | 000,000,205 | ---- | C] () -- C:\Windows\SysWow64\lsprst7.dll [2012.10.01 20:40:50 | 000,000,100 | ---- | C] () -- C:\Windows\Lexstat.ini [2012.09.26 22:34:02 | 000,413,696 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczinpa.dll [2012.09.26 22:34:02 | 000,397,312 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcziesc.dll [2012.09.26 22:34:02 | 000,274,432 | ---- | C] () -- C:\Windows\SysWow64\LXCZinst.dll [2012.09.26 22:34:01 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczpmui.dll [2012.09.26 22:34:01 | 000,413,696 | ---- | C] () -- C:\Windows\SysWow64\lxczutil.dll [2012.09.26 22:34:00 | 000,991,232 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczusb1.dll [2012.09.26 22:33:59 | 001,224,704 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczserv.dll [2012.09.26 22:33:59 | 000,585,728 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczlmpm.dll [2012.09.26 22:33:59 | 000,181,168 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczppls.exe [2012.09.26 22:33:59 | 000,163,840 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczprox.dll [2012.09.26 22:33:59 | 000,094,208 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczpplc.dll [2012.09.26 22:33:58 | 000,696,320 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczhbn3.dll [2012.09.26 22:33:58 | 000,385,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczih.exe [2012.09.26 22:33:57 | 000,684,032 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczcomc.dll [2012.09.26 22:33:57 | 000,537,520 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczcoms.exe [2012.09.26 22:33:57 | 000,421,888 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczcomm.dll [2012.09.26 22:33:56 | 000,381,872 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczcfg.exe [2012.09.23 13:04:05 | 000,007,168 | ---- | C] () -- C:\Windows\SysWow64\tfuhwba.dll [2012.09.23 13:04:05 | 000,001,025 | ---- | C] () -- C:\Windows\SysWow64\grcauth2.dll [2012.09.23 13:04:05 | 000,001,025 | ---- | C] () -- C:\Windows\SysWow64\grcauth1.dll [2012.09.23 13:04:05 | 000,001,025 | ---- | C] () -- C:\Windows\SysWow64\clauth2.dll [2012.09.23 13:04:05 | 000,001,025 | ---- | C] () -- C:\Windows\SysWow64\clauth1.dll [2012.09.23 13:04:05 | 000,000,204 | ---- | C] () -- C:\Windows\SysWow64\p5z6t2p.dll [2012.09.23 13:04:05 | 000,000,100 | ---- | C] () -- C:\Windows\SysWow64\prsgrc.dll [2012.09.23 13:04:05 | 000,000,016 | -H-- | C] () -- C:\Windows\SysWow64\mb6a5lr.dll ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013.02.13 00:04:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Amazon [2013.04.20 17:12:54 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Broken Sword 2.5 [2012.12.23 16:45:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\CLC bio [2013.02.28 18:45:10 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant [2012.09.23 22:07:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DAEMON Tools Lite [2013.05.31 22:06:54 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Dropbox [2012.10.02 19:50:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Foxit Software [2012.09.23 21:26:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\IrfanView [2013.06.09 14:12:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MediaMonkey [2013.01.27 21:18:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Opera [2012.11.25 20:32:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ProtectDisc [2013.05.05 18:53:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ScummVM [2013.03.01 23:38:41 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 11.06.2013 21:39:00 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,96 Gb Total Physical Memory | 1,04 Gb Available Physical Memory | 52,93% Memory free
3,92 Gb Paging File | 2,75 Gb Available in Paging File | 70,15% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 137,82 Gb Total Space | 32,37 Gb Free Space | 23,49% Space Free | Partition Type: NTFS
Drive D: | 9,77 Gb Total Space | 3,95 Gb Free Space | 40,46% Space Free | Partition Type: NTFS
Computer Name: ROWLEY | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- Reg Error: Key error.
htmlfile [opennew] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [MediaMonkey.1Play] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" "%1" (Ventis Media Inc.)
Directory [MediaMonkey.2PlayNext] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" /NEXT "%1" (Ventis Media Inc.)
Directory [MediaMonkey.3Enqueue] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" /ADD "%1" (Ventis Media Inc.)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- Reg Error: Key error.
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- Reg Error: Key error.
htmlfile [opennew] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [MediaMonkey.1Play] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" "%1" (Ventis Media Inc.)
Directory [MediaMonkey.2PlayNext] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" /NEXT "%1" (Ventis Media Inc.)
Directory [MediaMonkey.3Enqueue] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" /ADD "%1" (Ventis Media Inc.)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- Reg Error: Key error.
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
"" =
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{085B6E42-21B8-4538-AC1F-08D75968EC10}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{1B90DE2C-CCB8-4C57-81D6-1D9DAEDF05D8}" = rport=139 | protocol=6 | dir=out | app=system |
"{1E2B214E-76A8-4965-A5BE-AE136B7066E7}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{1FC056A3-60A0-4F82-8093-307215D3F89C}" = lport=445 | protocol=6 | dir=in | app=system |
"{2DE6A991-9405-4CD0-ABAF-F7C63AB6B539}" = rport=138 | protocol=17 | dir=out | app=system |
"{2F0DF20A-4D68-443E-9CF0-44A4ACE3E4E2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3CAAA8C9-A5E5-4B72-A914-0D07F4BD3750}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{447841EF-D965-49E7-B83F-14338DDC2FC7}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{6E635DB4-6800-4238-8471-10C4C8430C92}" = lport=138 | protocol=17 | dir=in | app=system |
"{84707EFD-C9C1-4A0F-B3A0-78E13D0A57F7}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{8A47785A-9E06-4D14-8197-54B9C9E0181A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{92D86ED5-26FF-41BC-9758-6F55C6F0A0DC}" = lport=139 | protocol=6 | dir=in | app=system |
"{97E7C21C-35F9-4077-8374-C043B2C11290}" = rport=445 | protocol=6 | dir=out | app=system |
"{DA1C6767-CA35-4171-B025-ABA4F50F0D18}" = lport=137 | protocol=17 | dir=in | app=system |
"{F0284341-E57F-4AB8-93E1-E66903143EBB}" = rport=137 | protocol=17 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{11360964-1AA4-4D1C-9BFC-D87BB295EC2B}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{285DB0D0-95F6-4A04-8592-39F86B7B9650}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{3BCC67F5-7002-435F-AD58-ABEBD93889AD}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{3D63D323-A74F-484B-9012-7219C93591BD}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{537E77F2-6BC3-4EED-AACB-11CB013ECB23}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{5C1807FD-6724-46E1-B29D-079DDD6A8BA1}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{6C7489EA-4E9A-4FA1-A7BA-42ABBDF8A158}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{779E85D0-496A-491F-AA3A-FD17571E8CC0}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{7B9CB387-F729-416B-BA9E-67ECA2C8938F}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{7CF0CA9F-1E7C-4927-9E2D-7686B8598573}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{82B7C9B4-56D5-4CF2-A108-CA50150A67C0}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{87A388B6-E36B-45DE-823B-AC90BFA282E2}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxczpswx.exe |
"{94293B81-6208-4BBD-9788-1B33BE2B743A}" = protocol=6 | dir=in | app=c:\windows\syswow64\lxczcoms.exe |
"{948E3606-9D31-4106-8E8F-413DB235034D}" = protocol=6 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe |
"{A3F89187-6845-440E-8B0F-0C92409182E8}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{ADAC55D3-B963-4937-8352-3D9B51D9586E}" = protocol=6 | dir=in | app=c:\windows\system32\lxczcoms.exe |
"{B52939B4-7FE1-464E-A626-00A1E78E135A}" = protocol=17 | dir=in | app=c:\windows\system32\lxczcoms.exe |
"{BA84C2FB-5315-4D92-ABD7-FCC2311471D7}" = protocol=17 | dir=in | app=c:\windows\syswow64\lxczcoms.exe |
"{C1CDA9D8-5946-4EC1-97A8-A4E9802D3A71}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxczpswx.exe |
"{E3E5DB13-AA31-43C5-B5D8-D98EA469107C}" = protocol=17 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe |
"{FC343E86-763C-406F-9942-D07F5DFEE2B2}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"TCP Query User{09A9F74F-987E-4D09-9DE0-96DC69BB27E4}C:\users\***\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{27681AAE-7C4A-4B9C-AFC5-673C483E4A6D}C:\users\***\downloads\fiji-win64\imagej-win64.exe" = protocol=6 | dir=in | app=c:\users\***\downloads\fiji-win64\imagej-win64.exe |
"TCP Query User{2B691A69-47B4-4A6C-B044-439D3FA6BECA}C:\program files\imagej\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\imagej\jre\bin\javaw.exe |
"TCP Query User{363F9251-0C96-4968-AA92-D2A0A5DAF36D}C:\windows\syswow64\msiexec.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"TCP Query User{7E8728DF-03C4-4C22-86E8-20739EFA862A}C:\users\***\downloads\fiji-win64\imagej-win64.exe" = protocol=6 | dir=in | app=c:\users\***\downloads\fiji-win64\imagej-win64.exe |
"TCP Query User{C7221F23-6490-4372-8D46-CAC2082E9BD9}C:\program files\imagej\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\imagej\jre\bin\javaw.exe |
"UDP Query User{30A6125F-B744-4276-B9A6-7C26E4E0C428}C:\users\***\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{3975656D-4D93-4277-B5A3-09F6FD5497B3}C:\windows\syswow64\msiexec.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"UDP Query User{7375B8E3-0A07-4583-9A5C-68F8C38DEA90}C:\users\***\downloads\fiji-win64\imagej-win64.exe" = protocol=17 | dir=in | app=c:\users\***\downloads\fiji-win64\imagej-win64.exe |
"UDP Query User{8C0A8B1B-C20E-46C8-B71D-7785102681AB}C:\users\***\downloads\fiji-win64\imagej-win64.exe" = protocol=17 | dir=in | app=c:\users\***\downloads\fiji-win64\imagej-win64.exe |
"UDP Query User{9688A494-5666-449B-8914-0E8252423292}C:\program files\imagej\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\imagej\jre\bin\javaw.exe |
"UDP Query User{EC96C8AB-54E0-445C-926A-598E2801ABBE}C:\program files\imagej\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\imagej\jre\bin\javaw.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FDC06BF-3D3D-4367-8FFB-4FAFCB61972D}" = Cisco Systems VPN Client 5.0.07.0440
"{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"ImageJ_is1" = ImageJ 1.46r
"Lexmark 1200 Series" = Lexmark 1200 Series
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{15C418EB-7675-42be-B2B3-281952DA014D}" = Sophos AutoUpdate
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{43224D30-5941-47A4-9AD7-9250EE794396}" = SigmaPlot 10.0
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00B2-0407-0000-0000000FF1CE}" = Microsoft – Speichern als PDF oder XPS – Add-In für 2007 Microsoft Office-Programme
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{9ACB414D-9347-40B6-A453-5EFB2DB59DFA}" = Sophos Anti-Virus
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 12.0
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.17
"Broken Sword 2.5_is1" = Broken Sword 2.5
"BurnAware Free_is1" = BurnAware Free 5.5
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Foxit Reader_is1" = Foxit Reader
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"MediaMonkey_is1" = MediaMonkey 4.0
"Mendeley Desktop" = Mendeley Desktop 1.6
"Mozilla Firefox 21.0 (x86 de)" = Mozilla Firefox 21.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Opera 12.15.1748" = Opera 12.15
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"ScummVM_is1" = ScummVM 0.10.0
"VLC media player" = VLC media player 2.0.3
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 04.05.2013 09:50:24 | Computer Name = rowley | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5bc3c1 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
Zeitstempel: 0x4ec4aa8e Ausnahmecode: 0xc0000005 Fehleroffset: 0x000000000001fd1d
ID
des fehlerhaften Prozesses: 0x708 Startzeit der fehlerhaften Anwendung: 0x01ce48ce0d6e0e57
Pfad
der fehlerhaften Anwendung: C:\Windows\system32\svchost.exe Pfad des fehlerhaften
Moduls: C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: 912d5bf2-b4c1-11e2-bdbb-00235ad3092e
Error - 07.05.2013 01:32:48 | Computer Name = rowley | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: AppleMobileDeviceService.exe, Version:
17.96.0.8, Zeitstempel: 0x4fb5bca5 Name des fehlerhaften Moduls: ntdll.dll, Version:
6.1.7601.17725, Zeitstempel: 0x4ec49b8f Ausnahmecode: 0xc0000005 Fehleroffset: 0x00053dfe
ID
des fehlerhaften Prozesses: 0x67c Startzeit der fehlerhaften Anwendung: 0x01ce4ae4069e7682
Pfad
der fehlerhaften Anwendung: C:\Program Files (x86)\Common Files\Apple\Mobile Device
Support\AppleMobileDeviceService.exe Pfad des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll
Berichtskennung:
8d1560b2-b6d7-11e2-b942-00235ad3092e
Error - 07.05.2013 15:28:08 | Computer Name = rowley | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: lsm.exe, Version: 6.1.7601.17514,
Zeitstempel: 0x4ce7abf0 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
Zeitstempel: 0x4ec4aa8e Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000000000020a4a
ID
des fehlerhaften Prozesses: 0x20c Startzeit der fehlerhaften Anwendung: 0x01ce4b48ed3ae7dc
Pfad
der fehlerhaften Anwendung: C:\Windows\system32\lsm.exe Pfad des fehlerhaften Moduls:
C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: 3ea9c38b-b74c-11e2-83b7-00235ad3092e
Error - 07.05.2013 15:28:09 | Computer Name = rowley | Source = Wininit | ID = 1015
Description = Ein kritischer Systemprozess C:\Windows\system32\lsm.exe ist fehlgeschlagen
mit den Statuscode 255. Der Computer muss neu gestartet werden.
