| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: TR/Matsnu.EB.98 in C:\Users\marijke\Downloads\Daten_23.01.2013.zipWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
27.01.2013, 21:05
| #1 |
| |  TR/Matsnu.EB.98 in C:\Users\marijke\Downloads\Daten_23.01.2013.zip hallo zusammen, auf unserem familien-pc befindet sich oben genannter trojaner. leider durch das öffnen eines emailanhangs eingefangen. habe bis jetzt das antivir programm laufen lassen. Die infizierte Datei wurde in Quarantäne verschoben. Malwarebytes hat keinen Fund ergeben. Könnt ihr mir helfen den PC zu reinigen? Vielen Dank und Grüße |
|
28.01.2013, 13:18
| #2 |
| /// Malware-holic   | TR/Matsnu.EB.98 in C:\Users\marijke\Downloads\Daten_23.01.2013.zip hi
__________________wurde der pc gesperrt? Bitte sendet uns in Zukunft spam mails zu, wie das geht steht in meiner signatur. Bitte warne Freunde, bekannte, Kolegen etc vor Spams mit Flugbestätiigungen, Rechnungen, manungen, postwurfsendungen. Sie können fakes sein, insbesondere wenn rechtschreib bzw ausdrucksfehler zu finden sind. Jeder, der eine solche oder ähnliche spam mail erhält, sollte die an uns weiterleiten, gib ihnen also meine mailadresse. Jeder dieser Freunde, Bekannten etc sollte seine Freunde bekannte usw, warnen, und ihnen unsere Adresse geben. Jeder, der soziale Netzwerke nutzt, sollte die Warnung sammt unserer adresese dort posten, mit bitte den Post zu Teilen. Wenn du mehr bekommst, gerne her damit!
__________________ |
|
28.01.2013, 18:58
| #3 |
| | TR/Matsnu.EB.98 in C:\Users\marijke\Downloads\Daten_23.01.2013.zip hallo,
__________________die mail haben wir leider nicht mehr. meine frau hatte sie direkt gelöscht. der pc ist nicht gesperrt. bis jetzt habe ich noch keine verschlüsselungen oder sonstiges gesichtet. alles läuft normal. ich habe folgende logfiles: OTL Logfile: OTL EXTRAS Logfile: Code:
ATTFilter OTL logfile created on: 1/27/2013 9:35:08 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\marijke\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3.86 Gb Total Physical Memory | 2.41 Gb Available Physical Memory | 62.29% Memory free 7.73 Gb Paging File | 6.07 Gb Available in Paging File | 78.59% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 179.00 Gb Total Space | 98.14 Gb Free Space | 54.82% Space Free | Partition Type: NTFS Drive D: | 266.66 Gb Total Space | 264.01 Gb Free Space | 99.01% Space Free | Partition Type: NTFS Computer Name: MARIJKE-PC | User Name: marijke | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013/01/27 21:34:47 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\marijke\Downloads\OTL.exe PRC - [2013/01/20 20:29:18 | 028,539,272 | ---- | M] (Dropbox, Inc.) -- C:\Users\marijke\AppData\Roaming\Dropbox\bin\Dropbox.exe PRC - [2013/01/19 11:45:05 | 000,917,400 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2012/09/23 20:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012/08/08 18:12:26 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2012/05/10 19:39:10 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2012/05/10 19:39:10 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2012/03/20 23:23:33 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe PRC - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe PRC - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe PRC - [2010/06/08 08:39:00 | 000,847,360 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe PRC - [2010/05/06 07:44:44 | 001,749,504 | ---- | M] (SAMSUNG Electronics) -- C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe PRC - [2010/03/11 00:22:04 | 000,599,408 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe PRC - [2010/03/11 00:21:16 | 000,300,400 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\concentr.exe PRC - [2010/02/28 01:33:14 | 000,077,664 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe PRC - [2010/01/19 03:34:48 | 002,201,192 | ---- | M] (SEC) -- C:\Program Files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe PRC - [2009/10/13 11:03:04 | 000,716,800 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe PRC - [2009/06/03 12:59:02 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe PRC - [2009/04/15 15:52:06 | 000,091,432 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe PRC - [2009/03/05 10:54:50 | 000,311,296 | ---- | M] () -- C:\Windows\SysWOW64\Rezip.exe ========== Modules (No Company Name) ========== MOD - [2013/01/19 11:45:05 | 003,022,232 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll MOD - [2010/02/28 01:33:14 | 000,077,664 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe MOD - [2009/06/03 12:59:14 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll MOD - [2009/06/03 12:59:02 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll MOD - [2006/08/12 04:48:40 | 000,049,152 | ---- | M] () -- C:\Program Files (x86)\Samsung\Easy Display Manager\HookDllPS2.dll ========== Services (SafeList) ========== SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV - [2013/01/19 11:45:05 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012/11/09 11:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012/09/23 20:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012/05/10 19:39:10 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012/05/10 19:39:10 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa) SRV - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist) SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009/03/05 10:54:50 | 000,311,296 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\Rezip.exe -- (Rezip) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012/05/10 19:39:10 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012/05/10 19:39:10 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011/12/15 15:00:00 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2011/10/01 08:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol) DRV:64bit: - [2011/10/01 08:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay) DRV:64bit: - [2011/10/01 08:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir) DRV:64bit: - [2011/10/01 08:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs) DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010/11/20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010/11/20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010/06/10 20:45:38 | 001,605,632 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2010/04/28 07:57:50 | 000,061,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr) DRV:64bit: - [2010/04/27 08:57:04 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2010/02/27 01:32:12 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd) DRV:64bit: - [2010/02/26 19:32:58 | 000,316,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2009/10/05 10:08:44 | 000,087,600 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ctxusbm.sys -- (ctxusbm) DRV:64bit: - [2009/09/28 10:22:00 | 000,395,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7) DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/06/27 15:55:10 | 000,083,488 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2009/06/10 21:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2009/06/10 21:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009/05/28 07:38:04 | 000,013,824 | ---- | M] (SAMSUNG ELECTRONICS) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SABI.sys -- (SABI) DRV - [2010/09/28 02:17:43 | 000,015,144 | ---- | M] (Windows (R) 2003 DDK 3790 provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\rtport.sys -- (rtport) DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://samsung.msn.com IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=SMSTDF&pc=MASM&src=IE-SearchBox IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://samsung.msn.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://samsung.msn.com IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{73F4BC34-40C8-4C4B-B8F5-A5A42037DB4A}: "URL" = hxxp://de.search.yahoo.com/search?fr=mcafee&p={SearchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Sichere Suche" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..extensions.enabledAddons: DivXWebPlayer%40divx.com:2.0.2.039 FF - prefs.js..extensions.enabledAddons: groovesharkUnlocker%40overlord1337:1.3 FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0035-ABCDEFFEDCBA%7D:6.0.35 FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0037-ABCDEFFEDCBA%7D:6.0.37 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1 FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=mcafee&p=" FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.2.72: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.2.72: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.2.72: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.2.72: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.2.72: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/03/20 23:23:48 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/01/19 11:45:06 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/01/19 11:45:02 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/01/19 11:45:06 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/01/19 11:45:02 | 000,000,000 | ---D | M] [2011/04/26 20:22:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\marijke\AppData\Roaming\mozilla\Extensions [2012/11/24 01:02:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\marijke\AppData\Roaming\mozilla\Firefox\Profiles\g5vsxj7g.default\extensions [2012/02/09 22:44:07 | 000,550,833 | ---- | M] () (No name found) -- C:\Users\marijke\AppData\Roaming\mozilla\firefox\profiles\g5vsxj7g.default\extensions\DivXWebPlayer@divx.com.xpi [2012/11/13 22:01:21 | 000,029,022 | ---- | M] () (No name found) -- C:\Users\marijke\AppData\Roaming\mozilla\firefox\profiles\g5vsxj7g.default\extensions\groovesharkUnlocker@overlord1337.xpi [2012/07/07 11:29:23 | 000,129,384 | ---- | M] () (No name found) -- C:\Users\marijke\AppData\Roaming\mozilla\firefox\profiles\g5vsxj7g.default\extensions\SciLorsGrooveUnlocker@scilor.com.xpi [2012/11/24 01:02:10 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\marijke\AppData\Roaming\mozilla\firefox\profiles\g5vsxj7g.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013/01/19 11:45:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013/01/19 11:45:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2013/01/19 11:45:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2013/01/19 11:45:06 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2010/03/11 00:01:02 | 000,124,272 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\CCMSDK.dll [2010/03/11 00:02:52 | 000,070,512 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\CgpCore.dll [2010/03/11 00:01:48 | 000,091,504 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\confmgr.dll [2010/03/11 00:01:24 | 000,022,384 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\ctxlogging.dll [2010/03/11 00:40:56 | 000,423,248 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\npicaN.dll [2010/03/11 00:02:48 | 000,023,920 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\TcpPServ.dll [2012/06/26 21:16:01 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012/08/31 05:11:44 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012/06/26 21:16:01 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012/06/26 21:16:01 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2011/04/27 21:58:55 | 000,001,952 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\McSiteAdvisor.xml [2012/06/26 21:16:01 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012/06/26 21:16:01 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: hxxp://www.google.com CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\marijke\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\ O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\windows\SysNative\NvCpl.dll (NVIDIA Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files (x86)\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.) O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe (CyberLink Corp.) O4 - HKLM..\Run: [RemoteControl8] C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.) O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdatePDRShortCut] C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdatePPShortCut] C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - Startup: C:\Users\marijke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\marijke\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{498325C2-6FD4-44A8-AA57-C816289ADE0A}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5F96EEFF-043E-470A-85AA-1D0C59A2263E}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{92071B0F-B1C4-4A63-AA34-2BC15A05C928}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18:64bit: - Protocol\Filter\application/x-ica - No CLSID value found O18:64bit: - Protocol\Filter\ica - No CLSID value found O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013/01/27 20:42:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013/01/27 20:42:56 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys [2013/01/27 20:42:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013/01/24 10:45:25 | 000,000,000 | ---D | C] -- C:\Users\marijke\AppData\Local\Programs [2013/01/19 11:45:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox ========== Files - Modified Within 30 Days ========== [2013/01/27 21:34:11 | 000,000,000 | ---- | M] () -- C:\Users\marijke\defogger_reenable [2013/01/27 21:13:15 | 001,500,294 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI [2013/01/27 21:13:15 | 000,654,852 | ---- | M] () -- C:\windows\SysNative\perfh007.dat [2013/01/27 21:13:15 | 000,616,694 | ---- | M] () -- C:\windows\SysNative\perfh009.dat [2013/01/27 21:13:15 | 000,130,434 | ---- | M] () -- C:\windows\SysNative\perfc007.dat [2013/01/27 21:13:15 | 000,106,816 | ---- | M] () -- C:\windows\SysNative\perfc009.dat [2013/01/27 19:55:38 | 000,013,936 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013/01/27 19:55:38 | 000,013,936 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013/01/27 19:47:45 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2013/01/27 19:47:38 | 4148,744,192 | -HS- | M] () -- C:\hiberfil.sys [2013/01/26 14:30:42 | 000,001,053 | ---- | M] () -- C:\Users\marijke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2013/01/26 14:30:29 | 000,001,025 | ---- | M] () -- C:\Users\marijke\Desktop\Dropbox.lnk [2013/01/11 10:11:22 | 000,277,680 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT [2013/01/03 10:28:07 | 000,052,311 | ---- | M] () -- C:\Users\marijke\Documents\rechnung kfz rokko.pdf ========== Files Created - No Company Name ========== [2013/01/27 21:34:11 | 000,000,000 | ---- | C] () -- C:\Users\marijke\defogger_reenable [2013/01/03 10:28:07 | 000,052,311 | ---- | C] () -- C:\Users\marijke\Documents\rechnung kfz rokko.pdf [2012/03/31 09:52:57 | 000,000,908 | ---- | C] () -- C:\windows\wiso.ini [2011/04/28 09:34:28 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2011/04/21 09:37:07 | 001,527,912 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI [2011/04/19 13:06:35 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe ========== ZeroAccess Check ========== [2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012/11/05 20:42:07 | 000,000,000 | ---D | M] -- C:\Users\marijke\AppData\Roaming\Belastingdienst [2012/03/31 09:54:10 | 000,000,000 | ---D | M] -- C:\Users\marijke\AppData\Roaming\Buhl Data Service [2013/01/27 19:48:37 | 000,000,000 | ---D | M] -- C:\Users\marijke\AppData\Roaming\Dropbox [2011/09/08 14:15:01 | 000,000,000 | ---D | M] -- C:\Users\marijke\AppData\Roaming\FreeFLVConverter [2012/01/11 00:28:20 | 000,000,000 | ---D | M] -- C:\Users\marijke\AppData\Roaming\ICAClient [2011/09/12 11:10:19 | 000,000,000 | ---D | M] -- C:\Users\marijke\AppData\Roaming\Orbit [2011/09/08 13:38:54 | 000,000,000 | ---D | M] -- C:\Users\marijke\AppData\Roaming\ProgSense [2011/06/02 13:37:16 | 000,000,000 | ---D | M] -- C:\Users\marijke\AppData\Roaming\Radmin [2013/01/27 16:20:43 | 000,000,000 | ---D | M] -- C:\Users\marijke\AppData\Roaming\SoftGrid Client [2011/04/21 09:38:20 | 000,000,000 | ---D | M] -- C:\Users\marijke\AppData\Roaming\TP ========== Purity Check ========== < End of report > OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 1/27/2013 9:35:08 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\marijke\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3.86 Gb Total Physical Memory | 2.41 Gb Available Physical Memory | 62.29% Memory free
