| |
| |||||||
Log-Analyse und Auswertung: T-mobile MMS {SYMBOL}_foto.zip "HIDDENEXT/Worm.Gen" Avira Archiv geöffnet...Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
18.02.2013, 17:59
| #1 |
 |  T-mobile MMS {SYMBOL}_foto.zip "HIDDENEXT/Worm.Gen" Avira Archiv geöffnet... Hallo Helfer, der PC wird geschäftlich genutzt (von meiner Frau Mediendesign Einzel -Klein- unternehmen) natürlich werde ich mich bei Euch per Spende bedanken. Ich bin nicht der Benutzer an diesem Rechner. Und werde erst am WE wieder davor sitzen. Die folgende eMail wurde geöffnet und danach endgültig gelöscht. Da ich nen CatchAll Account für betreffende Domain hab, habe ich 4 von diesen eMail erhalten (1&1 Webmailer) und noch nicht gelöscht, (unwahrscheinlich) aber evtl. hat meine Frau eine andere eMail erhalten. Absendername: T-mobile eMail: online@t-mobile.de Betreff: MMS Nachricht Inhalt: Handynummer (verschiedene, je Mail) Anhang: Part_1.2.html (Inhalt T-mobile Logo + Handynummer) {SYBOL}_foto.zip (wurde geöffnet) Diese eMail erhielt meine Frau 2x am 11.02.2013 eine ca. 11:00 die 2. ca. 17:00 OS Win7 Prof 64bit, MailClient Outlook 2010, Virus Avira FreeAV Bei einer dieser Mails wurde die zip Datei geöffnet, die bekannte Warnmeldung (Windows) wurde ignoriert. Danach passierte jedoch (scheinbar) nichts. Avira hat nichts erkannt (an diesem Tag per on Access und Vollständige System Scans ca. am 13.02. und am 16.02.) Symptome: - IMHO hat der PC recht oft Webseiten erst beim 2. Anlauf geöffnet. - einmal hat er sich beim abmelden aufgehängt schwarzer Bildschirm und lt. Switch Datenverkehr es waren nur NAS, Fritzbox und dieser PC verbunden. Leider bin ich unter der Woche nicht zu hause, kann aber evtl. per Fernzugriff auf den Rechner (ich hab mal in der EDV Branche gearbeitet..) Die Logs habe ich als anderer Benutzer als meine Frau generiert (als Hauptbenutzer) ,wenn gefordert habe ich das Programm mit Adminrecht gestartet. 1 mal ist GMER abgestürzt, hab es nach Neustart nochmal gestartet (ohne defogger und OTL  )Hier die obligatorischen Logs: OTL Code:
ATTFilter OTL logfile created on: 17.02.2013 17:13:34 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Omm\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,94 Gb Total Physical Memory | 6,73 Gb Available Physical Memory | 84,71% Memory free 15,88 Gb Paging File | 14,65 Gb Available in Paging File | 92,26% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 111,79 Gb Total Space | 62,03 Gb Free Space | 55,49% Space Free | Partition Type: NTFS Drive D: | 465,76 Gb Total Space | 140,35 Gb Free Space | 30,13% Space Free | Partition Type: NTFS Computer Name: CELSIUS2 | User Name: UserName | Logged in as UserNamenistrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.02.17 17:07:52 | 000,050,477 | ---- | M] () -- D:\Downloads\Defogger.exe PRC - [2013.02.17 17:07:49 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Omm\Desktop\OTL.exe PRC - [2012.12.18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.09.24 13:46:16 | 001,328,736 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\PSIA.exe PRC - [2012.09.24 13:46:14 | 000,573,536 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\psi_tray.exe PRC - [2012.08.10 14:20:45 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.05.02 00:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.01 23:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2010.03.10 13:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe PRC - [2006.09.19 08:07:28 | 000,827,392 | ---- | M] () -- C:\Windows\vsnpstd3.exe ========== Modules (No Company Name) ========== MOD - [2013.02.17 17:07:52 | 000,050,477 | ---- | M] () -- D:\Downloads\Defogger.exe MOD - [2006.09.19 08:07:28 | 000,827,392 | ---- | M] () -- C:\Windows\vsnpstd3.exe ========== Services (SafeList) ========== SRV:64bit: - [2012.03.09 19:28:36 | 000,204,288 | ---- | M] (AMD) [Disabled | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2013.02.17 17:08:16 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.02.06 13:24:29 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.12.18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.11.09 11:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.09.24 13:46:16 | 001,328,736 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\PSIA.exe -- (Secunia PSI Agent) SRV - [2012.09.24 13:46:16 | 000,656,480 | ---- | M] (Secunia) [Auto | Stopped] -- C:\Program Files (x86)\Secunia\PSI\sua.exe -- (Secunia Update Agent) SRV - [2012.05.02 00:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.05.01 23:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.03.10 13:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2) SRV - [2010.01.09 20:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2010.01.09 20:20:56 | 000,174,440 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose64) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.09.21 20:04:22 | 004,763,680 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64) DRV:64bit: - [2012.09.21 20:04:22 | 000,351,520 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64) DRV:64bit: - [2012.08.23 15:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2012.08.23 15:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2012.08.23 15:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2012.05.02 14:24:12 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2012.04.27 09:20:04 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012.04.24 23:32:27 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.03.09 20:49:54 | 010,497,024 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2012.03.09 18:51:12 | 000,326,656 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2012.03.07 12:12:06 | 001,581,696 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService) DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.01.11 11:30:58 | 000,360,624 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress) DRV:64bit: - [2011.12.16 15:20:10 | 000,017,976 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\psi_mf.sys -- (PSI) DRV:64bit: - [2011.11.29 18:40:32 | 000,568,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2011.06.06 23:07:00 | 000,231,440 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:64bit: - [2011.03.25 11:41:48 | 000,022,552 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\rstfltr.sys -- (rstfltr) DRV:64bit: - [2011.03.25 11:41:44 | 000,607,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rstescu1.sys -- (rstescu1) DRV:64bit: - [2011.03.25 11:41:42 | 000,607,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rstescu.sys -- (rstescu) DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.21 04:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc) DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 14:34:04 | 000,360,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm) DRV:64bit: - [2010.11.20 14:34:04 | 000,194,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus) DRV:64bit: - [2010.11.20 12:35:34 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb) DRV:64bit: - [2010.11.20 12:35:26 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpcuxd.sys -- (vpcuxd) DRV:64bit: - [2010.11.20 12:35:22 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr) DRV:64bit: - [2010.10.19 15:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2007.03.27 17:18:58 | 010,550,272 | ---- | M] (Sonix Co. Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\snpstd3.sys -- (SNPSTD3) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_168.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_168.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.02.06 13:24:29 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.02.06 13:24:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.02.06 13:24:29 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.08.25 03:49:52 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.08.25 03:49:52 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.08.25 03:49:52 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.08.25 03:49:52 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.08.25 03:49:52 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.08.25 03:49:52 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter} CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll CHR - plugin: Java(TM) Platform SE 7 U5 (Enabled) = C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll CHR - Extension: Docs = C:\Users\UserName\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\ CHR - Extension: Google Drive = C:\Users\UserName\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\ CHR - Extension: YouTube = C:\Users\UserName\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google-Suche = C:\Users\UserName\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Google Mail = C:\Users\UserName\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4:64bit: - HKLM..\Run: [snpstd3] C:\Windows\vsnpstd3.exe () O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.) O4 - HKCU..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - Reg Error: Value error. File not found O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - Reg Error: Value error. File not found O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9DD33A7C-78D8-4340-B85B-B3B54DA4860B}: NameServer = 192.168.13.200 O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\ms-help - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.02.13 13:39:41 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2013.02.10 20:27:56 | 000,719,872 | ---- | C] (Abysmal Software) -- C:\Windows\SysWow64\devil.dll [2013.02.10 20:27:56 | 000,369,152 | ---- | C] (The Public) -- C:\Windows\SysWow64\avisynth.dll [2013.02.10 20:27:56 | 000,070,656 | ---- | C] (www.helixcommunity.org) -- C:\Windows\SysWow64\yv12vfw.dll [2013.02.10 20:27:56 | 000,070,656 | ---- | C] (www.helixcommunity.org) -- C:\Windows\SysWow64\i420vfw.dll [2013.02.10 20:27:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AviSynth 2.5 [2013.02.10 20:18:20 | 000,278,528 | ---- | C] (Real Networks, Inc) -- C:\Windows\SysWow64\pncrt.dll [2013.02.10 20:18:20 | 000,216,064 | RHS- | C] (MONOGRAM Multimedia, s.r.o.) -- C:\Windows\SysWow64\nbDX.dll [2013.02.10 20:18:20 | 000,186,880 | RHS- | C] (RadLight) -- C:\Windows\SysWow64\RLOgg.ax [2013.02.10 20:18:20 | 000,179,200 | RHS- | C] (Gabest) -- C:\Windows\SysWow64\DiracSplitter.ax [2013.02.10 20:18:20 | 000,163,328 | RHS- | C] (Gabest) -- C:\Windows\SysWow64\flvDX.dll [2013.02.10 20:18:20 | 000,161,792 | RHS- | C] (Gabest) -- C:\Windows\SysWow64\RealMediaDX.ax [2013.02.10 20:18:20 | 000,092,672 | RHS- | C] (RadLight) -- C:\Windows\SysWow64\RLVorbisDec.ax [2013.02.10 20:18:20 | 000,090,112 | RHS- | C] (-) -- C:\Windows\SysWow64\TTADSSplitter.ax [2013.02.10 20:18:20 | 000,090,112 | RHS- | C] (-) -- C:\Windows\SysWow64\TTADSDecoder.ax [2013.02.10 20:18:20 | 000,067,584 | RHS- | C] (RadLight, LLC) -- C:\Windows\SysWow64\RLTheoraDec.ax [2013.02.10 20:18:20 | 000,031,232 | RHS- | C] (Hans Mayerl) -- C:\Windows\SysWow64\msfDX.dll [2013.02.10 20:18:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPER [2013.02.10 20:18:19 | 000,123,904 | RHS- | C] (CoreCodec) -- C:\Windows\SysWow64\AVCDX.ax [2013.02.10 16:28:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\eRightSoft [2013.02.09 12:00:00 | 000,000,000 | ---D | C] -- C:\Users\UserName\AppData\Local\Secunia PSI [2013.02.06 13:24:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.01.20 12:13:52 | 000,000,000 | ---D | C] -- C:\Users\UserName\AppData\Roaming\Adobe [2013.01.20 12:13:52 | 000,000,000 | ---D | C] -- C:\Users\UserName\AppData\Local\Adobe [2013.01.20 10:43:03 | 000,000,000 | ---D | C] -- C:\Users\UserName\AppData\Local\Google [2013.01.19 19:13:42 | 000,000,000 | ---D | C] -- C:\Users\UserName\AppData\Local\ElevatedDiagnostics [2013.01.19 18:35:58 | 000,000,000 | ---D | C] -- C:\Users\UserName\Documents\Meine Paletten [2013.01.19 18:35:58 | 000,000,000 | ---D | C] -- C:\Users\UserName\Documents\Corel [2013.01.19 18:35:55 | 000,000,000 | ---D | C] -- C:\Users\UserName\AppData\Roaming\Corel [2013.01.19 18:08:39 | 000,000,000 | ---D | C] -- C:\Users\UserName\AppData\Roaming\Avira [2013.01.19 18:04:52 | 000,000,000 | ---D | C] -- C:\Users\UserName\AppData\Local\Logitech® Webcam-Software [2013.01.19 18:02:50 | 000,000,000 | R--D | C] -- C:\Users\UserName\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [2013.01.19 18:02:50 | 000,000,000 | R--D | C] -- C:\Users\UserName\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UserNamenistrative Tools [2013.01.19 18:02:49 | 000,000,000 | R--D | C] -- C:\Users\UserName\Virtual Machines [2013.01.19 18:02:49 | 000,000,000 | R--D | C] -- C:\Users\UserName\Searches [2013.01.19 18:02:44 | 000,000,000 | ---D | C] -- C:\Users\UserName\AppData\Roaming\Identities [2013.01.19 18:02:43 | 000,000,000 | R--D | C] -- C:\Users\UserName\Contacts [2013.01.19 18:02:42 | 000,000,000 | --SD | C] -- C:\Users\UserName\AppData\Roaming\Microsoft [2013.01.19 18:02:42 | 000,000,000 | R--D | C] -- C:\Users\UserName\Videos [2013.01.19 18:02:42 | 000,000,000 | R--D | C] -- C:\Users\UserName\Saved Games [2013.01.19 18:02:42 | 000,000,000 | R--D | C] -- C:\Users\UserName\Pictures [2013.01.19 18:02:42 | 000,000,000 | R--D | C] -- C:\Users\UserName\Music [2013.01.19 18:02:42 | 000,000,000 | R--D | C] -- C:\Users\UserName\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [2013.01.19 18:02:42 | 000,000,000 | R--D | C] -- C:\Users\UserName\Links [2013.01.19 18:02:42 | 000,000,000 | R--D | C] -- C:\Users\UserName\Favorites [2013.01.19 18:02:42 | 000,000,000 | R--D | C] -- C:\Users\UserName\Downloads [2013.01.19 18:02:42 | 000,000,000 | R--D | C] -- C:\Users\UserName\Documents [2013.01.19 18:02:42 | 000,000,000 | R--D | C] -- C:\Users\UserName\Desktop [2013.01.19 18:02:42 | 000,000,000 | R--D | C] -- C:\Users\UserName\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [2013.01.19 18:02:42 | 000,000,000 | -HSD | C] -- C:\Users\UserName\Vorlagen [2013.01.19 18:02:42 | 000,000,000 | -HSD | C] -- C:\Users\UserName\AppData\Local\Verlauf [2013.01.19 18:02:42 | 000,000,000 | -HSD | C] -- C:\Users\UserName\AppData\Local\Temporary Internet Files [2013.01.19 18:02:42 | 000,000,000 | -HSD | C] -- C:\Users\UserName\Startmenü [2013.01.19 18:02:42 | 000,000,000 | -HSD | C] -- C:\Users\UserName\SendTo [2013.01.19 18:02:42 | 000,000,000 | -HSD | C] -- C:\Users\UserName\Recent [2013.01.19 18:02:42 | 000,000,000 | -HSD | C] -- C:\Users\UserName\Netzwerkumgebung [2013.01.19 18:02:42 | 000,000,000 | -HSD | C] -- C:\Users\UserName\Lokale Einstellungen [2013.01.19 18:02:42 | 000,000,000 | -HSD | C] -- C:\Users\UserName\Documents\Eigene Videos [2013.01.19 18:02:42 | 000,000,000 | -HSD | C] -- C:\Users\UserName\Documents\Eigene Musik [2013.01.19 18:02:42 | 000,000,000 | -HSD | C] -- C:\Users\UserName\Eigene Dateien [2013.01.19 18:02:42 | 000,000,000 | -HSD | C] -- C:\Users\UserName\Documents\Eigene Bilder [2013.01.19 18:02:42 | 000,000,000 | -HSD | C] -- C:\Users\UserName\Druckumgebung [2013.01.19 18:02:42 | 000,000,000 | -HSD | C] -- C:\Users\UserName\Cookies [2013.01.19 18:02:42 | 000,000,000 | -HSD | C] -- C:\Users\UserName\AppData\Local\Anwendungsdaten [2013.01.19 18:02:42 | 000,000,000 | -HSD | C] -- C:\Users\UserName\Anwendungsdaten [2013.01.19 18:02:42 | 000,000,000 | -H-D | C] -- C:\Users\UserName\AppData [2013.01.19 18:02:42 | 000,000,000 | ---D | C] -- C:\Users\UserName\AppData\Local\Temp [2013.01.19 18:02:42 | 000,000,000 | ---D | C] -- C:\Users\UserName\AppData\Local\Microsoft [2 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.02.17 17:11:32 | 000,000,000 | ---- | M] () -- C:\Users\UserName\defogger_reenable [2013.02.17 17:10:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.02.17 17:07:33 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.02.17 17:07:33 | 000,655,842 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.02.17 17:07:33 | 000,616,388 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.02.17 17:07:33 | 000,130,474 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.02.17 17:07:33 | 000,106,768 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.02.17 17:07:30 | 000,021,280 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.02.17 17:07:30 | 000,021,280 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.02.17 17:02:08 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.02.17 17:01:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.02.17 16:47:09 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.02.13 14:39:07 | 001,324,096 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.01.20 10:43:08 | 000,002,258 | ---- | M] () -- C:\Users\UserName\Desktop\Google Chrome.lnk [2013.01.19 11:57:45 | 000,001,069 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk [2 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.02.17 17:11:32 | 000,000,000 | ---- | C] () -- C:\Users\UserName\defogger_reenable [2013.02.10 20:27:56 | 000,032,256 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll [2013.02.10 20:18:20 | 000,195,584 | RHS- | C] () -- C:\Windows\SysWow64\MatroskaDX.ax [2013.02.10 20:18:20 | 000,121,344 | RHS- | C] () -- C:\Windows\SysWow64\TAKDSDecoder.ax [2013.02.10 20:18:20 | 000,120,832 | RHS- | C] () -- C:\Windows\SysWow64\MPCDx.ax [2013.02.10 20:18:20 | 000,107,520 | RHS- | C] () -- C:\Windows\SysWow64\TAKDSDecoder.dll [2013.02.10 20:18:20 | 000,107,520 | RHS- | C] () -- C:\Windows\SysWow64\RLMPCDec.ax [2013.02.10 20:18:20 | 000,097,280 | RHS- | C] () -- C:\Windows\SysWow64\FLACDX.ax [2013.02.10 20:18:20 | 000,070,656 | RHS- | C] () -- C:\Windows\SysWow64\RLAPEDec.ax [2013.02.10 20:18:20 | 000,051,712 | RHS- | C] () -- C:\Windows\SysWow64\RLSpeexDec.ax [2013.02.10 20:18:19 | 000,227,328 | RHS- | C] () -- C:\Windows\SysWow64\ac3DX.ax [2013.02.10 20:18:19 | 000,175,104 | RHS- | C] () -- C:\Windows\SysWow64\CoreAAC.ax [2013.02.10 20:18:19 | 000,081,920 | RHS- | C] () -- C:\Windows\SysWow64\aac_parser.ax [2013.01.19 18:02:51 | 000,001,408 | ---- | C] () -- C:\Users\UserName\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk [2013.01.19 18:02:50 | 000,002,258 | ---- | C] () -- C:\Users\UserName\Desktop\Google Chrome.lnk [2013.01.19 18:02:50 | 000,001,442 | ---- | C] () -- C:\Users\UserName\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [2013.01.19 18:02:49 | 000,001,547 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk [2013.01.19 11:57:45 | 000,001,069 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk [2012.09.21 20:08:36 | 010,919,784 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll [2012.09.21 20:08:36 | 000,338,136 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll [2012.09.21 20:08:36 | 000,103,272 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe [2012.08.26 14:19:50 | 000,000,000 | ---- | C] () -- C:\Windows\NICSettingTool.INI [2012.06.12 21:14:44 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2012.03.09 19:13:50 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2012.03.09 19:13:50 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2011.09.12 23:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== ========== Purity Check ========== < End of report > Code:
ATTFilter GMER 2.1.18952 - hxxp://www.gmer.net
Rootkit scan 2013-02-17 20:32:25
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 OCZ-VERT rev.2.22 111,79GB
Running: GMER_2.1.18952.exe; Driver: C:\Users\Admi\AppData\Local\Temp\pfryqpoc.sys
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[1576] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077a01465 2 bytes [A0, 77]
.text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[1576] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000077a014bb 2 bytes [A0, 77]
.text ... * 2
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[1660] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077a01465 2 bytes [A0, 77]
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[1660] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000077a014bb 2 bytes [A0, 77]
.text ... * 2
.text C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3056] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077a01465 2 bytes [A0, 77]
.text C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3056] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000077a014bb 2 bytes [A0, 77]
.text ... * 2
---- Files - GMER 2.1 ----
File C:\Program Files (x86)\Secunia\PSI\SUA\running 0 bytes
---- EOF - GMER 2.1 ----
Code:
ATTFilter OTL Extras logfile created on: 17.02.2013 17:13:34 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Omm\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
7,94 Gb Total Physical Memory | 6,73 Gb Available Physical Memory | 84,71% Memory free
15,88 Gb Paging File | 14,65 Gb Available in Paging File | 92,26% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 111,79 Gb Total Space | 62,03 Gb Free Space | 55,49% Space Free | Partition Type: NTFS
Drive D: | 465,76 Gb Total Space | 140,35 Gb Free Space | 30,13% Space Free | Partition Type: NTFS
Computer Name: CompName | User Name: Admi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Digital Photo Professional] -- C:\Program Files (x86)\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Digital Photo Professional] -- C:\Program Files (x86)\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06E89DF7-4FC3-466F-923F-55CF1119E8FD}" = rport=139 | protocol=6 | dir=out | app=system |
"{091D8D11-C71A-44D9-AB23-A7C892EE4521}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{1420C6BF-D480-42F0-8446-0561DCCA1A8F}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{182F75B6-3298-4AAA-A7E3-016C448921B4}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{1868C946-96FB-48D7-928E-6C2214BF671B}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{2188D26D-3290-4E40-A74A-7775C6C56A3B}" = lport=139 | protocol=6 | dir=in | app=system |
"{2A482A25-C2D0-44FC-9E02-3D17F7F2DA51}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{60D64B66-C8A5-4705-BBFC-96F7D14FE93E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{64E426C4-8808-495B-BD73-0FEA91AAE7B8}" = rport=445 | protocol=6 | dir=out | app=system |
"{76F14545-7F35-4EDD-8F88-808AD66CB5C0}" = lport=445 | protocol=6 | dir=in | app=system |
"{7DAB09A7-A030-4EA3-89AE-E2FB1C00AA75}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{803F2DB1-15DA-4DFE-A4C4-453FE9CFC63E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{83BE23F8-58B0-4B61-9B88-D12D930FD3EA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8497B64C-806D-4F5E-83F1-177401F48AF2}" = lport=138 | protocol=17 | dir=in | app=system |
"{86298068-8506-43C0-B643-BEDC4879FD29}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{98E5DB94-A7AC-4E7B-B25A-24B27C548965}" = lport=137 | protocol=17 | dir=in | app=system |
"{9B548299-B656-459B-B872-ED9DE46DEBA3}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{9CD4CE07-0C41-48F0-8A34-B8E77B4C1104}" = rport=138 | protocol=17 | dir=out | app=system |
"{9FE39EE6-628E-423B-98FF-0B9B7421CCEC}" = rport=137 | protocol=17 | dir=out | app=system |
"{A7EFDCD8-0729-43E7-921F-AD2791E53F2F}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{CC881415-43DB-478C-B232-691A57C877D8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E53F8970-6914-4CBC-87E6-BF77953E8EF7}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F211635C-6BF7-4D66-A536-F462B06284B5}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08642443-D386-4BC4-AEA2-D908ADEB28C5}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{13717A28-3B4F-4D8E-81AC-854A83901D7F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{1B4928C3-7D4C-4179-AA2F-2C50D8E7EF01}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{241987C2-3A5B-4A23-A16B-381B36F56720}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{270C636E-EF77-4362-913C-CBF374E83829}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{55EFFA51-1C0B-451F-91A2-02A8A7F4469F}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{A18504C3-1736-46F0-838D-71DCE1243610}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{FAD8BE26-5144-4B00-A3A1-CD5D3AA7A9B9}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"TCP Query User{23FEB3C1-5AA7-4A43-BA58-76C67C0A5B64}C:\oki\nicsetup\nicsettingtool.exe" = protocol=6 | dir=in | app=c:\oki\nicsetup\nicsettingtool.exe |
"TCP Query User{7B6A5E97-C966-4AED-BCFA-E8423F7C2D57}C:\program files (x86)\zyxel\nas starter utility\nas starter utility.exe" = protocol=6 | dir=in | app=c:\program files (x86)\zyxel\nas starter utility\nas starter utility.exe |
"UDP Query User{6EFBAB2A-9358-44A8-A7BC-EA0E1DB3042F}C:\program files (x86)\zyxel\nas starter utility\nas starter utility.exe" = protocol=17 | dir=in | app=c:\program files (x86)\zyxel\nas starter utility\nas starter utility.exe |
"UDP Query User{8E08B520-59A4-4962-AF2C-A3E8CC5FC40F}C:\oki\nicsetup\nicsettingtool.exe" = protocol=17 | dir=in | app=c:\oki\nicsetup\nicsettingtool.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1374CC63-B520-4f3f-98E8-E9020BF01CFF}" = Windows XP Mode
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{3394D0CA-2E9E-1EF8-D06B-F22EC05866E2}" = AMD AVIVO64 Codecs
"{4852330E-C44C-10B1-A6DC-0378C5B748DF}" = AMD Catalyst Install Manager
"{563CB99D-0545-12B6-DF1D-AF05179EF025}" = AMD Media Foundation Decoders
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-0015-0407-1000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-1000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-1000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-1000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{70A3169E-288F-454F-A08D-20DF66639B50}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{0242505C-4E90-407F-9299-B5B275F50D86}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-1000-0000000FF1CE}_Office14.PROPLUSR_{B51389C8-2890-4633-81D8-47D2A7402274}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-1000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-1000-0000000FF1CE}_Office14.PROPLUSR_{3013A793-10A7-4D1F-B8B4-2FAA82F4D259}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-1000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{98782D5D-A9EE-43C6-88AD-B50AD8530E78}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{E8B6D35B-0B6F-4DCE-9493-859BF3809A7F}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0407-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (German) 2010
"{90140000-0043-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{8DFD91C7-66AE-4E54-9901-5D5F401AD329}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-1000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{8299B64F-1537-4081-974C-033EAB8F098E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-1000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{A0EFF1A6-52F5-5F2B-DCCC-7DBBCB4FAC03}" = AMD Drag and Drop Transcoding
"{A4F9CCCB-5FD0-4E0F-8587-6930142CD762}" = Intel Processor Diagnostic Tool 64Bit
"{BE9F86FE-5639-5287-70B7-B417BA24C90F}" = ccc-utility64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{EDBEBF07-F880-48FB-9AA5-0E8E71E02D83}" = CorelDRAW Essentials X5
"{03D4321D-593F-28FB-C420-36FD1EA58EBC}" = Catalyst Control Center Profiles Desktop
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{1748865D-3D0A-08E4-238A-1132696C1263}" = CCC Help Thai
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{1B770788-2E01-102B-72D2-DA900FAE4692}" = CCC Help Russian
"{1C37C0A8-F4C7-F7C3-0413-9E47FC5BE053}" = HydraVision
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{26A24AE4-039D-4CA4-87B4-2F83217013FF}" = Java 7 Update 13
"{2E51CE67-9BE2-D6B5-6E9E-E45E890A45AE}" = CCC Help Greek
"{2F14F550-0FFC-4285-B673-880744D428A3}" = CorelDRAW Essentials X5 - Custom Data
"{3434A2E3-32A2-414D-9D3C-CFAE5845686A}" = CCC Help Danish
"{34809713-7886-4F6A-B9D5-CC74DBC1C77E}" = CorelDRAW Essentials X5 - Redist
"{3B1EF0C5-8855-416F-A6F4-5CC5FCF267CA}" = CorelDRAW Essentials X5 - WT
"{3C2F0EFA-FBA8-5CC5-FD40-55F3358719D7}" = CCC Help French
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{41A6D096-4FD7-6C5C-6E54-DEE1B5267985}" = CCC Help Czech
"{4433CEC6-DA32-4D7B-BA95-B47C68498287}" = CorelDRAW Essentials X5 - Connect
"{471F9128-EEB5-D4AD-8D3D-55E14795097C}" = CCC Help Swedish
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E28A3AA-63A6-46ED-8934-9466FEBC4F09}" = CCC Help Korean
"{5321A0B7-4D4C-C0CF-32D2-C890A1992148}" = CCC Help Dutch
"{56A91A07-803C-E9D7-FA2C-30779D648758}" = CCC Help Hungarian
"{5A10CFDA-FA2B-453C-B561-AE864E62EAC8}" = CorelDRAW Essentials X5 - Extra Content
"{5A185831-73F9-E474-5286-143CFE87EB55}" = Catalyst Control Center InstallProxy
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{5EE48541-4F49-4608-520E-C4E39BEAA712}" = CCC Help Portuguese
"{6126E562-21D2-4329-ABF9-E8ED8D391BA3}" = Catalyst Control Center Localization All
"{63731D90-E544-5DFB-57A8-9D3F0E0B6EDE}" = CCC Help Chinese Standard
"{666D7CED-12E0-4BA3-B594-5681961E7B02}" = CorelDRAW Essentials X5 - IPM
"{6DE61FFB-8ADC-4A09-B3DC-5DA15CAE48A0}" = CorelDRAW Essentials X5 - DE
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{7BDA08C6-D3A1-4E2A-83F6-BBE15060DF80}" = CorelDRAW Essentials X5 - IT
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7EA6C26A-6F56-4BFA-BD2F-340E2FD0EB22}" = Catalyst Control Center Graphics Previews Common
"{81232F64-4A33-6E5C-B94A-4066C62CD8EB}" = CCC Help Italian
"{827EC93F-9173-5649-24CA-78AD1F4D52D1}" = CCC Help Turkish
"{834F4E2F-E9DF-4FA9-8499-FF6B91012898}" = CorelDRAW Essentials X5
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{85E8F38F-0303-401E-A518-0302DF88EB07}" = CorelDRAW Essentials X5 - Draw
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{89BA6E81-B60A-49BC-B283-80560A9E60DF}" = CorelDRAW Essentials X5 - PHOTO-PAINT
"{8F311E92-C29F-4DF9-8259-B739A1831669}_is1" = SUPER © v2012.build.54 (Nov 18, 2012) Version v2012.build.54
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{A91C9AAB-1DE1-2D61-18CA-B348BE566EA5}" = CCC Help Spanish
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA72FB28-73B4-49E5-B6B4-E78F44BBD0AD}" = Epson Copy Utility 3.5
"{AB64524C-D708-DD51-2766-1E22EA399523}" = CCC Help English
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.5) - Deutsch
"{C67A9D78-3095-4E1D-9DBC-9B3D83F32772}" = Catalyst Control Center - Branding
"{CF165254-74B0-9ECE-1317-8BE1EDFC1F10}" = Catalyst Control Center
"{D0BEB150-2046-4F94-AE7B-EA76772592F6}" = CorelDRAW Essentials X5 - Common
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam-Software
"{D44E955A-D43F-FFA2-5C5F-6936038CBB03}" = CCC Help Finnish
"{D484D035-015C-9663-ECC3-0A8481CA8C96}" = CCC Help Norwegian
"{D7E60152-6C65-4982-8840-B6D28BF881BD}" = CorelDRAW Essentials X5 - FR
"{DF6EB7A5-1417-FA03-DC54-3097B9558C3A}" = CCC Help Japanese
"{E4BE9367-168B-4B30-B198-EE37C99FB147}" = CorelDRAW Essentials X5 - Filters
"{E7BE4D1A-B529-448B-8407-889705B65185}" = CorelDRAW Essentials X5 - ES
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{EBEA3D43-B49C-F613-C3F4-EBD47B18F365}" = CCC Help Chinese Traditional
"{EDBEBF07-F880-48FB-9AA5-0E8E71E02D83}" = CorelDRAW Essentials X5 - Setup Files
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F793CDB6-86E1-BC06-CB57-0DE678F56D4E}" = CCC Help German
"{FA6AF809-9A80-423A-A57A-C7D726A04E4C}" = CorelDRAW Essentials X5 - EN
"{FAF72E36-0934-6B4D-473A-74DC2EF97409}" = CCC Help Polish
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Audiograbber" = Audiograbber 1.83 SE
"Audiograbber-Lame" = Audiograbber MP3-Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"Digital Photo Professional" = Canon Utilities Digital Photo Professional 3.11
"DivX Setup" = DivX-Setup
"EPSON Scanner" = EPSON Scan
"Google Chrome" = Google Chrome
"IrfanView" = IrfanView (remove only)
"Mozilla Firefox 18.0.2 (x86 de)" = Mozilla Firefox 18.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NAS Starter Utility" = NAS Starter Utility
"Notepad++" = Notepad++
"Secunia PSI" = Secunia PSI (3.0.0.4001)
"VLC media player" = VLC media player 2.0.5
"Winamp" = Winamp
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 09.02.2013 13:08:44 | Computer Name = CompName | Source = WinMgmt | ID = 10
Description =
Error - 10.02.2013 06:45:04 | Computer Name = CompName | Source = WinMgmt | ID = 10
Description =
Error - 10.02.2013 11:01:39 | Computer Name = CompName | Source = WinMgmt | ID = 10
Description =
Error - 11.02.2013 06:39:17 | Computer Name = CompName | Source = WinMgmt | ID = 10
Description =
Error - 12.02.2013 06:31:52 | Computer Name = CompName | Source = WinMgmt | ID = 10
Description =
Error - 13.02.2013 06:18:57 | Computer Name = CompName | Source = WinMgmt | ID = 10
Description =
Error - 13.02.2013 09:41:01 | Computer Name = CompName | Source = WinMgmt | ID = 10
Description =
Error - 15.02.2013 04:08:35 | Computer Name = CompName | Source = WinMgmt | ID = 10
Description =
Error - 15.02.2013 12:23:23 | Computer Name = CompName | Source = WinMgmt | ID = 10
Description =
Error - 17.02.2013 06:27:21 | Computer Name = CompName | Source = WinMgmt | ID = 10
Description =
Error - 17.02.2013 12:03:28 | Computer Name = CompName | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 02.10.2012 14:50:47 | Computer Name = CompName | Source = DCOM | ID = 10010
Description =
Error - 03.10.2012 07:45:24 | Computer Name = CompName | Source = DCOM | ID = 10010
Description =
Error - 04.10.2012 09:17:22 | Computer Name = CompName | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk6\DR6 gefunden.