Error - 10.05.2013 17:57:49 | Computer Name = rowley | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 20.0.1.4847,
Zeitstempel: 0x51650aee Name des fehlerhaften Moduls: xul.dll, Version: 20.0.1.4847,
Zeitstempel: 0x51650a09 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000b10e8 ID des fehlerhaften
Prozesses: 0x15dc Startzeit der fehlerhaften Anwendung: 0x01ce4dc93c3ea19a Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\firefox.exe Pfad
des fehlerhaften Moduls: C:\Program Files (x86)\Mozilla Firefox\xul.dll Berichtskennung:
a766a14e-b9bc-11e2-b3ce-00235ad3092e
Error - 27.05.2013 02:38:41 | Computer Name = rowley | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5bc3c1 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
Zeitstempel: 0x4ec4aa8e Ausnahmecode: 0xc0000005 Fehleroffset: 0x000000000001fd1d
ID
des fehlerhaften Prozesses: 0x6f8 Startzeit der fehlerhaften Anwendung: 0x01ce5aa4952d3008
Pfad
der fehlerhaften Anwendung: C:\Windows\system32\svchost.exe Pfad des fehlerhaften
Moduls: C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: 114f9393-c698-11e2-a562-00235ad3092e
Error - 27.05.2013 02:39:01 | Computer Name = rowley | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Dwm.exe, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5bc541 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
Zeitstempel: 0x4ec4aa8e Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000000000020a4a
ID
des fehlerhaften Prozesses: 0xaa4 Startzeit der fehlerhaften Anwendung: 0x01ce5aa4bb811832
Pfad
der fehlerhaften Anwendung: C:\Windows\system32\Dwm.exe Pfad des fehlerhaften Moduls:
C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: 1d532c85-c698-11e2-a562-00235ad3092e
Error - 29.05.2013 02:13:35 | Computer Name = rowley | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5bc3c1 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
Zeitstempel: 0x4ec4aa8e Ausnahmecode: 0xc0000005 Fehleroffset: 0x000000000001fd1d
ID
des fehlerhaften Prozesses: 0x3b8 Startzeit der fehlerhaften Anwendung: 0x01ce5c3360d3af3b
Pfad
der fehlerhaften Anwendung: C:\Windows\system32\svchost.exe Pfad des fehlerhaften
Moduls: C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: e4e56a55-c826-11e2-b736-00235ad3092e
Error - 29.05.2013 16:25:08 | Computer Name = rowley | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iPodService.exe, Version: 10.7.0.21,
Zeitstempel: 0x504d7b30 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
Zeitstempel: 0x4ec4aa8e Ausnahmecode: 0xc0000005 Fehleroffset: 0x000000000001fd1d
ID
des fehlerhaften Prozesses: 0xac4 Startzeit der fehlerhaften Anwendung: 0x01ce5c992682e158
Pfad
der fehlerhaften Anwendung: C:\Program Files\iPod\bin\iPodService.exe Pfad des fehlerhaften
Moduls: C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: daaacf76-c89d-11e2-9839-00235ad3092e
Error - 09.06.2013 17:53:06 | Computer Name = rowley | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: services.exe, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5bc10e Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
Zeitstempel: 0x4ec4aa8e Ausnahmecode: 0xc0000005 Fehleroffset: 0x000000000002bc05
ID
des fehlerhaften Prozesses: 0x200 Startzeit der fehlerhaften Anwendung: 0x01ce65346780485b
Pfad
der fehlerhaften Anwendung: C:\Windows\system32\services.exe Pfad des fehlerhaften
Moduls: C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: f6feef9c-d14e-11e2-a73e-00235ad3092e
[ Cisco AnyConnect Secure Mobility Client Events ]
Error - 27.12.2012 15:59:40 | Computer Name = rowley | Source = acvpnagent | ID = 67108866
Description = Function: CNetEnvironment::TestAccessToSG File: .\NetEnvironment.cpp
Line:
1323 Invoked Function: CNetEnvironment::analyzeHttpResponse Return Code: -28966899
(0xFE46000D) Description: NETENVIRONMENT_ERROR_PROBE_INCOMPLETE:Network Probe could
not contact target
Error - 27.12.2012 15:59:40 | Computer Name = rowley | Source = acvpnagent | ID = 67108866
Description = Function: CNetEnvironment::testNetwork File: .\NetEnvironment.cpp Line:
772 Invoked Function: CNetEnvironment::IsSGAccessible Return Code: -28966899 (0xFE46000D)
Description:
NETENVIRONMENT_ERROR_PROBE_INCOMPLETE:Network Probe could not contact target
Error - 27.12.2012 16:00:51 | Computer Name = rowley | Source = acvpnagent | ID = 67108866
Description = Function: CNetEnvironment::analyzeHttpResponse File: .\NetEnvironment.cpp
Line:
1509 Invoked Function: CCertHelper::VerifyServerCertificate Return Code: -31391706
(0xFE210026) Description: CERTIFICATE_ERROR_VERIFY_POLICY_FAILED:Certificate failed
a policy check server name: vpn-unidsl.rwth-aachen.de
Error - 27.12.2012 16:01:00 | Computer Name = rowley | Source = acvpnui | ID = 67108866
Description = Function: CSocketTransport::callbackHandler File: .\IPC\SocketTransport.cpp
Line:
1790 Invoked Function: ::WSAGetOverlappedResult Return Code: 996 (0x000003E4) Description:
Überlappendes E/A-Ereignis befindet sich nicht in einem signalisierten Zustand.
Error - 27.12.2012 16:01:00 | Computer Name = rowley | Source = acvpnui | ID = 67108866
Description = Function: CSocketTransport::callbackHandler File: .\IPC\SocketTransport.cpp
Line:
1791 Invoked Function: ::WSARecv/::WSARecvFrom Return Code: 0 (0x00000000) Description:
unknown
Error - 27.12.2012 16:01:00 | Computer Name = rowley | Source = acvpnui | ID = 67108866
Description = Function: CIpcTransport::OnSocketReadComplete File: .\IPC\IPCTransport.cpp
Line:
895 Invoked Function: CSocketTransport::readSocket Return Code: -31588312 (0xFE1E0028)
Description:
SOCKETTRANSPORT_ERROR_GET_RESULT_FAILURE:The system get result call for the socket
failed.
Error - 27.12.2012 16:01:12 | Computer Name = rowley | Source = acvpnagent | ID = 67108866
Description = Function: CNetEnvironment::TestAccessToSG File: .\NetEnvironment.cpp
Line:
1323 Invoked Function: CNetEnvironment::analyzeHttpResponse Return Code: -28966899
(0xFE46000D) Description: NETENVIRONMENT_ERROR_PROBE_INCOMPLETE:Network Probe could
not contact target
Error - 27.12.2012 16:01:12 | Computer Name = rowley | Source = acvpnagent | ID = 67108866
Description = Function: CNetEnvironment::testNetwork File: .\NetEnvironment.cpp Line:
772 Invoked Function: CNetEnvironment::IsSGAccessible Return Code: -28966899 (0xFE46000D)
Description:
NETENVIRONMENT_ERROR_PROBE_INCOMPLETE:Network Probe could not contact target
Error - 27.12.2012 16:07:48 | Computer Name = rowley | Source = acvpnagent | ID = 67110873
Description = Termination reason code 7: The agent has been stopped.
Error - 27.12.2012 16:07:48 | Computer Name = rowley | Source = acvpnagent | ID = 67108865
Description = Function: CTimerList::~CTimerList File: .\Utility\TimerList.cpp Line:
58 Deletion of timer list containing 1 timers
[ System Events ]
Error - 13.01.2013 09:14:47 | Computer Name = rowley | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst Netman erreicht.
Error - 14.01.2013 15:20:52 | Computer Name = rowley | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst lmhosts erreicht.
Error - 14.01.2013 15:20:54 | Computer Name = rowley | Source = DCOM | ID = 10010
Description =
Error - 14.01.2013 19:08:51 | Computer Name = rowley | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?15.?01.?2013 um 00:06:13 unerwartet heruntergefahren.
Error - 18.01.2013 03:37:26 | Computer Name = rowley | Source = Service Control Manager | ID = 7023
Description = Der Dienst "iPod-Dienst" wurde mit folgendem Fehler beendet: %%-2147417831
Error - 18.01.2013 03:37:53 | Computer Name = rowley | Source = DCOM | ID = 10010
Description =
Error - 20.01.2013 15:42:11 | Computer Name = rowley | Source = DCOM | ID = 10010
Description =
Error - 23.01.2013 16:11:51 | Computer Name = rowley | Source = Service Control Manager | ID = 7034
Description = Dienst "iPod-Dienst" wurde unerwartet beendet. Dies ist bereits 1
Mal passiert.
Error - 12.02.2013 18:07:38 | Computer Name = rowley | Source = DCOM | ID = 10010
Description =
Error - 16.02.2013 15:19:52 | Computer Name = rowley | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?16.?02.?2013 um 19:36:08 unerwartet heruntergefahren.
< End of report >
Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-06-12 00:15:30
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST9160827AS rev.3.CMG 149,05GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\***\AppData\Local\Temp\uxldrpod.sys
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe[1048] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076b61465 2 bytes [B6, 76]
.text C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe[1048] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076b614bb 2 bytes [B6, 76]
.text ... * 2
.text C:\Windows\Explorer.EXE[1316] C:\Windows\system32\kernel32.dll!CopyFileExW 00000000776223d0 5 bytes JMP 000000016fff00d8
.text C:\Windows\Explorer.EXE[1316] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 000000007769f6c0 8 bytes JMP 000000016fff0110
.text C:\Windows\Explorer.EXE[1316] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff427490 11 bytes JMP 000007ffff3b00d8
.text C:\Users\***\Desktop\gmer_2.1.19163.exe[3692] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076b61465 2 bytes [B6, 76]
.text C:\Users\***\Desktop\gmer_2.1.19163.exe[3692] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076b614bb 2 bytes [B6, 76]
.text ... * 2
---- Threads - GMER 2.1 ----
Thread C:\Windows\system32\svchost.exe [348:1064] 000007fefb058274
Thread C:\Windows\system32\svchost.exe [348:1260] 000007fefb058274
Thread C:\Windows\system32\svchost.exe [1604:2344] 000007fefb50bd88
Thread C:\Windows\system32\svchost.exe [1604:3160] 000007fefb4a5124
Thread C:\Windows\system32\svchost.exe [1604:3452] 000007fef5ef5170
Thread C:\Windows\System32\spoolsv.exe [1956:2860] 000007fef71a10c8
Thread C:\Windows\System32\spoolsv.exe [1956:2868] 000007fef6f46144
Thread C:\Windows\System32\spoolsv.exe [1956:2872] 000007fef1465fd0
Thread C:\Windows\System32\spoolsv.exe [1956:2876] 000007fef6f23438
Thread C:\Windows\System32\spoolsv.exe [1956:2888] 000007fef14663ec
Thread C:\Windows\System32\spoolsv.exe [1956:2928] 000007fef7245e5c
Thread C:\Windows\System32\spoolsv.exe [1956:2932] 000007fef7275074
Thread C:\Windows\System32\spoolsv.exe [1956:828] 000007fef72e2288
Thread C:\Windows\system32\taskhost.exe [1096:1100] 000007fefb981f38
Thread C:\Windows\system32\taskhost.exe [1096:988] 000007fefb9c2740
Thread C:\Windows\system32\taskhost.exe [1096:1016] 000007feff829274
Thread C:\Windows\system32\taskhost.exe [1096:2092] 000007fefb371010
---- EOF - GMER 2.1 ----
Vielen Dank schonmal für eure Hilfe. Gruß rowley |
|
12.06.2013, 06:16
| #2 |
| /// the machine /// TB-Ausbilder    | Win32/Small.CA-Virus - Windows7 Wartungscentermeldung Hi,
__________________Systemscan mit FRST Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Start > Computer (Rechtsklick) > Eigenschaften)
__________________ |
|
12.06.2013, 18:24
| #3 |
| | Win32/Small.CA-Virus - Windows7 Wartungscentermeldung hey,
__________________danke für deine Antwort. Hier die logfiles des FRST. FRST.txt FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-06-2013 03
Ran by *** (administrator) on 12-06-2013 19:13:17
Running from C:\Users\***\Downloads
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
( ) C:\Windows\system32\lxczcoms.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Lexmark International, Inc.) C:\Program Files (x86)\Lexmark 1200 Series\LXCZbmgr.exe
(Lexmark International, Inc.) C:\Program Files (x86)\Lexmark 1200 Series\lxczbmon.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe
(Microsoft Corporation) C:\Windows\system32\UI0Detect.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [lxczbmgr.exe] "C:\Program Files (x86)\Lexmark 1200 Series\lxczbmgr.exe" [74672 2007-04-19] (Lexmark International, Inc.)
HKCU\...\Run: [AdobeBridge] [x]
HKLM-x32\...\Run: [Sophos AutoUpdate Monitor] C:\Program Files (x86)\Sophos\AutoUpdate\almon.exe [929272 2013-02-13] (Sophos Limited)
HKLM-x32\...\Run: [ROC_ROC_NT] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT [x]
HKLM-x32\...\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [31016 2006-10-27] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-08-27] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421776 2012-09-10] (Apple Inc.)