7.73 Gb Paging File | 6.07 Gb Available in Paging File | 78.59% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 179.00 Gb Total Space | 98.14 Gb Free Space | 54.82% Space Free | Partition Type: NTFS
Drive D: | 266.66 Gb Total Space | 264.01 Gb Free Space | 99.01% Space Free | Partition Type: NTFS
Computer Name: MARIJKE-PC | User Name: marijke | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [CEWE FOTOSCHAU] -- "C:\Program Files\Mein CEWE FOTOBUCH\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Mein CEWE FOTOBUCH] -- "C:\Program Files\Mein CEWE FOTOBUCH\Mein CEWE FOTOBUCH.exe" "%1" ()
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [CEWE FOTOSCHAU] -- "C:\Program Files\Mein CEWE FOTOBUCH\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Mein CEWE FOTOBUCH] -- "C:\Program Files\Mein CEWE FOTOBUCH\Mein CEWE FOTOBUCH.exe" "%1" ()
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08C6D1B2-7F49-4A39-AF32-E99A95D2B07D}" = rport=138 | protocol=17 | dir=out | app=system |
"{08F155A7-B157-4087-8DA2-0574F578633E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{32D469AE-4A65-4279-917F-076C18D355B7}" = rport=139 | protocol=6 | dir=out | app=system |
"{34A9EC7C-B14A-48B2-91CC-86987F678608}" = rport=10243 | protocol=6 | dir=out | app=system |
"{47ACC041-CA4F-486E-B485-ADAE4FB3B65B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{4C4DBCAB-9BAC-41D7-A942-BD1582A4F9F8}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{57A298F4-A108-49E4-A12B-0196497137AE}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{5DDAAD7A-E48F-417D-9556-55B487405711}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{69585953-D3DA-40C3-9FF3-BC2F1E7F9395}" = lport=2869 | protocol=6 | dir=in | app=system |
"{7099478B-B3D6-4364-A12D-933F8F3DB4DA}" = rport=137 | protocol=17 | dir=out | app=system |
"{78847971-13E1-4498-8D66-46048E0B321D}" = lport=10243 | protocol=6 | dir=in | app=system |
"{7D46C081-EE4C-47E5-B768-A936FAB6B296}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{80E1DBE4-4D81-4F83-AC18-23D0B70640CC}" = lport=139 | protocol=6 | dir=in | app=system |
"{81683327-42EB-49B9-91BE-BF5F81FFA6E8}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{821CAF31-5E24-4F06-A11B-640A36CF7790}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{853DE4DE-937C-4EC9-837D-E5A76BEACE6F}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A0FE82B3-1407-43E4-8C0B-9E5651FEF8C1}" = lport=445 | protocol=6 | dir=in | app=system |
"{A536A900-1CDC-4ACF-85F3-901AF7594448}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AAD76EF7-CBA5-4CFD-951E-65CD6DAA660D}" = rport=445 | protocol=6 | dir=out | app=system |
"{AC1435AA-6ADA-4E97-B5BE-07F670C10D1F}" = lport=138 | protocol=17 | dir=in | app=system |
"{D0FC9B96-95F1-44CC-9CDA-E57C2C72C188}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E83E5F40-589C-4A4B-8E41-51D86763631F}" = lport=137 | protocol=17 | dir=in | app=system |
"{E9E516C7-FEA7-4E25-935B-6DCEDBA11301}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F572339A-9FEE-47D4-ABA5-9BAD800C56FB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{FB2D05C7-94C8-4443-8311-E92A82992178}" = lport=2869 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0052185F-4EC0-4155-90E8-B4AC671186E4}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{13D664E8-A134-4759-B79E-DF3F8CAE2C1C}" = dir=in | app=c:\program files (x86)\common files\mcafee\mna\mcnasvc.exe |
"{1643874B-7FC9-4977-AEE5-E62B8869F6DE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{164878DB-CE67-49F0-98FE-7080FAE0985A}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{16968817-39FF-440D-A0BF-691DF4DD6B0A}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{204C93D5-E461-48B2-858C-02F1E9B3C9C9}" = protocol=6 | dir=out | app=system |
"{310EDACB-5FC7-4F05-9308-B1C804BC8BB3}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd8\powerdvd8.exe |
"{373277FC-1F17-421C-839C-8AFDAE5634C9}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{59A44EBE-6109-4507-B73C-E37290341B75}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{5A4CB546-335C-47B2-AF36-60D559FD276A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{5A85BD03-0DC5-4F27-8EBF-3637D4B07201}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6C270682-6AB3-4BC9-90B0-75A57B49332D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7079E61F-8ACD-42FB-8A9D-730AA8CE67A9}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{70B228C3-FC7A-4F43-A471-37D9490D9334}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{8C535ED5-7FE8-4AF2-A924-4E38313EF381}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{92093D6A-87FA-43BC-8470-F947BC03B480}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{9A273E8B-70E0-406E-AB84-6D935747A455}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{A7A38D60-2EBB-4D95-A434-856B9A905B86}" = protocol=6 | dir=in | app=c:\users\marijke\appdata\roaming\dropbox\bin\dropbox.exe |
"{A8916D8D-F609-40D8-BAF7-27C4AF71F10A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A8A8D3AF-1AE2-4E16-B58B-67DFE38A2B6F}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{BE69FC28-6D2C-490E-9B17-BE3071076C72}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{CE979443-744A-42EE-971C-615DD432484D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{EE267265-DB67-4D5F-B65F-249D07A7374C}" = protocol=17 | dir=in | app=c:\users\marijke\appdata\roaming\dropbox\bin\dropbox.exe |
"{EE5C6888-9A1A-41C6-83B1-9E38C4D0A8B3}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F1C06C51-379A-4301-93B4-40EDE8E10C56}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |
"{F67101E5-4E19-4E8B-A9AD-FC7EC41CDBDE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F9B042C5-0303-4F4A-B9DB-86A0465CC18E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FA25ACA3-F742-4CBD-87A6-04FAD0FFCF6D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{41F91FA3-E565-47C9-8372-D04A69C69903}C:\program files (x86)\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe |
"TCP Query User{4BB767B6-B81F-4D8C-8C22-1FED204F622D}C:\program files (x86)\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\adv\sopadver.exe |
"TCP Query User{52BCDBEF-AAA2-442A-88E0-F7E0BFC77926}C:\program files (x86)\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\adv\sopadver.exe |
"TCP Query User{8533A807-0D6F-4CC9-80D2-5E67AB41E32A}D:\jens ordner\spiele\anno1701.exe" = protocol=6 | dir=in | app=d:\jens ordner\spiele\anno1701.exe |
"TCP Query User{E195E189-E006-48E4-8AB7-D5B38201BE03}C:\program files (x86)\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=c:\program files (x86)\orbitdownloader\orbitnet.exe |
"TCP Query User{E2F4986E-D483-40FF-9430-28B72BA3EA6E}C:\program files (x86)\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe |
"TCP Query User{FAA76525-0529-43FB-991F-D7B2C119A3AF}C:\users\marijke\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\marijke\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{3B8E5D49-A2C1-4A95-B8B7-A4105CDA284D}C:\users\marijke\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\marijke\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{4A9AAF2F-3AF8-4B0A-811D-602EB41CE897}D:\jens ordner\spiele\anno1701.exe" = protocol=17 | dir=in | app=d:\jens ordner\spiele\anno1701.exe |
"UDP Query User{57F9C29F-D671-4BA5-A368-64DC027F61E6}C:\program files (x86)\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\adv\sopadver.exe |
"UDP Query User{59FC6236-6D9F-4DCE-B02B-C96C37B8B83C}C:\program files (x86)\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=c:\program files (x86)\orbitdownloader\orbitnet.exe |
"UDP Query User{5B01301A-9E41-4FE5-A47B-3C6E51D3A10D}C:\program files (x86)\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\adv\sopadver.exe |
"UDP Query User{5B328530-8BA3-4E72-9518-35975F7CAA24}C:\program files (x86)\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe |
"UDP Query User{DCB6AD5E-94C4-4494-8B70-C8CA13920F7E}C:\program files (x86)\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{17B77355-3934-4D0E-8FAC-C420482C8E7D}" = Windows Live Family Safety
"{1A8BA6CE-822D-4888-89E2-ACBF4308F271}" = Intel(R) PROSet/Wireless WiFi Software
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"NVIDIA Drivers" = NVIDIA Drivers
"ProInst" = Intel PROSet Wireless
"SynTPDeinstKey" = Synaptics Pointing Device Driver
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{023D64D7-E7B4-47C7-BE6E-B7C2E8960D08}" = Citrix Online Plug-in (Web)
"{02F0B8AE-7501-4333-AFBE-6BAABFEC7637}" = WISO Steuer 2011
"{0F796312-289C-40CA-856C-9FBCF5E83342}" = REALTEK Wireless LAN Software
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution 4
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2517B7EA-6C03-4D86-A1B1-F3FE1C3BC03B}" = Radmin Viewer 3.4
"{26A24AE4-039D-4CA4-87B4-2F83216035FF}" = Java(TM) 6 Update 37
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3EED7541-55F8-4DC6-B9CD-28762D71310E}" = Samsung R-Series
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A331D24-A9E8-484F-835E-1BA7B139689C}" = EasyBatteryManager
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6F8EAC65-314D-4D86-9557-BC9312AACCB0}" = Citrix Online Plug-in (USB)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{74A579FB-EB06-497D-B194-01590D6FE51A}" = BatteryLifeExtender
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{8144262B-25B4-44F6-8204-FCC8EF50179F}" = Citrix Online Plug-in (DV)
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2433A63-5F5D-40E5-B529-9123C2B3E734}" = Anno 1701
"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI - Deutsch
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{D1434266-0486-4469-B338-A60082CC04E1}" = Atheros Client Installation Program
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}" = Samsung Update Plus
"{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel(R) Turbo Boost Technology Driver
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{EA74A293-3FAC-4D1B-AE3A-3BD47FADDC20}" = Citrix Online Plug-in (HDX)
"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F687E657-F636-44DF-8125-9FEEA2C362F5}" = Samsung Support Center
"{F9557866-B4C8-4CE5-8508-0E386BDC20B2}" = Easy Network Manager
"2476-8030-0924-5048" = Miniplan 3.1.5
"Aangifte voor buitenlandse belastingplichtigen 2011" = Aangifte voor buitenlandse belastingplichtigen 2011
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AudibleManager" = AudibleManager
"Avira AntiVir Desktop" = Avira Free Antivirus
"CitrixOnlinePluginPackWeb" = Citrix Online Plug-in - Web
"Free FLV Converter_is1" = Free FLV Converter V 7.0.0
"Huur- en zorgtoeslag 2011" = Huur- en zorgtoeslag 2011
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Marvell Miniport Driver" = Marvell Miniport Driver
"Mein CEWE FOTOBUCH" = Mein CEWE FOTOBUCH
"Mozilla Firefox 18.0.1 (x86 de)" = Mozilla Firefox 18.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"RealPlayer 15.0" = RealPlayer
"SopCast" = SopCast 3.4.0
"VLC media player" = VLC media player 1.1.11
"WinLiveSuite_Wave3" = Windows Live Essentials
"YTdetect" = Yahoo! Detect
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 8/14/2012 2:43:21 PM | Computer Name = marijke-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
"c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile 8. Die
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
überein. Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Verwenden Sie
das Programm "sxstrace.exe" für eine detaillierte Diagnose.
Error - 8/14/2012 3:36:58 PM | Computer Name = marijke-PC | Source = System Restore | ID = 8193
Description =
Error - 8/14/2012 3:36:58 PM | Computer Name = marijke-PC | Source = System Restore | ID = 8211
Description =
Error - 8/16/2012 3:40:45 AM | Computer Name = marijke-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
"c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile 8. Die
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
überein. Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Verwenden Sie
das Programm "sxstrace.exe" für eine detaillierte Diagnose.
Error - 8/16/2012 6:54:39 AM | Computer Name = marijke-PC | Source = CVHSVC | ID = 100
Description = Nur zur Information. (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
DownloadLatest Failed:
Error - 8/23/2012 2:18:22 PM | Computer Name = marijke-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
"c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile 8. Die
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
überein. Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Verwenden Sie
das Programm "sxstrace.exe" für eine detaillierte Diagnose.
Error - 8/28/2012 10:20:38 AM | Computer Name = marijke-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
"c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile 8. Die
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
überein. Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Verwenden Sie
das Programm "sxstrace.exe" für eine detaillierte Diagnose.
Error - 8/30/2012 9:12:55 AM | Computer Name = marijke-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
"c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile 8. Die
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
überein. Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Verwenden Sie
das Programm "sxstrace.exe" für eine detaillierte Diagnose.
Error - 9/8/2012 7:13:37 AM | Computer Name = marijke-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
"c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile 8. Die
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
überein. Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Verwenden Sie
das Programm "sxstrace.exe" für eine detaillierte Diagnose.
Error - 9/13/2012 3:02:16 AM | Computer Name = marijke-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 15.0.1.4631 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 124c Startzeit:
01cd917c8f5add70 Endzeit: 310 Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Berichts-ID:
d7c23092-fd70-11e1-97fe-002454cda343
[ System Events ]
Error - 11/24/2012 4:08:29 PM | Computer Name = marijke-PC | Source = cdrom | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\CdRom0 gefunden.
Error - 11/24/2012 4:08:36 PM | Computer Name = marijke-PC | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
Error - 11/24/2012 4:08:42 PM | Computer Name = marijke-PC | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
Error - 11/24/2012 4:08:49 PM | Computer Name = marijke-PC | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
Error - 11/24/2012 4:08:58 PM | Computer Name = marijke-PC | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
Error - 11/24/2012 4:09:15 PM | Computer Name = marijke-PC | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
Error - 1/1/2013 9:09:58 AM | Computer Name = marijke-PC | Source = DCOM | ID = 10010
Description =
Error - 1/26/2013 9:26:07 AM | Computer Name = marijke-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Windows Search erreicht.