Error - 08.11.2012 06:17:47 | Computer Name = CompName | Source = DCOM | ID = 10010
Description =
Error - 09.11.2012 12:48:19 | Computer Name = CompName | Source = DCOM | ID = 10010
Description =
Error - 17.11.2012 06:21:45 | Computer Name = CompName | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk6\DR7 gefunden.
Error - 17.11.2012 06:22:13 | Computer Name = CompName | Source = Ntfs | ID = 262281
Description = Auf dem Volume "F:" konnte der Transaktionsressourcen-Manager aufgrund
eines nicht wiederholbaren Fehlers nicht gestartet werden. Der Fehlercode ist in
den Daten enthalten.
Error - 17.11.2012 07:47:50 | Computer Name = CompName | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk6\DR10
gefunden.
Error - 24.11.2012 07:34:55 | Computer Name = CompName | Source = DCOM | ID = 10010
Description =
Error - 26.11.2012 12:41:46 | Computer Name = CompName | Source = DCOM | ID = 10010
Description =
< End of report >
alles T-Mobile + MMS + ZIP (gamarue 1 & 2 & 'TR/Winlock.JX' ) Inzwischen erkennt Avira den 'WORM/Gamarue.EB.1' oder 'WORM/Gamarue.EB.2' Ich weiß die übernächste Investition ist Avira Prof., als erstes werde ich mich bei Euch bedanken (wenn Onlinebanking wieder möglich...). |
|
18.02.2013, 18:46
| #2 |
| /// Malware-holic   | T-mobile MMS {SYMBOL}_foto.zip "HIDDENEXT/Worm.Gen" Avira Archiv geöffnet... Hi
__________________wenn ihr in Zukunft Spams erhaltet, bitte an die in meiner Signatur angegebene Adresse weiterleiten! poste mir mal alle Avira Fundmeldungen bitte: http://www.trojaner-board.de/125889-...en-posten.html Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ |
|
24.02.2013, 18:26
| #3 |
| | T-mobile MMS {SYMBOL}_foto.zip "HIDDENEXT/Worm.Gen" Avira Archiv geöffnet... Hallo
__________________Achtung die GMER und OTL Logs sollten besser als die Letzten sind da ich nicht "als der Problematische User" angemeldet bin. Habe auch Malwarebytes drüber laufen lassen, fand nur NAS* Dateien diese sind Viren frei (Steuerung für NAS per Klick über telnet..) TDSS Log ist am Ende. GMER Log Code:
ATTFilter GMER 2.1.19081 - hxxp://www.gmer.net
Rootkit scan 2013-02-24 16:23:59
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 OCZ-VERT rev.2.22 111,79GB
Running: gmer_2.1.19081.exe; Driver: C:\Users\Admi\AppData\Local\Temp\pfryqpoc.sys
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[1668] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075f21465 2 bytes [F2, 75]
.text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[1668] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075f214bb 2 bytes [F2, 75]
.text ... * 2
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[1724] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075f21465 2 bytes [F2, 75]
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[1724] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075f214bb 2 bytes [F2, 75]
.text ... * 2
.text C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe[2924] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075f21465 2 bytes [F2, 75]
.text C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe[2924] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075f214bb 2 bytes [F2, 75]
.text ... * 2
.text C:\Users\Omm\Desktop\Defogger.exe[1088] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075f21465 2 bytes [F2, 75]
.text C:\Users\Omm\Desktop\Defogger.exe[1088] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075f214bb 2 bytes [F2, 75]
.text ... * 2
---- Files - GMER 2.1 ----
File C:\Users\Admi\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\4DD39726D4B55AC3B4119B35A893323C_A6027413E2806442641FCE33B22DB12C 1975 bytes
File C:\Users\Admi\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\4DD39726D4B55AC3B4119B35A893323C_D07FCA869949021C5D93F5A5886DC0E0 1975 bytes
File C:\Users\Admi\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7B8944BA8AD0EFDF0E01A43EF62BECD0_341DF49E12ABCCEC481FF9A8AC673987 1847 bytes
File C:\Users\Admi\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7D266D9E1E69FA1EEFB9699B009B34C8_0A9BFDD75B598C2110CBF610C078E6E6 1891 bytes
File C:\Users\Admi\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\D47DBD2F9E3365FBBE008D71FB06716F_4DD1053BCC726DA41115FFF4C7D6E9CC 1582 bytes
File C:\Users\Admi\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\D47DBD2F9E3365FBBE008D71FB06716F_D33192D58AA9CA2B9097E848E9FE86DE 1582 bytes
---- EOF - GMER 2.1 ----
Code:
ATTFilter OTL Extras logfile created on: 24.02.2013 16:04:12 - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Omm\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
7,94 Gb Total Physical Memory | 6,26 Gb Available Physical Memory | 78,78% Memory free
15,88 Gb Paging File | 14,16 Gb Available in Paging File | 89,14% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 111,79 Gb Total Space | 62,09 Gb Free Space | 55,54% Space Free | Partition Type: NTFS
Drive D: | 465,76 Gb Total Space | 140,31 Gb Free Space | 30,12% Space Free | Partition Type: NTFS
Drive E: | 7,46 Gb Total Space | 7,29 Gb Free Space | 97,66% Space Free | Partition Type: FAT32
Computer Name: CELSIUS2 | User Name: Admi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 360 Days
========== Extra Registry (All) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm[@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cpl[@ = cplfile] -- C:\Windows\SysNative\control.exe (Microsoft Corporation)
.hlp[@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta[@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html[@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf[@ = inffile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.ini[@ = inifile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
.js[@ = JSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.jse[@ = JSEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.reg[@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
.txt[@ = txtfile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.vbe[@ = VBEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.vbs[@ = VBSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsf[@ = WSFFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsh[@ = WSHFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = comfile] -- "%1" %*
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf [@ = inffile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\SysWow64\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\Windows\SysWow64\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-748838446-2493142083-2893535839-1001\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Digital Photo Professional] -- C:\Program Files (x86)\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Digital Photo Professional] -- C:\Program Files (x86)\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06E89DF7-4FC3-466F-923F-55CF1119E8FD}" = rport=139 | protocol=6 | dir=out | app=system |
"{091D8D11-C71A-44D9-AB23-A7C892EE4521}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{1420C6BF-D480-42F0-8446-0561DCCA1A8F}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{182F75B6-3298-4AAA-A7E3-016C448921B4}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{1868C946-96FB-48D7-928E-6C2214BF671B}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{2188D26D-3290-4E40-A74A-7775C6C56A3B}" = lport=139 | protocol=6 | dir=in | app=system |
"{2A482A25-C2D0-44FC-9E02-3D17F7F2DA51}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{60D64B66-C8A5-4705-BBFC-96F7D14FE93E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{64E426C4-8808-495B-BD73-0FEA91AAE7B8}" = rport=445 | protocol=6 | dir=out | app=system |
"{76F14545-7F35-4EDD-8F88-808AD66CB5C0}" = lport=445 | protocol=6 | dir=in | app=system |
"{7DAB09A7-A030-4EA3-89AE-E2FB1C00AA75}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{803F2DB1-15DA-4DFE-A4C4-453FE9CFC63E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{83BE23F8-58B0-4B61-9B88-D12D930FD3EA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8497B64C-806D-4F5E-83F1-177401F48AF2}" = lport=138 | protocol=17 | dir=in | app=system |
"{86298068-8506-43C0-B643-BEDC4879FD29}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{98E5DB94-A7AC-4E7B-B25A-24B27C548965}" = lport=137 | protocol=17 | dir=in | app=system |
"{9B548299-B656-459B-B872-ED9DE46DEBA3}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{9CD4CE07-0C41-48F0-8A34-B8E77B4C1104}" = rport=138 | protocol=17 | dir=out | app=system |
"{9FE39EE6-628E-423B-98FF-0B9B7421CCEC}" = rport=137 | protocol=17 | dir=out | app=system |
"{A7EFDCD8-0729-43E7-921F-AD2791E53F2F}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{CC881415-43DB-478C-B232-691A57C877D8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E53F8970-6914-4CBC-87E6-BF77953E8EF7}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F211635C-6BF7-4D66-A536-F462B06284B5}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08642443-D386-4BC4-AEA2-D908ADEB28C5}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{13717A28-3B4F-4D8E-81AC-854A83901D7F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{1B4928C3-7D4C-4179-AA2F-2C50D8E7EF01}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{241987C2-3A5B-4A23-A16B-381B36F56720}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{270C636E-EF77-4362-913C-CBF374E83829}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{55EFFA51-1C0B-451F-91A2-02A8A7F4469F}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{A18504C3-1736-46F0-838D-71DCE1243610}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{FAD8BE26-5144-4B00-A3A1-CD5D3AA7A9B9}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"TCP Query User{23FEB3C1-5AA7-4A43-BA58-76C67C0A5B64}C:\oki\nicsetup\nicsettingtool.exe" = protocol=6 | dir=in | app=c:\oki\nicsetup\nicsettingtool.exe |
"TCP Query User{7B6A5E97-C966-4AED-BCFA-E8423F7C2D57}C:\program files (x86)\zyxel\nas starter utility\nas starter utility.exe" = protocol=6 | dir=in | app=c:\program files (x86)\zyxel\nas starter utility\nas starter utility.exe |
"UDP Query User{6EFBAB2A-9358-44A8-A7BC-EA0E1DB3042F}C:\program files (x86)\zyxel\nas starter utility\nas starter utility.exe" = protocol=17 | dir=in | app=c:\program files (x86)\zyxel\nas starter utility\nas starter utility.exe |
"UDP Query User{8E08B520-59A4-4962-AF2C-A3E8CC5FC40F}C:\oki\nicsetup\nicsettingtool.exe" = protocol=17 | dir=in | app=c:\oki\nicsetup\nicsettingtool.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1374CC63-B520-4f3f-98E8-E9020BF01CFF}" = Windows XP Mode
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{3394D0CA-2E9E-1EF8-D06B-F22EC05866E2}" = AMD AVIVO64 Codecs
"{4852330E-C44C-10B1-A6DC-0378C5B748DF}" = AMD Catalyst Install Manager
"{563CB99D-0545-12B6-DF1D-AF05179EF025}" = AMD Media Foundation Decoders
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-0015-0407-1000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-1000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-1000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-1000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{70A3169E-288F-454F-A08D-20DF66639B50}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{0242505C-4E90-407F-9299-B5B275F50D86}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-1000-0000000FF1CE}_Office14.PROPLUSR_{B51389C8-2890-4633-81D8-47D2A7402274}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-1000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-1000-0000000FF1CE}_Office14.PROPLUSR_{3013A793-10A7-4D1F-B8B4-2FAA82F4D259}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-1000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{98782D5D-A9EE-43C6-88AD-B50AD8530E78}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{E8B6D35B-0B6F-4DCE-9493-859BF3809A7F}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0407-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (German) 2010
"{90140000-0043-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{8DFD91C7-66AE-4E54-9901-5D5F401AD329}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-1000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{8299B64F-1537-4081-974C-033EAB8F098E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-1000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{A0EFF1A6-52F5-5F2B-DCCC-7DBBCB4FAC03}" = AMD Drag and Drop Transcoding
"{A4F9CCCB-5FD0-4E0F-8587-6930142CD762}" = Intel Processor Diagnostic Tool 64Bit
"{BE9F86FE-5639-5287-70B7-B417BA24C90F}" = ccc-utility64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{EDBEBF07-F880-48FB-9AA5-0E8E71E02D83}" = CorelDRAW Essentials X5
"{03D4321D-593F-28FB-C420-36FD1EA58EBC}" = Catalyst Control Center Profiles Desktop
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{1748865D-3D0A-08E4-238A-1132696C1263}" = CCC Help Thai
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{1B770788-2E01-102B-72D2-DA900FAE4692}" = CCC Help Russian
"{1C37C0A8-F4C7-F7C3-0413-9E47FC5BE053}" = HydraVision
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{26A24AE4-039D-4CA4-87B4-2F83217013FF}" = Java 7 Update 13
"{2E51CE67-9BE2-D6B5-6E9E-E45E890A45AE}" = CCC Help Greek
"{2F14F550-0FFC-4285-B673-880744D428A3}" = CorelDRAW Essentials X5 - Custom Data
"{3434A2E3-32A2-414D-9D3C-CFAE5845686A}" = CCC Help Danish
"{34809713-7886-4F6A-B9D5-CC74DBC1C77E}" = CorelDRAW Essentials X5 - Redist
"{3B1EF0C5-8855-416F-A6F4-5CC5FCF267CA}" = CorelDRAW Essentials X5 - WT
"{3C2F0EFA-FBA8-5CC5-FD40-55F3358719D7}" = CCC Help French
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{41A6D096-4FD7-6C5C-6E54-DEE1B5267985}" = CCC Help Czech
"{4433CEC6-DA32-4D7B-BA95-B47C68498287}" = CorelDRAW Essentials X5 - Connect
"{471F9128-EEB5-D4AD-8D3D-55E14795097C}" = CCC Help Swedish
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E28A3AA-63A6-46ED-8934-9466FEBC4F09}" = CCC Help Korean
"{5321A0B7-4D4C-C0CF-32D2-C890A1992148}" = CCC Help Dutch
"{56A91A07-803C-E9D7-FA2C-30779D648758}" = CCC Help Hungarian
"{5A10CFDA-FA2B-453C-B561-AE864E62EAC8}" = CorelDRAW Essentials X5 - Extra Content
"{5A185831-73F9-E474-5286-143CFE87EB55}" = Catalyst Control Center InstallProxy
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{5EE48541-4F49-4608-520E-C4E39BEAA712}" = CCC Help Portuguese
"{6126E562-21D2-4329-ABF9-E8ED8D391BA3}" = Catalyst Control Center Localization All
"{63731D90-E544-5DFB-57A8-9D3F0E0B6EDE}" = CCC Help Chinese Standard
"{666D7CED-12E0-4BA3-B594-5681961E7B02}" = CorelDRAW Essentials X5 - IPM
"{6DE61FFB-8ADC-4A09-B3DC-5DA15CAE48A0}" = CorelDRAW Essentials X5 - DE
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{7BDA08C6-D3A1-4E2A-83F6-BBE15060DF80}" = CorelDRAW Essentials X5 - IT
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7EA6C26A-6F56-4BFA-BD2F-340E2FD0EB22}" = Catalyst Control Center Graphics Previews Common
"{81232F64-4A33-6E5C-B94A-4066C62CD8EB}" = CCC Help Italian
"{827EC93F-9173-5649-24CA-78AD1F4D52D1}" = CCC Help Turkish
"{834F4E2F-E9DF-4FA9-8499-FF6B91012898}" = CorelDRAW Essentials X5
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{85E8F38F-0303-401E-A518-0302DF88EB07}" = CorelDRAW Essentials X5 - Draw
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{89BA6E81-B60A-49BC-B283-80560A9E60DF}" = CorelDRAW Essentials X5 - PHOTO-PAINT
"{8F311E92-C29F-4DF9-8259-B739A1831669}_is1" = SUPER © v2012.build.54 (Nov 18, 2012) Version v2012.build.54
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{A91C9AAB-1DE1-2D61-18CA-B348BE566EA5}" = CCC Help Spanish
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA72FB28-73B4-49E5-B6B4-E78F44BBD0AD}" = Epson Copy Utility 3.5
"{AB64524C-D708-DD51-2766-1E22EA399523}" = CCC Help English
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.6) - Deutsch
"{C67A9D78-3095-4E1D-9DBC-9B3D83F32772}" = Catalyst Control Center - Branding
"{CF165254-74B0-9ECE-1317-8BE1EDFC1F10}" = Catalyst Control Center
"{D0BEB150-2046-4F94-AE7B-EA76772592F6}" = CorelDRAW Essentials X5 - Common
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam-Software
"{D44E955A-D43F-FFA2-5C5F-6936038CBB03}" = CCC Help Finnish
"{D484D035-015C-9663-ECC3-0A8481CA8C96}" = CCC Help Norwegian
"{D7E60152-6C65-4982-8840-B6D28BF881BD}" = CorelDRAW Essentials X5 - FR
"{DF6EB7A5-1417-FA03-DC54-3097B9558C3A}" = CCC Help Japanese
"{E4BE9367-168B-4B30-B198-EE37C99FB147}" = CorelDRAW Essentials X5 - Filters
"{E7BE4D1A-B529-448B-8407-889705B65185}" = CorelDRAW Essentials X5 - ES
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{EBEA3D43-B49C-F613-C3F4-EBD47B18F365}" = CCC Help Chinese Traditional
"{EDBEBF07-F880-48FB-9AA5-0E8E71E02D83}" = CorelDRAW Essentials X5 - Setup Files
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F793CDB6-86E1-BC06-CB57-0DE678F56D4E}" = CCC Help German
"{FA6AF809-9A80-423A-A57A-C7D726A04E4C}" = CorelDRAW Essentials X5 - EN
"{FAF72E36-0934-6B4D-473A-74DC2EF97409}" = CCC Help Polish
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Audiograbber" = Audiograbber 1.83 SE
"Audiograbber-Lame" = Audiograbber MP3-Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"Digital Photo Professional" = Canon Utilities Digital Photo Professional 3.11
"DivX Setup" = DivX-Setup
"EPSON Scanner" = EPSON Scan
"Google Chrome" = Google Chrome
"IrfanView" = IrfanView (remove only)
"Mozilla Firefox 18.0.2 (x86 de)" = Mozilla Firefox 18.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NAS Starter Utility" = NAS Starter Utility
"Notepad++" = Notepad++
"Secunia PSI" = Secunia PSI (3.0.0.4001)