AppInit_DLLs: C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~2.DLL [218256 2012-11-20] (Sophos Limited)
Startup: C:\ProgramData\Start Menu\Programs\Startup\vpngui.exe.lnk
ShortcutTarget: vpngui.exe.lnk -> C:\Windows\Installer\{5FDC06BF-3D3D-4367-8FFB-4FAFCB61972D}\Icon09DB8A851.exe ()
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL (Microsoft Corporation)
Handler-x32: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL [2210608 2006-10-27] (Microsoft Corporation)
Winsock: Catalog9 01 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9 02 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9 03 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9 04 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9 05 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9 06 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9 07 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9 08 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9 19 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9-x64 01 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [131648] (Sophos Limited)
Winsock: Catalog9-x64 02 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [131648] (Sophos Limited)
Winsock: Catalog9-x64 03 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [131648] (Sophos Limited)
Winsock: Catalog9-x64 04 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [131648] (Sophos Limited)
Winsock: Catalog9-x64 05 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [131648] (Sophos Limited)
Winsock: Catalog9-x64 06 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [131648] (Sophos Limited)
Winsock: Catalog9-x64 07 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [131648] (Sophos Limited)
Winsock: Catalog9-x64 08 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [131648] (Sophos Limited)
Winsock: Catalog9-x64 19 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [131648] (Sophos Limited)
Tcpip\Parameters: [DhcpNameServer] 10.124.0.1
FireFox:
========
FF ProfilePath: C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\pezh5s41.default
FF SelectedSearchEngine: Google
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.9.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.3 - C:\Program Files (x86)\VLC\npvlc.dll (VideoLAN)
FF Extension: No Name - C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\pezh5s41.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
==================== Services (Whitelisted) =================
R2 lxcz_device; C:\Windows\system32\lxczcoms.exe [566192 2007-04-19] ( )
R2 SAVAdminService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe [217592 2013-02-13] (Sophos Limited)
R2 SAVService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe [159296 2012-11-20] (Sophos Limited)
R2 Sophos AutoUpdate Service; C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe [237048 2013-02-13] (Sophos Limited)
R2 Sophos Web Control Service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe [357400 2012-09-23] (Sophos Limited)
R2 swi_service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [2890232 2013-03-21] (Sophos Limited)
S2 swi_update_64; C:\ProgramData\Sophos\Web Intelligence\swi_update_64.exe [2010688 2012-12-04] (Sophos Limited)
==================== Drivers (Whitelisted) ====================
R3 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [306536 2011-03-04] ()
R3 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [306536 2011-03-04] ()
R1 SAVOnAccess; C:\Windows\System32\DRIVERS\savonaccess.sys [154952 2012-11-20] (Sophos Limited)
S3 sdcfilter; C:\Windows\System32\DRIVERS\sdcfilter.sys [36640 2012-09-23] (Sophos Limited)
S4 SophosBootDriver; C:\Windows\System32\DRIVERS\SophosBootDriver.sys [25608 2012-09-23] (Sophos Plc)
S3 vpnva; system32\DRIVERS\vpnva64.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-06-12 19:12 - 2013-06-12 19:12 - 00000000 ____D C:\FRST
2013-06-12 19:11 - 2013-06-12 19:12 - 01920250 ____A (Farbar) C:\Users\***\Downloads\FRST64.exe
2013-06-12 00:15 - 2013-06-12 00:30 - 00004471 ____A C:\Users\***\Desktop\Gmer.log
2013-06-11 23:12 - 2013-06-11 23:12 - 00377856 ____A C:\Users\***\Desktop\gmer_2.1.19163.exe
2013-06-11 21:52 - 2013-06-12 00:29 - 00060838 ____A C:\Users\***\Desktop\Extras.Txt
2013-06-11 21:52 - 2013-06-12 00:28 - 00063532 ____A C:\Users\***\Desktop\OTL.Txt
2013-06-11 21:51 - 2013-06-11 21:52 - 00061222 ____A C:\Users\***\Downloads\Extras.Txt
2013-06-11 21:50 - 2013-06-11 21:50 - 00064210 ____A C:\Users\***\Downloads\OTL.Txt
2013-06-11 21:38 - 2013-06-11 21:38 - 00602112 ____A (OldTimer Tools) C:\Users\***\Downloads\OTL.exe
2013-06-11 21:36 - 2013-06-11 21:37 - 00000492 ____A C:\Users\***\Downloads\defogger_disable.log
2013-06-11 21:36 - 2013-06-11 21:36 - 00050477 ____A C:\Users\***\Downloads\Defogger.exe
2013-06-11 21:36 - 2013-06-11 21:36 - 00000000 ____A C:\Users\***\defogger_reenable
2013-06-11 20:20 - 2013-06-11 20:20 - 00001113 ____A C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-06-11 20:20 - 2013-06-11 20:20 - 00000000 ____D C:\Users\***\AppData\Roaming\Malwarebytes
2013-06-11 20:20 - 2013-06-11 20:20 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-06-11 20:20 - 2013-06-11 20:20 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-06-11 20:20 - 2013-04-04 14:50 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2013-06-11 20:17 - 2013-06-11 20:17 - 10285040 ____A (Malwarebytes Corporation ) C:\Users\***\Downloads\mbam-setup-1.75.0.1300.exe
2013-05-20 10:57 - 2013-05-20 10:58 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-05-20 00:17 - 2013-05-20 00:17 - 00000000 ____D C:\Users\***\Downloads\Baflu02
2013-05-19 23:54 - 2013-05-20 00:16 - 80255886 ____A C:\Users\***\Downloads\Baflu02.part3.rar
2013-05-19 23:26 - 2013-05-19 23:54 - 100000000 ____A C:\Users\***\Downloads\Baflu02.part2.rar
2013-05-19 22:51 - 2013-05-19 23:19 - 100000000 ____A C:\Users\***\Downloads\Baflu02.part1.rar
2013-05-19 14:27 - 2013-05-19 14:27 - 00038244 ____A C:\Users\***\Downloads\Adams-piggyBacClonesAvailable-set1(1).xlsx
2013-05-19 01:12 - 2013-05-19 01:12 - 00038244 ____A C:\Users\***\Downloads\Adams-piggyBacClonesAvailable-set1.xlsx
2013-05-18 12:05 - 2013-05-18 12:05 - 00170723 ____A C:\Users\***\Documents\lousberglauf.xps
2013-05-16 18:31 - 2013-05-16 18:31 - 00011817 ____A C:\Users\***\Downloads\Ihre Rücksendung.html
2013-05-15 21:36 - 2013-02-27 08:02 - 00111448 ____A (Microsoft Corporation) C:\Windows\System32\consent.exe
2013-05-15 21:36 - 2013-02-27 07:52 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2013-05-15 21:36 - 2013-02-27 07:52 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\shdocvw.dll
2013-05-15 21:36 - 2013-02-27 07:48 - 01930752 ____A (Microsoft Corporation) C:\Windows\System32\authui.dll
2013-05-15 21:36 - 2013-02-27 07:47 - 00070144 ____A (Microsoft Corporation) C:\Windows\System32\appinfo.dll
2013-05-15 21:36 - 2013-02-27 06:55 - 12872704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-05-15 21:36 - 2013-02-27 06:55 - 00180224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-05-15 21:36 - 2013-02-27 06:49 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-05-15 19:52 - 2013-05-06 15:39 - 09060352 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-05-15 19:52 - 2013-05-06 15:04 - 06033408 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-05-15 19:52 - 2013-04-10 08:01 - 00983400 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2013-05-15 19:52 - 2013-04-10 08:01 - 00265064 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgmms1.sys
2013-05-15 19:52 - 2013-04-10 05:30 - 03153920 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-05-15 19:52 - 2013-03-19 07:53 - 00230400 ____A (Microsoft Corporation) C:\Windows\System32\wwansvc.dll
2013-05-15 19:52 - 2013-03-19 07:53 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\wwanprotdim.dll
2013-05-15 19:52 - 2013-02-28 14:03 - 01638912 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-05-15 19:52 - 2013-02-28 13:38 - 01638912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-05-15 19:52 - 2011-02-03 13:25 - 00144384 ____A (Microsoft Corporation) C:\Windows\System32\cdd.dll
==================== One Month Modified Files and Folders =======
2013-06-12 19:12 - 2013-06-12 19:12 - 00000000 ____D C:\FRST
2013-06-12 19:12 - 2013-06-12 19:11 - 01920250 ____A (Farbar) C:\Users\***\Downloads\FRST64.exe
2013-06-12 18:56 - 2009-07-14 06:45 - 00014752 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-06-12 18:56 - 2009-07-14 06:45 - 00014752 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-06-12 18:55 - 2012-09-22 21:48 - 01311801 ____A C:\Windows\WindowsUpdate.log
2013-06-12 18:49 - 2009-07-14 07:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-12 18:48 - 2012-09-24 08:45 - 00011030 ____A C:\Windows\PFRO.log
2013-06-12 18:48 - 2009-07-14 06:51 - 00082513 ____A C:\Windows\setupact.log
2013-06-12 18:48 - 2009-07-14 06:45 - 05031832 ____A C:\Windows\System32\FNTCACHE.DAT
2013-06-12 00:47 - 2012-09-23 19:24 - 00109296 ____A C:\Users\***\AppData\Local\GDIPFONTCACHEV1.DAT
2013-06-12 00:42 - 2013-04-20 10:48 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-12 00:30 - 2013-06-12 00:15 - 00004471 ____A C:\Users\***\Desktop\Gmer.log
2013-06-12 00:29 - 2013-06-11 21:52 - 00060838 ____A C:\Users\***\Desktop\Extras.Txt
2013-06-12 00:28 - 2013-06-11 21:52 - 00063532 ____A C:\Users\***\Desktop\OTL.Txt
2013-06-11 23:12 - 2013-06-11 23:12 - 00377856 ____A C:\Users\***\Desktop\gmer_2.1.19163.exe
2013-06-11 21:52 - 2013-06-11 21:51 - 00061222 ____A C:\Users\***\Downloads\Extras.Txt
2013-06-11 21:50 - 2013-06-11 21:50 - 00064210 ____A C:\Users\***\Downloads\OTL.Txt
2013-06-11 21:38 - 2013-06-11 21:38 - 00602112 ____A (OldTimer Tools) C:\Users\***\Downloads\OTL.exe
2013-06-11 21:37 - 2013-06-11 21:36 - 00000492 ____A C:\Users\***\Downloads\defogger_disable.log
2013-06-11 21:36 - 2013-06-11 21:36 - 00050477 ____A C:\Users\***\Downloads\Defogger.exe
2013-06-11 21:36 - 2013-06-11 21:36 - 00000000 ____A C:\Users\***\defogger_reenable
2013-06-11 21:36 - 2012-09-22 21:54 - 00000000 ____D C:\users\***
2013-06-11 20:42 - 2012-09-24 19:38 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-06-11 20:42 - 2012-09-24 19:38 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-06-11 20:20 - 2013-06-11 20:20 - 00001113 ____A C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-06-11 20:20 - 2013-06-11 20:20 - 00000000 ____D C:\Users\***\AppData\Roaming\Malwarebytes
2013-06-11 20:20 - 2013-06-11 20:20 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-06-11 20:20 - 2013-06-11 20:20 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-06-11 20:17 - 2013-06-11 20:17 - 10285040 ____A (Malwarebytes Corporation ) C:\Users\***\Downloads\mbam-setup-1.75.0.1300.exe
2013-06-09 14:12 - 2012-09-23 19:59 - 00000000 ____D C:\Users\***\AppData\Roaming\MediaMonkey
2013-06-07 19:08 - 2012-09-23 19:55 - 00000000 ____D C:\Users\***\AppData\Roaming\Skype
2013-06-01 16:37 - 2013-02-01 20:55 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-06-01 16:37 - 2012-09-23 19:55 - 00000000 ____D C:\ProgramData\Skype
2013-06-01 11:28 - 2009-07-14 07:08 - 00032640 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-05-31 22:06 - 2012-09-23 20:57 - 00000000 ___RD C:\Users\***\Dropbox
2013-05-31 22:06 - 2012-09-23 20:54 - 00000000 ____D C:\Users\***\AppData\Roaming\Dropbox
2013-05-29 19:28 - 2012-09-23 21:51 - 00000000 ____D C:\Users\***\Documents\Rückmeldungskopien Uni
2013-05-28 18:47 - 2009-07-14 19:58 - 00654302 ____A C:\Windows\System32\perfh007.dat
2013-05-28 18:47 - 2009-07-14 19:58 - 00130142 ____A C:\Windows\System32\perfc007.dat
2013-05-28 18:47 - 2009-07-14 07:13 - 01498506 ____A C:\Windows\System32\PerfStringBackup.INI
2013-05-23 21:55 - 2012-12-22 13:33 - 00000315 ____A C:\Users\***\AppData\Roaming\burnaware.ini
2013-05-23 21:55 - 2012-09-23 20:04 - 00000000 ____D C:\Users\***\AppData\Roaming\vlc
2013-05-21 07:58 - 2012-09-23 13:15 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-05-20 10:58 - 2013-05-20 10:57 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-05-20 00:24 - 2013-05-05 18:53 - 00000000 ____D C:\Program Files (x86)\ScummVM
2013-05-20 00:17 - 2013-05-20 00:17 - 00000000 ____D C:\Users\***\Downloads\Baflu02
2013-05-20 00:16 - 2013-05-19 23:54 - 80255886 ____A C:\Users\***\Downloads\Baflu02.part3.rar
2013-05-19 23:54 - 2013-05-19 23:26 - 100000000 ____A C:\Users\***\Downloads\Baflu02.part2.rar
2013-05-19 23:19 - 2013-05-19 22:51 - 100000000 ____A C:\Users\***\Downloads\Baflu02.part1.rar