Error - 1/26/2013 9:26:10 AM | Computer Name = marijke-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht
gestartet: %%1053
Error - 1/26/2013 9:26:10 AM | Computer Name = marijke-PC | Source = DCOM | ID = 10005
Description =
< End of report >
--- --- --- |
|
28.01.2013, 19:07
| #4 |
| | TR/Matsnu.EB.98 in C:\Users\marijke\Downloads\Daten_23.01.2013.zip wir werden alle leute warnen und deine adresse weitergeben. ich habe auf irgendeiner seite hier gelesen, dass man diese logfiles erstellen und posten soll. korrekt? folgendes habe ich noch: Code:
ATTFilter GMER 2.0.18444 - hxxp://www.gmer.net
Rootkit scan 2013-01-27 22:09:14
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD50 rev.01.0 465,76GB
Running: gmer-2.0.18444.exe; Driver: C:\Users\marijke\AppData\Local\Temp\afdiifod.sys
---- User code sections - GMER 2.0 ----
.text C:\Users\marijke\AppData\Roaming\Dropbox\bin\Dropbox.exe[1672] C:\windows\syswow64\Psapi.dll!GetModuleFileNameExW + 17 0000000076841401 2 bytes [84, 76]
.text C:\Users\marijke\AppData\Roaming\Dropbox\bin\Dropbox.exe[1672] C:\windows\syswow64\Psapi.dll!EnumProcessModules + 17 0000000076841419 2 bytes [84, 76]
.text C:\Users\marijke\AppData\Roaming\Dropbox\bin\Dropbox.exe[1672] C:\windows\syswow64\Psapi.dll!GetModuleInformation + 17 0000000076841431 2 bytes [84, 76]
.text C:\Users\marijke\AppData\Roaming\Dropbox\bin\Dropbox.exe[1672] C:\windows\syswow64\Psapi.dll!GetModuleInformation + 42 000000007684144a 2 bytes [84, 76]
.text ... * 9
.text C:\Users\marijke\AppData\Roaming\Dropbox\bin\Dropbox.exe[1672] C:\windows\syswow64\Psapi.dll!EnumDeviceDrivers + 17 00000000768414dd 2 bytes [84, 76]
.text C:\Users\marijke\AppData\Roaming\Dropbox\bin\Dropbox.exe[1672] C:\windows\syswow64\Psapi.dll!GetDeviceDriverBaseNameA + 17 00000000768414f5 2 bytes [84, 76]
.text C:\Users\marijke\AppData\Roaming\Dropbox\bin\Dropbox.exe[1672] C:\windows\syswow64\Psapi.dll!QueryWorkingSetEx + 17 000000007684150d 2 bytes [84, 76]
.text C:\Users\marijke\AppData\Roaming\Dropbox\bin\Dropbox.exe[1672] C:\windows\syswow64\Psapi.dll!GetDeviceDriverBaseNameW + 17 0000000076841525 2 bytes [84, 76]
.text C:\Users\marijke\AppData\Roaming\Dropbox\bin\Dropbox.exe[1672] C:\windows\syswow64\Psapi.dll!GetModuleBaseNameW + 17 000000007684153d 2 bytes [84, 76]
.text C:\Users\marijke\AppData\Roaming\Dropbox\bin\Dropbox.exe[1672] C:\windows\syswow64\Psapi.dll!EnumProcesses + 17 0000000076841555 2 bytes [84, 76]
.text C:\Users\marijke\AppData\Roaming\Dropbox\bin\Dropbox.exe[1672] C:\windows\syswow64\Psapi.dll!GetProcessMemoryInfo + 17 000000007684156d 2 bytes [84, 76]
.text C:\Users\marijke\AppData\Roaming\Dropbox\bin\Dropbox.exe[1672] C:\windows\syswow64\Psapi.dll!GetPerformanceInfo + 17 0000000076841585 2 bytes [84, 76]
.text C:\Users\marijke\AppData\Roaming\Dropbox\bin\Dropbox.exe[1672] C:\windows\syswow64\Psapi.dll!QueryWorkingSet + 17 000000007684159d 2 bytes [84, 76]
.text C:\Users\marijke\AppData\Roaming\Dropbox\bin\Dropbox.exe[1672] C:\windows\syswow64\Psapi.dll!GetModuleBaseNameA + 17 00000000768415b5 2 bytes [84, 76]
.text C:\Users\marijke\AppData\Roaming\Dropbox\bin\Dropbox.exe[1672] C:\windows\syswow64\Psapi.dll!GetModuleFileNameExA + 17 00000000768415cd 2 bytes [84, 76]
.text C:\Users\marijke\AppData\Roaming\Dropbox\bin\Dropbox.exe[1672] C:\windows\syswow64\Psapi.dll!GetProcessImageFileNameW + 20 00000000768416b2 2 bytes [84, 76]
.text C:\Users\marijke\AppData\Roaming\Dropbox\bin\Dropbox.exe[1672] C:\windows\syswow64\Psapi.dll!GetProcessImageFileNameW + 31 00000000768416bd 2 bytes [84, 76]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2476] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076841401 2 bytes [84, 76]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2476] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076841419 2 bytes [84, 76]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2476] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076841431 2 bytes [84, 76]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2476] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007684144a 2 bytes [84, 76]
.text ... * 9
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2476] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000768414dd 2 bytes [84, 76]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2476] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000768414f5 2 bytes [84, 76]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2476] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007684150d 2 bytes [84, 76]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2476] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076841525 2 bytes [84, 76]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2476] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007684153d 2 bytes [84, 76]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2476] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076841555 2 bytes [84, 76]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2476] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007684156d 2 bytes [84, 76]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2476] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076841585 2 bytes [84, 76]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2476] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007684159d 2 bytes [84, 76]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2476] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000768415b5 2 bytes [84, 76]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2476] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000768415cd 2 bytes [84, 76]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2476] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000768416b2 2 bytes [84, 76]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2476] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000768416bd 2 bytes [84, 76]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3444] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076841401 2 bytes [84, 76]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3444] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076841419 2 bytes [84, 76]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3444] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076841431 2 bytes [84, 76]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3444] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007684144a 2 bytes [84, 76]
.text ... * 9
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3444] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000768414dd 2 bytes [84, 76]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3444] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000768414f5 2 bytes [84, 76]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3444] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007684150d 2 bytes [84, 76]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3444] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076841525 2 bytes [84, 76]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3444] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007684153d 2 bytes [84, 76]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3444] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076841555 2 bytes [84, 76]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3444] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007684156d 2 bytes [84, 76]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3444] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076841585 2 bytes [84, 76]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3444] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007684159d 2 bytes [84, 76]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3444] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000768415b5 2 bytes [84, 76]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3444] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000768415cd 2 bytes [84, 76]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3444] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000768416b2 2 bytes [84, 76]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3444] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000768416bd 2 bytes [84, 76]
.text C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE[4596] C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE!?SparseBitMask@DataSourceDescription@FlexUI@@2HB + 960 000000002da45984 4 bytes [DB, 56, 18, F6]
.text C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE[4596] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076841401 2 bytes [84, 76]
.text C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE[4596] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076841419 2 bytes [84, 76]
.text C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE[4596] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076841431 2 bytes [84, 76]
.text C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE[4596] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007684144a 2 bytes [84, 76]
.text ... * 9
.text C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE[4596] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000768414dd 2 bytes [84, 76]
.text C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE[4596] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000768414f5 2 bytes [84, 76]
.text C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE[4596] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007684150d 2 bytes [84, 76]
.text C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE[4596] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076841525 2 bytes [84, 76]
.text C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE[4596] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007684153d 2 bytes [84, 76]
.text C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE[4596] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076841555 2 bytes [84, 76]
.text C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE[4596] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007684156d 2 bytes [84, 76]
.text C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE[4596] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076841585 2 bytes [84, 76]
.text C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE[4596] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007684159d 2 bytes [84, 76]
.text C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE[4596] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000768415b5 2 bytes [84, 76]
.text C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE[4596] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000768415cd 2 bytes [84, 76]
.text C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE[4596] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000768416b2 2 bytes [84, 76]
.text C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE[4596] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000768416bd 2 bytes [84, 76]
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4984] C:\windows\SysWOW64\ntdll.dll!NtClose 0000000077c1f9c0 5 bytes JMP 00000001721f5f49
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4984] C:\windows\SysWOW64\ntdll.dll!NtQueryObject 0000000077c1f9d8 5 bytes JMP 00000001721f6411
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4984] C:\windows\SysWOW64\ntdll.dll!NtOpenKey 0000000077c1fa08 5 bytes JMP 00000001721f016d
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4984] C:\windows\SysWOW64\ntdll.dll!NtEnumerateValueKey 0000000077c1fa20 5 bytes JMP 00000001721efbca
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4984] C:\windows\SysWOW64\ntdll.dll!NtQueryKey 0000000077c1fa70 5 bytes JMP 00000001721efa44
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4984] C:\windows\SysWOW64\ntdll.dll!NtQueryValueKey 0000000077c1fa88 2 bytes JMP 00000001721efb52
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4984] C:\windows\SysWOW64\ntdll.dll!NtQueryValueKey + 3 0000000077c1fa8b 2 bytes [5D, FA]
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4984] C:\windows\SysWOW64\ntdll.dll!NtCreateKey 0000000077c1fb20 5 bytes JMP 00000001721f0424
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4984] C:\windows\SysWOW64\ntdll.dll!NtSetInformationFile 0000000077c1fc18 5 bytes JMP 00000001721f4369
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4984] C:\windows\SysWOW64\ntdll.dll!NtEnumerateKey 0000000077c1fd2c 5 bytes JMP 00000001721ef9cc
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4984] C:\windows\SysWOW64\ntdll.dll!NtOpenFile 0000000077c1fd44 5 bytes JMP 00000001721f4959
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4984] C:\windows\SysWOW64\ntdll.dll!NtQueryDirectoryFile 0000000077c1fd78 5 bytes JMP 00000001721f39de
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4984] C:\windows\SysWOW64\ntdll.dll!NtDuplicateObject 0000000077c1fe24 5 bytes JMP 00000001721f5fc4
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4984] C:\windows\SysWOW64\ntdll.dll!NtQueryAttributesFile 0000000077c1fe3c 5 bytes JMP 00000001721f4adb
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4984] C:\windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077c20094 5 bytes JMP 00000001721f4791
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4984] C:\windows\SysWOW64\ntdll.dll!NtSetValueKey 0000000077c201a4 5 bytes JMP 00000001721efc42
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4984] C:\windows\SysWOW64\ntdll.dll!NtDeleteFile 0000000077c209c4 5 bytes JMP 00000001721f4584
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4984] C:\windows\SysWOW64\ntdll.dll!NtDeleteKey 0000000077c209dc 5 bytes JMP 00000001721ecc5b
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4984] C:\windows\SysWOW64\ntdll.dll!NtDeleteValueKey 0000000077c20a24 5 bytes JMP 00000001721ecd29
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4984] C:\windows\SysWOW64\ntdll.dll!NtFlushKey 0000000077c20b60 5 bytes JMP 00000001721eccc2
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4984] C:\windows\SysWOW64\ntdll.dll!NtNotifyChangeKey 0000000077c20f50 5 bytes JMP 00000001721efcba
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4984] C:\windows\SysWOW64\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c20f68 5 bytes JMP 00000001721eff45
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4984] C:\windows\SysWOW64\ntdll.dll!NtOpenKeyEx 0000000077c20ff8 5 bytes JMP 00000001721f01fd
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4984] C:\windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile 0000000077c2131c 5 bytes JMP 00000001721f4b6b
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4984] C:\windows\SysWOW64\ntdll.dll!NtQueryMultipleValueKey 0000000077c2145c 5 bytes JMP 00000001721efec9
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4984] C:\windows\SysWOW64\ntdll.dll!NtQuerySecurityObject 0000000077c21508 5 bytes JMP 00000001721f6389
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4984] C:\windows\SysWOW64\ntdll.dll!NtRenameKey 0000000077c216f8 1 byte JMP 00000001721ed138
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4984] C:\windows\SysWOW64\ntdll.dll!NtRenameKey + 2 0000000077c216fa 3 bytes {JMP 0xfffffffffa5cba40}
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4984] C:\windows\SysWOW64\ntdll.dll!NtSetInformationKey 0000000077c21a38 5 bytes JMP 00000001721efacc
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4984] C:\windows\SysWOW64\ntdll.dll!NtSetSecurityObject 0000000077c21b7c 5 bytes JMP 00000001721f616c
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4984] C:\windows\syswow64\kernel32.dll!CreateProcessW 0000000075d3103d 5 bytes JMP 00000001721c93a9
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4984] C:\windows\syswow64\kernel32.dll!CreateProcessA 0000000075d31072 5 bytes JMP 00000001721c94e7
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4984] C:\windows\syswow64\kernel32.dll!CreateProcessAsUserW 0000000075d5c9b5 5 bytes JMP 00000001721c971d
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4984] C:\windows\syswow64\kernel32.dll!SetDllDirectoryW 0000000075db00c3 5 bytes JMP 00000001721c9efe
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4984] C:\windows\syswow64\kernel32.dll!SetDllDirectoryA 0000000075db016b 5 bytes JMP 00000001721ca231
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4984] C:\windows\syswow64\kernel32.dll!WinExec 0000000075db2c91 5 bytes JMP 00000001721c9aa0
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4984] C:\windows\syswow64\kernel32.dll!AllocConsole 0000000075dd6b3e 5 bytes JMP 00000001721f7431
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4984] C:\windows\syswow64\kernel32.dll!AttachConsole 0000000075dd6c02 5 bytes JMP 00000001721f7443
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4984] C:\windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000757d2aa4 5 bytes JMP 00000001721ca43c
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4984] C:\windows\syswow64\USER32.dll!CreateWindowExW 00000000765b8a29 5 bytes JMP 00000001721f7419
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4984] C:\windows\syswow64\USER32.dll!CreateWindowExA 00000000765bd22e 5 bytes JMP 00000001721f7401
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4984] C:\windows\syswow64\GDI32.dll!AddFontResourceW 000000007692d2b2 5 bytes JMP 00000001721d7617