"VLC media player" = VLC media player 2.0.5
"Winamp" = Winamp
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 20.02.2013 04:51:48 | Computer Name = Celsius2 | Source = WinMgmt | ID = 10
Description =
Error - 20.02.2013 06:51:37 | Computer Name = Celsius2 | Source = WinMgmt | ID = 10
Description =
Error - 20.02.2013 14:51:10 | Computer Name = Celsius2 | Source = WinMgmt | ID = 10
Description =
Error - 20.02.2013 17:49:09 | Computer Name = Celsius2 | Source = WinMgmt | ID = 10
Description =
Error - 21.02.2013 06:08:57 | Computer Name = Celsius2 | Source = WinMgmt | ID = 10
Description =
Error - 21.02.2013 12:42:05 | Computer Name = Celsius2 | Source = WinMgmt | ID = 10
Description =
Error - 22.02.2013 05:18:15 | Computer Name = Celsius2 | Source = WinMgmt | ID = 10
Description =
Error - 23.02.2013 06:34:26 | Computer Name = Celsius2 | Source = WinMgmt | ID = 10
Description =
Error - 23.02.2013 12:26:21 | Computer Name = Celsius2 | Source = WinMgmt | ID = 10
Description =
Error - 23.02.2013 12:30:44 | Computer Name = Celsius2 | Source = WinMgmt | ID = 10
Description =
Error - 24.02.2013 08:14:42 | Computer Name = Celsius2 | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 02.10.2012 14:50:47 | Computer Name = Celsius2 | Source = DCOM | ID = 10010
Description =
Error - 03.10.2012 07:45:24 | Computer Name = Celsius2 | Source = DCOM | ID = 10010
Description =
Error - 04.10.2012 09:17:22 | Computer Name = Celsius2 | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk6\DR6 gefunden.
Error - 08.11.2012 06:17:47 | Computer Name = Celsius2 | Source = DCOM | ID = 10010
Description =
Error - 09.11.2012 12:48:19 | Computer Name = Celsius2 | Source = DCOM | ID = 10010
Description =
Error - 17.11.2012 06:21:45 | Computer Name = Celsius2 | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk6\DR7 gefunden.
Error - 17.11.2012 06:22:13 | Computer Name = Celsius2 | Source = Ntfs | ID = 262281
Description = Auf dem Volume "F:" konnte der Transaktionsressourcen-Manager aufgrund
eines nicht wiederholbaren Fehlers nicht gestartet werden. Der Fehlercode ist in
den Daten enthalten.
Error - 17.11.2012 07:47:50 | Computer Name = Celsius2 | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk6\DR10
gefunden.
Error - 24.11.2012 07:34:55 | Computer Name = Celsius2 | Source = DCOM | ID = 10010
Description =
Error - 26.11.2012 12:41:46 | Computer Name = Celsius2 | Source = DCOM | ID = 10010
Description =
< End of report >
TDSS Log: Code:
ATTFilter 19:24:36.0934 2272 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
19:24:36.0934 2272 ============================================================
19:24:36.0934 2272 Current date / time: 2013/02/23 19:24:36.0934
19:24:36.0934 2272 SystemInfo:
19:24:36.0934 2272
19:24:36.0934 2272 OS Version: 6.1.7601 ServicePack: 1.0
19:24:36.0934 2272 Product type: Workstation
19:24:36.0934 2272 ComputerName: CELSIUS2
19:24:36.0934 2272 UserName: Admi
19:24:36.0934 2272 Windows directory: C:\Windows
19:24:36.0934 2272 System windows directory: C:\Windows
19:24:36.0934 2272 Running under WOW64
19:24:36.0934 2272 Processor architecture: Intel x64
19:24:36.0934 2272 Number of processors: 8
19:24:36.0934 2272 Page size: 0x1000
19:24:36.0934 2272 Boot type: Normal boot
19:24:36.0934 2272 ============================================================
19:24:37.0105 2272 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:24:37.0105 2272 Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:24:37.0121 2272 Drive \Device\Harddisk6\DR6 - Size: 0x1DF2DFE00 (7.49 Gb), SectorSize: 0x200, Cylinders: 0x3D1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
19:24:37.0121 2272 ============================================================
19:24:37.0121 2272 \Device\Harddisk0\DR0:
19:24:37.0121 2272 MBR partitions:
19:24:37.0121 2272 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xDF93800
19:24:37.0121 2272 \Device\Harddisk1\DR1:
19:24:37.0121 2272 MBR partitions:
19:24:37.0121 2272 \Device\Harddisk6\DR6:
19:24:37.0121 2272 MBR partitions:
19:24:37.0121 2272 \Device\Harddisk6\DR6\Partition1: MBR, Type 0xB, StartLBA 0x2C, BlocksNum 0xEF3FA4
19:24:37.0121 2272 ============================================================
19:24:37.0121 2272 C: <-> \Device\Harddisk0\DR0\Partition1
19:24:37.0121 2272 ============================================================
19:24:37.0121 2272 Initialize success
19:24:37.0121 2272 ============================================================
19:24:44.0484 2720 ============================================================
19:24:44.0484 2720 Scan started
19:24:44.0484 2720 Mode: Manual; SigCheck;
19:24:44.0484 2720 ============================================================
19:24:44.0515 2720 ================ Scan system memory ========================
19:24:44.0515 2720 System memory - ok
19:24:44.0515 2720 ================ Scan services =============================
19:24:44.0546 2720 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
19:24:44.0609 2720 1394ohci - ok
19:24:44.0609 2720 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
19:24:44.0624 2720 ACPI - ok
19:24:44.0624 2720 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
19:24:44.0640 2720 AcpiPmi - ok
19:24:44.0640 2720 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
19:24:44.0656 2720 AdobeARMservice - ok
19:24:44.0671 2720 [ 563CDCFEEAEF97163E206AF71A61AA6E ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
19:24:44.0687 2720 AdobeFlashPlayerUpdateSvc - ok
19:24:44.0687 2720 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
19:24:44.0702 2720 adp94xx - ok
19:24:44.0718 2720 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
19:24:44.0718 2720 adpahci - ok
19:24:44.0734 2720 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
19:24:44.0734 2720 adpu320 - ok
19:24:44.0749 2720 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
19:24:44.0796 2720 AeLookupSvc - ok
19:24:44.0812 2720 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
19:24:44.0827 2720 AFD - ok
19:24:44.0827 2720 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
19:24:44.0843 2720 agp440 - ok
19:24:44.0843 2720 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
19:24:44.0858 2720 ALG - ok
19:24:44.0858 2720 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
19:24:44.0858 2720 aliide - ok
19:24:44.0858 2720 [ E5A9A3CB09659032C3685CBEB0C0CAD2 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
19:24:44.0890 2720 AMD External Events Utility - ok
19:24:44.0890 2720 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
19:24:44.0890 2720 amdide - ok
19:24:44.0905 2720 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
19:24:44.0905 2720 AmdK8 - ok
19:24:44.0983 2720 [ 5B1CE50497B43569D83C9F8983CEAF9C ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
19:24:45.0092 2720 amdkmdag - ok
19:24:45.0092 2720 [ A3DDA0E37FC22003BB97D2D1328A4B6D ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
19:24:45.0108 2720 amdkmdap - ok
19:24:45.0108 2720 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
19:24:45.0124 2720 AmdPPM - ok
19:24:45.0124 2720 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
19:24:45.0124 2720 amdsata - ok
19:24:45.0139 2720 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
19:24:45.0155 2720 amdsbs - ok
19:24:45.0155 2720 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
19:24:45.0155 2720 amdxata - ok
19:24:45.0155 2720 [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
19:24:45.0170 2720 AntiVirSchedulerService - ok
19:24:45.0170 2720 [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
19:24:45.0186 2720 AntiVirService - ok
19:24:45.0186 2720 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
19:24:45.0233 2720 AppID - ok
19:24:45.0233 2720 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
19:24:45.0264 2720 AppIDSvc - ok
19:24:45.0264 2720 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
19:24:45.0280 2720 Appinfo - ok
19:24:45.0295 2720 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
19:24:45.0295 2720 AppMgmt - ok
19:24:45.0311 2720 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
19:24:45.0311 2720 arc - ok
19:24:45.0311 2720 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
19:24:45.0326 2720 arcsas - ok
19:24:45.0326 2720 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
19:24:45.0358 2720 AsyncMac - ok
19:24:45.0358 2720 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
19:24:45.0358 2720 atapi - ok
19:24:45.0358 2720 [ DBB487D09F56C674430AC454FD8BCAB9 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
19:24:45.0389 2720 AtiHDAudioService - ok
19:24:45.0389 2720 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
19:24:45.0420 2720 AudioEndpointBuilder - ok
19:24:45.0420 2720 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
19:24:45.0451 2720 AudioSrv - ok
19:24:45.0451 2720 [ 26E38B5A58C6C55FAFBC563EEDDB0867 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
19:24:45.0451 2720 avgntflt - ok
19:24:45.0467 2720 [ 9D1F00BEFF84CBBF46D7F052BC7E0565 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
19:24:45.0467 2720 avipbb - ok
19:24:45.0467 2720 [ 248DB59FC86DE44D2779F4C7FB1A567D ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
19:24:45.0482 2720 avkmgr - ok
19:24:45.0482 2720 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
19:24:45.0498 2720 AxInstSV - ok
19:24:45.0514 2720 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
19:24:45.0529 2720 b06bdrv - ok
19:24:45.0529 2720 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
19:24:45.0545 2720 b57nd60a - ok
19:24:45.0545 2720 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
19:24:45.0560 2720 BDESVC - ok
19:24:45.0560 2720 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
19:24:45.0576 2720 Beep - ok
19:24:45.0592 2720 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
19:24:45.0607 2720 BFE - ok
19:24:45.0623 2720 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
19:24:45.0654 2720 BITS - ok
19:24:45.0654 2720 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
19:24:45.0654 2720 blbdrive - ok
19:24:45.0670 2720 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
19:24:45.0670 2720 bowser - ok
19:24:45.0670 2720 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
19:24:45.0685 2720 BrFiltLo - ok
19:24:45.0685 2720 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
19:24:45.0701 2720 BrFiltUp - ok
19:24:45.0701 2720 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
19:24:45.0716 2720 Browser - ok
19:24:45.0716 2720 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
19:24:45.0732 2720 Brserid - ok
19:24:45.0732 2720 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
19:24:45.0748 2720 BrSerWdm - ok
19:24:45.0748 2720 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
19:24:45.0763 2720 BrUsbMdm - ok
19:24:45.0763 2720 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
19:24:45.0763 2720 BrUsbSer - ok
19:24:45.0763 2720 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
19:24:45.0779 2720 BTHMODEM - ok
19:24:45.0779 2720 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
19:24:45.0810 2720 bthserv - ok
19:24:45.0810 2720 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
19:24:45.0841 2720 cdfs - ok
19:24:45.0841 2720 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
19:24:45.0841 2720 cdrom - ok
19:24:45.0857 2720 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
19:24:45.0872 2720 CertPropSvc - ok
19:24:45.0872 2720 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
19:24:45.0888 2720 circlass - ok
19:24:45.0888 2720 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
19:24:45.0904 2720 CLFS - ok
19:24:45.0904 2720 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:24:45.0935 2720 clr_optimization_v2.0.50727_32 - ok
19:24:45.0935 2720 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:24:45.0950 2720 clr_optimization_v2.0.50727_64 - ok
19:24:45.0950 2720 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:24:45.0966 2720 clr_optimization_v4.0.30319_32 - ok
19:24:45.0966 2720 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:24:45.0966 2720 clr_optimization_v4.0.30319_64 - ok
19:24:45.0966 2720 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
19:24:45.0982 2720 CmBatt - ok
19:24:45.0982 2720 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
19:24:45.0997 2720 cmdide - ok
19:24:45.0997 2720 [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG C:\Windows\system32\Drivers\cng.sys
19:24:46.0013 2720 CNG - ok
19:24:46.0028 2720 [ D38A290E244FEE0E849C7A97D4D88004 ] CnxtHdAudService C:\Windows\system32\drivers\CHDRT64.sys
19:24:46.0060 2720 CnxtHdAudService - ok
19:24:46.0060 2720 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
19:24:46.0075 2720 Compbatt - ok
19:24:46.0075 2720 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
19:24:46.0091 2720 CompositeBus - ok
19:24:46.0091 2720 COMSysApp - ok
19:24:46.0106 2720 cpuz135 - ok
19:24:46.0106 2720 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
19:24:46.0106 2720 crcdisk - ok
19:24:46.0106 2720 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
19:24:46.0122 2720 CryptSvc - ok
19:24:46.0138 2720 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
19:24:46.0153 2720 CSC - ok
19:24:46.0153 2720 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
19:24:46.0169 2720 CscService - ok
19:24:46.0169 2720 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
19:24:46.0200 2720 DcomLaunch - ok
19:24:46.0200 2720 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
19:24:46.0231 2720 defragsvc - ok
19:24:46.0231 2720 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
19:24:46.0247 2720 DfsC - ok
19:24:46.0262 2720 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
19:24:46.0262 2720 Dhcp - ok
19:24:46.0262 2720 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
19:24:46.0294 2720 discache - ok
19:24:46.0294 2720 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
19:24:46.0309 2720 Disk - ok
19:24:46.0309 2720 [ 5DB085A8A6600BE6401F2B24EECB5415 ] dmvsc C:\Windows\system32\drivers\dmvsc.sys
19:24:46.0325 2720 dmvsc - ok
19:24:46.0325 2720 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
19:24:46.0340 2720 Dnscache - ok
19:24:46.0340 2720 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
19:24:46.0372 2720 dot3svc - ok
19:24:46.0372 2720 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
19:24:46.0387 2720 DPS - ok
19:24:46.0387 2720 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
19:24:46.0403 2720 drmkaud - ok
19:24:46.0403 2720 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
19:24:46.0434 2720 DXGKrnl - ok
19:24:46.0434 2720 [ 03F4C5C12FC1C69F838DA723475EF650 ] e1cexpress C:\Windows\system32\DRIVERS\e1c62x64.sys
19:24:46.0450 2720 e1cexpress - ok
19:24:46.0450 2720 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
19:24:46.0465 2720 EapHost - ok
19:24:46.0496 2720 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
19:24:46.0528 2720 ebdrv - ok
19:24:46.0528 2720 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
19:24:46.0543 2720 EFS - ok
19:24:46.0543 2720 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
19:24:46.0559 2720 elxstor - ok
19:24:46.0574 2720 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
19:24:46.0574 2720 ErrDev - ok
19:24:46.0590 2720 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
19:24:46.0606 2720 EventSystem - ok
19:24:46.0606 2720 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
19:24:46.0637 2720 exfat - ok
19:24:46.0637 2720 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
19:24:46.0668 2720 fastfat - ok
19:24:46.0668 2720 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
19:24:46.0684 2720 Fax - ok
19:24:46.0684 2720 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
19:24:46.0684 2720 fdc - ok
19:24:46.0699 2720 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
19:24:46.0715 2720 fdPHost - ok
19:24:46.0715 2720 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
19:24:46.0746 2720 FDResPub - ok
19:24:46.0746 2720 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
19:24:46.0746 2720 FileInfo - ok
19:24:46.0746 2720 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
19:24:46.0777 2720 Filetrace - ok
19:24:46.0777 2720 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
19:24:46.0793 2720 flpydisk - ok
19:24:46.0793 2720 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
19:24:46.0793 2720 FltMgr - ok
19:24:46.0808 2720 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
19:24:46.0824 2720 FontCache - ok
19:24:46.0824 2720 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:24:46.0840 2720 FontCache3.0.0.0 - ok
19:24:46.0840 2720 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
19:24:46.0840 2720 FsDepends - ok
19:24:46.0855 2720 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
19:24:46.0855 2720 Fs_Rec - ok
19:24:46.0855 2720 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
19:24:46.0871 2720 fvevol - ok
19:24:46.0871 2720 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
19:24:46.0886 2720 gagp30kx - ok
19:24:46.0886 2720 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
19:24:46.0918 2720 gpsvc - ok
19:24:46.0918 2720 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:24:46.0918 2720 gupdate - ok
19:24:46.0933 2720 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:24:46.0933 2720 gupdatem - ok