2013-05-19 14:27 - 2013-05-19 14:27 - 00038244 ____A C:\Users\***\Downloads\Adams-piggyBacClonesAvailable-set1(1).xlsx
2013-05-19 01:12 - 2013-05-19 01:12 - 00038244 ____A C:\Users\***\Downloads\Adams-piggyBacClonesAvailable-set1.xlsx
2013-05-18 23:05 - 2012-12-23 16:43 - 00000000 ____D C:\Program Files\CLC Main Workbench 6
2013-05-18 12:05 - 2013-05-18 12:05 - 00170723 ____A C:\Users\***\Documents\lousberglauf.xps
2013-05-16 20:15 - 2012-09-23 21:42 - 00000000 ____D C:\Users\***\Phd
2013-05-16 19:52 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-05-16 18:31 - 2013-05-16 18:31 - 00011817 ____A C:\Users\***\Downloads\Ihre Rücksendung.html
2013-05-15 21:48 - 2012-09-23 19:02 - 75016696 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-06-06 19:04
==================== End Of Log ============================
Addition.txt FRST Additions Logfile: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-06-2013 03 Ran by *** at 2013-06-12 19:15:01 Run: Running from C:\Users\***\Downloads Boot Mode: Normal ========================================================== ==================== Installed Programs ======================= Adobe Flash Player 11 Plugin (Version: 11.7.700.224) Adobe Shockwave Player 12.0 (Version: 12.0.0.112) Amazon MP3-Downloader 1.0.17 (Version: 1.0.17) Apple Application Support (Version: 2.2.2) Apple Mobile Device Support (Version: 6.0.0.59) Apple Software Update (Version: 2.1.3.127) Broken Sword 2.5 BurnAware Free 5.5 Cisco Systems VPN Client 5.0.07.0440 (Version: 5.0.7) Dropbox (Version: 1.6.18) Foxit Reader (Version: 5.4.5.124) ImageJ 1.46r IrfanView (remove only) (Version: 4.32) iTunes (Version: 10.7.0.21) Lexmark 1200 Series Malwarebytes Anti-Malware Version 1.75.0.1300 (Version: 1.75.0.1300) MediaMonkey 4.0 (Version: 4.0) Mendeley Desktop 1.6 (Version: 1.6) Microsoft – Speichern als PDF oder XPS – Add-In für 2007 Microsoft Office-Programme (Version: 12.0.4518.1014) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319) Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319) Microsoft Office Access MUI (German) 2007 (Version: 12.0.4518.1014) Microsoft Office Enterprise 2007 (Version: 12.0.4518.1014) Microsoft Office Excel MUI (German) 2007 (Version: 12.0.4518.1014) Microsoft Office Groove MUI (German) 2007 (Version: 12.0.4518.1014) Microsoft Office InfoPath MUI (German) 2007 (Version: 12.0.4518.1014) Microsoft Office Office 64-bit Components 2007 (Version: 12.0.4518.1014) Microsoft Office OneNote MUI (German) 2007 (Version: 12.0.4518.1014) Microsoft Office Outlook MUI (German) 2007 (Version: 12.0.4518.1014) Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.4518.1014) Microsoft Office Proof (English) 2007 (Version: 12.0.4518.1014) Microsoft Office Proof (French) 2007 (Version: 12.0.4518.1014) Microsoft Office Proof (German) 2007 (Version: 12.0.4518.1014) Microsoft Office Proof (Italian) 2007 (Version: 12.0.4518.1014) Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014) Microsoft Office Publisher MUI (German) 2007 (Version: 12.0.4518.1014) Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.4518.1014) Microsoft Office Shared MUI (German) 2007 (Version: 12.0.4518.1014) Microsoft Office Word MUI (German) 2007 (Version: 12.0.4518.1014) Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219) Mozilla Firefox 21.0 (x86 de) (Version: 21.0) Mozilla Maintenance Service (Version: 21.0) Opera 12.15 (Version: 12.15.1748) ProtectDisc Driver, Version 11 (Version: 11.0.0.12) ScummVM 0.10.0 SigmaPlot 10.0 (Version: 10.0.0) Skype™ 6.3 (Version: 6.3.107) Sophos Anti-Virus (Version: 10.2.8) Sophos AutoUpdate (Version: 2.9.0.344) swMSM (Version: 12.0.0.1) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1) VLC media player 2.0.3 (Version: 2.0.3) WinRAR 4.20 (64-Bit) (Version: 4.20.0) ==================== Restore Points ========================= 21-05-2013 15:58:56 Windows Update 28-05-2013 16:12:05 Windows Update 31-05-2013 18:54:59 Windows Update 04-06-2013 21:53:13 Windows Update 12-06-2013 16:53:38 Windows Update ==================== Faulty Device Manager Devices ============= Name: Cisco Systems VPN Adapter for 64-bit Windows Description: Cisco Systems VPN Adapter for 64-bit Windows Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Cisco Systems Service: CVirtA Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: Basissystemgerät Description: Basissystemgerät Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: Basissystemgerät Description: Basissystemgerät Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (06/09/2013 11:53:06 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: services.exe, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc10e Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel: 0x4ec4aa8e Ausnahmecode: 0xc0000005 Fehleroffset: 0x000000000002bc05 ID des fehlerhaften Prozesses: 0x200 Startzeit der fehlerhaften Anwendung: 0xservices.exe0 Pfad der fehlerhaften Anwendung: services.exe1 Pfad des fehlerhaften Moduls: services.exe2 Berichtskennung: services.exe3 Error: (05/29/2013 10:25:08 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: iPodService.exe, Version: 10.7.0.21, Zeitstempel: 0x504d7b30 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel: 0x4ec4aa8e Ausnahmecode: 0xc0000005 Fehleroffset: 0x000000000001fd1d ID des fehlerhaften Prozesses: 0xac4 Startzeit der fehlerhaften Anwendung: 0xiPodService.exe0 Pfad der fehlerhaften Anwendung: iPodService.exe1 Pfad des fehlerhaften Moduls: iPodService.exe2 Berichtskennung: iPodService.exe3 Error: (05/29/2013 08:13:35 AM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc3c1 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel: 0x4ec4aa8e Ausnahmecode: 0xc0000005 Fehleroffset: 0x000000000001fd1d ID des fehlerhaften Prozesses: 0x3b8 Startzeit der fehlerhaften Anwendung: 0xsvchost.exe0 Pfad der fehlerhaften Anwendung: svchost.exe1 Pfad des fehlerhaften Moduls: svchost.exe2 Berichtskennung: svchost.exe3 Error: (05/27/2013 08:39:01 AM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: Dwm.exe, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc541 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel: 0x4ec4aa8e Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000000000020a4a ID des fehlerhaften Prozesses: 0xaa4 Startzeit der fehlerhaften Anwendung: 0xDwm.exe0 Pfad der fehlerhaften Anwendung: Dwm.exe1 Pfad des fehlerhaften Moduls: Dwm.exe2 Berichtskennung: Dwm.exe3 Error: (05/27/2013 08:38:41 AM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc3c1 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel: 0x4ec4aa8e Ausnahmecode: 0xc0000005 Fehleroffset: 0x000000000001fd1d ID des fehlerhaften Prozesses: 0x6f8 Startzeit der fehlerhaften Anwendung: 0xsvchost.exe0 Pfad der fehlerhaften Anwendung: svchost.exe1 Pfad des fehlerhaften Moduls: svchost.exe2 Berichtskennung: svchost.exe3 Error: (05/10/2013 11:57:49 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: firefox.exe, Version: 20.0.1.4847, Zeitstempel: 0x51650aee Name des fehlerhaften Moduls: xul.dll, Version: 20.0.1.4847, Zeitstempel: 0x51650a09 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000b10e8 ID des fehlerhaften Prozesses: 0x15dc Startzeit der fehlerhaften Anwendung: 0xfirefox.exe0 Pfad der fehlerhaften Anwendung: firefox.exe1 Pfad des fehlerhaften Moduls: firefox.exe2 Berichtskennung: firefox.exe3 Error: (05/07/2013 09:28:09 PM) (Source: Wininit) (User: ) Description: Ein kritischer Systemprozess C:\Windows\system32\lsm.exe ist fehlgeschlagen mit den Statuscode 255. Der Computer muss neu gestartet werden. Error: (05/07/2013 09:28:08 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: lsm.exe, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7abf0 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel: 0x4ec4aa8e Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000000000020a4a ID des fehlerhaften Prozesses: 0x20c Startzeit der fehlerhaften Anwendung: 0xlsm.exe0 Pfad der fehlerhaften Anwendung: lsm.exe1 Pfad des fehlerhaften Moduls: lsm.exe2 Berichtskennung: lsm.exe3 Error: (05/07/2013 07:32:48 AM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: AppleMobileDeviceService.exe, Version: 17.96.0.8, Zeitstempel: 0x4fb5bca5 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel: 0x4ec49b8f Ausnahmecode: 0xc0000005 Fehleroffset: 0x00053dfe ID des fehlerhaften Prozesses: 0x67c Startzeit der fehlerhaften Anwendung: 0xAppleMobileDeviceService.exe0 Pfad der fehlerhaften Anwendung: AppleMobileDeviceService.exe1 Pfad des fehlerhaften Moduls: AppleMobileDeviceService.exe2 Berichtskennung: AppleMobileDeviceService.exe3 Error: (05/04/2013 03:50:24 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc3c1 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel: 0x4ec4aa8e Ausnahmecode: 0xc0000005 Fehleroffset: 0x000000000001fd1d ID des fehlerhaften Prozesses: 0x708 Startzeit der fehlerhaften Anwendung: 0xsvchost.exe0 Pfad der fehlerhaften Anwendung: svchost.exe1 Pfad des fehlerhaften Moduls: svchost.exe2 Berichtskennung: svchost.exe3 System errors: ============= Error: (06/09/2013 11:54:58 PM) (Source: EventLog) (User: ) Description: Das System wurde zuvor am ?09.?06.?2013 um 23:52:35 unerwartet heruntergefahren. Error: (06/08/2013 07:07:54 PM) (Source: Service Control Manager) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst Netman erreicht. Error: (06/08/2013 02:50:17 PM) (Source: Service Control Manager) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst ShellHWDetection erreicht. Error: (06/02/2013 01:28:27 PM) (Source: Service Control Manager) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst ShellHWDetection erreicht. Error: (06/02/2013 01:27:57 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Anwendungserfahrung" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error: (06/02/2013 01:27:57 PM) (Source: Service Control Manager) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst AeLookupSvc erreicht. Error: (06/02/2013 01:27:51 PM) (Source: Service Control Manager) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst WSearch erreicht. Error: (06/02/2013 01:27:21 PM) (Source: Service Control Manager) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst LanmanServer erreicht. Error: (05/29/2013 10:28:24 PM) (Source: NetBT) (User: ) Description: Der Name "WORKGROUP :1d" konnte nicht auf der Schnittstelle mit IP-Adresse 10.124.0.231 registriert werden. Der Computer mit IP-Adresse 10.124.0.225 hat nicht zugelassen, dass dieser Computer diesen Namen verwendet. Error: (05/29/2013 10:25:36 PM) (Source: DCOM) (User: ) Description: {1A1F4206-0688-4E7F-BE03-D82EC69DF9A5} Microsoft Office Sessions: ========================= ==================== Memory info =========================== Percentage of memory in use: 67% Total physical RAM: 2008.57 MB Available physical RAM: 659.41 MB Total Pagefile: 4017.14 MB Available Pagefile: 2484.4 MB Total Virtual: 8192 MB Available Virtual: 8191.81 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:137.82 GB) (Free:31.87 GB) NTFS (Disk=0 Partition=2) Drive d: (Lenovo) (Fixed) (Total:9.77 GB) (Free:3.95 GB) NTFS (Disk=0 Partition=3) ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149 GB) (Disk ID: EF092947) Partition 1: (Active) - (Size=1 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=138 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=10 GB) - (Type=07 NTFS) ==================== End Of Log ============================ Danke für deine Hilfe. Gruß rowley |
|
12.06.2013, 19:46
| #4 | |
| /// the machine /// TB-Ausbilder | Win32/Small.CA-Virus - Windows7 WartungscentermeldungCombofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!Downloade dir bitte Combofix vom folgenden Downloadspiegel Link 1 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
12.06.2013, 21:02
| #5 |
| | Win32/Small.CA-Virus - Windows7 Wartungscentermeldung So habe Combofix ausgeführt. Jedoch wurde ich nach dem Ausführen von Combofix nicht zu einem Neustart aufgefordert. Hier der log file Combo.txt Code:
ATTFilter ComboFix 13-06-08.02 - *** 12.06.2013 21:34:15.1.1 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.2009.1092 [GMT 2:00]
ausgeführt von:: c:\users\***\Desktop\ComboFix.exe
AV: Sophos Anti-Virus *Disabled/Updated* {65FBD860-96D8-75EF-C7ED-7BE27E6C498A}
SP: Sophos Anti-Virus *Disabled/Updated* {DE9A3984-B0E2-7A61-FD5D-409005EB0337}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk
c:\windows\Installer\{5FDC06BF-3D3D-4367-8FFB-4FAFCB61972D}\Icon09DB8A851.exe
c:\windows\IsUn0407.exe
D:\Autorun.inf
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-05-12 bis 2013-06-12 ))))))))))))))))))))))))))))))
.
.