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4984] C:\windows\syswow64\GDI32.dll!AddFontResourceA 000000007692d7bb 5 bytes JMP 00000001721d75fb
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4984] C:\windows\syswow64\ADVAPI32.dll!EnumDependentServicesW 00000000766a1e3a 7 bytes JMP 00000001721da3b9
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4984] C:\windows\syswow64\ADVAPI32.dll!EnumServicesStatusExW 00000000766ab466 7 bytes JMP 00000001721db2da
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4984] C:\windows\syswow64\ADVAPI32.dll!GetServiceKeyNameW 00000000766c78ff 7 bytes JMP 00000001721daa60
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4984] C:\windows\syswow64\ADVAPI32.dll!GetServiceDisplayNameW 00000000766c79bb 7 bytes JMP 00000001721dac11
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4984] C:\windows\syswow64\ADVAPI32.dll!EnumServicesStatusExA 00000000766ca3e2 7 bytes JMP 00000001721db3a0
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4984] C:\windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA 00000000766e2538 5 bytes JMP 00000001721c985f
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4984] C:\windows\syswow64\ADVAPI32.dll!GetServiceKeyNameA 0000000076701b94 7 bytes JMP 00000001721dab18
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4984] C:\windows\syswow64\ADVAPI32.dll!GetServiceDisplayNameA 0000000076701c31 7 bytes JMP 00000001721dacc9
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4984] C:\windows\syswow64\ADVAPI32.dll!EnumServicesStatusA 0000000076702021 7 bytes JMP 00000001721db21c
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4984] C:\windows\syswow64\ADVAPI32.dll!EnumDependentServicesA 0000000076702104 7 bytes JMP 00000001721da470
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4984] C:\windows\syswow64\ADVAPI32.dll!EnumServicesStatusW 0000000076702221 5 bytes JMP 00000001721db15e
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4984] C:\windows\SysWOW64\sechost.dll!ControlService 0000000076824d5c 7 bytes JMP 00000001721da1fe
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4984] C:\windows\SysWOW64\sechost.dll!CloseServiceHandle 0000000076824dc3 7 bytes JMP 00000001721da527
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4984] C:\windows\SysWOW64\sechost.dll!QueryServiceStatus 0000000076824e4b 7 bytes JMP 00000001721da28a
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4984] C:\windows\SysWOW64\sechost.dll!QueryServiceStatusEx 0000000076824eaf 7 bytes JMP 00000001721da31d
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4984] C:\windows\SysWOW64\sechost.dll!StartServiceW 0000000076824f35 7 bytes JMP 00000001721da079
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4984] C:\windows\SysWOW64\sechost.dll!StartServiceA 000000007682508d 7 bytes JMP 00000001721da10f
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4984] C:\windows\SysWOW64\sechost.dll!QueryServiceObjectSecurity 00000000768250f4 7 bytes JMP 00000001721db02c
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4984] C:\windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000076825181 7 bytes JMP 00000001721db0c8
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4984] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000076825254 7 bytes JMP 00000001721da728
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4984] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000768253d5 7 bytes JMP 00000001721da643
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4984] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000768254c2 7 bytes JMP 00000001721da9ca
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4984] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000768255e2 7 bytes JMP 00000001721da934
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4984] C:\windows\SysWOW64\sechost.dll!CreateServiceA 000000007682567c 7 bytes JMP 00000001721d9e5b
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4984] C:\windows\SysWOW64\sechost.dll!CreateServiceW 000000007682589f 7 bytes JMP 00000001721d9d85
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4984] C:\windows\SysWOW64\sechost.dll!DeleteService 0000000076825a22 7 bytes JMP 00000001721da5b5
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4984] C:\windows\SysWOW64\sechost.dll!QueryServiceConfigA 0000000076825a83 7 bytes JMP 00000001721dae5b
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4984] C:\windows\SysWOW64\sechost.dll!QueryServiceConfigW 0000000076825b29 7 bytes JMP 00000001721dadc2
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4984] C:\windows\SysWOW64\sechost.dll!ControlServiceExA 0000000076825ca0 7 bytes JMP 00000001721d9535
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4984] C:\windows\SysWOW64\sechost.dll!ControlServiceExW 0000000076825d8c 7 bytes JMP 00000001721d94bc
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4984] C:\windows\SysWOW64\sechost.dll!OpenSCManagerW 00000000768263ad 7 bytes JMP 00000001721d9a83
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4984] C:\windows\SysWOW64\sechost.dll!OpenSCManagerA 00000000768264f0 7 bytes JMP 00000001721d9b0f
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4984] C:\windows\SysWOW64\sechost.dll!QueryServiceConfig2A 0000000076826633 7 bytes JMP 00000001721daf90
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4984] C:\windows\SysWOW64\sechost.dll!QueryServiceConfig2W 000000007682680c 7 bytes JMP 00000001721daef4
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4984] C:\windows\SysWOW64\sechost.dll!OpenServiceW 000000007682714b 7 bytes JMP 00000001721d9bf8
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4984] C:\windows\SysWOW64\sechost.dll!OpenServiceA 0000000076827245 7 bytes JMP 00000001721d9c84
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4984] C:\windows\syswow64\ole32.dll!CoRegisterPSClsid 0000000075a5c56e 5 bytes JMP 00000001721e11c4
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4984] C:\windows\syswow64\ole32.dll!CoResumeClassObjects + 7 0000000075a5ea09 7 bytes JMP 00000001721e1795
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4984] C:\windows\syswow64\ole32.dll!OleRun 0000000075a607de 5 bytes JMP 00000001721e1650
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4984] C:\windows\syswow64\ole32.dll!CoRegisterClassObject 0000000075a621e1 5 bytes JMP 00000001721e22c5
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4984] C:\windows\syswow64\ole32.dll!OleUninitialize 0000000075a6eba1 6 bytes JMP 00000001721e156f
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4984] C:\windows\syswow64\ole32.dll!OleInitialize 0000000075a6efd7 5 bytes JMP 00000001721e14ff
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4984] C:\windows\syswow64\ole32.dll!CoGetPSClsid 0000000075a726b9 5 bytes JMP 00000001721e133c
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4984] C:\windows\syswow64\ole32.dll!CoGetClassObject 0000000075a854ad 5 bytes JMP 00000001721e2853
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4984] C:\windows\syswow64\ole32.dll!CoInitializeEx 0000000075a909ad 5 bytes JMP 00000001721e13af
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4984] C:\windows\syswow64\ole32.dll!CoUninitialize 0000000075a986d3 5 bytes JMP 00000001721e1431
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4984] C:\windows\syswow64\ole32.dll!CoCreateInstance 0000000075a99d0b 5 bytes JMP 00000001721e3b21
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4984] C:\windows\syswow64\ole32.dll!CoCreateInstanceEx 0000000075a99d4e 5 bytes JMP 00000001721e1c5c
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4984] C:\windows\syswow64\ole32.dll!CoSuspendClassObjects + 7 0000000075abbb09 7 bytes JMP 00000001721e16c0
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4984] C:\windows\syswow64\ole32.dll!CoRevokeClassObject 0000000075adeacf 5 bytes JMP 00000001721e0c21
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4984] C:\windows\syswow64\ole32.dll!CoGetInstanceFromFile 0000000075b1340b 5 bytes JMP 00000001721e2d13
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4984] C:\windows\syswow64\ole32.dll!OleRegEnumFormatEtc 0000000075b5cfd9 5 bytes JMP 00000001721e15da
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4984] C:\windows\syswow64\oleaut32.dll!RegisterActiveObject 00000000769b279e 5 bytes JMP 00000001721e0eb4
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4984] C:\windows\syswow64\oleaut32.dll!RevokeActiveObject 00000000769b3294 5 bytes JMP 00000001721e0fd5
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4984] C:\windows\syswow64\oleaut32.dll!GetActiveObject 00000000769c8f40 5 bytes JMP 00000001721e1048
---- User IAT/EAT - GMER 2.0 ----
IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2396] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmAddToStreamDWord] [7fef872741c] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2396] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSet] [7fef8725f10] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2396] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmEndSession] [7fef8725674] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2396] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmStartSession] [7fef8725e2c] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2396] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmStartUpload] [7fef8727f48] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2396] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSetAppVersion] [7fef8726a38] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2396] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSetMachineId] [7fef8726ee8] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2396] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmWriteSharedMachineId] [7fef8727b58] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2396] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmCreateNewId] [7fef8727ea0] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2396] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmReadSharedMachineId] [7fef87278b0] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2396] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmGetSession] [7fef8724fb4] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2396] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSetAppId] [7fef8725d38] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2396] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmAddToStreamString] [7fef8727584] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
---- Threads - GMER 2.0 ----
Thread C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [1904:3756] 000000001000e2eb
Thread C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [1904:3876] 00000000010166e0
Thread C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [1904:3880] 00000000010166e0
Thread C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [1904:3884] 00000000010166e0
Thread C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [1904:3888] 0000000001012560
Thread C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [2860:3236] 000000006d578f84
Thread C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [2860:3240] 000000006d57925e
Thread C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [2860:3244] 000000006d578bd0
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3256:3000] 000000006c096314
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3256:3100] 000000006c09539b
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3256:4492] 0000000071fdc724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3256:2516] 0000000071fdc724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3256:1920] 0000000071fdc724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3256:2964] 0000000071fdc724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3256:4856] 0000000071fdc724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3256:2520] 0000000071fdc724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3256:5028] 0000000071fdc724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3256:2212] 0000000071fdc724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3256:444] 0000000071fdc724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3256:116] 0000000071fdc724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3256:4636] 0000000071fdc724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3256:2452] 0000000071fdc724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3256:3324] 0000000071fdc724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3256:2924] 0000000077c52e25
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3256:1508] 0000000071fdc724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3256:2036] 00000000735927e1
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3256:3252] 0000000071fdc724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3256:4236] 0000000071fdc724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3256:3092] 00000000740b32fb
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3256:4384] 0000000071fdc724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3256:3424] 0000000071fdc724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3256:4092] 0000000071fdc724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3256:4024] 0000000071fdc724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3256:2276] 0000000071fdc724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3256:4204] 0000000071fdc724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3256:2164] 0000000071fdc724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3256:4608] 0000000071fdc724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3256:3692] 0000000071fdc724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3256:5036] 0000000071fdc724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3256:3148] 0000000071fdc724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3256:5024] 0000000071fdc724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3256:4368] 0000000071fdc724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3256:364] 0000000077c53e45
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3256:1452] 0000000074bb62ee
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3256:752] 0000000071fdc724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3256:2540] 0000000071fdc724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3256:3696] 0000000077c53e45
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3256:1636] 0000000077c53e45
---- Processes - GMER 2.0 ----
Library ? (*** suspicious ***) @ C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [1280] 0000000074040000
Library ? (*** suspicious ***) @ C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe [1852] 0000000072d80000
Library ? (*** suspicious ***) @ C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [1904] 0000000074000000
Library ? (*** suspicious ***) @ C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [2860] 0000000076840000
Library ? (*** suspicious ***) @ C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe [2944] 0000000076210000
---- Registry - GMER 2.0 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0026b654eb87
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0026b654edff
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0026b654f56e
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0026b654f652
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0026b66b6864
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0026b66b6982
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0026b654eb87 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0026b654edff (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0026b654f56e (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0026b654f652 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0026b66b6864 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0026b66b6982 (not active ControlSet)
---- Disk sectors - GMER 2.0 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.0 ----
Code:
ATTFilter Exportierte Ereignisse:
24.01.2013 10:44 [System Scanner] Malware gefunden
Die Datei 'C:\Users\marijke\Downloads\Daten_23.01.2013.zip'
enthielt einen Virus oder unerwünschtes Programm 'TR/Matsnu.EB.98' [trojan].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '54eaa286.qua'
verschoben!
|
|
29.01.2013, 15:44
| #5 |
| /// Malware-holic | TR/Matsnu.EB.98 in C:\Users\marijke\Downloads\Daten_23.01.2013.zip hi da habt ihr wohl glück gehabt. in zukunft trotzdem verdächtige Mails an uns, und freunde warnen. gibt trotzdem noch was, dass mir nicht gefällt. download tdss killer: http://www.trojaner-board.de/82358-t...entfernen.html Klicke auf Change parameters • Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system • Klick auf OK und anschließend auf Start scan - bei funden erst mal immer skip wählen, log posten c: öffnen, tdsskiller-datum-version.txt öffnen, Inhalt posten
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
29.01.2013, 22:27
| #6 |
| | TR/Matsnu.EB.98 in C:\Users\marijke\Downloads\Daten_23.01.2013.zip bin leider erst seitdem wir den trojaner drauf haben auf euer board aufmerksam geworden. genial was ihr macht. so hier tdsskiller log: Code:
ATTFilter 22:22:22.0525 2460 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
22:22:22.0681 2460 ============================================================
22:22:22.0681 2460 Current date / time: 2013/01/29 22:22:22.0681
22:22:22.0681 2460 SystemInfo:
22:22:22.0681 2460
22:22:22.0681 2460 OS Version: 6.1.7601 ServicePack: 1.0
22:22:22.0681 2460 Product type: Workstation
22:22:22.0681 2460 ComputerName: MARIJKE-PC
22:22:22.0681 2460 UserName: marijke
22:22:22.0681 2460 Windows directory: C:\windows
22:22:22.0681 2460 System windows directory: C:\windows
22:22:22.0681 2460 Running under WOW64
22:22:22.0681 2460 Processor architecture: Intel x64
22:22:22.0681 2460 Number of processors: 4
22:22:22.0681 2460 Page size: 0x1000
22:22:22.0681 2460 Boot type: Normal boot
22:22:22.0681 2460 ============================================================
22:22:23.0430 2460 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:22:23.0430 2460 ============================================================
22:22:23.0430 2460 \Device\Harddisk0\DR0:
22:22:23.0430 2460 MBR partitions:
22:22:23.0430 2460 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2800800, BlocksNum 0x32000
22:22:23.0430 2460 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x2832800, BlocksNum 0x16600000
22:22:23.0445 2460 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x18E33000, BlocksNum 0x21552800
22:22:23.0445 2460 ============================================================
22:22:23.0477 2460 C: <-> \Device\Harddisk0\DR0\Partition2
22:22:23.0508 2460 D: <-> \Device\Harddisk0\DR0\Partition3
22:22:23.0508 2460 ============================================================
22:22:23.0508 2460 Initialize success
22:22:23.0508 2460 ============================================================
22:24:08.0829 0604 ============================================================
22:24:08.0829 0604 Scan started
22:24:08.0829 0604 Mode: Manual; SigCheck; TDLFS;
22:24:08.0829 0604 ============================================================
22:24:09.0079 0604 ================ Scan system memory ========================
22:24:09.0079 0604 System memory - ok
22:24:09.0079 0604 ================ Scan services =============================
22:24:09.0297 0604 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\windows\system32\drivers\1394ohci.sys
22:24:09.0406 0604 1394ohci - ok
22:24:09.0469 0604 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\windows\system32\drivers\ACPI.sys
22:24:09.0516 0604 ACPI - ok
22:24:09.0562 0604 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\windows\system32\drivers\acpipmi.sys
22:24:09.0609 0604 AcpiPmi - ok
22:24:09.0718 0604 [ B1EA9681502EE57F87DB71D726288A5B ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
22:24:09.0750 0604 AdobeARMservice - ok
22:24:09.0828 0604 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\windows\system32\DRIVERS\adp94xx.sys
22:24:09.0874 0604 adp94xx - ok
22:24:09.0890 0604 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\windows\system32\DRIVERS\adpahci.sys
22:24:09.0937 0604 adpahci - ok
22:24:09.0952 0604 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\windows\system32\DRIVERS\adpu320.sys
22:24:09.0984 0604 adpu320 - ok
22:24:10.0015 0604 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\windows\System32\aelupsvc.dll
22:24:10.0140 0604 AeLookupSvc - ok
22:24:10.0202 0604 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\windows\system32\drivers\afd.sys
22:24:10.0249 0604 AFD - ok
22:24:10.0296 0604 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\windows\system32\drivers\agp440.sys
22:24:10.0327 0604 agp440 - ok
22:24:10.0358 0604 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\windows\System32\alg.exe
22:24:10.0436 0604 ALG - ok
22:24:10.0483 0604 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\windows\system32\drivers\aliide.sys
22:24:10.0514 0604 aliide - ok
22:24:10.0530 0604 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\windows\system32\drivers\amdide.sys
22:24:10.0545 0604 amdide - ok
22:24:10.0592 0604 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\windows\system32\DRIVERS\amdk8.sys
22:24:10.0623 0604 AmdK8 - ok
22:24:10.0639 0604 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\windows\system32\DRIVERS\amdppm.sys
22:24:10.0701 0604 AmdPPM - ok
22:24:10.0748 0604 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\windows\system32\drivers\amdsata.sys
22:24:10.0779 0604 amdsata - ok
22:24:10.0810 0604 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\windows\system32\DRIVERS\amdsbs.sys
22:24:10.0857 0604 amdsbs - ok
22:24:10.0873 0604 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\windows\system32\drivers\amdxata.sys
22:24:10.0904 0604 amdxata - ok
22:24:11.0013 0604 [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
22:24:11.0029 0604 AntiVirSchedulerService - ok
22:24:11.0076 0604 [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
22:24:11.0107 0604 AntiVirService - ok
22:24:11.0138 0604 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\windows\system32\drivers\appid.sys
22:24:11.0263 0604 AppID - ok
22:24:11.0278 0604 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\windows\System32\appidsvc.dll
22:24:11.0388 0604 AppIDSvc - ok
22:24:11.0434 0604 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\windows\System32\appinfo.dll
22:24:11.0512 0604 Appinfo - ok
22:24:11.0544 0604 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\windows\system32\DRIVERS\arc.sys
22:24:11.0575 0604 arc - ok
22:24:11.0590 0604 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\windows\system32\DRIVERS\arcsas.sys
22:24:11.0622 0604 arcsas - ok
22:24:11.0653 0604 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys
22:24:11.0746 0604 AsyncMac - ok
22:24:11.0793 0604 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\windows\system32\drivers\atapi.sys
22:24:11.0824 0604 atapi - ok
22:24:11.0902 0604 [ 2C0BB386E86670BB1B1A57CAAEF3E50D ] athr C:\windows\system32\DRIVERS\athrx.sys
22:24:12.0027 0604 athr - ok
22:24:12.0090 0604 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
22:24:12.0168 0604 AudioEndpointBuilder - ok
22:24:12.0183 0604 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\windows\System32\Audiosrv.dll
22:24:12.0277 0604 AudioSrv - ok
22:24:12.0370 0604 [ 26E38B5A58C6C55FAFBC563EEDDB0867 ] avgntflt C:\windows\system32\DRIVERS\avgntflt.sys
22:24:12.0402 0604 avgntflt - ok
22:24:12.0480 0604 [ 9D1F00BEFF84CBBF46D7F052BC7E0565 ] avipbb C:\windows\system32\DRIVERS\avipbb.sys
22:24:12.0511 0604 avipbb - ok
22:24:12.0573 0604 [ 248DB59FC86DE44D2779F4C7FB1A567D ] avkmgr C:\windows\system32\DRIVERS\avkmgr.sys
22:24:12.0604 0604 avkmgr - ok
22:24:12.0636 0604 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\windows\System32\AxInstSV.dll
22:24:12.0745 0604 AxInstSV - ok
22:24:12.0792 0604 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\windows\system32\DRIVERS\bxvbda.sys
22:24:12.0870 0604 b06bdrv - ok
22:24:12.0916 0604 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\windows\system32\DRIVERS\b57nd60a.sys
22:24:12.0979 0604 b57nd60a - ok
22:24:13.0041 0604 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\windows\System32\bdesvc.dll
22:24:13.0104 0604 BDESVC - ok
22:24:13.0135 0604 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\windows\system32\drivers\Beep.sys
22:24:13.0228 0604 Beep - ok
22:24:13.0306 0604 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\windows\System32\bfe.dll
22:24:13.0416 0604 BFE - ok
22:24:13.0462 0604 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\windows\System32\qmgr.dll
22:24:13.0603 0604 BITS - ok
22:24:13.0634 0604 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\windows\system32\DRIVERS\blbdrive.sys
22:24:13.0681 0604 blbdrive - ok
22:24:13.0728 0604 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\windows\system32\DRIVERS\bowser.sys
22:24:13.0759 0604 bowser - ok
22:24:13.0790 0604 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\windows\system32\DRIVERS\BrFiltLo.sys
22:24:13.0821 0604 BrFiltLo - ok
22:24:13.0852 0604 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\windows\system32\DRIVERS\BrFiltUp.sys
22:24:13.0884 0604 BrFiltUp - ok
22:24:13.0915 0604 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\windows\System32\browser.dll
22:24:13.0977 0604 Browser - ok
22:24:14.0008 0604 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\windows\System32\Drivers\Brserid.sys
22:24:14.0086 0604 Brserid - ok
22:24:14.0086 0604 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\windows\System32\Drivers\BrSerWdm.sys
22:24:14.0133 0604 BrSerWdm - ok
22:24:14.0164 0604 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\windows\System32\Drivers\BrUsbMdm.sys
22:24:14.0227 0604 BrUsbMdm - ok
22:24:14.0242 0604 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\windows\System32\Drivers\BrUsbSer.sys
22:24:14.0274 0604 BrUsbSer - ok
22:24:14.0336 0604 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\windows\system32\drivers\BthEnum.sys
22:24:14.0430 0604 BthEnum - ok
22:24:14.0461 0604 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\windows\system32\DRIVERS\bthmodem.sys
22:24:14.0508 0604 BTHMODEM - ok
22:24:14.0554 0604 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\windows\system32\DRIVERS\bthpan.sys
22:24:14.0601 0604 BthPan - ok
22:24:14.0679 0604 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\windows\System32\Drivers\BTHport.sys
22:24:14.0757 0604 BTHPORT - ok
22:24:14.0788 0604 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\windows\system32\bthserv.dll
22:24:14.0898 0604 bthserv - ok
22:24:14.0929 0604 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\windows\System32\Drivers\BTHUSB.sys
22:24:14.0976 0604 BTHUSB - ok
22:24:15.0007 0604 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\windows\system32\DRIVERS\cdfs.sys
22:24:15.0100 0604 cdfs - ok
22:24:15.0147 0604 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\windows\system32\drivers\cdrom.sys
22:24:15.0194 0604 cdrom - ok
22:24:15.0241 0604 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\windows\System32\certprop.dll
22:24:15.0350 0604 CertPropSvc - ok
22:24:15.0381 0604 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\windows\system32\DRIVERS\circlass.sys
22:24:15.0444 0604 circlass - ok
22:24:15.0475 0604 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\windows\system32\CLFS.sys
22:24:15.0522 0604 CLFS - ok
22:24:15.0584 0604 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:24:15.0600 0604 clr_optimization_v2.0.50727_32 - ok
22:24:15.0678 0604 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
22:24:15.0693 0604 clr_optimization_v2.0.50727_64 - ok
22:24:15.0771 0604 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:24:15.0818 0604 clr_optimization_v4.0.30319_32 - ok
22:24:15.0849 0604 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
22:24:15.0880 0604 clr_optimization_v4.0.30319_64 - ok
22:24:15.0912 0604 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\windows\system32\DRIVERS\CmBatt.sys
22:24:15.0958 0604 CmBatt - ok
22:24:15.0990 0604 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\windows\system32\drivers\cmdide.sys
22:24:16.0005 0604 cmdide - ok
22:24:16.0068 0604 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\windows\system32\Drivers\cng.sys
22:24:16.0114 0604 CNG - ok
22:24:16.0177 0604 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\windows\system32\DRIVERS\compbatt.sys
22:24:16.0208 0604 Compbatt - ok
22:24:16.0255 0604 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\windows\system32\drivers\CompositeBus.sys
22:24:16.0286 0604 CompositeBus - ok
22:24:16.0302 0604 COMSysApp - ok
22:24:16.0333 0604 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\windows\system32\DRIVERS\crcdisk.sys
22:24:16.0364 0604 crcdisk - ok
22:24:16.0411 0604 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\windows\system32\cryptsvc.dll
22:24:16.0458 0604 CryptSvc - ok
22:24:16.0520 0604 [ BA8E5B2291C01EF71CA80E25F0C79D55 ] ctxusbm C:\windows\system32\DRIVERS\ctxusbm.sys
22:24:16.0551 0604 ctxusbm - ok
22:24:16.0660 0604 [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
22:24:16.0723 0604 cvhsvc - ok
22:24:16.0770 0604 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\windows\system32\rpcss.dll
22:24:16.0879 0604 DcomLaunch - ok
22:24:16.0910 0604 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\windows\System32\defragsvc.dll
22:24:16.0988 0604 defragsvc - ok
22:24:17.0035 0604 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\windows\system32\Drivers\dfsc.sys
22:24:17.0128 0604 DfsC - ok
22:24:17.0175 0604 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\windows\system32\dhcpcore.dll
22:24:17.0238 0604 Dhcp - ok
22:24:17.0269 0604 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\windows\system32\drivers\discache.sys
22:24:17.0362 0604 discache - ok
22:24:17.0409 0604 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\windows\system32\DRIVERS\disk.sys
22:24:17.0440 0604 Disk - ok
22:24:17.0472 0604 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\windows\System32\dnsrslvr.dll
22:24:17.0534 0604 Dnscache - ok
22:24:17.0581 0604 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\windows\System32\dot3svc.dll
22:24:17.0690 0604 dot3svc - ok
22:24:17.0721 0604 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\windows\system32\dps.dll
22:24:17.0799 0604 DPS - ok
22:24:17.0846 0604 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\windows\system32\drivers\drmkaud.sys
22:24:17.0877 0604 drmkaud - ok
22:24:17.0924 0604 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys
22:24:18.0002 0604 DXGKrnl - ok
22:24:18.0033 0604 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\windows\System32\eapsvc.dll
22:24:18.0142 0604 EapHost - ok
22:24:18.0236 0604 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\windows\system32\DRIVERS\evbda.sys
22:24:18.0423 0604 ebdrv - ok
22:24:18.0470 0604 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\windows\System32\lsass.exe
22:24:18.0517 0604 EFS - ok
22:24:18.0595 0604 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\windows\ehome\ehRecvr.exe
22:24:18.0688 0604 ehRecvr - ok
22:24:18.0720 0604 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\windows\ehome\ehsched.exe
22:24:18.0766 0604 ehSched - ok
22:24:18.0829 0604 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\windows\system32\DRIVERS\elxstor.sys
22:24:18.0876 0604 elxstor - ok
22:24:18.0907 0604 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\windows\system32\drivers\errdev.sys
22:24:18.0954 0604 ErrDev - ok
22:24:19.0016 0604 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\windows\system32\es.dll
22:24:19.0141 0604 EventSystem - ok
22:24:19.0156 0604 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\windows\system32\drivers\exfat.sys
22:24:19.0250 0604 exfat - ok
22:24:19.0297 0604 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\windows\system32\drivers\fastfat.sys
22:24:19.0375 0604 fastfat - ok
22:24:19.0437 0604 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\windows\system32\fxssvc.exe
22:24:19.0531 0604 Fax - ok
22:24:19.0562 0604 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\windows\system32\DRIVERS\fdc.sys
22:24:19.0578 0604 fdc - ok
22:24:19.0624 0604 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\windows\system32\fdPHost.dll
22:24:19.0702 0604 fdPHost - ok
22:24:19.0734 0604 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\windows\system32\fdrespub.dll
22:24:19.0812 0604 FDResPub - ok
22:24:19.0858 0604 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\windows\system32\drivers\fileinfo.sys
22:24:19.0890 0604 FileInfo - ok
22:24:19.0905 0604 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\windows\system32\drivers\filetrace.sys
22:24:20.0014 0604 Filetrace - ok
22:24:20.0046 0604 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\windows\system32\DRIVERS\flpydisk.sys
22:24:20.0077 0604 flpydisk - ok
22:24:20.0108 0604 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\windows\system32\drivers\fltmgr.sys
22:24:20.0139 0604 FltMgr - ok
22:24:20.0170 0604 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\windows\system32\FntCache.dll
22:24:20.0264 0604 FontCache - ok
22:24:20.0326 0604 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
22:24:20.0342 0604 FontCache3.0.0.0 - ok
22:24:20.0389 0604 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\windows\system32\drivers\FsDepends.sys
22:24:20.0420 0604 FsDepends - ok
22:24:20.0467 0604 [ 2BF3B36B96D015AF666B6AA63AE2E38F ] fssfltr C:\windows\system32\DRIVERS\fssfltr.sys
22:24:20.0498 0604 fssfltr - ok
22:24:20.0576 0604 [ 45B52394F9624237F33A8A3D73C0B221 ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
22:24:20.0623 0604 fsssvc - ok
22:24:20.0670 0604 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys
22:24:20.0701 0604 Fs_Rec - ok
22:24:20.0763 0604 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\windows\system32\DRIVERS\fvevol.sys
22:24:20.0810 0604 fvevol - ok
22:24:20.0872 0604 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\windows\system32\DRIVERS\gagp30kx.sys
22:24:20.0888 0604 gagp30kx - ok
22:24:20.0935 0604 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\windows\System32\gpsvc.dll
22:24:21.0028 0604 gpsvc - ok
22:24:21.0044 0604 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\windows\system32\drivers\hcw85cir.sys
22:24:21.0106 0604 hcw85cir - ok
22:24:21.0153 0604 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
22:24:21.0216 0604 HdAudAddService - ok
22:24:21.0262 0604 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\windows\system32\drivers\HDAudBus.sys