19:24:46.0933 2720 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
19:24:46.0949 2720 hcw85cir - ok
19:24:46.0949 2720 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
19:24:46.0964 2720 HdAudAddService - ok
19:24:46.0964 2720 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
19:24:46.0980 2720 HDAudBus - ok
19:24:46.0980 2720 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
19:24:46.0980 2720 HidBatt - ok
19:24:46.0996 2720 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
19:24:46.0996 2720 HidBth - ok
19:24:46.0996 2720 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
19:24:47.0011 2720 HidIr - ok
19:24:47.0011 2720 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
19:24:47.0042 2720 hidserv - ok
19:24:47.0042 2720 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
19:24:47.0042 2720 HidUsb - ok
19:24:47.0058 2720 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
19:24:47.0074 2720 hkmsvc - ok
19:24:47.0074 2720 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
19:24:47.0089 2720 HomeGroupListener - ok
19:24:47.0105 2720 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
19:24:47.0105 2720 HomeGroupProvider - ok
19:24:47.0105 2720 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
19:24:47.0120 2720 HpSAMD - ok
19:24:47.0120 2720 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
19:24:47.0152 2720 HTTP - ok
19:24:47.0167 2720 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
19:24:47.0167 2720 hwpolicy - ok
19:24:47.0167 2720 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
19:24:47.0183 2720 i8042prt - ok
19:24:47.0183 2720 [ C224331A54571C8C9162F7714400BBBD ] iaStor C:\Windows\system32\drivers\iaStor.sys
19:24:47.0198 2720 iaStor - ok
19:24:47.0198 2720 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
19:24:47.0214 2720 iaStorV - ok
19:24:47.0230 2720 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:24:47.0245 2720 idsvc - ok
19:24:47.0245 2720 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
19:24:47.0261 2720 iirsp - ok
19:24:47.0276 2720 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
19:24:47.0308 2720 IKEEXT - ok
19:24:47.0308 2720 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
19:24:47.0308 2720 intelide - ok
19:24:47.0308 2720 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
19:24:47.0323 2720 intelppm - ok
19:24:47.0323 2720 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
19:24:47.0354 2720 IPBusEnum - ok
19:24:47.0354 2720 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:24:47.0370 2720 IpFilterDriver - ok
19:24:47.0386 2720 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
19:24:47.0386 2720 iphlpsvc - ok
19:24:47.0401 2720 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
19:24:47.0401 2720 IPMIDRV - ok
19:24:47.0401 2720 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
19:24:47.0432 2720 IPNAT - ok
19:24:47.0432 2720 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
19:24:47.0448 2720 IRENUM - ok
19:24:47.0448 2720 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
19:24:47.0448 2720 isapnp - ok
19:24:47.0464 2720 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
19:24:47.0464 2720 iScsiPrt - ok
19:24:47.0479 2720 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
19:24:47.0479 2720 kbdclass - ok
19:24:47.0479 2720 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
19:24:47.0495 2720 kbdhid - ok
19:24:47.0495 2720 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
19:24:47.0495 2720 KeyIso - ok
19:24:47.0495 2720 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
19:24:47.0510 2720 KSecDD - ok
19:24:47.0510 2720 [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
19:24:47.0526 2720 KSecPkg - ok
19:24:47.0526 2720 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
19:24:47.0542 2720 ksthunk - ok
19:24:47.0557 2720 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
19:24:47.0573 2720 KtmRm - ok
19:24:47.0588 2720 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
19:24:47.0604 2720 LanmanServer - ok
19:24:47.0620 2720 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
19:24:47.0635 2720 LanmanWorkstation - ok
19:24:47.0635 2720 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
19:24:47.0666 2720 lltdio - ok
19:24:47.0666 2720 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
19:24:47.0698 2720 lltdsvc - ok
19:24:47.0698 2720 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
19:24:47.0713 2720 lmhosts - ok
19:24:47.0713 2720 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
19:24:47.0729 2720 LSI_FC - ok
19:24:47.0729 2720 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
19:24:47.0744 2720 LSI_SAS - ok
19:24:47.0744 2720 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
19:24:47.0744 2720 LSI_SAS2 - ok
19:24:47.0760 2720 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
19:24:47.0760 2720 LSI_SCSI - ok
19:24:47.0760 2720 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
19:24:47.0791 2720 luafv - ok
19:24:47.0791 2720 [ A401CFF74982D8DF851F20307C806073 ] LVRS64 C:\Windows\system32\DRIVERS\lvrs64.sys
19:24:47.0807 2720 LVRS64 - ok
19:24:47.0838 2720 [ 13384CB5F5813E65F31078D6ABFAAF38 ] LVUVC64 C:\Windows\system32\DRIVERS\lvuvc64.sys
19:24:47.0900 2720 LVUVC64 - ok
19:24:47.0900 2720 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
19:24:47.0916 2720 megasas - ok
19:24:47.0916 2720 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
19:24:47.0932 2720 MegaSR - ok
19:24:47.0932 2720 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
19:24:47.0947 2720 MEIx64 - ok
19:24:47.0947 2720 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
19:24:47.0963 2720 MMCSS - ok
19:24:47.0963 2720 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
19:24:47.0994 2720 Modem - ok
19:24:47.0994 2720 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
19:24:47.0994 2720 monitor - ok
19:24:48.0010 2720 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
19:24:48.0010 2720 mouclass - ok
19:24:48.0010 2720 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
19:24:48.0025 2720 mouhid - ok
19:24:48.0025 2720 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
19:24:48.0041 2720 mountmgr - ok
19:24:48.0041 2720 [ 51A84B690DF519DCF656F780243D953E ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
19:24:48.0056 2720 MozillaMaintenance - ok
19:24:48.0056 2720 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
19:24:48.0056 2720 mpio - ok
19:24:48.0072 2720 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
19:24:48.0088 2720 mpsdrv - ok
19:24:48.0103 2720 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
19:24:48.0119 2720 MpsSvc - ok
19:24:48.0119 2720 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
19:24:48.0134 2720 MRxDAV - ok
19:24:48.0150 2720 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
19:24:48.0150 2720 mrxsmb - ok
19:24:48.0150 2720 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:24:48.0166 2720 mrxsmb10 - ok
19:24:48.0166 2720 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:24:48.0181 2720 mrxsmb20 - ok
19:24:48.0181 2720 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
19:24:48.0197 2720 msahci - ok
19:24:48.0197 2720 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
19:24:48.0212 2720 msdsm - ok
19:24:48.0212 2720 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
19:24:48.0228 2720 MSDTC - ok
19:24:48.0228 2720 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
19:24:48.0244 2720 Msfs - ok
19:24:48.0244 2720 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
19:24:48.0275 2720 mshidkmdf - ok
19:24:48.0275 2720 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
19:24:48.0275 2720 msisadrv - ok
19:24:48.0275 2720 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
19:24:48.0306 2720 MSiSCSI - ok
19:24:48.0306 2720 msiserver - ok
19:24:48.0306 2720 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
19:24:48.0337 2720 MSKSSRV - ok
19:24:48.0337 2720 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
19:24:48.0353 2720 MSPCLOCK - ok
19:24:48.0353 2720 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
19:24:48.0384 2720 MSPQM - ok
19:24:48.0384 2720 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
19:24:48.0400 2720 MsRPC - ok
19:24:48.0400 2720 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
19:24:48.0400 2720 mssmbios - ok
19:24:48.0400 2720 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
19:24:48.0431 2720 MSTEE - ok
19:24:48.0431 2720 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
19:24:48.0431 2720 MTConfig - ok
19:24:48.0446 2720 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
19:24:48.0446 2720 Mup - ok
19:24:48.0446 2720 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
19:24:48.0478 2720 napagent - ok
19:24:48.0478 2720 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
19:24:48.0493 2720 NativeWifiP - ok
19:24:48.0509 2720 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
19:24:48.0524 2720 NDIS - ok
19:24:48.0524 2720 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
19:24:48.0540 2720 NdisCap - ok
19:24:48.0540 2720 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
19:24:48.0571 2720 NdisTapi - ok
19:24:48.0571 2720 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
19:24:48.0587 2720 Ndisuio - ok
19:24:48.0587 2720 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
19:24:48.0618 2720 NdisWan - ok
19:24:48.0618 2720 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
19:24:48.0649 2720 NDProxy - ok
19:24:48.0649 2720 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
19:24:48.0665 2720 NetBIOS - ok
19:24:48.0665 2720 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
19:24:48.0696 2720 NetBT - ok
19:24:48.0696 2720 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
19:24:48.0696 2720 Netlogon - ok
19:24:48.0712 2720 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
19:24:48.0727 2720 Netman - ok
19:24:48.0743 2720 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
19:24:48.0758 2720 netprofm - ok
19:24:48.0774 2720 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:24:48.0774 2720 NetTcpPortSharing - ok
19:24:48.0774 2720 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
19:24:48.0790 2720 nfrd960 - ok
19:24:48.0790 2720 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
19:24:48.0805 2720 NlaSvc - ok
19:24:48.0805 2720 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
19:24:48.0836 2720 Npfs - ok
19:24:48.0836 2720 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
19:24:48.0852 2720 nsi - ok
19:24:48.0852 2720 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
19:24:48.0883 2720 nsiproxy - ok
19:24:48.0899 2720 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
19:24:48.0930 2720 Ntfs - ok
19:24:48.0930 2720 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
19:24:48.0946 2720 Null - ok
19:24:48.0946 2720 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
19:24:48.0961 2720 nvraid - ok
19:24:48.0961 2720 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
19:24:48.0977 2720 nvstor - ok
19:24:48.0977 2720 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
19:24:48.0992 2720 nv_agp - ok
19:24:48.0992 2720 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
19:24:49.0008 2720 ohci1394 - ok
19:24:49.0008 2720 [ 4965B005492CBA7719E82B71E3245495 ] ose64 C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:24:49.0024 2720 ose64 - ok
19:24:49.0055 2720 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
19:24:49.0117 2720 osppsvc - ok
19:24:49.0117 2720 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
19:24:49.0133 2720 p2pimsvc - ok
19:24:49.0133 2720 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
19:24:49.0148 2720 p2psvc - ok
19:24:49.0148 2720 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
19:24:49.0164 2720 Parport - ok
19:24:49.0164 2720 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
19:24:49.0180 2720 partmgr - ok
19:24:49.0180 2720 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
19:24:49.0195 2720 PcaSvc - ok
19:24:49.0195 2720 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
19:24:49.0195 2720 pci - ok
19:24:49.0211 2720 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
19:24:49.0211 2720 pciide - ok
19:24:49.0211 2720 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
19:24:49.0226 2720 pcmcia - ok
19:24:49.0226 2720 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
19:24:49.0242 2720 pcw - ok
19:24:49.0242 2720 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
19:24:49.0273 2720 PEAUTH - ok
19:24:49.0289 2720 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
19:24:49.0304 2720 PeerDistSvc - ok
19:24:49.0320 2720 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
19:24:49.0336 2720 PerfHost - ok
19:24:49.0351 2720 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
19:24:49.0382 2720 pla - ok
19:24:49.0398 2720 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
19:24:49.0398 2720 PlugPlay - ok
19:24:49.0398 2720 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
19:24:49.0414 2720 PNRPAutoReg - ok
19:24:49.0414 2720 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
19:24:49.0429 2720 PNRPsvc - ok
19:24:49.0429 2720 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
19:24:49.0460 2720 PolicyAgent - ok
19:24:49.0460 2720 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
19:24:49.0492 2720 Power - ok
19:24:49.0492 2720 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
19:24:49.0507 2720 PptpMiniport - ok
19:24:49.0523 2720 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
19:24:49.0523 2720 Processor - ok
19:24:49.0523 2720 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
19:24:49.0538 2720 ProfSvc - ok
19:24:49.0538 2720 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
19:24:49.0554 2720 ProtectedStorage - ok
19:24:49.0554 2720 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
19:24:49.0570 2720 Psched - ok
19:24:49.0570 2720 [ FB46E9A827A8799EBD7BFA9128C91F37 ] PSI C:\Windows\system32\DRIVERS\psi_mf.sys
19:24:49.0585 2720 PSI - ok
19:24:49.0585 2720 [ 543A4EF0923BF70D126625B034EF25AF ] PSI_SVC_2 C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
19:24:49.0585 2720 PSI_SVC_2 - ok
19:24:49.0601 2720 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
19:24:49.0632 2720 ql2300 - ok
19:24:49.0632 2720 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
19:24:49.0648 2720 ql40xx - ok
19:24:49.0648 2720 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
19:24:49.0663 2720 QWAVE - ok
19:24:49.0663 2720 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
19:24:49.0679 2720 QWAVEdrv - ok
19:24:49.0679 2720 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
19:24:49.0694 2720 RasAcd - ok
19:24:49.0694 2720 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
19:24:49.0726 2720 RasAgileVpn - ok
19:24:49.0726 2720 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
19:24:49.0757 2720 RasAuto - ok
19:24:49.0757 2720 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
19:24:49.0772 2720 Rasl2tp - ok
19:24:49.0788 2720 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
19:24:49.0804 2720 RasMan - ok
19:24:49.0819 2720 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
19:24:49.0835 2720 RasPppoe - ok
19:24:49.0835 2720 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
19:24:49.0866 2720 RasSstp - ok
19:24:49.0866 2720 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
19:24:49.0897 2720 rdbss - ok
19:24:49.0897 2720 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
19:24:49.0897 2720 rdpbus - ok
19:24:49.0913 2720 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
19:24:49.0928 2720 RDPCDD - ok
19:24:49.0928 2720 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
19:24:49.0944 2720 RDPDR - ok
19:24:49.0944 2720 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
19:24:49.0960 2720 RDPENCDD - ok
19:24:49.0975 2720 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
19:24:49.0991 2720 RDPREFMP - ok
19:24:49.0991 2720 [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
19:24:50.0006 2720 RdpVideoMiniport - ok
19:24:50.0006 2720 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
19:24:50.0022 2720 RDPWD - ok
19:24:50.0022 2720 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
19:24:50.0038 2720 rdyboost - ok
19:24:50.0038 2720 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
19:24:50.0053 2720 RemoteAccess - ok
19:24:50.0069 2720 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
19:24:50.0084 2720 RemoteRegistry - ok
19:24:50.0084 2720 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
19:24:50.0116 2720 RpcEptMapper - ok
19:24:50.0116 2720 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
19:24:50.0116 2720 RpcLocator - ok
19:24:50.0131 2720 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
19:24:50.0147 2720 RpcSs - ok
19:24:50.0147 2720 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
19:24:50.0178 2720 rspndr - ok
19:24:50.0178 2720 [ E5D8AFC13A276114660CB4ADB3E2D6A3 ] rstescu C:\Windows\system32\drivers\rstescu.sys
19:24:50.0194 2720 rstescu - ok
19:24:50.0194 2720 [ 828572882DBD58D35417DAEED07BC8B6 ] rstescu1 C:\Windows\system32\drivers\rstescu1.sys
19:24:50.0209 2720 rstescu1 - ok