2013-06-12 19:43 . 2013-06-12 19:43 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DC2356EA-1F06-4C2C-A49A-3C8C60C1B7D7}\offreg.dll
2013-06-12 19:43 . 2013-06-12 19:43 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-06-12 17:12 . 2013-06-12 17:12 -------- d-----w- C:\FRST
2013-06-12 17:05 . 2013-05-08 06:39 1910632 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-06-12 17:05 . 2013-04-26 05:51 751104 ----a-w- c:\windows\system32\win32spl.dll
2013-06-12 17:05 . 2013-04-26 04:55 492544 ----a-w- c:\windows\SysWow64\win32spl.dll
2013-06-12 17:05 . 2013-05-10 05:49 30720 ----a-w- c:\windows\system32\cryptdlg.dll
2013-06-12 17:05 . 2013-05-10 03:20 24576 ----a-w- c:\windows\SysWow64\cryptdlg.dll
2013-06-12 17:05 . 2013-04-17 07:02 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2013-06-12 17:05 . 2013-04-17 06:24 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2013-06-12 17:04 . 2013-05-13 03:43 1192448 ----a-w- c:\windows\system32\certutil.exe
2013-06-12 17:04 . 2013-05-13 03:08 903168 ----a-w- c:\windows\SysWow64\certutil.exe
2013-06-12 17:04 . 2013-05-13 05:51 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2013-06-12 17:04 . 2013-05-13 05:51 1464320 ----a-w- c:\windows\system32\crypt32.dll
2013-06-12 17:04 . 2013-05-13 05:51 139776 ----a-w- c:\windows\system32\cryptnet.dll
2013-06-12 17:04 . 2013-05-13 05:50 52224 ----a-w- c:\windows\system32\certenc.dll
2013-06-12 17:04 . 2013-05-13 04:45 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2013-06-12 17:04 . 2013-05-13 04:45 1160192 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-06-12 17:04 . 2013-05-13 04:45 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2013-06-12 17:04 . 2013-05-13 03:08 43008 ----a-w- c:\windows\SysWow64\certenc.dll
2013-06-12 17:04 . 2013-04-25 23:30 1505280 ----a-w- c:\windows\SysWow64\d3d11.dll
2013-06-12 17:04 . 2013-03-31 22:52 1887232 ----a-w- c:\windows\system32\d3d11.dll
2013-06-12 16:55 . 2013-05-13 06:37 9460464 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DC2356EA-1F06-4C2C-A49A-3C8C60C1B7D7}\mpengine.dll
2013-06-11 18:20 . 2013-06-11 18:20 -------- d-----w- c:\users\***\AppData\Roaming\Malwarebytes
2013-06-11 18:20 . 2013-06-11 18:20 -------- d-----w- c:\programdata\Malwarebytes
2013-06-11 18:20 . 2013-04-04 12:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-06-11 18:20 . 2013-06-11 18:20 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-05-15 19:36 . 2013-02-27 05:52 14172672 ----a-w- c:\windows\system32\shell32.dll
2013-05-15 19:36 . 2013-02-27 05:52 197120 ----a-w- c:\windows\system32\shdocvw.dll
2013-05-15 19:36 . 2013-02-27 05:48 1930752 ----a-w- c:\windows\system32\authui.dll
2013-05-15 19:36 . 2013-02-27 06:02 111448 ----a-w- c:\windows\system32\consent.exe
2013-05-15 19:36 . 2013-02-27 05:47 70144 ----a-w- c:\windows\system32\appinfo.dll
2013-05-15 19:36 . 2013-02-27 04:49 1796096 ----a-w- c:\windows\SysWow64\authui.dll
2013-05-15 17:52 . 2013-04-10 06:01 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2013-05-15 17:52 . 2013-04-10 06:01 983400 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-05-15 17:52 . 2011-02-03 11:25 144384 ----a-w- c:\windows\system32\cdd.dll
2013-05-15 17:52 . 2013-03-19 05:53 48640 ----a-w- c:\windows\system32\wwanprotdim.dll
2013-05-15 17:52 . 2013-03-19 05:53 230400 ----a-w- c:\windows\system32\wwansvc.dll
2013-05-15 17:52 . 2013-05-06 13:39 9060352 ----a-w- c:\windows\system32\mshtml.dll
2013-05-15 17:52 . 2013-02-28 11:38 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
2013-05-15 17:52 . 2013-02-28 12:03 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2013-05-15 17:52 . 2013-04-10 03:30 3153920 ----a-w- c:\windows\system32\win32k.sys
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-12 18:37 . 2012-09-23 17:02 75825640 ----a-w- c:\windows\system32\MRT.exe
2013-06-11 18:42 . 2012-09-24 17:38 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-11 18:42 . 2012-09-24 17:38 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-05-02 00:06 . 2012-09-23 10:41 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-04-13 05:49 . 2013-05-15 17:52 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-15 17:52 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-15 17:52 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-15 17:52 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-15 17:52 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-15 17:52 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-04-12 14:45 . 2013-04-24 05:54 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-03-19 06:04 . 2013-04-09 20:16 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-19 05:46 . 2013-04-09 20:16 43520 ----a-w- c:\windows\system32\csrsrv.dll
2013-03-19 05:04 . 2013-04-09 20:16 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04 . 2013-04-09 20:16 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47 . 2013-04-09 20:16 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll
2013-03-19 03:06 . 2013-04-09 20:16 112640 ----a-w- c:\windows\system32\smss.exe
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Sophos AutoUpdate Monitor"="c:\program files (x86)\Sophos\AutoUpdate\almon.exe" [2013-02-13 929272]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-27 59280]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-09 421776]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\progra~2\Sophos\SOPHOS~1\sophos_detoured.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService]
@="service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SophosAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 swi_update_64;Sophos Web Intelligence Update;c:\programdata\Sophos\Web Intelligence\swi_update_64.exe;c:\programdata\Sophos\Web Intelligence\swi_update_64.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 sdcfilter;sdcfilter;c:\windows\system32\DRIVERS\sdcfilter.sys;c:\windows\SYSNATIVE\DRIVERS\sdcfilter.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R4 SophosBootDriver;SophosBootDriver;c:\windows\system32\DRIVERS\SophosBootDriver.sys;c:\windows\SYSNATIVE\DRIVERS\SophosBootDriver.sys [x]
S1 SAVOnAccess;SAVOnAccess;c:\windows\system32\DRIVERS\savonaccess.sys;c:\windows\SYSNATIVE\DRIVERS\savonaccess.sys [x]
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys;c:\windows\SYSNATIVE\drivers\acedrv11.sys [x]
S2 SAVAdminService;Sophos Anti-Virus Statusreporter;c:\program files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe;c:\program files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe [x]
S2 SAVService;Sophos Anti-Virus;c:\program files (x86)\Sophos\Sophos Anti-Virus\SavService.exe;c:\program files (x86)\Sophos\Sophos Anti-Virus\SavService.exe [x]
S2 Sophos Web Control Service;Sophos Web Control Service;c:\program files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe;c:\program files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe [x]
S2 swi_service;Sophos Web Intelligence Service;c:\program files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe;c:\program files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [x]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-06-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-24 18:42]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-11 162328]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-11 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-11 417304]
"lxczbmgr.exe"="c:\program files (x86)\Lexmark 1200 Series\lxczbmgr.exe" [2007-04-19 74672]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\progra~2\Sophos\SOPHOS~1\sophos_detoured_x64.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
LSP: c:\programdata\Sophos\Web Intelligence\swi_ifslsp.dll
TCP: DhcpNameServer = 10.124.0.1
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\pezh5s41.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:home
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Wow6432Node-HKLM-Run-ROC_ROC_NT - c:\program files (x86)\AVG Secure Search\ROC_ROC_NT.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-06-12 21:53:41
ComboFix-quarantined-files.txt 2013-06-12 19:53
.
Vor Suchlauf: 13 Verzeichnis(se), 33.812.873.216 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 34.405.412.864 Bytes frei
.
- - End Of File - - 6A68F06CEEB73676E6D251209E154145
A36C5E4F47E84449FF07ED3517B43A31
Combofix Logfile: Code:
ATTFilter ComboFix 13-06-08.02 - *** 12.06.2013 22:09:28.2.1 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.2009.980 [GMT 2:00]
ausgeführt von:: c:\users\***\Desktop\ComboFix.exe
AV: Sophos Anti-Virus *Disabled/Updated* {65FBD860-96D8-75EF-C7ED-7BE27E6C498A}
SP: Sophos Anti-Virus *Disabled/Updated* {DE9A3984-B0E2-7A61-FD5D-409005EB0337}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-05-12 bis 2013-06-12 ))))))))))))))))))))))))))))))
.
.
2013-06-12 20:17 . 2013-06-12 20:17 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-06-12 19:43 . 2013-06-12 19:43 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DC2356EA-1F06-4C2C-A49A-3C8C60C1B7D7}\offreg.dll
2013-06-12 17:12 . 2013-06-12 17:12 -------- d-----w- C:\FRST
2013-06-12 17:05 . 2013-05-08 06:39 1910632 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-06-12 17:05 . 2013-04-26 05:51 751104 ----a-w- c:\windows\system32\win32spl.dll
2013-06-12 17:05 . 2013-04-26 04:55 492544 ----a-w- c:\windows\SysWow64\win32spl.dll
2013-06-12 17:05 . 2013-05-10 05:49 30720 ----a-w- c:\windows\system32\cryptdlg.dll
2013-06-12 17:05 . 2013-05-10 03:20 24576 ----a-w- c:\windows\SysWow64\cryptdlg.dll
2013-06-12 17:05 . 2013-04-17 07:02 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2013-06-12 17:05 . 2013-04-17 06:24 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2013-06-12 17:04 . 2013-05-13 03:43 1192448 ----a-w- c:\windows\system32\certutil.exe
2013-06-12 17:04 . 2013-05-13 03:08 903168 ----a-w- c:\windows\SysWow64\certutil.exe
2013-06-12 17:04 . 2013-05-13 05:51 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2013-06-12 17:04 . 2013-05-13 05:51 1464320 ----a-w- c:\windows\system32\crypt32.dll
2013-06-12 17:04 . 2013-05-13 05:51 139776 ----a-w- c:\windows\system32\cryptnet.dll
2013-06-12 17:04 . 2013-05-13 05:50 52224 ----a-w- c:\windows\system32\certenc.dll
2013-06-12 17:04 . 2013-05-13 04:45 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2013-06-12 17:04 . 2013-05-13 04:45 1160192 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-06-12 17:04 . 2013-05-13 04:45 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2013-06-12 17:04 . 2013-05-13 03:08 43008 ----a-w- c:\windows\SysWow64\certenc.dll
2013-06-12 17:04 . 2013-04-25 23:30 1505280 ----a-w- c:\windows\SysWow64\d3d11.dll
2013-06-12 17:04 . 2013-03-31 22:52 1887232 ----a-w- c:\windows\system32\d3d11.dll
2013-06-12 16:55 . 2013-05-13 06:37 9460464 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DC2356EA-1F06-4C2C-A49A-3C8C60C1B7D7}\mpengine.dll
2013-06-11 18:20 . 2013-06-11 18:20 -------- d-----w- c:\users\***\AppData\Roaming\Malwarebytes
2013-06-11 18:20 . 2013-06-11 18:20 -------- d-----w- c:\programdata\Malwarebytes
2013-06-11 18:20 . 2013-04-04 12:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-06-11 18:20 . 2013-06-11 18:20 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-05-15 19:36 . 2013-02-27 05:52 14172672 ----a-w- c:\windows\system32\shell32.dll
2013-05-15 19:36 . 2013-02-27 05:52 197120 ----a-w- c:\windows\system32\shdocvw.dll
2013-05-15 19:36 . 2013-02-27 05:48 1930752 ----a-w- c:\windows\system32\authui.dll
2013-05-15 19:36 . 2013-02-27 06:02 111448 ----a-w- c:\windows\system32\consent.exe
2013-05-15 19:36 . 2013-02-27 05:47 70144 ----a-w- c:\windows\system32\appinfo.dll
2013-05-15 19:36 . 2013-02-27 04:49 1796096 ----a-w- c:\windows\SysWow64\authui.dll
2013-05-15 17:52 . 2013-04-10 06:01 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2013-05-15 17:52 . 2013-04-10 06:01 983400 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-05-15 17:52 . 2011-02-03 11:25 144384 ----a-w- c:\windows\system32\cdd.dll
2013-05-15 17:52 . 2013-03-19 05:53 48640 ----a-w- c:\windows\system32\wwanprotdim.dll
2013-05-15 17:52 . 2013-03-19 05:53 230400 ----a-w- c:\windows\system32\wwansvc.dll
2013-05-15 17:52 . 2013-05-06 13:39 9060352 ----a-w- c:\windows\system32\mshtml.dll
2013-05-15 17:52 . 2013-02-28 11:38 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
2013-05-15 17:52 . 2013-02-28 12:03 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2013-05-15 17:52 . 2013-04-10 03:30 3153920 ----a-w- c:\windows\system32\win32k.sys
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-12 18:37 . 2012-09-23 17:02 75825640 ----a-w- c:\windows\system32\MRT.exe
2013-06-11 18:42 . 2012-09-24 17:38 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-11 18:42 . 2012-09-24 17:38 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-05-02 00:06 . 2012-09-23 10:41 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-04-13 05:49 . 2013-05-15 17:52 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-15 17:52 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-15 17:52 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-15 17:52 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-15 17:52 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-15 17:52 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-04-12 14:45 . 2013-04-24 05:54 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-03-19 06:04 . 2013-04-09 20:16 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-19 05:46 . 2013-04-09 20:16 43520 ----a-w- c:\windows\system32\csrsrv.dll
2013-03-19 05:04 . 2013-04-09 20:16 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04 . 2013-04-09 20:16 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47 . 2013-04-09 20:16 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll
2013-03-19 03:06 . 2013-04-09 20:16 112640 ----a-w- c:\windows\system32\smss.exe
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Sophos AutoUpdate Monitor"="c:\program files (x86)\Sophos\AutoUpdate\almon.exe" [2013-02-13 929272]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-27 59280]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-09 421776]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\progra~2\Sophos\SOPHOS~1\sophos_detoured.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService]
@="service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SophosAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 swi_update_64;Sophos Web Intelligence Update;c:\programdata\Sophos\Web Intelligence\swi_update_64.exe;c:\programdata\Sophos\Web Intelligence\swi_update_64.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 sdcfilter;sdcfilter;c:\windows\system32\DRIVERS\sdcfilter.sys;c:\windows\SYSNATIVE\DRIVERS\sdcfilter.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R4 SophosBootDriver;SophosBootDriver;c:\windows\system32\DRIVERS\SophosBootDriver.sys;c:\windows\SYSNATIVE\DRIVERS\SophosBootDriver.sys [x]
S1 SAVOnAccess;SAVOnAccess;c:\windows\system32\DRIVERS\savonaccess.sys;c:\windows\SYSNATIVE\DRIVERS\savonaccess.sys [x]
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys;c:\windows\SYSNATIVE\drivers\acedrv11.sys [x]
S2 SAVAdminService;Sophos Anti-Virus Statusreporter;c:\program files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe;c:\program files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe [x]
S2 SAVService;Sophos Anti-Virus;c:\program files (x86)\Sophos\Sophos Anti-Virus\SavService.exe;c:\program files (x86)\Sophos\Sophos Anti-Virus\SavService.exe [x]
S2 Sophos Web Control Service;Sophos Web Control Service;c:\program files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe;c:\program files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe [x]
S2 swi_service;Sophos Web Intelligence Service;c:\program files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe;c:\program files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [x]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-06-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-24 18:42]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-11 162328]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-11 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-11 417304]
"lxczbmgr.exe"="c:\program files (x86)\Lexmark 1200 Series\lxczbmgr.exe" [2007-04-19 74672]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\progra~2\Sophos\SOPHOS~1\sophos_detoured_x64.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
LSP: c:\programdata\Sophos\Web Intelligence\swi_ifslsp.dll
TCP: DhcpNameServer = 10.124.0.1
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\pezh5s41.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:home
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-06-12 22:26:18
ComboFix-quarantined-files.txt 2013-06-12 20:26
ComboFix2.txt 2013-06-12 19:53
.