22:24:21.0309 0604 HDAudBus - ok
22:24:21.0325 0604 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\windows\system32\DRIVERS\HidBatt.sys
22:24:21.0356 0604 HidBatt - ok
22:24:21.0372 0604 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\windows\system32\DRIVERS\hidbth.sys
22:24:21.0418 0604 HidBth - ok
22:24:21.0450 0604 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\windows\system32\DRIVERS\hidir.sys
22:24:21.0481 0604 HidIr - ok
22:24:21.0496 0604 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\windows\system32\hidserv.dll
22:24:21.0590 0604 hidserv - ok
22:24:21.0652 0604 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\windows\system32\DRIVERS\hidusb.sys
22:24:21.0684 0604 HidUsb - ok
22:24:21.0730 0604 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\windows\system32\kmsvc.dll
22:24:21.0840 0604 hkmsvc - ok
22:24:21.0886 0604 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\windows\system32\ListSvc.dll
22:24:21.0933 0604 HomeGroupListener - ok
22:24:21.0949 0604 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\windows\system32\provsvc.dll
22:24:21.0980 0604 HomeGroupProvider - ok
22:24:22.0027 0604 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\windows\system32\drivers\HpSAMD.sys
22:24:22.0042 0604 HpSAMD - ok
22:24:22.0074 0604 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\windows\system32\drivers\HTTP.sys
22:24:22.0183 0604 HTTP - ok
22:24:22.0214 0604 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\windows\system32\drivers\hwpolicy.sys
22:24:22.0245 0604 hwpolicy - ok
22:24:22.0292 0604 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\windows\system32\drivers\i8042prt.sys
22:24:22.0308 0604 i8042prt - ok
22:24:22.0339 0604 [ A5F72BB0D024E7E463344105BE613AE4 ] iaStor C:\windows\system32\DRIVERS\iaStor.sys
22:24:22.0370 0604 iaStor - ok
22:24:22.0417 0604 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\windows\system32\drivers\iaStorV.sys
22:24:22.0464 0604 iaStorV - ok
22:24:22.0526 0604 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
22:24:22.0588 0604 idsvc - ok
22:24:22.0776 0604 [ A87261EF1546325B559374F5689CF5BC ] igfx C:\windows\system32\DRIVERS\igdkmd64.sys
22:24:23.0010 0604 igfx - ok
22:24:23.0041 0604 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\windows\system32\DRIVERS\iirsp.sys
22:24:23.0072 0604 iirsp - ok
22:24:23.0119 0604 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\windows\System32\ikeext.dll
22:24:23.0244 0604 IKEEXT - ok
22:24:23.0275 0604 [ DD587A55390ED2295BCE6D36AD567DA9 ] Impcd C:\windows\system32\DRIVERS\Impcd.sys
22:24:23.0322 0604 Impcd - ok
22:24:23.0431 0604 [ 801946CE25DD2179FE68599826B0BB88 ] IntcAzAudAddService C:\windows\system32\drivers\RTKVHD64.sys
22:24:23.0540 0604 IntcAzAudAddService - ok
22:24:23.0587 0604 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\windows\system32\drivers\intelide.sys
22:24:23.0618 0604 intelide - ok
22:24:23.0649 0604 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\windows\system32\DRIVERS\intelppm.sys
22:24:23.0696 0604 intelppm - ok
22:24:23.0743 0604 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\windows\system32\ipbusenum.dll
22:24:23.0852 0604 IPBusEnum - ok
22:24:23.0883 0604 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys
22:24:23.0992 0604 IpFilterDriver - ok
22:24:24.0039 0604 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\windows\System32\iphlpsvc.dll
22:24:24.0102 0604 iphlpsvc - ok
22:24:24.0133 0604 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\windows\system32\drivers\IPMIDrv.sys
22:24:24.0180 0604 IPMIDRV - ok
22:24:24.0211 0604 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\windows\system32\drivers\ipnat.sys
22:24:24.0304 0604 IPNAT - ok
22:24:24.0320 0604 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\windows\system32\drivers\irenum.sys
22:24:24.0367 0604 IRENUM - ok
22:24:24.0398 0604 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\windows\system32\drivers\isapnp.sys
22:24:24.0429 0604 isapnp - ok
22:24:24.0460 0604 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\windows\system32\drivers\msiscsi.sys
22:24:24.0507 0604 iScsiPrt - ok
22:24:24.0523 0604 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\windows\system32\drivers\kbdclass.sys
22:24:24.0554 0604 kbdclass - ok
22:24:24.0585 0604 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\windows\system32\drivers\kbdhid.sys
22:24:24.0616 0604 kbdhid - ok
22:24:24.0632 0604 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\windows\system32\lsass.exe
22:24:24.0648 0604 KeyIso - ok
22:24:24.0679 0604 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\windows\system32\Drivers\ksecdd.sys
22:24:24.0710 0604 KSecDD - ok
22:24:24.0726 0604 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\windows\system32\Drivers\ksecpkg.sys
22:24:24.0757 0604 KSecPkg - ok
22:24:24.0804 0604 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\windows\system32\drivers\ksthunk.sys
22:24:24.0897 0604 ksthunk - ok
22:24:24.0913 0604 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\windows\system32\msdtckrm.dll
22:24:25.0006 0604 KtmRm - ok
22:24:25.0038 0604 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\windows\system32\srvsvc.dll
22:24:25.0147 0604 LanmanServer - ok
22:24:25.0194 0604 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\windows\System32\wkssvc.dll
22:24:25.0287 0604 LanmanWorkstation - ok
22:24:25.0318 0604 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\windows\system32\DRIVERS\lltdio.sys
22:24:25.0412 0604 lltdio - ok
22:24:25.0443 0604 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\windows\System32\lltdsvc.dll
22:24:25.0537 0604 lltdsvc - ok
22:24:25.0568 0604 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\windows\System32\lmhsvc.dll
22:24:25.0630 0604 lmhosts - ok
22:24:25.0693 0604 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\windows\system32\DRIVERS\lsi_fc.sys
22:24:25.0708 0604 LSI_FC - ok
22:24:25.0724 0604 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\windows\system32\DRIVERS\lsi_sas.sys
22:24:25.0755 0604 LSI_SAS - ok
22:24:25.0771 0604 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\windows\system32\DRIVERS\lsi_sas2.sys
22:24:25.0802 0604 LSI_SAS2 - ok
22:24:25.0818 0604 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\windows\system32\DRIVERS\lsi_scsi.sys
22:24:25.0833 0604 LSI_SCSI - ok
22:24:25.0849 0604 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\windows\system32\drivers\luafv.sys
22:24:25.0942 0604 luafv - ok
22:24:26.0005 0604 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\windows\system32\Mcx2Svc.dll
22:24:26.0036 0604 Mcx2Svc - ok
22:24:26.0052 0604 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\windows\system32\DRIVERS\megasas.sys
22:24:26.0067 0604 megasas - ok
22:24:26.0083 0604 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\windows\system32\DRIVERS\MegaSR.sys
22:24:26.0130 0604 MegaSR - ok
22:24:26.0145 0604 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\windows\system32\mmcss.dll
22:24:26.0254 0604 MMCSS - ok
22:24:26.0270 0604 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\windows\system32\drivers\modem.sys
22:24:26.0332 0604 Modem - ok
22:24:26.0364 0604 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\windows\system32\DRIVERS\monitor.sys
22:24:26.0410 0604 monitor - ok
22:24:26.0442 0604 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\windows\system32\DRIVERS\mouclass.sys
22:24:26.0473 0604 mouclass - ok
22:24:26.0504 0604 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\windows\system32\DRIVERS\mouhid.sys
22:24:26.0535 0604 mouhid - ok
22:24:26.0566 0604 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\windows\system32\drivers\mountmgr.sys
22:24:26.0598 0604 mountmgr - ok
22:24:26.0676 0604 [ 9C3758018DED02F4AE53CCA1C5F084A2 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
22:24:26.0707 0604 MozillaMaintenance - ok
22:24:26.0785 0604 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\windows\system32\drivers\mpio.sys
22:24:26.0816 0604 mpio - ok
22:24:26.0847 0604 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\windows\system32\drivers\mpsdrv.sys
22:24:26.0910 0604 mpsdrv - ok
22:24:26.0972 0604 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\windows\system32\mpssvc.dll
22:24:27.0097 0604 MpsSvc - ok
22:24:27.0128 0604 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\windows\system32\drivers\mrxdav.sys
22:24:27.0175 0604 MRxDAV - ok
22:24:27.0206 0604 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys
22:24:27.0237 0604 mrxsmb - ok
22:24:27.0268 0604 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys
22:24:27.0315 0604 mrxsmb10 - ok
22:24:27.0331 0604 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys
22:24:27.0362 0604 mrxsmb20 - ok
22:24:27.0393 0604 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\windows\system32\drivers\msahci.sys
22:24:27.0424 0604 msahci - ok
22:24:27.0440 0604 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\windows\system32\drivers\msdsm.sys
22:24:27.0487 0604 msdsm - ok
22:24:27.0502 0604 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\windows\System32\msdtc.exe
22:24:27.0534 0604 MSDTC - ok
22:24:27.0580 0604 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\windows\system32\drivers\Msfs.sys
22:24:27.0690 0604 Msfs - ok
22:24:27.0705 0604 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\windows\System32\drivers\mshidkmdf.sys
22:24:27.0799 0604 mshidkmdf - ok
22:24:27.0830 0604 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\windows\system32\drivers\msisadrv.sys
22:24:27.0861 0604 msisadrv - ok
22:24:27.0892 0604 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\windows\system32\iscsiexe.dll
22:24:27.0970 0604 MSiSCSI - ok
22:24:27.0970 0604 msiserver - ok
22:24:28.0017 0604 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys
22:24:28.0095 0604 MSKSSRV - ok
22:24:28.0126 0604 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys
22:24:28.0204 0604 MSPCLOCK - ok
22:24:28.0220 0604 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\windows\system32\drivers\MSPQM.sys
22:24:28.0314 0604 MSPQM - ok
22:24:28.0345 0604 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\windows\system32\drivers\MsRPC.sys
22:24:28.0392 0604 MsRPC - ok
22:24:28.0423 0604 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\windows\system32\drivers\mssmbios.sys
22:24:28.0454 0604 mssmbios - ok
22:24:28.0485 0604 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\windows\system32\drivers\MSTEE.sys
22:24:28.0579 0604 MSTEE - ok
22:24:28.0594 0604 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\windows\system32\DRIVERS\MTConfig.sys
22:24:28.0610 0604 MTConfig - ok
22:24:28.0626 0604 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\windows\system32\Drivers\mup.sys
22:24:28.0657 0604 Mup - ok
22:24:28.0704 0604 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\windows\system32\qagentRT.dll
22:24:28.0797 0604 napagent - ok
22:24:28.0844 0604 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\windows\system32\DRIVERS\nwifi.sys
22:24:28.0875 0604 NativeWifiP - ok
22:24:28.0922 0604 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\windows\system32\drivers\ndis.sys
22:24:28.0984 0604 NDIS - ok
22:24:29.0016 0604 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\windows\system32\DRIVERS\ndiscap.sys
22:24:29.0094 0604 NdisCap - ok
22:24:29.0125 0604 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys
22:24:29.0218 0604 NdisTapi - ok
22:24:29.0281 0604 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys
22:24:29.0359 0604 Ndisuio - ok
22:24:29.0406 0604 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys
22:24:29.0499 0604 NdisWan - ok
22:24:29.0546 0604 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\windows\system32\drivers\NDProxy.sys
22:24:29.0640 0604 NDProxy - ok
22:24:29.0671 0604 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys
22:24:29.0764 0604 NetBIOS - ok
22:24:29.0811 0604 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\windows\system32\DRIVERS\netbt.sys
22:24:29.0889 0604 NetBT - ok
22:24:29.0905 0604 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\windows\system32\lsass.exe
22:24:29.0936 0604 Netlogon - ok
22:24:29.0967 0604 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\windows\System32\netman.dll
22:24:30.0061 0604 Netman - ok
22:24:30.0092 0604 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\windows\System32\netprofm.dll
22:24:30.0201 0604 netprofm - ok
22:24:30.0217 0604 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:24:30.0248 0604 NetTcpPortSharing - ok
22:24:30.0295 0604 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\windows\system32\DRIVERS\nfrd960.sys
22:24:30.0310 0604 nfrd960 - ok
22:24:30.0342 0604 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\windows\System32\nlasvc.dll
22:24:30.0388 0604 NlaSvc - ok
22:24:30.0404 0604 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\windows\system32\drivers\Npfs.sys
22:24:30.0482 0604 Npfs - ok
22:24:30.0513 0604 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\windows\system32\nsisvc.dll
22:24:30.0591 0604 nsi - ok
22:24:30.0607 0604 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\windows\system32\drivers\nsiproxy.sys
22:24:30.0700 0604 nsiproxy - ok
22:24:30.0778 0604 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\windows\system32\drivers\Ntfs.sys
22:24:30.0888 0604 Ntfs - ok
22:24:30.0903 0604 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\windows\system32\drivers\Null.sys
22:24:31.0012 0604 Null - ok
22:24:31.0059 0604 [ CB599955CE2CE9694721562F9481CD84 ] NVHDA C:\windows\system32\drivers\nvhda64v.sys
22:24:31.0075 0604 NVHDA - ok
22:24:31.0371 0604 [ A518A34F345ABF771E66AC48932FFEA8 ] nvlddmkm C:\windows\system32\DRIVERS\nvlddmkm.sys
22:24:31.0761 0604 nvlddmkm - ok
22:24:31.0792 0604 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\windows\system32\drivers\nvraid.sys
22:24:31.0824 0604 nvraid - ok
22:24:31.0870 0604 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\windows\system32\drivers\nvstor.sys
22:24:31.0902 0604 nvstor - ok
22:24:31.0964 0604 [ 5FDEB48CD1A35C6754F6E345308B99D5 ] nvsvc C:\windows\system32\nvvsvc.exe
22:24:31.0995 0604 nvsvc - ok
22:24:32.0042 0604 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\windows\system32\drivers\nv_agp.sys
22:24:32.0058 0604 nv_agp - ok
22:24:32.0089 0604 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\windows\system32\drivers\ohci1394.sys
22:24:32.0120 0604 ohci1394 - ok
22:24:32.0198 0604 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:24:32.0229 0604 ose - ok
22:24:32.0401 0604 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
22:24:32.0635 0604 osppsvc - ok
22:24:32.0666 0604 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\windows\system32\pnrpsvc.dll
22:24:32.0728 0604 p2pimsvc - ok
22:24:32.0744 0604 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\windows\system32\p2psvc.dll
22:24:32.0791 0604 p2psvc - ok
22:24:32.0853 0604 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\windows\system32\DRIVERS\parport.sys
22:24:32.0900 0604 Parport - ok
22:24:32.0931 0604 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\windows\system32\drivers\partmgr.sys
22:24:32.0962 0604 partmgr - ok
22:24:32.0994 0604 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\windows\System32\pcasvc.dll
22:24:33.0040 0604 PcaSvc - ok
22:24:33.0087 0604 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\windows\system32\drivers\pci.sys
22:24:33.0118 0604 pci - ok
22:24:33.0165 0604 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\windows\system32\drivers\pciide.sys
22:24:33.0196 0604 pciide - ok
22:24:33.0228 0604 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\windows\system32\DRIVERS\pcmcia.sys
22:24:33.0274 0604 pcmcia - ok
22:24:33.0290 0604 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\windows\system32\drivers\pcw.sys
22:24:33.0321 0604 pcw - ok
22:24:33.0352 0604 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\windows\system32\drivers\peauth.sys
22:24:33.0446 0604 PEAUTH - ok
22:24:33.0555 0604 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\windows\SysWow64\perfhost.exe
22:24:33.0602 0604 PerfHost - ok
22:24:33.0664 0604 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\windows\system32\pla.dll
22:24:33.0805 0604 pla - ok
22:24:33.0852 0604 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\windows\system32\umpnpmgr.dll
22:24:33.0898 0604 PlugPlay - ok
22:24:33.0914 0604 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\windows\system32\pnrpauto.dll
22:24:33.0945 0604 PNRPAutoReg - ok
22:24:33.0976 0604 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\windows\system32\pnrpsvc.dll
22:24:34.0008 0604 PNRPsvc - ok
22:24:34.0054 0604 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\windows\System32\ipsecsvc.dll
22:24:34.0179 0604 PolicyAgent - ok
22:24:34.0226 0604 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\windows\system32\umpo.dll
22:24:34.0320 0604 Power - ok
22:24:34.0382 0604 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys
22:24:34.0460 0604 PptpMiniport - ok
22:24:34.0491 0604 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\windows\system32\DRIVERS\processr.sys
22:24:34.0538 0604 Processor - ok
22:24:34.0569 0604 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\windows\system32\profsvc.dll
22:24:34.0632 0604 ProfSvc - ok