19:24:50.0225 2720 [ 397CFFCD9C8B9978B38163D727C78AA1 ] rstfltr C:\Windows\system32\drivers\rstfltr.sys
19:24:50.0225 2720 rstfltr - ok
19:24:50.0225 2720 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
19:24:50.0240 2720 s3cap - ok
19:24:50.0240 2720 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
19:24:50.0240 2720 SamSs - ok
19:24:50.0240 2720 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\DRIVERS\sbp2port.sys
19:24:50.0256 2720 sbp2port - ok
19:24:50.0256 2720 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
19:24:50.0287 2720 SCardSvr - ok
19:24:50.0287 2720 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
19:24:50.0303 2720 scfilter - ok
19:24:50.0318 2720 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
19:24:50.0350 2720 Schedule - ok
19:24:50.0350 2720 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
19:24:50.0365 2720 SCPolicySvc - ok
19:24:50.0365 2720 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
19:24:50.0381 2720 SDRSVC - ok
19:24:50.0381 2720 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
19:24:50.0412 2720 secdrv - ok
19:24:50.0412 2720 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
19:24:50.0428 2720 seclogon - ok
19:24:50.0443 2720 [ 9901DCF2B6DD2AD12CB42BD559E0C92D ] Secunia PSI Agent C:\Program Files (x86)\Secunia\PSI\PSIA.exe
19:24:50.0459 2720 Secunia PSI Agent - ok
19:24:50.0474 2720 [ 4F2056349F8BA4154D5213BF8A476B14 ] Secunia Update Agent C:\Program Files (x86)\Secunia\PSI\sua.exe
19:24:50.0474 2720 Secunia Update Agent - ok
19:24:50.0490 2720 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
19:24:50.0506 2720 SENS - ok
19:24:50.0506 2720 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
19:24:50.0521 2720 SensrSvc - ok
19:24:50.0521 2720 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
19:24:50.0537 2720 Serenum - ok
19:24:50.0537 2720 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
19:24:50.0537 2720 Serial - ok
19:24:50.0537 2720 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
19:24:50.0552 2720 sermouse - ok
19:24:50.0552 2720 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
19:24:50.0584 2720 SessionEnv - ok
19:24:50.0584 2720 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
19:24:50.0599 2720 sffdisk - ok
19:24:50.0599 2720 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
19:24:50.0599 2720 sffp_mmc - ok
19:24:50.0615 2720 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
19:24:50.0615 2720 sffp_sd - ok
19:24:50.0615 2720 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
19:24:50.0630 2720 sfloppy - ok
19:24:50.0630 2720 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
19:24:50.0662 2720 SharedAccess - ok
19:24:50.0662 2720 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
19:24:50.0693 2720 ShellHWDetection - ok
19:24:50.0693 2720 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
19:24:50.0708 2720 SiSRaid2 - ok
19:24:50.0708 2720 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
19:24:50.0708 2720 SiSRaid4 - ok
19:24:50.0724 2720 [ A4FAB5F7818A69DA6E740943CB8F7CA9 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
19:24:50.0724 2720 SkypeUpdate - ok
19:24:50.0724 2720 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
19:24:50.0755 2720 Smb - ok
19:24:50.0755 2720 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
19:24:50.0755 2720 SNMPTRAP - ok
19:24:50.0833 2720 [ 37D91C6385BB1104D67925FC43800ED0 ] SNPSTD3 C:\Windows\system32\DRIVERS\snpstd3.sys
19:24:50.0927 2720 SNPSTD3 - ok
19:24:50.0927 2720 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
19:24:50.0942 2720 spldr - ok
19:24:50.0942 2720 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
19:24:50.0974 2720 Spooler - ok
19:24:50.0989 2720 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
19:24:51.0036 2720 sppsvc - ok
19:24:51.0036 2720 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
19:24:51.0067 2720 sppuinotify - ok
19:24:51.0067 2720 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
19:24:51.0083 2720 srv - ok
19:24:51.0098 2720 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
19:24:51.0098 2720 srv2 - ok
19:24:51.0114 2720 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
19:24:51.0114 2720 srvnet - ok
19:24:51.0130 2720 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
19:24:51.0145 2720 SSDPSRV - ok
19:24:51.0145 2720 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
19:24:51.0176 2720 SstpSvc - ok
19:24:51.0176 2720 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
19:24:51.0176 2720 stexstor - ok
19:24:51.0192 2720 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
19:24:51.0208 2720 stisvc - ok
19:24:51.0208 2720 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
19:24:51.0223 2720 storflt - ok
19:24:51.0223 2720 [ C40841817EF57D491F22EB103DA587CC ] StorSvc C:\Windows\system32\storsvc.dll
19:24:51.0223 2720 StorSvc - ok
19:24:51.0223 2720 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
19:24:51.0239 2720 storvsc - ok
19:24:51.0239 2720 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
19:24:51.0254 2720 swenum - ok
19:24:51.0254 2720 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
19:24:51.0286 2720 swprv - ok
19:24:51.0301 2720 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
19:24:51.0332 2720 SysMain - ok
19:24:51.0332 2720 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
19:24:51.0348 2720 TabletInputService - ok
19:24:51.0348 2720 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
19:24:51.0379 2720 TapiSrv - ok
19:24:51.0379 2720 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
19:24:51.0395 2720 TBS - ok
19:24:51.0410 2720 [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
19:24:51.0442 2720 Tcpip - ok
19:24:51.0457 2720 [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
19:24:51.0488 2720 TCPIP6 - ok
19:24:51.0488 2720 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
19:24:51.0488 2720 tcpipreg - ok
19:24:51.0504 2720 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
19:24:51.0504 2720 TDPIPE - ok
19:24:51.0504 2720 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
19:24:51.0520 2720 TDTCP - ok
19:24:51.0520 2720 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
19:24:51.0551 2720 tdx - ok
19:24:51.0551 2720 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
19:24:51.0551 2720 TermDD - ok
19:24:51.0566 2720 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
19:24:51.0598 2720 TermService - ok
19:24:51.0598 2720 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
19:24:51.0613 2720 Themes - ok
19:24:51.0613 2720 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
19:24:51.0629 2720 THREADORDER - ok
19:24:51.0629 2720 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
19:24:51.0660 2720 TrkWks - ok
19:24:51.0660 2720 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
19:24:51.0676 2720 TrustedInstaller - ok
19:24:51.0676 2720 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
19:24:51.0707 2720 tssecsrv - ok
19:24:51.0707 2720 [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
19:24:51.0722 2720 TsUsbFlt - ok
19:24:51.0722 2720 [ AD64450A4ABE076F5CB34CC08EEACB07 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
19:24:51.0722 2720 TsUsbGD - ok
19:24:51.0738 2720 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
19:24:51.0754 2720 tunnel - ok
19:24:51.0754 2720 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
19:24:51.0769 2720 uagp35 - ok
19:24:51.0769 2720 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
19:24:51.0800 2720 udfs - ok
19:24:51.0800 2720 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
19:24:51.0816 2720 UI0Detect - ok
19:24:51.0816 2720 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
19:24:51.0816 2720 uliagpkx - ok
19:24:51.0832 2720 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
19:24:51.0832 2720 umbus - ok
19:24:51.0832 2720 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
19:24:51.0847 2720 UmPass - ok
19:24:51.0847 2720 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
19:24:51.0863 2720 UmRdpService - ok
19:24:51.0863 2720 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
19:24:51.0894 2720 upnphost - ok
19:24:51.0894 2720 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
19:24:51.0910 2720 usbaudio - ok
19:24:51.0910 2720 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
19:24:51.0925 2720 usbccgp - ok
19:24:51.0925 2720 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
19:24:51.0941 2720 usbcir - ok
19:24:51.0941 2720 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
19:24:51.0956 2720 usbehci - ok
19:24:51.0956 2720 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
19:24:51.0972 2720 usbhub - ok
19:24:51.0972 2720 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
19:24:51.0972 2720 usbohci - ok
19:24:51.0988 2720 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
19:24:51.0988 2720 usbprint - ok
19:24:51.0988 2720 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
19:24:52.0003 2720 usbscan - ok
19:24:52.0003 2720 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:24:52.0019 2720 USBSTOR - ok
19:24:52.0019 2720 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
19:24:52.0034 2720 usbuhci - ok
19:24:52.0034 2720 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
19:24:52.0050 2720 usbvideo - ok
19:24:52.0050 2720 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
19:24:52.0066 2720 UxSms - ok
19:24:52.0081 2720 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
19:24:52.0081 2720 VaultSvc - ok
19:24:52.0081 2720 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
19:24:52.0097 2720 vdrvroot - ok
19:24:52.0097 2720 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
19:24:52.0128 2720 vds - ok
19:24:52.0128 2720 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
19:24:52.0144 2720 vga - ok
19:24:52.0144 2720 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
19:24:52.0159 2720 VgaSave - ok
19:24:52.0159 2720 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
19:24:52.0175 2720 vhdmp - ok
19:24:52.0175 2720 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
19:24:52.0190 2720 viaide - ok
19:24:52.0190 2720 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
19:24:52.0206 2720 vmbus - ok
19:24:52.0206 2720 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
19:24:52.0206 2720 VMBusHID - ok
19:24:52.0222 2720 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
19:24:52.0222 2720 volmgr - ok
19:24:52.0222 2720 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
19:24:52.0237 2720 volmgrx - ok
19:24:52.0253 2720 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
19:24:52.0253 2720 volsnap - ok
19:24:52.0268 2720 [ B4A73CA4EF9A02B9738CEA9AD5FE5917 ] vpcbus C:\Windows\system32\DRIVERS\vpchbus.sys
19:24:52.0268 2720 vpcbus - ok
19:24:52.0268 2720 [ E675FB2B48C54F09895482E2253B289C ] vpcnfltr C:\Windows\system32\DRIVERS\vpcnfltr.sys
19:24:52.0284 2720 vpcnfltr - ok
19:24:52.0284 2720 [ 5FB42082B0D19A0268705F1DD343DF20 ] vpcusb C:\Windows\system32\DRIVERS\vpcusb.sys
19:24:52.0300 2720 vpcusb - ok
19:24:52.0300 2720 [ 63F4E10873BEB4124028C6D1A66B0968 ] vpcuxd C:\Windows\system32\DRIVERS\vpcuxd.sys
19:24:52.0300 2720 vpcuxd - ok
19:24:52.0315 2720 [ 207B6539799CC1C112661A9B620DD233 ] vpcvmm C:\Windows\system32\drivers\vpcvmm.sys
19:24:52.0315 2720 vpcvmm - ok
19:24:52.0315 2720 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
19:24:52.0331 2720 vsmraid - ok
19:24:52.0346 2720 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
19:24:52.0378 2720 VSS - ok
19:24:52.0378 2720 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
19:24:52.0393 2720 vwifibus - ok
19:24:52.0393 2720 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
19:24:52.0424 2720 W32Time - ok
19:24:52.0424 2720 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
19:24:52.0440 2720 WacomPen - ok
19:24:52.0440 2720 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
19:24:52.0471 2720 WANARP - ok
19:24:52.0471 2720 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
19:24:52.0487 2720 Wanarpv6 - ok
19:24:52.0502 2720 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
19:24:52.0518 2720 wbengine - ok
19:24:52.0518 2720 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
19:24:52.0534 2720 WbioSrvc - ok
19:24:52.0549 2720 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
19:24:52.0565 2720 wcncsvc - ok
19:24:52.0565 2720 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
19:24:52.0580 2720 WcsPlugInService - ok
19:24:52.0580 2720 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
19:24:52.0580 2720 Wd - ok
19:24:52.0596 2720 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
19:24:52.0612 2720 Wdf01000 - ok
19:24:52.0612 2720 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
19:24:52.0643 2720 WdiServiceHost - ok
19:24:52.0643 2720 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
19:24:52.0658 2720 WdiSystemHost - ok
19:24:52.0658 2720 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
19:24:52.0674 2720 WebClient - ok
19:24:52.0674 2720 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
19:24:52.0705 2720 Wecsvc - ok
19:24:52.0705 2720 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
19:24:52.0736 2720 wercplsupport - ok
19:24:52.0736 2720 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
19:24:52.0752 2720 WerSvc - ok
19:24:52.0752 2720 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
19:24:52.0783 2720 WfpLwf - ok
19:24:52.0783 2720 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
19:24:52.0783 2720 WIMMount - ok
19:24:52.0783 2720 WinDefend - ok
19:24:52.0799 2720 WinHttpAutoProxySvc - ok
19:24:52.0799 2720 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
19:24:52.0830 2720 Winmgmt - ok
19:24:52.0846 2720 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
19:24:52.0877 2720 WinRM - ok
19:24:52.0892 2720 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
19:24:52.0892 2720 WinUsb - ok
19:24:52.0908 2720 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
19:24:52.0924 2720 Wlansvc - ok
19:24:52.0924 2720 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
19:24:52.0939 2720 WmiAcpi - ok
19:24:52.0939 2720 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
19:24:52.0955 2720 wmiApSrv - ok
19:24:52.0955 2720 WMPNetworkSvc - ok
19:24:52.0955 2720 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
19:24:52.0970 2720 WPCSvc - ok
19:24:52.0970 2720 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
19:24:52.0986 2720 WPDBusEnum - ok
19:24:52.0986 2720 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
19:24:53.0017 2720 ws2ifsl - ok
19:24:53.0017 2720 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
19:24:53.0033 2720 wscsvc - ok
19:24:53.0033 2720 WSearch - ok
19:24:53.0048 2720 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
19:24:53.0080 2720 wuauserv - ok
19:24:53.0080 2720 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
19:24:53.0095 2720 WudfPf - ok
19:24:53.0095 2720 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
19:24:53.0111 2720 WUDFRd - ok
19:24:53.0111 2720 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
19:24:53.0126 2720 wudfsvc - ok
19:24:53.0126 2720 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
19:24:53.0142 2720 WwanSvc - ok
19:24:53.0142 2720 ================ Scan global ===============================
19:24:53.0142 2720 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
19:24:53.0142 2720 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
19:24:53.0158 2720 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
19:24:53.0158 2720 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
19:24:53.0173 2720 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
19:24:53.0173 2720 [Global] - ok
19:24:53.0173 2720 ================ Scan MBR ==================================
19:24:53.0173 2720 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
19:24:53.0236 2720 \Device\Harddisk0\DR0 - ok
19:24:53.0236 2720 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
19:24:53.0236 2720 \Device\Harddisk1\DR1 - ok
19:24:53.0236 2720 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk6\DR6
19:24:53.0236 2720 \Device\Harddisk6\DR6 - ok
19:24:53.0236 2720 ================ Scan VBR ==================================
19:24:53.0251 2720 [ 009BE44882C7BAADDB318C6B78B7990A ] \Device\Harddisk0\DR0\Partition1
19:24:53.0251 2720 \Device\Harddisk0\DR0\Partition1 - ok
19:24:53.0251 2720 [ DA8EE6D43CAC3948FDE15BA028DD5218 ] \Device\Harddisk6\DR6\Partition1
19:24:53.0251 2720 \Device\Harddisk6\DR6\Partition1 - ok
19:24:53.0251 2720 ============================================================
19:24:53.0251 2720 Scan finished
19:24:53.0251 2720 ============================================================
19:24:53.0251 2176 Detected object count: 0
19:24:53.0251 2176 Actual detected object count: 0
19:25:05.0840 2244 Deinitialize success
|
|
24.02.2013, 18:50
| #4 |
| | T-mobile MMS {SYMBOL}_foto.zip "HIDDENEXT/Worm.Gen" Avira Archiv geöffnet... Hier die Logs von dem nicht Infizierten Rechner, wenn dann sollten die Gamarue Viren im Spiel gewesen sein. Code:
ATTFilter Exportierte Ereignisse:
23.02.2013 17:41 [System-Scanner] Malware gefunden
Die Datei 'C:\Users\Ich\Downloads\CH341DriverX64.zip'
enthielt einen Virus oder unerwünschtes Programm 'SPR/Tool.Driverunsign'
[riskware].