Vor Suchlauf: 16 Verzeichnis(se), 34.463.641.600 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 34.406.866.944 Bytes frei
.
- - End Of File - - BA72A46A5BA1D772F77E8469A494DC73
A36C5E4F47E84449FF07ED3517B43A31 [/CODE] Vielen Dank und beste Grüße |
|
13.06.2013, 08:00
| #6 |
| /// the machine /// TB-Ausbilder | Win32/Small.CA-Virus - Windows7 Wartungscentermeldung Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches OTL log bitte.
__________________ --> Win32/Small.CA-Virus - Windows7 Wartungscentermeldung |
|
13.06.2013, 19:04
| #7 |
| | Win32/Small.CA-Virus - Windows7 Wartungscentermeldung Hallo, hier die angefordeten logs: AdwCleaner Code:
ATTFilter # AdwCleaner v2.303 - Datei am 13/06/2013 um 19:31:08 erstellt
# Aktualisiert am 08/06/2013 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzer : *** - ROWLEY
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\***\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
***** [Internet Browser] *****
-\\ Internet Explorer v8.0.7601.17514
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v21.0 (de)
Datei : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\pezh5s41.default\prefs.js
[OK] Die Datei ist sauber.
-\\ Opera v12.15.1748.0
Datei : C:\Users\***\AppData\Roaming\Opera\Opera\operaprefs.ini
[OK] Die Datei ist sauber.
*************************
AdwCleaner[S1].txt - [1580 octets] - [13/06/2013 19:31:08]
########## EOF - C:\AdwCleaner[S1].txt - [1640 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 7 Professional x64
Ran by Andreas v. Bohl on 13.06.2013 at 19:44:11,98
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ FireFox
Emptied folder: C:\Users\Andreas v. Bohl\AppData\Roaming\mozilla\firefox\profiles\pezh5s41.default\minidumps [251 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 13.06.2013 at 19:49:23,87
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Code:
ATTFilter OTL logfile created on: 13.06.2013 19:51:45 - Run 3 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,96 Gb Total Physical Memory | 1,17 Gb Available Physical Memory | 59,79% Memory free 3,92 Gb Paging File | 2,88 Gb Available in Paging File | 73,48% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 137,82 Gb Total Space | 31,00 Gb Free Space | 22,50% Space Free | Partition Type: NTFS Drive D: | 9,77 Gb Total Space | 3,95 Gb Free Space | 40,46% Space Free | Partition Type: NTFS Computer Name: ROWLEY | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.06.11 21:38:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe PRC - [2013.03.21 19:42:03 | 002,890,232 | ---- | M] (Sophos Limited) -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe PRC - [2013.02.13 20:33:11 | 000,237,048 | ---- | M] (Sophos Limited) -- C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe PRC - [2013.02.13 20:33:09 | 000,929,272 | ---- | M] (Sophos Limited) -- C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe PRC - [2013.02.13 20:31:45 | 000,217,592 | ---- | M] (Sophos Limited) -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe PRC - [2012.11.20 19:11:02 | 000,159,296 | ---- | M] (Sophos Limited) -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe PRC - [2012.09.23 12:41:45 | 000,357,400 | ---- | M] (Sophos Limited) -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe PRC - [2011.03.04 13:45:08 | 001,529,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe PRC - [2007.04.19 15:45:10 | 000,074,672 | ---- | M] (Lexmark International, Inc.) -- C:\Program Files (x86)\Lexmark 1200 Series\LXCZbmgr.exe PRC - [2007.04.19 15:44:12 | 000,058,288 | ---- | M] (Lexmark International, Inc.) -- C:\Program Files (x86)\Lexmark 1200 Series\lxczbmon.exe ========== Modules (No Company Name) ========== MOD - [2012.08.27 22:33:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2012.08.27 22:33:08 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ========== Services (SafeList) ========== SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV:64bit: - [2007.04.19 15:43:56 | 000,566,192 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxczcoms.exe -- (lxcz_device) SRV - [2013.06.11 20:42:37 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.05.20 10:58:14 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.03.21 19:42:03 | 002,890,232 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe -- (swi_service) SRV - [2013.02.28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2013.02.13 20:33:11 | 000,237,048 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe -- (Sophos AutoUpdate Service) SRV - [2013.02.13 20:31:45 | 000,217,592 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe -- (SAVAdminService) SRV - [2012.12.04 16:21:03 | 002,010,688 | ---- | M] (Sophos Limited) [Auto | Stopped] -- C:\ProgramData\Sophos\Web Intelligence\swi_update_64.exe -- (swi_update_64) SRV - [2012.11.20 19:11:02 | 000,159,296 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe -- (SAVService) SRV - [2012.09.23 12:41:45 | 000,357,400 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe -- (Sophos Web Control Service) SRV - [2011.03.04 13:45:08 | 001,529,856 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2007.04.19 15:43:42 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWOW64\lxczcoms.exe -- (lxcz_device) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.11.20 19:12:09 | 000,154,952 | ---- | M] (Sophos Limited) [File_System | System | Running] -- C:\Windows\SysNative\drivers\savonaccess.sys -- (SAVOnAccess) DRV:64bit: - [2012.09.23 12:43:42 | 000,036,640 | ---- | M] (Sophos Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdcfilter.sys -- (sdcfilter) DRV:64bit: - [2012.09.23 12:37:09 | 000,025,608 | ---- | M] (Sophos Plc) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\SophosBootDriver.sys -- (SophosBootDriver) DRV:64bit: - [2012.08.23 16:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2012.08.23 16:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2012.08.21 14:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2012.07.09 14:42:54 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.03.04 13:51:50 | 000,306,536 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CVPNDRVA.sys -- (CVPNDRVA) DRV:64bit: - [2011.02.11 19:16:38 | 010,628,640 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 11:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2010.02.08 09:32:00 | 000,014,992 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CVirtA64.sys -- (CVirtA) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.08 00:45:50 | 002,769,400 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX) DRV:64bit: - [2009.06.10 23:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92) DRV:64bit: - [2009.06.10 23:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac) DRV:64bit: - [2009.06.10 23:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.01.19 20:32:22 | 000,334,344 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\acedrv11.sys -- (acedrv11) DRV:64bit: - [2008.11.16 19:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dne64x.sys -- (DNE) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 92 42 4C 96 FD 98 CD 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "about:home" FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files (x86)\VLC\npvlc.dll (VideoLAN) FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101721.dll (Amazon.com, Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.09.23 15:39:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2013.05.09 20:29:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\pezh5s41.default\extensions [2013.05.09 20:29:04 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\pezh5s41.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013.05.20 10:58:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions [2013.05.20 10:58:16 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} O1 HOSTS File: ([2013.06.12 21:43:53 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL (Microsoft Corporation) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [lxczbmgr.exe] C:\Program Files (x86)\Lexmark 1200 Series\lxczbmgr.exe (Lexmark International, Inc.) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [Sophos AutoUpdate Monitor] C:\Program Files (x86)\Sophos\AutoUpdate\almon.exe (Sophos Limited) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000019 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited) O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited) O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.124.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{79100CAF-233B-429B-B8F0-931B166EC407}: DhcpNameServer = 10.124.0.1 O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\Sophos\SOPHOS~1\sophos_detoured_x64.dll) - C:\PROGRA~2\Sophos\SOPHOS~1\sophos_detoured_x64.dll (Sophos Limited) O20 - AppInit_DLLs: (C:\PROGRA~2\Sophos\SOPHOS~1\sophos_detoured.dll) - C:\PROGRA~2\Sophos\SOPHOS~1\sophos_detoured.dll (Sophos Limited) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.06.13 19:44:09 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2013.06.13 19:44:00 | 000,000,000 | ---D | C] -- C:\JRT [2013.06.13 19:42:20 | 000,545,954 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\***\Desktop\JRT.exe [2013.06.13 19:40:28 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013.06.12 22:26:41 | 000,000,000 | ---D | C] -- C:\Windows\temp [2013.06.12 21:32:16 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013.06.12 21:32:16 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013.06.12 21:32:16 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013.06.12 21:32:02 | 000,000,000 | ---D | C] -- C:\Qoobox [2013.06.12 21:31:40 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013.06.12 21:08:51 | 005,078,680 | R--- | C] (Swearware) -- C:\Users\***\Desktop\ComboFix.exe [2013.06.12 19:12:22 | 000,000,000 | ---D | C] -- C:\FRST [2013.06.11 21:38:06 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2013.06.11 20:20:21 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes [2013.06.11 20:20:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.06.11 20:20:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.06.11 20:20:01 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013.06.11 20:20:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013.05.20 10:57:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.06.13 19:44:30 | 000,014,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.06.13 19:44:30 | 000,014,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.06.13 19:42:35 | 000,545,954 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\***\Desktop\JRT.exe [2013.06.13 19:42:07 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.06.13 19:36:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.06.13 19:36:21 | 1579,601,920 | -HS- | M] () -- C:\hiberfil.sys [2013.06.13 19:30:22 | 000,648,201 | ---- | M] () -- C:\Users\***\Desktop\adwcleaner.exe [2013.06.12 21:43:53 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2013.06.12 21:09:34 | 005,078,680 | R--- | M] (Swearware) -- C:\Users\***\Desktop\ComboFix.exe [2013.06.12 18:48:41 | 005,031,832 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.06.11 23:12:31 | 000,377,856 | ---- | M] () -- C:\Users\***\Desktop\gmer_2.1.19163.exe [2013.06.11 21:38:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2013.06.11 21:36:56 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable [2013.06.11 20:20:07 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.05.28 18:47:11 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.05.28 18:47:11 | 000,654,302 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.05.28 18:47:11 | 000,616,144 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.05.28 18:47:11 | 000,130,142 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.05.28 18:47:11 | 000,106,524 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.05.23 21:55:11 | 000,000,315 | ---- | M] () -- C:\Users\***\AppData\Roaming\burnaware.ini [2013.05.18 12:05:31 | 000,170,723 | ---- | M] () -- C:\Users\***\Documents\lousberglauf.xps [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.06.13 19:29:57 | 000,648,201 | ---- | C] () -- C:\Users\***\Desktop\adwcleaner.exe [2013.06.12 21:32:16 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013.06.12 21:32:16 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013.06.12 21:32:16 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013.06.12 21:32:16 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013.06.12 21:32:16 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013.06.11 23:12:26 | 000,377,856 | ---- | C] () -- C:\Users\***\Desktop\gmer_2.1.19163.exe [2013.06.11 21:36:56 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable [2013.06.11 20:20:07 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.05.18 12:05:29 | 000,170,723 | ---- | C] () -- C:\Users\***\Documents\lousberglauf.xps [2013.02.10 19:35:33 | 000,000,125 | -HS- | C] () -- C:\ProgramData\.zreglib [2012.12.22 13:33:13 | 000,000,315 | ---- | C] () -- C:\Users\***\AppData\Roaming\burnaware.ini [2012.10.25 20:55:16 | 000,003,584 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.10.24 18:51:52 | 000,000,076 | ---- | C] () -- C:\Users\***\AppData\Local\STAR.trace [2012.10.24 18:51:37 | 000,001,025 | ---- | C] () -- C:\Windows\SysWow64\sysprs7.dll [2012.10.24 18:51:37 | 000,000,205 | ---- | C] () -- C:\Windows\SysWow64\lsprst7.dll [2012.10.01 20:40:50 | 000,000,100 | ---- | C] () -- C:\Windows\Lexstat.ini [2012.09.26 22:34:02 | 000,413,696 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczinpa.dll [2012.09.26 22:34:02 | 000,397,312 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcziesc.dll [2012.09.26 22:34:02 | 000,274,432 | ---- | C] () -- C:\Windows\SysWow64\LXCZinst.dll [2012.09.26 22:34:01 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczpmui.dll [2012.09.26 22:34:01 | 000,413,696 | ---- | C] () -- C:\Windows\SysWow64\lxczutil.dll [2012.09.26 22:34:00 | 000,991,232 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczusb1.dll [2012.09.26 22:33:59 | 001,224,704 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczserv.dll [2012.09.26 22:33:59 | 000,585,728 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczlmpm.dll [2012.09.26 22:33:59 | 000,181,168 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczppls.exe [2012.09.26 22:33:59 | 000,163,840 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczprox.dll [2012.09.26 22:33:59 | 000,094,208 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczpplc.dll [2012.09.26 22:33:58 | 000,696,320 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczhbn3.dll [2012.09.26 22:33:58 | 000,385,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczih.exe [2012.09.26 22:33:57 | 000,684,032 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczcomc.dll [2012.09.26 22:33:57 | 000,537,520 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczcoms.exe [2012.09.26 22:33:57 | 000,421,888 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczcomm.dll [2012.09.26 22:33:56 | 000,381,872 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczcfg.exe [2012.09.23 13:04:05 | 000,007,168 | ---- | C] () -- C:\Windows\SysWow64\tfuhwba.dll [2012.09.23 13:04:05 | 000,001,025 | ---- | C] () -- C:\Windows\SysWow64\grcauth2.dll [2012.09.23 13:04:05 | 000,001,025 | ---- | C] () -- C:\Windows\SysWow64\grcauth1.dll [2012.09.23 13:04:05 | 000,001,025 | ---- | C] () -- C:\Windows\SysWow64\clauth2.dll [2012.09.23 13:04:05 | 000,001,025 | ---- | C] () -- C:\Windows\SysWow64\clauth1.dll [2012.09.23 13:04:05 | 000,000,204 | ---- | C] () -- C:\Windows\SysWow64\p5z6t2p.dll [2012.09.23 13:04:05 | 000,000,100 | ---- | C] () -- C:\Windows\SysWow64\prsgrc.dll [2012.09.23 13:04:05 | 000,000,016 | -H-- | C] () -- C:\Windows\SysWow64\mb6a5lr.dll ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013.02.13 00:04:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Amazon [2013.04.20 17:12:54 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Broken Sword 2.5 [2012.12.23 16:45:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\CLC bio [2013.02.28 18:45:10 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant [2012.09.23 22:07:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DAEMON Tools Lite [2013.05.31 22:06:54 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Dropbox [2012.10.02 19:50:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Foxit Software [2012.09.23 21:26:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\IrfanView [2013.06.09 14:12:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MediaMonkey [2013.01.27 21:18:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Opera [2012.11.25 20:32:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ProtectDisc [2013.05.05 18:53:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ScummVM [2013.03.01 23:38:41 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 ========== Purity Check ========== < End of report > rowley |
|
14.06.2013, 07:03
| #8 |
| /// the machine /// TB-Ausbilder | Win32/Small.CA-Virus - Windows7 WartungscentermeldungESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST Log. Noch Probleme? 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
15.06.2013, 18:55
| #9 |
| | Win32/Small.CA-Virus - Windows7 Wartungscentermeldung Hallo, sorry für die späte antwort. hier wieder die log. Eset: Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=cc4f19de6c9f254bb06c00ba1bc5faf7
# engine=14073
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-06-14 08:55:59
# local_time=2013-06-14 10:55:59 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776573 100 94 15555 122873209 0 0
# compatibility_mode=8450 16777213 85 98 15493 22846761 0 0
# scanned=193748
# found=7
# cleaned=0
# scan_time=15317
sh=19744DCDCD2FCFEF6C306BCAEC7CD7F95A6D1B46 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="H:\***\Backup Set 2011-01-23 190048\Backup Files 2011-02-27 190012\Backup files 2.zip"
sh=4B912CB92A1AEF9EA14484AB52EAFE83B5841A20 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="H:\***\Backup Set 2011-06-19 190002\Backup Files 2011-06-19 190002\Backup files 3.zip"
sh=766942432F3E235268C7771B3F7281FA5B327C57 ft=0 fh=0000000000000000 vn="HTML/Fraud.BD.Gen trojan" ac=I fn="H:\***\Backup Set 2011-06-19 190002\Backup Files 2011-11-20 190206\Backup files 1.zip"
sh=3A182E6D8D4B389B12BAD2BA642D5F0AEDFE9DC0 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="H:\***\Backup Set 2011-06-19 190002\Backup Files 2011-12-04 190002\Backup files 1.zip"
sh=83789C9B0B9B941374B4897A2C6D0CD469CAA253 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="H:\***\Backup Set 2011-06-19 190002\Backup Files 2011-12-04 190002\Backup files 7.zip"
sh=68BA22FECDDB64A39CF71F36F16B1ACCA30BD801 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="H:\***\Backup Set 2011-06-19 190002\Backup Files 2011-12-11 190002\Backup files 1.zip"
sh=4B04A022E6A8ACB758B1B06614C110C5D86758C3 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="H:\***\Backup Set 2012-07-28 152152\Backup Files 2012-07-28 152152\Backup files 4.zip"
Code:
ATTFilter Results of screen317's Security Check version 0.99.64 Windows 7 Service Pack 1 x64 (UAC is enabled) ``````````````Antivirus/Firewall Check:`````````````` Sophos Anti-Virus WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware Version 1.75.0.1300 Adobe Flash Player 11.7.700.224 Mozilla Firefox (21.0) ````````Process Check: objlist.exe by Laurent```````` Sophos Sophos Anti-Virus SavService.exe Sophos Sophos Anti-Virus SAVAdminService.exe Sophos Sophos Anti-Virus Web Control swc_service.exe Sophos Sophos Anti-Virus Web Intelligence swi_service.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-06-2013 03
Ran by *** (administrator) on 15-06-2013 19:47:09
Running from C:\Users\***\Downloads
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
( ) C:\Windows\system32\lxczcoms.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [lxczbmgr.exe] "C:\Program Files (x86)\Lexmark 1200 Series\lxczbmgr.exe" [74672 2007-04-19] (Lexmark International, Inc.)
HKCU\...\Policies\system: [DisableRegistryTools] 0
HKCU\...\Policies\system: [DisableTaskMgr] 0
HKLM-x32\...\Run: [Sophos AutoUpdate Monitor] C:\Program Files (x86)\Sophos\AutoUpdate\almon.exe [929272 2013-02-13] (Sophos Limited)
HKLM-x32\...\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [31016 2006-10-27] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-08-27] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421776 2012-09-10] (Apple Inc.)
AppInit_DLLs: C:\PROGRA~2\Sophos\SOPHOS~1\sophos_detoured_x64.dll [218256 2012-11-20] (Sophos Limited)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL (Microsoft Corporation)
Handler-x32: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL [2210608 2006-10-27] (Microsoft Corporation)
Winsock: Catalog9 01 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9 02 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9 03 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9 04 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9 05 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9 06 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9 07 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9 08 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9 19 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9-x64 01 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [131648] (Sophos Limited)
Winsock: Catalog9-x64 02 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [131648] (Sophos Limited)
Winsock: Catalog9-x64 03 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [131648] (Sophos Limited)
Winsock: Catalog9-x64 04 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [131648] (Sophos Limited)
Winsock: Catalog9-x64 05 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [131648] (Sophos Limited)
Winsock: Catalog9-x64 06 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [131648] (Sophos Limited)
Winsock: Catalog9-x64 07 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [131648] (Sophos Limited)
Winsock: Catalog9-x64 08 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [131648] (Sophos Limited)
Winsock: Catalog9-x64 19 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [131648] (Sophos Limited)
Tcpip\Parameters: [DhcpNameServer] 10.124.0.1
FireFox:
========
FF ProfilePath: C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\pezh5s41.default
FF SelectedSearchEngine: Google
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.9.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.3 - C:\Program Files (x86)\VLC\npvlc.dll (VideoLAN)
FF Extension: No Name - C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\pezh5s41.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
==================== Services (Whitelisted) =================
R2 lxcz_device; C:\Windows\system32\lxczcoms.exe [566192 2007-04-19] ( )
R2 SAVAdminService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe [217592 2013-02-13] (Sophos Limited)
R2 SAVService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe [159296 2012-11-20] (Sophos Limited)
R2 Sophos AutoUpdate Service; C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe [237048 2013-02-13] (Sophos Limited)
R2 Sophos Web Control Service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe [357400 2012-09-23] (Sophos Limited)
R2 swi_service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [2890232 2013-03-21] (Sophos Limited)
S2 swi_update_64; C:\ProgramData\Sophos\Web Intelligence\swi_update_64.exe [2010688 2012-12-04] (Sophos Limited)
==================== Drivers (Whitelisted) ====================
R3 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [306536 2011-03-04] ()
R3 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [306536 2011-03-04] ()
R1 SAVOnAccess; C:\Windows\System32\DRIVERS\savonaccess.sys [154952 2012-11-20] (Sophos Limited)
S3 sdcfilter; C:\Windows\System32\DRIVERS\sdcfilter.sys [36640 2012-09-23] (Sophos Limited)
S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
S4 SophosBootDriver; C:\Windows\System32\DRIVERS\SophosBootDriver.sys [25608 2012-09-23] (Sophos Plc)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 vpnva; system32\DRIVERS\vpnva64.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-06-15 19:43 - 2013-06-15 19:43 - 00000924 ____A C:\Users\***\Desktop\checkup.txt
2013-06-15 19:38 - 2013-06-15 19:39 - 00890839 ____A C:\Users\***\Desktop\SecurityCheck.exe
2013-06-14 18:34 - 2013-06-14 18:34 - 02347384 ____A (ESET) C:\Users\***\Downloads\esetsmartinstaller_enu.exe
2013-06-13 19:49 - 2013-06-13 19:49 - 00000778 ____A C:\Users\***\Desktop\JRT.txt
2013-06-13 19:44 - 2013-06-13 19:44 - 00000000 ____D C:\Windows\ERUNT
2013-06-13 19:44 - 2013-06-13 19:44 - 00000000 ____D C:\JRT
2013-06-13 19:42 - 2013-06-13 19:42 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\***\Desktop\JRT.exe
2013-06-13 19:40 - 2013-06-13 19:41 - 00001657 ____A C:\Users\***\Desktop\AdwCleaner[S1].txt
2013-06-13 19:31 - 2013-06-13 19:31 - 00001705 ____A C:\AdwCleaner[S1].txt
2013-06-13 19:29 - 2013-06-13 19:30 - 00648201 ____A C:\Users\***\Desktop\adwcleaner.exe
2013-06-12 22:26 - 2013-06-12 22:26 - 00014630 ____A C:\ComboFix.txt
2013-06-12 21:55 - 2013-06-12 21:56 - 00014990 ____A C:\Users\***\Desktop\ComboFix.txt
2013-06-12 21:32 - 2013-06-12 22:26 - 00000000 ___AD C:\Qoobox
2013-06-12 21:32 - 2011-06-26 08:45 - 00256000 ____A C:\Windows\PEV.exe
2013-06-12 21:32 - 2010-11-07 19:20 - 00208896 ____A C:\Windows\MBR.exe
2013-06-12 21:32 - 2009-04-20 06:56 - 00060416 ____A C:\Windows\NIRCMD.exe
2013-06-12 21:32 - 2000-08-31 02:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2013-06-12 21:32 - 2000-08-31 02:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2013-06-12 21:32 - 2000-08-31 02:00 - 00098816 ____A C:\Windows\sed.exe
2013-06-12 21:32 - 2000-08-31 02:00 - 00080412 ____A C:\Windows\grep.exe