22:24:34.0663 0604 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\windows\system32\lsass.exe
22:24:34.0678 0604 ProtectedStorage - ok
22:24:34.0741 0604 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\windows\system32\DRIVERS\pacer.sys
22:24:34.0834 0604 Psched - ok
22:24:34.0897 0604 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\windows\system32\DRIVERS\ql2300.sys
22:24:35.0006 0604 ql2300 - ok
22:24:35.0037 0604 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\windows\system32\DRIVERS\ql40xx.sys
22:24:35.0084 0604 ql40xx - ok
22:24:35.0115 0604 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\windows\system32\qwave.dll
22:24:35.0178 0604 QWAVE - ok
22:24:35.0193 0604 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\windows\system32\drivers\qwavedrv.sys
22:24:35.0240 0604 QWAVEdrv - ok
22:24:35.0256 0604 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys
22:24:35.0334 0604 RasAcd - ok
22:24:35.0380 0604 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\windows\system32\DRIVERS\AgileVpn.sys
22:24:35.0458 0604 RasAgileVpn - ok
22:24:35.0490 0604 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\windows\System32\rasauto.dll
22:24:35.0583 0604 RasAuto - ok
22:24:35.0614 0604 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys
22:24:35.0708 0604 Rasl2tp - ok
22:24:35.0755 0604 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\windows\System32\rasmans.dll
22:24:35.0880 0604 RasMan - ok
22:24:35.0926 0604 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys
22:24:36.0020 0604 RasPppoe - ok
22:24:36.0036 0604 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\windows\system32\DRIVERS\rassstp.sys
22:24:36.0129 0604 RasSstp - ok
22:24:36.0160 0604 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\windows\system32\DRIVERS\rdbss.sys
22:24:36.0254 0604 rdbss - ok
22:24:36.0270 0604 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\windows\system32\DRIVERS\rdpbus.sys
22:24:36.0301 0604 rdpbus - ok
22:24:36.0316 0604 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys
22:24:36.0410 0604 RDPCDD - ok
22:24:36.0426 0604 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\windows\system32\drivers\rdpencdd.sys
22:24:36.0504 0604 RDPENCDD - ok
22:24:36.0535 0604 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\windows\system32\drivers\rdprefmp.sys
22:24:36.0613 0604 RDPREFMP - ok
22:24:36.0644 0604 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\windows\system32\drivers\RDPWD.sys
22:24:36.0675 0604 RDPWD - ok
22:24:36.0738 0604 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\windows\system32\drivers\rdyboost.sys
22:24:36.0769 0604 rdyboost - ok
22:24:36.0784 0604 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\windows\System32\mprdim.dll
22:24:36.0894 0604 RemoteAccess - ok
22:24:36.0925 0604 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\windows\system32\regsvc.dll
22:24:37.0018 0604 RemoteRegistry - ok
22:24:37.0081 0604 [ F85AE59A52885F4B09AADAFB23001A3B ] Rezip C:\windows\SysWOW64\Rezip.exe
22:24:37.0112 0604 Rezip ( UnsignedFile.Multi.Generic ) - warning
22:24:37.0112 0604 Rezip - detected UnsignedFile.Multi.Generic (1)
22:24:37.0159 0604 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\windows\system32\DRIVERS\rfcomm.sys
22:24:37.0221 0604 RFCOMM - ok
22:24:37.0284 0604 [ 7CCAEBCAB6FC1ED0206C07E083E79207 ] RichVideo C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
22:24:37.0299 0604 RichVideo - ok
22:24:37.0330 0604 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\windows\System32\RpcEpMap.dll
22:24:37.0424 0604 RpcEptMapper - ok
22:24:37.0455 0604 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\windows\system32\locator.exe
22:24:37.0486 0604 RpcLocator - ok
22:24:37.0533 0604 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\windows\system32\rpcss.dll
22:24:37.0611 0604 RpcSs - ok
22:24:37.0642 0604 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\windows\system32\DRIVERS\rspndr.sys
22:24:37.0720 0604 rspndr - ok
22:24:37.0752 0604 [ BAEFEE35D27A5440D35092CE10267BEC ] RTL8167 C:\windows\system32\DRIVERS\Rt64win7.sys
22:24:37.0783 0604 RTL8167 - ok
22:24:37.0861 0604 [ 4CA0DBA9E224473D664C25E411F5A3BD ] rtport C:\windows\SysWOW64\drivers\rtport.sys
22:24:37.0876 0604 rtport - ok
22:24:37.0923 0604 [ 62DB6CC4B0818F1B5F3441241B098F12 ] SABI C:\windows\system32\Drivers\SABI.sys
22:24:37.0954 0604 SABI - ok
22:24:37.0970 0604 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\windows\system32\lsass.exe
22:24:38.0001 0604 SamSs - ok
22:24:38.0032 0604 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\windows\system32\drivers\sbp2port.sys
22:24:38.0064 0604 sbp2port - ok
22:24:38.0095 0604 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\windows\System32\SCardSvr.dll
22:24:38.0188 0604 SCardSvr - ok
22:24:38.0235 0604 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\windows\system32\DRIVERS\scfilter.sys
22:24:38.0329 0604 scfilter - ok
22:24:38.0391 0604 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\windows\system32\schedsvc.dll
22:24:38.0532 0604 Schedule - ok
22:24:38.0563 0604 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\windows\System32\certprop.dll
22:24:38.0625 0604 SCPolicySvc - ok
22:24:38.0656 0604 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\windows\System32\SDRSVC.dll
22:24:38.0719 0604 SDRSVC - ok
22:24:38.0766 0604 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\windows\system32\drivers\secdrv.sys
22:24:38.0859 0604 secdrv - ok
22:24:38.0890 0604 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\windows\system32\seclogon.dll
22:24:38.0953 0604 seclogon - ok
22:24:39.0000 0604 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\windows\System32\sens.dll
22:24:39.0093 0604 SENS - ok
22:24:39.0109 0604 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\windows\system32\sensrsvc.dll
22:24:39.0187 0604 SensrSvc - ok
22:24:39.0234 0604 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\windows\system32\DRIVERS\serenum.sys
22:24:39.0296 0604 Serenum - ok
22:24:39.0312 0604 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\windows\system32\DRIVERS\serial.sys
22:24:39.0358 0604 Serial - ok
22:24:39.0405 0604 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\windows\system32\DRIVERS\sermouse.sys
22:24:39.0436 0604 sermouse - ok
22:24:39.0483 0604 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\windows\system32\sessenv.dll
22:24:39.0592 0604 SessionEnv - ok
22:24:39.0639 0604 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\windows\system32\drivers\sffdisk.sys
22:24:39.0686 0604 sffdisk - ok
22:24:39.0702 0604 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\windows\system32\drivers\sffp_mmc.sys
22:24:39.0733 0604 sffp_mmc - ok
22:24:39.0748 0604 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\windows\system32\drivers\sffp_sd.sys
22:24:39.0795 0604 sffp_sd - ok
22:24:39.0826 0604 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\windows\system32\DRIVERS\sfloppy.sys
22:24:39.0873 0604 sfloppy - ok
22:24:39.0936 0604 [ C6CC9297BD53E5229653303E556AA539 ] Sftfs C:\windows\system32\DRIVERS\Sftfslh.sys
22:24:39.0982 0604 Sftfs - ok
22:24:40.0060 0604 [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
22:24:40.0092 0604 sftlist - ok
22:24:40.0107 0604 [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay C:\windows\system32\DRIVERS\Sftplaylh.sys
22:24:40.0138 0604 Sftplay - ok
22:24:40.0170 0604 [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir C:\windows\system32\DRIVERS\Sftredirlh.sys
22:24:40.0201 0604 Sftredir - ok
22:24:40.0232 0604 [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol C:\windows\system32\DRIVERS\Sftvollh.sys
22:24:40.0263 0604 Sftvol - ok
22:24:40.0279 0604 [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
22:24:40.0310 0604 sftvsa - ok
22:24:40.0341 0604 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\windows\System32\ipnathlp.dll
22:24:40.0450 0604 SharedAccess - ok
22:24:40.0497 0604 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\windows\System32\shsvcs.dll
22:24:40.0591 0604 ShellHWDetection - ok
22:24:40.0622 0604 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\windows\system32\DRIVERS\SiSRaid2.sys
22:24:40.0638 0604 SiSRaid2 - ok
22:24:40.0653 0604 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\windows\system32\DRIVERS\sisraid4.sys
22:24:40.0669 0604 SiSRaid4 - ok
22:24:40.0747 0604 [ A4FAB5F7818A69DA6E740943CB8F7CA9 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
22:24:40.0840 0604 SkypeUpdate - ok
22:24:40.0856 0604 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\windows\system32\DRIVERS\smb.sys
22:24:40.0950 0604 Smb - ok
22:24:40.0996 0604 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\windows\System32\snmptrap.exe
22:24:41.0043 0604 SNMPTRAP - ok
22:24:41.0074 0604 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\windows\system32\drivers\spldr.sys
22:24:41.0106 0604 spldr - ok
22:24:41.0137 0604 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\windows\System32\spoolsv.exe
22:24:41.0199 0604 Spooler - ok
22:24:41.0293 0604 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\windows\system32\sppsvc.exe
22:24:41.0449 0604 sppsvc - ok
22:24:41.0480 0604 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\windows\system32\sppuinotify.dll
22:24:41.0558 0604 sppuinotify - ok
22:24:41.0605 0604 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\windows\system32\DRIVERS\srv.sys
22:24:41.0652 0604 srv - ok
22:24:41.0667 0604 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\windows\system32\DRIVERS\srv2.sys
22:24:41.0714 0604 srv2 - ok
22:24:41.0730 0604 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\windows\system32\DRIVERS\srvnet.sys
22:24:41.0761 0604 srvnet - ok
22:24:41.0792 0604 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\windows\System32\ssdpsrv.dll
22:24:41.0886 0604 SSDPSRV - ok
22:24:41.0901 0604 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\windows\system32\sstpsvc.dll
22:24:41.0995 0604 SstpSvc - ok
22:24:42.0026 0604 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\windows\system32\DRIVERS\stexstor.sys
22:24:42.0042 0604 stexstor - ok
22:24:42.0104 0604 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\windows\System32\wiaservc.dll
22:24:42.0182 0604 stisvc - ok
22:24:42.0198 0604 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\windows\system32\drivers\swenum.sys
22:24:42.0229 0604 swenum - ok
22:24:42.0260 0604 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\windows\System32\swprv.dll
22:24:42.0369 0604 swprv - ok
22:24:42.0432 0604 [ 3C80203C725C28CEA5713D1AB242880A ] SynTP C:\windows\system32\DRIVERS\SynTP.sys
22:24:42.0463 0604 SynTP - ok
22:24:42.0541 0604 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\windows\system32\sysmain.dll
22:24:42.0650 0604 SysMain - ok
22:24:42.0681 0604 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\windows\System32\TabSvc.dll
22:24:42.0759 0604 TabletInputService - ok
22:24:42.0790 0604 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\windows\System32\tapisrv.dll
22:24:42.0915 0604 TapiSrv - ok
22:24:42.0946 0604 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\windows\System32\tbssvc.dll
22:24:43.0040 0604 TBS - ok
22:24:43.0118 0604 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\windows\system32\drivers\tcpip.sys
22:24:43.0258 0604 Tcpip - ok
22:24:43.0305 0604 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\windows\system32\DRIVERS\tcpip.sys
22:24:43.0383 0604 TCPIP6 - ok
22:24:43.0430 0604 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\windows\system32\drivers\tcpipreg.sys
22:24:43.0461 0604 tcpipreg - ok
22:24:43.0492 0604 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\windows\system32\drivers\tdpipe.sys
22:24:43.0539 0604 TDPIPE - ok
22:24:43.0570 0604 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\windows\system32\drivers\tdtcp.sys
22:24:43.0602 0604 TDTCP - ok
22:24:43.0633 0604 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\windows\system32\DRIVERS\tdx.sys
22:24:43.0726 0604 tdx - ok
22:24:43.0773 0604 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\windows\system32\drivers\termdd.sys
22:24:43.0804 0604 TermDD - ok
22:24:43.0867 0604 [ 2E648163254233755035B46DD7B89123 ] TermService C:\windows\System32\termsrv.dll
22:24:43.0976 0604 TermService - ok
22:24:44.0007 0604 [ F0344071948D1A1FA732231785A0664C ] Themes C:\windows\system32\themeservice.dll
22:24:44.0070 0604 Themes - ok
22:24:44.0101 0604 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\windows\system32\mmcss.dll
22:24:44.0179 0604 THREADORDER - ok
22:24:44.0179 0604 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\windows\System32\trkwks.dll
22:24:44.0288 0604 TrkWks - ok
22:24:44.0335 0604 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
22:24:44.0413 0604 TrustedInstaller - ok
22:24:44.0444 0604 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\windows\system32\DRIVERS\tssecsrv.sys
22:24:44.0553 0604 tssecsrv - ok
22:24:44.0600 0604 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\windows\system32\drivers\tsusbflt.sys
22:24:44.0647 0604 TsUsbFlt - ok
22:24:44.0694 0604 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\windows\system32\DRIVERS\tunnel.sys
22:24:44.0787 0604 tunnel - ok
22:24:44.0818 0604 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\windows\system32\DRIVERS\uagp35.sys
22:24:44.0850 0604 uagp35 - ok
22:24:44.0881 0604 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\windows\system32\DRIVERS\udfs.sys
22:24:44.0974 0604 udfs - ok
22:24:45.0006 0604 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\windows\system32\UI0Detect.exe
22:24:45.0052 0604 UI0Detect - ok
22:24:45.0068 0604 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\windows\system32\drivers\uliagpkx.sys
22:24:45.0084 0604 uliagpkx - ok
22:24:45.0099 0604 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\windows\system32\drivers\umbus.sys
22:24:45.0130 0604 umbus - ok
22:24:45.0177 0604 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\windows\system32\DRIVERS\umpass.sys
22:24:45.0224 0604 UmPass - ok
22:24:45.0271 0604 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\windows\System32\upnphost.dll
22:24:45.0396 0604 upnphost - ok
22:24:45.0442 0604 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\windows\system32\DRIVERS\usbccgp.sys
22:24:45.0489 0604 usbccgp - ok
22:24:45.0536 0604 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\windows\system32\drivers\usbcir.sys
22:24:45.0583 0604 usbcir - ok
22:24:45.0630 0604 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\windows\system32\drivers\usbehci.sys
22:24:45.0661 0604 usbehci - ok
22:24:45.0692 0604 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\windows\system32\DRIVERS\usbhub.sys
22:24:45.0708 0604 usbhub - ok
22:24:45.0754 0604 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\windows\system32\drivers\usbohci.sys
22:24:45.0786 0604 usbohci - ok
22:24:45.0801 0604 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\windows\system32\DRIVERS\usbprint.sys
22:24:45.0848 0604 usbprint - ok
22:24:45.0864 0604 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\windows\system32\DRIVERS\USBSTOR.SYS
22:24:45.0926 0604 USBSTOR - ok
22:24:45.0942 0604 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\windows\system32\drivers\usbuhci.sys
22:24:45.0957 0604 usbuhci - ok
22:24:46.0004 0604 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\windows\System32\Drivers\usbvideo.sys
22:24:46.0051 0604 usbvideo - ok
22:24:46.0082 0604 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\windows\System32\uxsms.dll
22:24:46.0191 0604 UxSms - ok
22:24:46.0207 0604 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\windows\system32\lsass.exe
22:24:46.0222 0604 VaultSvc - ok
22:24:46.0254 0604 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\windows\system32\drivers\vdrvroot.sys
22:24:46.0285 0604 vdrvroot - ok
22:24:46.0332 0604 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\windows\System32\vds.exe
22:24:46.0441 0604 vds - ok
22:24:46.0488 0604 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\windows\system32\DRIVERS\vgapnp.sys
22:24:46.0519 0604 vga - ok
22:24:46.0550 0604 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\windows\System32\drivers\vga.sys
22:24:46.0628 0604 VgaSave - ok
22:24:46.0659 0604 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\windows\system32\drivers\vhdmp.sys
22:24:46.0706 0604 vhdmp - ok
22:24:46.0753 0604 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\windows\system32\drivers\viaide.sys
22:24:46.0768 0604 viaide - ok
22:24:46.0800 0604 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\windows\system32\drivers\volmgr.sys
22:24:46.0815 0604 volmgr - ok
22:24:46.0846 0604 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\windows\system32\drivers\volmgrx.sys
22:24:46.0909 0604 volmgrx - ok
22:24:46.0924 0604 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\windows\system32\drivers\volsnap.sys
22:24:46.0971 0604 volsnap - ok
22:24:47.0002 0604 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\windows\system32\DRIVERS\vsmraid.sys
22:24:47.0034 0604 vsmraid - ok
22:24:47.0112 0604 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\windows\system32\vssvc.exe
22:24:47.0268 0604 VSS - ok
22:24:47.0283 0604 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\windows\system32\DRIVERS\vwifibus.sys
22:24:47.0314 0604 vwifibus - ok