Durchgeführte Aktion(en):
Eine Sicherungskopie wurde unter dem Namen 56b97214.qua erstellt ( QUARANTÄNE ).
Die Datei wurde gelöscht.
23.02.2013 17:40 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Users\Ich\Downloads\CH341DriverX64.zip'
wurde ein Virus oder unerwünschtes Programm 'SPR/Tool.Driverunsign' [riskware]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
23.02.2013 17:40 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Users\Ich\Downloads\CH341DriverX64.zip'
wurde ein Virus oder unerwünschtes Programm 'SPR/Tool.Driverunsign' [riskware]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
23.02.2013 17:40 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Users\Ich\Downloads\CH341DriverX64.zip'
wurde ein Virus oder unerwünschtes Programm 'SPR/Tool.Driverunsign' [riskware]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
23.02.2013 17:40 [System-Scanner] Malware gefunden
Die Datei 'C:\Users\Ich\Downloads\CH341DriverX64.zip'
enthielt einen Virus oder unerwünschtes Programm 'SPR/Tool.Driverunsign'
[riskware].
Durchgeführte Aktion(en):
Die Datei wurde ignoriert.
23.02.2013 17:40 [System-Scanner] Malware gefunden
Die Datei 'C:\Users\Ich\Downloads\CH341DriverX64.zip'
enthielt einen Virus oder unerwünschtes Programm 'SPR/Tool.Driverunsign'
[riskware].
Durchgeführte Aktion(en):
Die Datei wurde ignoriert.
23.02.2013 17:39 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Users\Ich\Downloads\CH341DriverX64.zip'
wurde ein Virus oder unerwünschtes Programm 'SPR/Tool.Driverunsign' [riskware]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
23.02.2013 17:38 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Users\Ich\Downloads\CH341DriverX64.zip'
wurde ein Virus oder unerwünschtes Programm 'SPR/Tool.Driverunsign' [riskware]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
23.02.2013 16:23 [System-Scanner] Malware gefunden
Die Datei 'C:\Users\Ich\Downloads\RechnungOnline Monat.eml'
enthielt einen Virus oder unerwünschtes Programm 'BDS/Androm.EB.43' [backdoor].
Durchgeführte Aktion(en):
Der Fund wurde als verdächtig eingestuft.
Die Datei wurde ignoriert.
23.02.2013 15:56 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Users\Ich\Downloads\{SYBOL}_foto.zip'
wurde ein Virus oder unerwünschtes Programm 'WORM/Gamarue.EB.2' [worm] gefunden.
Ausgeführte Aktion: Übergeben an Scanner
23.02.2013 15:56 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Users\Ich\Downloads\{SYBOL}_foto.zip'
wurde ein Virus oder unerwünschtes Programm 'WORM/Gamarue.EB.2' [worm] gefunden.
Ausgeführte Aktion: Zugriff verweigern
23.02.2013 15:56 [System-Scanner] Malware gefunden
Die Datei 'C:\Users\Ich\Downloads\foto {SYBOL}(1).zip'
enthielt einen Virus oder unerwünschtes Programm 'TR/Winlock.JX' [trojan].
Durchgeführte Aktion(en):
Die Datei wurde ignoriert.
23.02.2013 15:56 [System-Scanner] Malware gefunden
Die Datei 'C:\Users\Ich\Downloads\foto {SYBOL}.zip'
enthielt einen Virus oder unerwünschtes Programm 'TR/Winlock.JX' [trojan].
Durchgeführte Aktion(en):
Die Datei wurde ignoriert.
23.02.2013 15:56 [System-Scanner] Malware gefunden
Die Datei 'C:\Users\Ich\Downloads\foto {SYBOL}(3).zip'
enthielt einen Virus oder unerwünschtes Programm 'TR/Winlock.JX' [trojan].
Durchgeführte Aktion(en):
Die Datei wurde ignoriert.
23.02.2013 15:56 [System-Scanner] Malware gefunden
Die Datei 'C:\Users\Ich\Downloads\foto {SYBOL}(2).zip'
enthielt einen Virus oder unerwünschtes Programm 'TR/Winlock.JX' [trojan].
Durchgeführte Aktion(en):
Die Datei wurde ignoriert.
23.02.2013 15:55 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Users\Ich\Downloads\foto {SYBOL}(2).zip'
wurde ein Virus oder unerwünschtes Programm 'WORM/Gamarue.EB.1' [worm] gefunden.
Ausgeführte Aktion: Zugriff verweigern
23.02.2013 15:55 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Users\Ich\Downloads\foto {SYBOL}(3).zip'
wurde ein Virus oder unerwünschtes Programm 'WORM/Gamarue.EB.1' [worm] gefunden.
Ausgeführte Aktion: Zugriff verweigern
23.02.2013 15:55 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Users\Ich\Downloads\foto {SYBOL}.zip'
wurde ein Virus oder unerwünschtes Programm 'WORM/Gamarue.EB.1' [worm] gefunden.
Ausgeführte Aktion: Zugriff verweigern
23.02.2013 15:55 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Users\Ich\Downloads\foto {SYBOL}(1).zip'
wurde ein Virus oder unerwünschtes Programm 'WORM/Gamarue.EB.1' [worm] gefunden.
Ausgeführte Aktion: Zugriff verweigern
23.02.2013 15:55 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Users\Ich\Downloads\foto {SYBOL}(3).zip'
wurde ein Virus oder unerwünschtes Programm 'WORM/Gamarue.EB.1' [worm] gefunden.
Ausgeführte Aktion: Übergeben an Scanner
23.02.2013 15:54 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Users\Ich\Downloads\foto {SYBOL}(2).zip'
wurde ein Virus oder unerwünschtes Programm 'WORM/Gamarue.EB.1' [worm] gefunden.
Ausgeführte Aktion: Übergeben an Scanner
23.02.2013 15:54 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Users\Ich\Downloads\foto {SYBOL}(1).zip'
wurde ein Virus oder unerwünschtes Programm 'WORM/Gamarue.EB.1' [worm] gefunden.
Ausgeführte Aktion: Übergeben an Scanner
23.02.2013 15:54 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Users\Ich\Downloads\foto {SYBOL}.zip'
wurde ein Virus oder unerwünschtes Programm 'WORM/Gamarue.EB.1' [worm] gefunden.
Ausgeführte Aktion: Übergeben an Scanner
Die Viren habe ich bereits verschickt. Geändert von DommLix (24.02.2013 um 19:45 Uhr) Grund: Bemerkung Ch341... |
|
25.02.2013, 18:18
| #5 |
| /// Malware-holic | T-mobile MMS {SYMBOL}_foto.zip "HIDDENEXT/Worm.Gen" Avira Archiv geöffnet... hi verstehe ich nicht ganz, die avira logs sind vom nicht infiziertem pc? warum?
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
27.02.2013, 10:00
| #6 | ||||
| | T-mobile MMS {SYMBOL}_foto.zip "HIDDENEXT/Worm.Gen" Avira Archiv geöffnet...Zitat:
Zitat:
Zitat:
Zitat:
Meine Frau hat zeitgleich auch "solche" Mails erhalten und nach dem öffnen gelöscht... Am Rechner ist die Avira Free AV installiert, vllt. kann der den Virus in der Mail nicht finden .MfG DommLix OT Ich weiß dass ich den Avira nicht geschäftlich nicht nutzen darf... Wo kann ich mich Informieren ob ich den Avira prof. oder einen anderen Virenscanner kaufen soll |
|
27.02.2013, 13:20
| #7 |
| /// Malware-holic | T-mobile MMS {SYMBOL}_foto.zip "HIDDENEXT/Worm.Gen" Avira Archiv geöffnet... infos gebe ich dir dann für andre av-software. die symptome treten auf dem firmen pc auf?
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
27.02.2013, 13:29
| #8 |
| | T-mobile MMS {SYMBOL}_foto.zip "HIDDENEXT/Worm.Gen" Avira Archiv geöffnet... Ja, Symptome am PC mit Outlook und mit der geöffneten eMail. |
|
27.02.2013, 15:44
| #9 |
| /// Malware-holic | T-mobile MMS {SYMBOL}_foto.zip "HIDDENEXT/Worm.Gen" Avira Archiv geöffnet... hi, Scan mit Combofix
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
01.03.2013, 08:09
| #10 |
| | T-mobile MMS {SYMBOL}_foto.zip "HIDDENEXT/Worm.Gen" Avira Archiv geöffnet... Hallo Markus, Combofix ist ohne Probleme drchgelaufen: hier das Log: Code:
ATTFilter ComboFix 13-02-26.01 - Design 01.03.2013 7:53.1.8 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.8132.7007 [GMT 1:00]
ausgef¸hrt von:: c:\users\Design\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Lˆschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Design\AppData\Roaming\Roaming
c:\users\Design\AppData\Roaming\Roaming\Microsoft\Windows\Libraries\desktop.ini
c:\users\Design\AppData\Roaming\Roaming\Microsoft\Windows\Libraries\Documents.library-ms
c:\users\Design\AppData\Roaming\Roaming\Microsoft\Windows\Libraries\Music.library-ms
c:\users\Design\AppData\Roaming\Roaming\Microsoft\Windows\Libraries\Pictures.library-ms
c:\users\Design\AppData\Roaming\Roaming\Microsoft\Windows\Libraries\Videos.library-ms
c:\windows\IsUn0804.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-02-01 bis 2013-03-01 ))))))))))))))))))))))))))))))
.
.