2013-06-12 21:32 - 2000-08-31 02:00 - 00068096 ____A C:\Windows\zip.exe
2013-06-12 21:31 - 2013-06-12 21:50 - 00000000 ____D C:\Windows\erdnt
2013-06-12 21:08 - 2013-06-12 21:09 - 05078680 ____R (Swearware) C:\Users\***\Desktop\ComboFix.exe
2013-06-12 19:16 - 2013-06-12 19:21 - 00019545 ____A C:\Users\***\Desktop\FRST.txt
2013-06-12 19:16 - 2013-06-12 19:19 - 00013139 ____A C:\Users\***\Desktop\Addition.txt
2013-06-12 19:15 - 2013-06-12 19:15 - 00013163 ____A C:\Users\***\Downloads\Addition.txt
2013-06-12 19:12 - 2013-06-12 19:12 - 00000000 ____D C:\FRST
2013-06-12 19:11 - 2013-06-12 19:12 - 01920250 ____A (Farbar) C:\Users\***\Downloads\FRST64.exe
2013-06-12 19:05 - 2013-05-10 07:49 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll
2013-06-12 19:05 - 2013-05-10 05:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2013-06-12 19:05 - 2013-05-08 08:39 - 01910632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-12 19:05 - 2013-04-26 07:51 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-12 19:05 - 2013-04-26 06:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-06-12 19:05 - 2013-04-17 09:02 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-06-12 19:05 - 2013-04-17 08:24 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-06-12 19:04 - 2013-05-13 07:51 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-12 19:04 - 2013-05-13 07:51 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-12 19:04 - 2013-05-13 07:51 - 00139776 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-12 19:04 - 2013-05-13 07:50 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-12 19:04 - 2013-05-13 06:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-06-12 19:04 - 2013-05-13 06:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-06-12 19:04 - 2013-05-13 06:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-06-12 19:04 - 2013-05-13 05:43 - 01192448 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-12 19:04 - 2013-05-13 05:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2013-06-12 19:04 - 2013-05-13 05:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2013-06-12 19:04 - 2013-04-26 01:30 - 01505280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-06-12 19:04 - 2013-04-01 00:52 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll
2013-06-12 00:15 - 2013-06-12 00:30 - 00004471 ____A C:\Users\***\Desktop\Gmer.log
2013-06-11 23:12 - 2013-06-11 23:12 - 00377856 ____A C:\Users\***\Desktop\gmer_2.1.19163.exe
2013-06-11 21:52 - 2013-06-13 20:00 - 00067428 ____A C:\Users\***\Desktop\OTL.Txt
2013-06-11 21:52 - 2013-06-12 00:29 - 00060838 ____A C:\Users\***\Desktop\Extras.Txt
2013-06-11 21:51 - 2013-06-11 21:52 - 00061222 ____A C:\Users\***\Downloads\Extras.Txt
2013-06-11 21:50 - 2013-06-13 19:08 - 00067252 ____A C:\Users\***\Downloads\OTL.Txt
2013-06-11 21:38 - 2013-06-11 21:38 - 00602112 ____A (OldTimer Tools) C:\Users\***\Desktop\OTL.exe
2013-06-11 21:36 - 2013-06-11 21:37 - 00000492 ____A C:\Users\***\Downloads\defogger_disable.log
2013-06-11 21:36 - 2013-06-11 21:36 - 00050477 ____A C:\Users\***\Downloads\Defogger.exe
2013-06-11 21:36 - 2013-06-11 21:36 - 00000000 ____A C:\Users\***\defogger_reenable
2013-06-11 20:20 - 2013-06-11 20:20 - 00001113 ____A C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-06-11 20:20 - 2013-06-11 20:20 - 00000000 ____D C:\Users\***\AppData\Roaming\Malwarebytes
2013-06-11 20:20 - 2013-06-11 20:20 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-06-11 20:20 - 2013-06-11 20:20 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-06-11 20:20 - 2013-04-04 14:50 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2013-06-11 20:17 - 2013-06-11 20:17 - 10285040 ____A (Malwarebytes Corporation ) C:\Users\***\Downloads\mbam-setup-1.75.0.1300.exe
2013-05-20 10:57 - 2013-05-20 10:58 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-05-20 00:17 - 2013-05-20 00:17 - 00000000 ____D C:\Users\***\Downloads\Baflu02
2013-05-19 23:54 - 2013-05-20 00:16 - 80255886 ____A C:\Users\***\Downloads\Baflu02.part3.rar
2013-05-19 23:26 - 2013-05-19 23:54 - 100000000 ____A C:\Users\***\Downloads\Baflu02.part2.rar
2013-05-19 22:51 - 2013-05-19 23:19 - 100000000 ____A C:\Users\***\Downloads\Baflu02.part1.rar
2013-05-19 14:27 - 2013-05-19 14:27 - 00038244 ____A C:\Users\***\Downloads\Adams-piggyBacClonesAvailable-set1(1).xlsx
2013-05-19 01:12 - 2013-05-19 01:12 - 00038244 ____A C:\Users\***\Downloads\Adams-piggyBacClonesAvailable-set1.xlsx
2013-05-18 12:05 - 2013-05-18 12:05 - 00170723 ____A C:\Users\***\Documents\lousberglauf.xps
2013-05-16 18:31 - 2013-05-16 18:31 - 00011817 ____A C:\Users\***\Downloads\Ihre Rücksendung.html
==================== One Month Modified Files and Folders =======
2013-06-15 19:43 - 2013-06-15 19:43 - 00000924 ____A C:\Users\***\Desktop\checkup.txt
2013-06-15 19:42 - 2013-04-20 10:48 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-15 19:39 - 2013-06-15 19:38 - 00890839 ____A C:\Users\***\Desktop\SecurityCheck.exe
2013-06-15 19:38 - 2009-07-14 06:45 - 00014752 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-06-15 19:38 - 2009-07-14 06:45 - 00014752 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-06-15 19:35 - 2012-09-22 21:48 - 01739652 ____A C:\Windows\WindowsUpdate.log
2013-06-15 19:31 - 2009-07-14 07:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-15 19:30 - 2009-07-14 06:51 - 00082905 ____A C:\Windows\setupact.log
2013-06-14 18:36 - 2009-07-14 19:58 - 00654302 ____A C:\Windows\System32\perfh007.dat
2013-06-14 18:36 - 2009-07-14 19:58 - 00130142 ____A C:\Windows\System32\perfc007.dat
2013-06-14 18:36 - 2009-07-14 07:13 - 01498506 ____A C:\Windows\System32\PerfStringBackup.INI
2013-06-14 18:34 - 2013-06-14 18:34 - 02347384 ____A (ESET) C:\Users\***\Downloads\esetsmartinstaller_enu.exe
2013-06-13 20:00 - 2013-06-11 21:52 - 00067428 ____A C:\Users\***\Desktop\OTL.Txt
2013-06-13 19:49 - 2013-06-13 19:49 - 00000778 ____A C:\Users\***\Desktop\JRT.txt
2013-06-13 19:44 - 2013-06-13 19:44 - 00000000 ____D C:\Windows\ERUNT
2013-06-13 19:44 - 2013-06-13 19:44 - 00000000 ____D C:\JRT
2013-06-13 19:42 - 2013-06-13 19:42 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\***\Desktop\JRT.exe
2013-06-13 19:41 - 2013-06-13 19:40 - 00001657 ____A C:\Users\***\Desktop\AdwCleaner[S1].txt
2013-06-13 19:31 - 2013-06-13 19:31 - 00001705 ____A C:\AdwCleaner[S1].txt
2013-06-13 19:30 - 2013-06-13 19:29 - 00648201 ____A C:\Users\***\Desktop\adwcleaner.exe
2013-06-13 19:08 - 2013-06-11 21:50 - 00067252 ____A C:\Users\***\Downloads\OTL.Txt
2013-06-13 18:50 - 2012-09-24 08:45 - 00012018 ____A C:\Windows\PFRO.log
2013-06-12 22:59 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-06-12 22:26 - 2013-06-12 22:26 - 00014630 ____A C:\ComboFix.txt
2013-06-12 22:26 - 2013-06-12 21:32 - 00000000 ___AD C:\Qoobox
2013-06-12 22:17 - 2009-07-14 04:34 - 00000215 ____A C:\Windows\system.ini
2013-06-12 21:56 - 2013-06-12 21:55 - 00014990 ____A C:\Users\***\Desktop\ComboFix.txt
2013-06-12 21:54 - 2009-07-14 05:20 - 00000000 __RHD C:\users\Default
2013-06-12 21:50 - 2013-06-12 21:31 - 00000000 ____D C:\Windows\erdnt
2013-06-12 21:09 - 2013-06-12 21:08 - 05078680 ____R (Swearware) C:\Users\***\Desktop\ComboFix.exe
2013-06-12 20:37 - 2012-09-23 19:02 - 75825640 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-06-12 19:21 - 2013-06-12 19:16 - 00019545 ____A C:\Users\***\Desktop\FRST.txt
2013-06-12 19:19 - 2013-06-12 19:16 - 00013139 ____A C:\Users\***\Desktop\Addition.txt
2013-06-12 19:15 - 2013-06-12 19:15 - 00013163 ____A C:\Users\***\Downloads\Addition.txt
2013-06-12 19:12 - 2013-06-12 19:12 - 00000000 ____D C:\FRST
2013-06-12 19:12 - 2013-06-12 19:11 - 01920250 ____A (Farbar) C:\Users\***\Downloads\FRST64.exe
2013-06-12 18:48 - 2009-07-14 06:45 - 05031832 ____A C:\Windows\System32\FNTCACHE.DAT
2013-06-12 00:47 - 2012-09-23 19:24 - 00109296 ____A C:\Users\***\AppData\Local\GDIPFONTCACHEV1.DAT
2013-06-12 00:30 - 2013-06-12 00:15 - 00004471 ____A C:\Users\***\Desktop\Gmer.log
2013-06-12 00:29 - 2013-06-11 21:52 - 00060838 ____A C:\Users\***\Desktop\Extras.Txt
2013-06-11 23:12 - 2013-06-11 23:12 - 00377856 ____A C:\Users\***\Desktop\gmer_2.1.19163.exe
2013-06-11 21:52 - 2013-06-11 21:51 - 00061222 ____A C:\Users\***\Downloads\Extras.Txt
2013-06-11 21:38 - 2013-06-11 21:38 - 00602112 ____A (OldTimer Tools) C:\Users\***\Desktop\OTL.exe
2013-06-11 21:37 - 2013-06-11 21:36 - 00000492 ____A C:\Users\***\Downloads\defogger_disable.log
2013-06-11 21:36 - 2013-06-11 21:36 - 00050477 ____A C:\Users\***\Downloads\Defogger.exe
2013-06-11 21:36 - 2013-06-11 21:36 - 00000000 ____A C:\Users\***\defogger_reenable
2013-06-11 21:36 - 2012-09-22 21:54 - 00000000 ____D C:\users\***
2013-06-11 20:42 - 2012-09-24 19:38 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-06-11 20:42 - 2012-09-24 19:38 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-06-11 20:20 - 2013-06-11 20:20 - 00001113 ____A C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-06-11 20:20 - 2013-06-11 20:20 - 00000000 ____D C:\Users\***\AppData\Roaming\Malwarebytes
2013-06-11 20:20 - 2013-06-11 20:20 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-06-11 20:20 - 2013-06-11 20:20 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-06-11 20:17 - 2013-06-11 20:17 - 10285040 ____A (Malwarebytes Corporation ) C:\Users\***\Downloads\mbam-setup-1.75.0.1300.exe
2013-06-09 14:12 - 2012-09-23 19:59 - 00000000 ____D C:\Users\***\AppData\Roaming\MediaMonkey
2013-06-07 19:08 - 2012-09-23 19:55 - 00000000 ____D C:\Users\***\AppData\Roaming\Skype
2013-06-01 16:37 - 2013-02-01 20:55 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-06-01 16:37 - 2012-09-23 19:55 - 00000000 ____D C:\ProgramData\Skype
2013-06-01 11:28 - 2009-07-14 07:08 - 00032640 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-05-31 22:06 - 2012-09-23 20:57 - 00000000 ___RD C:\Users\***\Dropbox
2013-05-31 22:06 - 2012-09-23 20:54 - 00000000 ____D C:\Users\***\AppData\Roaming\Dropbox
2013-05-29 19:28 - 2012-09-23 21:51 - 00000000 ____D C:\Users\***\Documents\Rückmeldungskopien Uni
2013-05-23 21:55 - 2012-12-22 13:33 - 00000315 ____A C:\Users\***\AppData\Roaming\burnaware.ini
2013-05-23 21:55 - 2012-09-23 20:04 - 00000000 ____D C:\Users\***\AppData\Roaming\vlc
2013-05-21 07:58 - 2012-09-23 13:15 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-05-20 10:58 - 2013-05-20 10:57 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-05-20 00:24 - 2013-05-05 18:53 - 00000000 ____D C:\Program Files (x86)\ScummVM
2013-05-20 00:17 - 2013-05-20 00:17 - 00000000 ____D C:\Users\***\Downloads\Baflu02
2013-05-20 00:16 - 2013-05-19 23:54 - 80255886 ____A C:\Users\***\Downloads\Baflu02.part3.rar
2013-05-19 23:54 - 2013-05-19 23:26 - 100000000 ____A C:\Users\***\Downloads\Baflu02.part2.rar
2013-05-19 23:19 - 2013-05-19 22:51 - 100000000 ____A C:\Users\***\Downloads\Baflu02.part1.rar
2013-05-19 14:27 - 2013-05-19 14:27 - 00038244 ____A C:\Users\***\Downloads\Adams-piggyBacClonesAvailable-set1(1).xlsx
2013-05-19 01:12 - 2013-05-19 01:12 - 00038244 ____A C:\Users\***\Downloads\Adams-piggyBacClonesAvailable-set1.xlsx
2013-05-18 23:05 - 2012-12-23 16:43 - 00000000 ____D C:\Program Files\CLC Main Workbench 6
2013-05-18 12:05 - 2013-05-18 12:05 - 00170723 ____A C:\Users\***\Documents\lousberglauf.xps
2013-05-16 20:15 - 2012-09-23 21:42 - 00000000 ____D C:\Users\***\Phd
2013-05-16 18:31 - 2013-05-16 18:31 - 00011817 ____A C:\Users\***\Downloads\Ihre Rücksendung.html
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-06-13 20:25
==================== End Of Log ============================
Bisher hatte ich noch keine weiteren Probleme. Besten Dank und viele Grüße |
|
15.06.2013, 19:30
| #10 |
| /// the machine /// TB-Ausbilder | Win32/Small.CA-Virus - Windows7 Wartungscentermeldung Das von ESET angemeckerte Backup würde ich löschen. Wir sind fertig Die Reihenfolge ist hier entscheidend.
Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
15.06.2013, 21:11
| #11 |
| | Win32/Small.CA-Virus - Windows7 Wartungscentermeldung Hi, ich habe alles durchgeführt und es gab keine Probleme mehr. Bin wirklich erleichtert. Werde deine Tipps bzgl. Sicherheit etc auch durchführen. Das meiste davon, wie Updates und Noscript im firefox habe ich bereits. Vielen vielen Dank für deine Hilfe. Beste Grüße rowley |
|
15.06.2013, 21:12
| #12 |
| /// the machine /// TB-Ausbilder | Win32/Small.CA-Virus - Windows7 Wartungscentermeldung Gern Geschehen
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Win32/Small.CA-Virus - Windows7 Wartungscentermeldung |
| application/pdf:, autorun, avg secure search, bho, entfernen, error, failed, fehlermeldung, firefox, flash player, format, google, helper, iexplore.exe, install.exe, monitor, mozilla, msiexec.exe, ntdll.dll, registry, rundll, scan, secure search, security, senden, services.exe, software, start von windows, svchost.exe, systemprozess, taskhost.exe, udp, windows |
Linear-Darstellung