22:24:47.0346 0604 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\windows\system32\DRIVERS\vwififlt.sys
22:24:47.0408 0604 vwififlt - ok
22:24:47.0439 0604 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\windows\system32\w32time.dll
22:24:47.0564 0604 W32Time - ok
22:24:47.0580 0604 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\windows\system32\DRIVERS\wacompen.sys
22:24:47.0626 0604 WacomPen - ok
22:24:47.0673 0604 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\windows\system32\DRIVERS\wanarp.sys
22:24:47.0751 0604 WANARP - ok
22:24:47.0782 0604 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\windows\system32\DRIVERS\wanarp.sys
22:24:47.0845 0604 Wanarpv6 - ok
22:24:47.0923 0604 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\windows\system32\wbengine.exe
22:24:48.0032 0604 wbengine - ok
22:24:48.0063 0604 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\windows\System32\wbiosrvc.dll
22:24:48.0110 0604 WbioSrvc - ok
22:24:48.0141 0604 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\windows\System32\wcncsvc.dll
22:24:48.0204 0604 wcncsvc - ok
22:24:48.0204 0604 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
22:24:48.0250 0604 WcsPlugInService - ok
22:24:48.0282 0604 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\windows\system32\DRIVERS\wd.sys
22:24:48.0297 0604 Wd - ok
22:24:48.0344 0604 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\windows\system32\drivers\Wdf01000.sys
22:24:48.0391 0604 Wdf01000 - ok
22:24:48.0406 0604 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\windows\system32\wdi.dll
22:24:48.0500 0604 WdiServiceHost - ok
22:24:48.0500 0604 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\windows\system32\wdi.dll
22:24:48.0547 0604 WdiSystemHost - ok
22:24:48.0594 0604 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\windows\System32\webclnt.dll
22:24:48.0656 0604 WebClient - ok
22:24:48.0687 0604 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\windows\system32\wecsvc.dll
22:24:48.0781 0604 Wecsvc - ok
22:24:48.0781 0604 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\windows\System32\wercplsupport.dll
22:24:48.0890 0604 wercplsupport - ok
22:24:48.0906 0604 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\windows\System32\WerSvc.dll
22:24:49.0015 0604 WerSvc - ok
22:24:49.0030 0604 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\windows\system32\DRIVERS\wfplwf.sys
22:24:49.0108 0604 WfpLwf - ok
22:24:49.0124 0604 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\windows\system32\drivers\wimmount.sys
22:24:49.0140 0604 WIMMount - ok
22:24:49.0171 0604 WinDefend - ok
22:24:49.0171 0604 WinHttpAutoProxySvc - ok
22:24:49.0233 0604 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\windows\system32\wbem\WMIsvc.dll
22:24:49.0311 0604 Winmgmt - ok
22:24:49.0389 0604 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\windows\system32\WsmSvc.dll
22:24:49.0561 0604 WinRM - ok
22:24:49.0639 0604 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\windows\system32\DRIVERS\WinUsb.sys
22:24:49.0670 0604 WinUsb - ok
22:24:49.0717 0604 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\windows\System32\wlansvc.dll
22:24:49.0779 0604 Wlansvc - ok
22:24:49.0888 0604 [ 98F138897EF4246381D197CB81846D62 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
22:24:50.0013 0604 wlidsvc - ok
22:24:50.0060 0604 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\windows\system32\drivers\wmiacpi.sys
22:24:50.0091 0604 WmiAcpi - ok
22:24:50.0107 0604 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\windows\system32\wbem\WmiApSrv.exe
22:24:50.0154 0604 wmiApSrv - ok
22:24:50.0200 0604 WMPNetworkSvc - ok
22:24:50.0232 0604 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\windows\System32\wpcsvc.dll
22:24:50.0263 0604 WPCSvc - ok
22:24:50.0294 0604 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\windows\system32\wpdbusenum.dll
22:24:50.0341 0604 WPDBusEnum - ok
22:24:50.0388 0604 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\windows\system32\drivers\ws2ifsl.sys
22:24:50.0481 0604 ws2ifsl - ok
22:24:50.0512 0604 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\windows\System32\wscsvc.dll
22:24:50.0575 0604 wscsvc - ok
22:24:50.0575 0604 WSearch - ok
22:24:50.0653 0604 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\windows\system32\wuaueng.dll
22:24:50.0793 0604 wuauserv - ok
22:24:50.0824 0604 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\windows\system32\drivers\WudfPf.sys
22:24:50.0871 0604 WudfPf - ok
22:24:50.0902 0604 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\windows\system32\DRIVERS\WUDFRd.sys
22:24:50.0934 0604 WUDFRd - ok
22:24:50.0965 0604 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\windows\System32\WUDFSvc.dll
22:24:51.0012 0604 wudfsvc - ok
22:24:51.0043 0604 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\windows\System32\wwansvc.dll
22:24:51.0121 0604 WwanSvc - ok
22:24:51.0168 0604 [ 64F88AF327AA74E03658AE32B48CCB8B ] yukonw7 C:\windows\system32\DRIVERS\yk62x64.sys
22:24:51.0214 0604 yukonw7 - ok
22:24:51.0246 0604 ================ Scan global ===============================
22:24:51.0277 0604 [ BA0CD8C393E8C9F83354106093832C7B ] C:\windows\system32\basesrv.dll
22:24:51.0308 0604 [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\windows\system32\winsrv.dll
22:24:51.0339 0604 [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\windows\system32\winsrv.dll
22:24:51.0370 0604 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\windows\system32\sxssrv.dll
22:24:51.0402 0604 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\windows\system32\services.exe
22:24:51.0433 0604 [Global] - ok
22:24:51.0433 0604 ================ Scan MBR ==================================
22:24:51.0448 0604 [ 2E5DEBB2116B3417023E0D6562D7ED07 ] \Device\Harddisk0\DR0
22:24:52.0026 0604 \Device\Harddisk0\DR0 - ok
22:24:52.0026 0604 ================ Scan VBR ==================================
22:24:52.0026 0604 [ 377D7E08FDF136635779511095F2CA43 ] \Device\Harddisk0\DR0\Partition1
22:24:52.0026 0604 \Device\Harddisk0\DR0\Partition1 - ok
22:24:52.0057 0604 [ 3069FB983A4801A399A31386BA809A9B ] \Device\Harddisk0\DR0\Partition2
22:24:52.0057 0604 \Device\Harddisk0\DR0\Partition2 - ok
22:24:52.0072 0604 [ 81A569E96B7FF1D49D02F20C43D90D96 ] \Device\Harddisk0\DR0\Partition3
22:24:52.0088 0604 \Device\Harddisk0\DR0\Partition3 - ok
22:24:52.0088 0604 ============================================================
22:24:52.0088 0604 Scan finished
22:24:52.0088 0604 ============================================================
22:24:52.0104 2380 Detected object count: 1
22:24:52.0104 2380 Actual detected object count: 1
22:25:03.0663 2380 Rezip ( UnsignedFile.Multi.Generic ) - skipped by user
22:25:03.0663 2380 Rezip ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
31.01.2013, 14:27
| #7 |
| /// Malware-holic | TR/Matsnu.EB.98 in C:\Users\marijke\Downloads\Daten_23.01.2013.zip öffne mal bitte avira, Verwaltung, Quarantäne, poste alle Fundmeldungen mit Pfadangabe
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
31.01.2013, 22:18
| #8 |
| | TR/Matsnu.EB.98 in C:\Users\marijke\Downloads\Daten_23.01.2013.zipCode:
ATTFilter
Typ: Datei
Quelle: C:\Users\marijke\Downloads\Daten_23.01.2013.zip
Status: Infiziert
Quarantäne-Objekt: 54eaa286.qua
Wiederhergestellt: NEIN
Zu Avira hochgeladen: JA
Betriebssystem: Windows XP/VISTA Workstation/Windows 7
Suchengine: 8.02.10.236
Virendefinitionsdatei: 7.11.58.126
Meldung: TR/Matsnu.EB.98
Datum/Uhrzeit: 24.01.2013, 13:34
|
|
02.02.2013, 20:22
| #9 |
| /// Malware-holic | TR/Matsnu.EB.98 in C:\Users\marijke\Downloads\Daten_23.01.2013.zip glück gehabt. avira hat das Teil in der infizierten Zip erkannt. lade den CCleaner standard: CCleaner - Download - Filepony falls der CCleaner bereits instaliert, überspringen. öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
03.02.2013, 14:28
| #10 |
| | TR/Matsnu.EB.98 in C:\Users\marijke\Downloads\Daten_23.01.2013.zipCode:
ATTFilter Aangifte voor buitenlandse belastingplichtigen 2011 Belastingdienst 28.02.2012 notwendig Adobe Flash Player 10 ActiveX Adobe Systems Incorporated 04.08.2010 10.0.42.34 notwendig Adobe Flash Player 11 Plugin Adobe Systems Incorporated 29.12.2012 6,00MB 11.5.502.135 notwendig Adobe Reader XI - Deutsch Adobe Systems Incorporated 27.12.2012 127MB 11.0.00 notwendig Anno 1701 Sunflowers 31.12.2011 1.02 notwendig Atheros Client Installation Program Atheros 04.08.2010 1.0.5.0621 unbekannt AudibleManager Audible, Inc. 27.09.2012 2002992366.48.56.36441322 unbekannt Avira Free Antivirus Avira 14.11.2012 108MB 12.1.9.1236 notwendig BatteryLifeExtender Samsung 04.08.2010 31,5MB 1.0.5 unbekannt CCleaner Piriform 23.01.2013 3.27 notwendig Citrix Online Plug-in - Web Citrix Systems, Inc. 10.01.2012 12.0.0.6410 unbekannt CyberLink DVD Suite CyberLink Corp. 04.08.2010 15,1MB 6.0.2806 unbekannt CyberLink LabelPrint CyberLink Corp. 04.08.2010 163MB 2.5.1916 unbekannt CyberLink Power2Go CyberLink Corp. 04.08.2010 120MB 6.0.3108a unbekannt CyberLink PowerDirector CyberLink Corp. 04.08.2010 367MB 7.0.3213 unbekannt CyberLink PowerDVD 8 CyberLink Corp. 04.08.2010 91,3MB 8.0.2815b unbekannt CyberLink PowerProducer CyberLink Corp. 04.08.2010 297MB 5.0.1.1812 unbekannt CyberLink YouCam CyberLink Corp. 19.04.2011 77,2MB 2.0.3911 unbekannt dm-Fotowelt CEWE COLOR AG u Co. OHG 02.02.2013 345MB 5.0.1 notwendig Dropbox Dropbox, Inc. 26.01.2013 1.6.16 notwendig Easy Display Manager Samsung Electronics Co., Ltd. 04.08.2010 3.2 unbekannt Easy Network Manager Samsung 04.08.2010 34,9MB 4.3.3 unbekannt Easy SpeedUp Manager Samsung Electronics Co.,Ltd. 04.08.2010 3.0.0.5 unbekannt EasyBatteryManager Samsung 04.08.2010 4.0.0.4 unbekannt Free FLV Converter V 7.0.0 Koyote Soft 08.09.2011 15,9MB 7.0.0.0 unbekannt Huur- en zorgtoeslag 2011 Belastingdienst 25.08.2011 notwendig Intel(R) PROSet/Wireless WiFi Software Intel Corporation 04.08.2010 20,7MB 13.02.0000 unbekannt Intel(R) Rapid Storage Technology Intel Corporation 03.02.2013 9.6.3.1001 unbekannt Intel(R) Turbo Boost Technology Driver Intel Corporation 04.08.2010 01.02.00.1002 unbekannt Java(TM) 6 Update 37 Oracle 06.10.2012 95,7MB 6.0.370 notwendig Malwarebytes Anti-Malware Version 1.70.0.1100 Malwarebytes Corporation 27.01.2013 18,4MB 1.70.0.1100 notwendig Marvell Miniport Driver Marvell 04.08.2010 11.22.3.3 unbekannt Microsoft .NET Framework 4 Client Profile Microsoft Corporation 02.05.2011 38,8MB 4.0.30319 unbekannt Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 02.05.2011 2,93MB 4.0.30319 unbekannt Microsoft Office 2010 Microsoft Corporation 04.08.2010 6,31MB 14.0.4763.1000 notwendig Microsoft Office Klick-und-Los 2010 Microsoft Corporation 21.04.2011 14.0.4763.1000 notwendig Microsoft Office Starter 2010 - Deutsch Microsoft Corporation 21.04.2011 14.0.4763.1000 notwendig Microsoft Silverlight Microsoft Corporation 12.05.2012 50,6MB 5.1.10411.0 unbekannt Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 19.04.2011 1,72MB 3.1.0000 unbekannt Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Corporation 01.05.2011 252KB 8.0.50727.4053 unbekannt Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 16.06.2011 300KB 8.0.61001 unbekannt Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 Microsoft Corporation 30.08.2011 244KB 9.0.30729 unbekannt Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 10.08.2011 594KB 9.0.30729.4148 unbekannt Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 10.08.2011 600KB 9.0.30729.6161 unbekannt Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 11.02.2012 16,5MB 10.0.40219 unbekannt Miniplan 3.1.5 LucaNet AG 17.10.2012 3.1.5 notwendig Mozilla Firefox 18.0.1 (x86 de) Mozilla 19.01.2013 46,2MB 18.0.1 notwendig Mozilla Maintenance Service Mozilla 19.01.2013 330KB 18.0.1 unbekannt NVIDIA Drivers NVIDIA Corporation 04.08.2010 1.4 notwendig Radmin Viewer 3.4 Famatech 02.06.2011 8,58MB 3.41.0000 unbekannt RealPlayer RealNetworks 20.03.2012 notwendig Realtek High Definition Audio Driver Realtek Semiconductor Corp. 04.08.2010 6.0.1.6003 notwendig REALTEK Wireless LAN Software REALTEK Semiconductor Corp. 04.08.2010 0133.09.1202 notwendig Samsung R-Series Samsung 19.04.2011 24,2MB 1.0 notwendig Samsung Recovery Solution 4 Samsung 04.08.2010 4.0.0.6 notwendig Samsung Support Center Samsung 04.08.2010 45,8MB 1.0.2 notwendig Samsung Update Plus Samsung Electronics Co., Ltd. 04.08.2010 2.0 notwendig Skype Toolbars Skype Technologies S.A. 04.08.2010 5,36MB 1.0.4051 unnötig Skype™ 6.0 Skype Technologies S.A. 05.12.2012 20,3MB 6.0.126 notwendig SopCast 3.4.0 www.sopcast.com 13.09.2011 3.4.0 notwendig Synaptics Pointing Device Driver Synaptics Incorporated 04.08.2010 15.0.10.0 unbekannt User Guide 04.08.2010 1.0 unbekannt VLC media player 1.1.11 VideoLAN 27.08.2011 1.1.11 notwendig Windows Live Essentials Microsoft Corporation 19.04.2011 14.0.8117.0416 unbekannt Windows Live ID Sign-in Assistant Microsoft Corporation 04.08.2010 10,0MB 6.500.3165.0 unbekannt Windows Live Sync Microsoft Corporation 19.04.2011 2,79MB 14.0.8117.416 unbekannt Windows Live-Uploadtool Microsoft Corporation 19.04.2011 224KB 14.0.8014.1029 unbekannt WISO Steuer 2011 Buhl Data Service GmbH 31.03.2012 18.00.6928 notwendig |
|
04.02.2013, 11:11
| #11 |
| /// Malware-holic | TR/Matsnu.EB.98 in C:\Users\marijke\Downloads\Daten_23.01.2013.zip deinstaliere: Adobe Flash Player alle Adobe - Adobe Flash Player installieren neueste version laden, instalieren. adobe reader: Adobe - Adobe Reader herunterladen - Alle Versionen haken bei mcafee security scan raus nehmen bitte auch mal den adobe reader wie folgt konfigurieren: adobe reader öffnen, bearbeiten, voreinstellungen. allgemein: nur zertifizierte zusatz module verwenden, anhaken. internet: hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc. es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht. bei javascript den haken bei java script verwenden raus nehmen bei updater, automatisch instalieren wählen. übernehmen /ok deinstaliere: AudibleManager Free FLV Java downloade Java jre: Java-Downloads für alle Betriebssysteme klicke: Download der Java-Software für Windows Offline laden, und instalieren deinstaliere: Radmin Viewer Skype Toolbars Windows Live : alle von dir nicht benötigten Öffne CCleaner, analysieren, starten, PC neustarten. Downloade Dir bitte AdwCleaner auf deinen Desktop.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
04.02.2013, 23:16
| #12 |
| | TR/Matsnu.EB.98 in C:\Users\marijke\Downloads\Daten_23.01.2013.zipCode:
ATTFilter # AdwCleaner v2.110 - Datei am 04/02/2013 um 23:14:07 erstellt
# Aktualisiert am 03/02/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : marijke - MARIJKE-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\marijke\Downloads\adwcleaner.exe
# Option [Suche]
**** [Dienste] ****
***** [Dateien / Ordner] *****
***** [Registrierungsdatenbank] *****
***** [Internet Browser] *****
-\\ Internet Explorer v8.0.7601.17514
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v18.0.1 (de)
Datei : C:\Users\marijke\AppData\Roaming\Mozilla\Firefox\Profiles\g5vsxj7g.default\prefs.js
Gefunden : user_pref("extensions.enabledAddons", "DivXWebPlayer%40divx.com:2.0.2.039,groovesharkUnlocker%40over[...]
-\\ Google Chrome v [Version kann nicht ermittelt werden]
Datei : C:\Users\marijke\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
*************************
AdwCleaner[R1].txt - [1000 octets] - [04/02/2013 23:14:07]
########## EOF - C:\AdwCleaner[R1].txt - [1060 octets] ##########
|
|
05.02.2013, 14:44
| #13 |
| /// Malware-holic | TR/Matsnu.EB.98 in C:\Users\marijke\Downloads\Daten_23.01.2013.zip Downloade Dir bitte  AdwCleaner auf deinen Desktop.
neustarten, testen, wie PC + Programme wie Browser laufen
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
06.02.2013, 01:31
| #14 |
| | TR/Matsnu.EB.98 in C:\Users\marijke\Downloads\Daten_23.01.2013.zipCode:
ATTFilter # AdwCleaner v2.111 - Datei am 06/02/2013 um 01:27:52 erstellt
# Aktualisiert am 05/02/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : marijke - MARIJKE-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\marijke\Downloads\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
***** [Registrierungsdatenbank] *****
***** [Internet Browser] *****
-\\ Internet Explorer v8.0.7601.17514
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v18.0.1 (de)
Datei : C:\Users\marijke\AppData\Roaming\Mozilla\Firefox\Profiles\g5vsxj7g.default\prefs.js
Gelöscht : user_pref("extensions.enabledAddons", "DivXWebPlayer%40divx.com:2.0.2.039,groovesharkUnlocker%40over[...]
-\\ Google Chrome v [Version kann nicht ermittelt werden]
Datei : C:\Users\marijke\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
*************************
AdwCleaner[R1].txt - [1129 octets] - [04/02/2013 23:14:07]
AdwCleaner[S1].txt - [1062 octets] - [06/02/2013 01:27:52]
########## EOF - C:\AdwCleaner[S1].txt - [1122 octets] ##########
|
|
06.02.2013, 12:05
| #15 |
| /// Malware-holic | TR/Matsnu.EB.98 in C:\Users\marijke\Downloads\Daten_23.01.2013.zip Teste bitte, wie PC + Programme wie Browser laufen.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
| Themen zu TR/Matsnu.EB.98 in C:\Users\marijke\Downloads\Daten_23.01.2013.zip |
| antivir, befindet, datei, daten, downloads, hallo zusammen, infizierte, infizierte datei, laufe, laufen, programm, quarantäne, reinigen, troja, users, zusammen, öffnen |
Linear-Darstellung