2013-03-01 06:55 . 2013-03-01 06:55 -------- d-----w- c:\users\Omm\AppData\Local\temp
2013-03-01 06:55 . 2013-03-01 06:55 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-03-01 06:55 . 2013-03-01 06:55 -------- d-----w- c:\users\Admi\AppData\Local\temp
2013-02-26 11:28 . 2013-02-26 11:27 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-02-26 11:27 . 2013-02-26 11:27 -------- d-----w- c:\program files (x86)\Java
2013-02-24 20:51 . 2013-02-24 20:51 -------- d-----w- c:\users\Design\AppData\Local\Programs
2013-02-24 20:49 . 2013-02-24 20:49 -------- d-----w- c:\users\Design\AppData\Roaming\Malwarebytes
2013-02-24 15:57 . 2013-02-24 15:57 -------- d-----w- c:\users\Admi\AppData\Roaming\Malwarebytes
2013-02-24 15:57 . 2013-02-24 15:57 -------- d-----w- c:\programdata\Malwarebytes
2013-02-24 15:57 . 2013-02-24 15:57 -------- d-----w- c:\users\Admi\AppData\Local\Programs
2013-02-24 12:13 . 2013-02-24 12:13 -------- d-----w- c:\users\Omm\AppData\Roaming\IrfanView
2013-02-17 19:36 . 2013-02-17 19:36 -------- d-----w- c:\users\Omm\NSU
2013-02-17 15:36 . 2013-02-17 15:36 -------- d-----w- c:\users\Omm\AppData\Roaming\Winamp
2013-02-13 12:39 . 2013-01-09 01:10 996352 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-13 12:39 . 2013-01-08 22:01 768000 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-13 10:33 . 2013-01-05 05:53 5553512 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-02-13 10:33 . 2013-01-05 05:00 3967848 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-02-13 10:33 . 2013-01-05 05:00 3913064 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-02-13 10:33 . 2013-01-04 03:26 3153408 ----a-w- c:\windows\system32\win32k.sys
2013-02-13 10:33 . 2013-01-04 05:46 215040 ----a-w- c:\windows\system32\winsrv.dll
2013-02-13 10:33 . 2013-01-04 04:51 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2013-02-13 10:33 . 2013-01-04 02:47 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2013-02-13 10:33 . 2013-01-04 02:47 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2013-02-13 10:33 . 2013-01-04 02:47 2048 ----a-w- c:\windows\SysWow64\user.exe
2013-02-13 10:33 . 2013-01-04 02:47 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2013-02-13 10:33 . 2013-01-03 06:00 1913192 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-02-13 10:33 . 2013-01-03 06:00 288088 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2013-02-11 10:42 . 2013-02-11 10:43 -------- d-----w- c:\program files (x86)\GUMFE4B.tmp
2013-02-10 19:27 . 2009-09-27 08:39 369152 ----a-w- c:\windows\SysWow64\avisynth.dll
2013-02-10 19:27 . 2005-07-14 11:31 32256 ----a-w- c:\windows\SysWow64\AVSredirect.dll
2013-02-10 19:27 . 2004-02-22 09:11 719872 ----a-w- c:\windows\SysWow64\devil.dll
2013-02-10 19:27 . 2004-01-24 23:00 70656 ----a-w- c:\windows\SysWow64\yv12vfw.dll
2013-02-10 19:27 . 2004-01-24 23:00 70656 ----a-w- c:\windows\SysWow64\i420vfw.dll
2013-02-10 19:27 . 2013-02-10 19:27 -------- d-----w- c:\program files (x86)\AviSynth 2.5
2013-02-09 17:26 . 2013-02-09 17:26 -------- d-----w- c:\users\Omm\AppData\Roaming\EPSON
2013-02-09 11:00 . 2013-02-09 11:00 -------- d-----w- c:\users\Admi\AppData\Local\Secunia PSI
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-27 13:12 . 2012-08-26 16:20 71024 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-27 13:12 . 2012-08-26 16:20 691568 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-02-26 11:27 . 2012-06-13 10:53 861088 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-02-26 11:27 . 2012-06-13 10:53 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-02-13 12:40 . 2012-06-12 21:16 70004024 ----a-w- c:\windows\system32\MRT.exe
2013-01-04 04:43 . 2013-02-13 10:33 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-12-16 17:11 . 2012-12-21 15:38 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-16 14:45 . 2012-12-21 15:38 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-21 15:38 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-16 14:13 . 2012-12-21 15:38 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-07 13:20 . 2013-01-09 12:07 441856 ----a-w- c:\windows\system32\Wpc.dll
2012-12-07 13:15 . 2013-01-09 12:07 2746368 ----a-w- c:\windows\system32\gameux.dll
2012-12-07 12:26 . 2013-01-09 12:07 308736 ----a-w- c:\windows\SysWow64\Wpc.dll
2012-12-07 12:20 . 2013-01-09 12:07 2576384 ----a-w- c:\windows\SysWow64\gameux.dll
2012-12-07 11:20 . 2013-01-09 12:07 30720 ----a-w- c:\windows\system32\usk.rs
2012-12-07 11:20 . 2013-01-09 12:07 43520 ----a-w- c:\windows\system32\csrr.rs
2012-12-07 11:20 . 2013-01-09 12:07 23552 ----a-w- c:\windows\system32\oflc.rs
2012-12-07 11:20 . 2013-01-09 12:07 45568 ----a-w- c:\windows\system32\oflc-nz.rs
2012-12-07 11:20 . 2013-01-09 12:07 44544 ----a-w- c:\windows\system32\pegibbfc.rs
2012-12-07 11:20 . 2013-01-09 12:07 20480 ----a-w- c:\windows\system32\pegi-fi.rs
2012-12-07 11:20 . 2013-01-09 12:07 20480 ----a-w- c:\windows\system32\pegi-pt.rs
2012-12-07 11:19 . 2013-01-09 12:07 20480 ----a-w- c:\windows\system32\pegi.rs
2012-12-07 11:19 . 2013-01-09 12:07 46592 ----a-w- c:\windows\system32\fpb.rs
2012-12-07 11:19 . 2013-01-09 12:07 40960 ----a-w- c:\windows\system32\cob-au.rs
2012-12-07 11:19 . 2013-01-09 12:07 21504 ----a-w- c:\windows\system32\grb.rs
2012-12-07 11:19 . 2013-01-09 12:07 15360 ----a-w- c:\windows\system32\djctq.rs
2012-12-07 11:19 . 2013-01-09 12:07 55296 ----a-w- c:\windows\system32\cero.rs
2012-12-07 11:19 . 2013-01-09 12:07 51712 ----a-w- c:\windows\system32\esrb.rs
2012-12-07 10:46 . 2013-01-09 12:07 43520 ----a-w- c:\windows\SysWow64\csrr.rs
2012-12-07 10:46 . 2013-01-09 12:07 30720 ----a-w- c:\windows\SysWow64\usk.rs
2012-12-07 10:46 . 2013-01-09 12:07 45568 ----a-w- c:\windows\SysWow64\oflc-nz.rs
2012-12-07 10:46 . 2013-01-09 12:07 44544 ----a-w- c:\windows\SysWow64\pegibbfc.rs
2012-12-07 10:46 . 2013-01-09 12:07 23552 ----a-w- c:\windows\SysWow64\oflc.rs
2012-12-07 10:46 . 2013-01-09 12:07 20480 ----a-w- c:\windows\SysWow64\pegi-pt.rs
2012-12-07 10:46 . 2013-01-09 12:07 20480 ----a-w- c:\windows\SysWow64\pegi-fi.rs
2012-12-07 10:46 . 2013-01-09 12:07 46592 ----a-w- c:\windows\SysWow64\fpb.rs
2012-12-07 10:46 . 2013-01-09 12:07 20480 ----a-w- c:\windows\SysWow64\pegi.rs
2012-12-07 10:46 . 2013-01-09 12:07 21504 ----a-w- c:\windows\SysWow64\grb.rs
2012-12-07 10:46 . 2013-01-09 12:07 40960 ----a-w- c:\windows\SysWow64\cob-au.rs
2012-12-07 10:46 . 2013-01-09 12:07 15360 ----a-w- c:\windows\SysWow64\djctq.rs
2012-12-07 10:46 . 2013-01-09 12:07 55296 ----a-w- c:\windows\SysWow64\cero.rs
2012-12-07 10:46 . 2013-01-09 12:07 51712 ----a-w- c:\windows\SysWow64\esrb.rs
2012-12-02 16:10 . 2012-12-02 16:10 53248 ----a-r- c:\users\Design\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2006-05-03 10:06 163328 --sha-r- c:\windows\SysWOW64\flvDX.dll
2007-02-21 11:47 31232 --sha-r- c:\windows\SysWOW64\msfDX.dll
2008-03-16 13:30 216064 --sha-r- c:\windows\SysWOW64\nbDX.dll
2010-01-06 23:00 107520 --sha-r- c:\windows\SysWOW64\TAKDSDecoder.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Eintr‰ge & legitime Standardeintr‰ge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-08-10 348664]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2012-09-12 204136]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
NSA_Status.exe - Verkn¸pfung.lnk - c:\program files (x86)\ZyXEL\Status\NSA_Status.exe [2012-9-9 257024]
Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2012-9-24 573536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2011-12-16 17976]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 rstescu;rstescu;c:\windows\system32\drivers\rstescu.sys [2011-03-25 607256]
R3 rstescu1;rstescu1;c:\windows\system32\drivers\rstescu1.sys [2011-03-25 607256]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
R3 vpcuxd;USB-Virtualisierungsstubdienst;c:\windows\system32\DRIVERS\vpcuxd.sys [2010-11-20 16384]
R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-03-09 204288]
R4 cpuz135;cpuz135;c:\users\Design\AppData\Local\Temp\cpuz135\cpuz135_x64.sys [x]
S0 rstfltr;rstfltr;c:\windows\system32\drivers\rstfltr.sys [2011-03-25 22552]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-05-02 27760]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-01 86224]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe [2012-09-24 1328736]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe [2012-09-24 656480]
S2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2011-06-06 231440]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2012-09-21 351520]
S3 LVUVC64;Logitech HD Webcam C270(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2012-09-21 4763680]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\AutorunsDisabled\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-02-01 17:42 1607120 ----a-w- c:\program files (x86)\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-02-26 12:22 1629648 ----a-w- c:\program files (x86)\Google\Chrome\Application\25.0.1364.97\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-02-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-26 13:12]
.
2013-03-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-25 15:37]
.
2013-03-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-25 15:37]
.
.
--------- X64 Entries -----------
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
------- Zus‰tzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: An OneNote s&enden - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
TCP: Interfaces\{9DD33A7C-78D8-4340-B85B-B3B54DA4860B}: NameServer = 192.168.13.200
FF - ProfilePath - c:\users\Design\AppData\Roaming\Mozilla\Firefox\Profiles\a8iowecd.default\
FF - prefs.js: browser.startup.homepage - about:home
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_171_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_171_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-03-01 07:58:12 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2013-03-01 06:58
.
Vor Suchlauf: 9 Verzeichnis(se), 66.373.459.968 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 66.714.583.040 Bytes frei
.
- - End Of File - - 32C38FB68C187E8673B86F927C83EBB5
|
|
01.03.2013, 17:14
| #11 |
| /// Malware-holic | T-mobile MMS {SYMBOL}_foto.zip "HIDDENEXT/Worm.Gen" Avira Archiv geöffnet... Hi, lade den CCleaner standard: CCleaner - Download - Filepony falls der CCleaner bereits instaliert, überspringen. öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
01.03.2013, 17:39
| #12 |
| | T-mobile MMS {SYMBOL}_foto.zip "HIDDENEXT/Worm.Gen" Avira Archiv geöffnet...Code:
ATTFilter 7-Zip 9.20 13.06.2012 notwendig
Adobe Flash Player 11 ActiveX Adobe Systems Incorporated 27.02.2013 6,00 MB 11.6.602.171 notwendig
Adobe Flash Player 11 Plugin Adobe Systems Incorporated 27.02.2013 6,00 MB 11.6.602.171 notwendig
Adobe Reader X (10.1.6) - Deutsch Adobe Systems Incorporated 21.02.2013 123 MB 10.1.6 notwendig
AMD Catalyst Install Manager Advanced Micro Devices, Inc. 20.06.2012 22,7 MB 3.0.851.0 unbekannt
Audiograbber 1.83 SE Audiograbber 26.08.2012 1.83 SE unnötig
Audiograbber MP3-Plugin AG 26.08.2012 1.0 unbekannt
Avira Free Antivirus Avira 15.11.2012 125 MB 12.1.9.1236 notwendig
Canon Utilities Digital Photo Professional 3.11 Canon Inc. 13.06.2012 3.11.26.0 notwendig
CCleaner Piriform 24.07.2012 3.21 notwendig
CDBurnerXP CDBurnerXP 26.08.2012 12,3 MB 4.4.1.3341 notwendig
CorelDRAW Essentials X5 Corel Corporation 19.01.2013 0,99 GB 15.2.0.686 notwendig
DivX-Setup DivX, LLC 13.06.2012 2.6.1.9 unbekannt
Epson Copy Utility 3.5 20.06.2012 3.5.0.0 notwendig
EPSON Scan 13.06.2012 notwendig
Google Chrome Google Inc. 25.11.2012 25.0.1364.97 notwendig
Intel Processor Diagnostic Tool 64Bit Intel Corporation 17.08.2012 11,3 MB 14.0.0 unnötig
IrfanView (remove only) Irfan Skiljan 09.11.2012 2,00 MB 4.35 notwendig
Java 7 Update 15 Oracle 26.02.2013 130 MB 7.0.150 notwendig
JavaFX 2.1.1 Oracle Corporation 13.06.2012 20,8 MB 2.1.1 unbekannt
Logitech Webcam-Software Logitech Inc. 02.12.2012 2.51 unbekannt
Microsoft .NET Framework 4 Client Profile Microsoft Corporation 13.06.2012 38,8 MB 4.0.30319 notwendig
Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 13.06.2012 2,93 MB 4.0.30319 notwendig
Microsoft Office Professional Plus 2010 Microsoft Corporation 20.08.2012 14.0.6029.1000 notwendig
Microsoft Silverlight Microsoft Corporation 13.06.2012 50,6 MB 5.1.10411.0 unbekannt
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Corporation 13.06.2012 788 KB 9.0.30729 unbekannt
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Corporation 13.06.2012 788 KB 9.0.30729.6161 unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 Microsoft Corporation 13.06.2012 2,10 MB 9.0.30411 unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 13.06.2012 600 KB 9.0.30729.6161 unbekannt
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Corporation 17.08.2012 13,8 MB 10.0.40219 unbekannt
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 13.06.2012 16,5 MB 10.0.40219 unbekannt
Mozilla Firefox 19.0 (x86 de) Mozilla 26.02.2013 43,6 MB 19.0 notwendig
Mozilla Maintenance Service Mozilla 26.02.2013 330 KB 19.0 notwendig
NAS Starter Utility ZyXEL 08.09.2012 notwendig
Notepad++ 25.10.2012 6.2 notwendig
OpenOffice.org 3.4.1 Apache Software Foundation 03.11.2012 309 MB 3.41.9593 notwendig
Secunia PSI (3.0.0.4001) Secunia 02.11.2012 5,81 MB 3.0.0.4001 notwendig
Skype™ 6.0 Skype Technologies S.A. 27.11.2012 20,3 MB 6.0.126 notwendig
SUPER © v2012.build.54 (Nov 18, 2012) Version v2012.build.54 eRightSoft 10.02.2013 54,0 MB v2012.build.54 unnötig
VLC media player 2.0.5 VideoLAN 19.01.2013 2.0.5 notwendig
Winamp Nullsoft, Inc 13.08.2012 5.63 notwendig
Windows XP Mode Microsoft Corporation 15.08.2012 1,13 GB 1.3.7600.16422 notwendig
|
|
01.03.2013, 17:44
| #13 |
| /// Malware-holic | T-mobile MMS {SYMBOL}_foto.zip "HIDDENEXT/Worm.Gen" Avira Archiv geöffnet... deinstaliere: Adobe Flash Player alle Adobe - Adobe Flash Player installieren neueste version laden, instalieren. adobe reader: Adobe - Adobe Reader herunterladen - Alle Versionen haken bei mcafee security scan raus nehmen bitte auch mal den adobe reader wie folgt konfigurieren: adobe reader öffnen, bearbeiten, voreinstellungen. allgemein: nur zertifizierte zusatz module verwenden, anhaken. Sicherheit (erweitert) Erweiterte Sicherheit anhaken und alle Dateien auswählen. internet: hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc. es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht. bei javascript den haken bei java script verwenden raus nehmen bei updater, automatisch instalieren wählen. übernehmen /ok deinstaliere: Audiograbber : beide DivX SUPER Öffne CCleaner, analysieren, starten, PC neustarten Downloade Dir bitte  AdwCleaner auf deinen Desktop.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
01.03.2013, 21:10
| #14 |
| | T-mobile MMS {SYMBOL}_foto.zip "HIDDENEXT/Worm.Gen" Avira Archiv geöffnet... Hi, Habe aus versehen den awcleaner schon vor der Neuistallation der Adobe Progs. laufen lassen  . Nach der Installation und konfiguration der Programme hab ich ihn nochmal "löschen" lassen (2. Logdatei), er scheint aber nix mehr gefunden zu haben. 1. Log (nach dem deinstallieren) Code:
ATTFilter # AdwCleaner v2.113 - Datei am 01/03/2013 um 18:20:50 erstellt
# Aktualisiert am 23/02/2013 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzer : Admi - CELSIUS2
# Bootmodus : Normal
# Ausgef¸hrt unter : E:\adwcleaner.exe
# Option [Lˆschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
***** [Registrierungsdatenbank] *****
Schl¸ssel Gelˆscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schl¸ssel Gelˆscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Schl¸ssel Gelˆscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schl¸ssel Gelˆscht : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASAPI32
Schl¸ssel Gelˆscht : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASMANCS
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16464
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Google Chrome v25.0.1364.97
Datei : C:\Users\Design\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
Datei : C:\Users\Omm\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
Datei : C:\Users\Admi\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
*************************
AdwCleaner[S1].txt - [1467 octets] - [01/03/2013 18:20:50]
########## EOF - \AdwCleaner[S1].txt - [1527 octets] ##########
Code:
ATTFilter # AdwCleaner v2.113 - Datei am 01/03/2013 um 20:59:44 erstellt
# Aktualisiert am 23/02/2013 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzer : Admi - CELSIUS2
# Bootmodus : Normal
# Ausgef¸hrt unter : C:\Users\Omm\Desktop\adwcleaner.exe
# Option [Lˆschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
***** [Registrierungsdatenbank] *****
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16464
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Google Chrome v25.0.1364.97
Datei : C:\Users\Design\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
Datei : C:\Users\Omm\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
Datei : C:\Users\Admi\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
*************************
AdwCleaner[S1].txt - [938 octets] - [01/03/2013 20:59:44]
########## EOF - \AdwCleaner[S1].txt - [997 octets] ##########
|
|
03.03.2013, 20:24
| #15 |
| /// Malware-holic | T-mobile MMS {SYMBOL}_foto.zip "HIDDENEXT/Worm.Gen" Avira Archiv geöffnet... Hi HitmanPro - Download - Filepony hitmanpro laden, doppelklick, Lizenz, Testlizenz. Auf Scan nichts löschen. Log als xml exportieren und posten, bzw packen und anhängen
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
| Themen zu T-mobile MMS {SYMBOL}_foto.zip "HIDDENEXT/Worm.Gen" Avira Archiv geöffnet... |
| 7-zip, antivir, audiograbber, avg, avira, bho, bildschirm, canon, ebanking, email, error, excel, firefox, flash player, format, gamarue, helper, hiddenext/worm.gen, install.exe, logfile, lws.exe, mozilla, outlook 2010, plug-in, programm, registry, rundll, schwarzer bildschirm, secunia psi, security, svchost.exe, system, tmobile, udp, virus, windows, windows xp, zip datei geöffnet |
WARNUNG an die MITLESER: 
Linear-Darstellung
