| |
| |||||||
Log-Analyse und Auswertung: TR/Crypt.EPACK.Gen2 und TR/Dropper.Gen Rechner hängt sich auf (Firefox)Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
10.05.2013, 21:48
| #1 |
 |  TR/Crypt.EPACK.Gen2 und TR/Dropper.Gen Rechner hängt sich auf (Firefox) Hallo Zusammen, zuallererst vielen Dank, dass es solch Forummöglichkeiten für Noobs wie mich gibt.... NACHDEM ich am 09.05 einen Routinescan mit Avira gemacht habe und diser Scan den TR/Dropper.Gen (Pic2) erkannt hat (Quarantäne->Pic1) bleibt mein Rechner nun immer im Firefox hängen und macht keinen Laut mehr, reagiert auch auf nichts mehr. Wie den Bilder zu entnehmen, habe ich seit Dez 2012 auch den TR/Crypt.EPACK.Gen2 (Pic3) in Quarantäne. Über anleitende rettende Hilfe wäre ich sehr dankbar. Bin gerade frustriert, da ich bei diesem neuen Setup nun endlich dachte ich mach es richtig mit regelmässigen (tägl.) Updates und Scans.... Im folgenden die Logfiles. Btw, wann re-enable ich die defogger-Geschichte? Danke und Gruss Helge Code:
ATTFilter OTL logfile created on: 10/05/2013 21:07:16 - Run 3 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\AJ\Desktop Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy 3.00 Gb Total Physical Memory | 2.17 Gb Available Physical Memory | 72.37% Memory free 6.00 Gb Paging File | 5.08 Gb Available in Paging File | 84.65% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 88.62 Gb Total Space | 58.12 Gb Free Space | 65.58% Space Free | Partition Type: NTFS Computer Name: TRASHER | User Name: AJ | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013/05/10 20:41:03 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\AJ\Desktop\OTL.exe PRC - [2013/04/08 18:44:12 | 001,320,496 | ---- | M] (pdfforge GmbH) -- C:\Program Files\PDF Architect\HelperService.exe PRC - [2013/04/08 18:43:36 | 000,799,280 | ---- | M] (pdfforge GmbH) -- C:\Program Files\PDF Architect\ConversionService.exe PRC - [2013/03/27 14:02:42 | 002,447,888 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe PRC - [2013/03/27 13:31:18 | 000,073,832 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe PRC - [2013/02/28 19:09:08 | 000,161,384 | R--- | M] (Skype Technologies) -- C:\Program Files\Skype\Updater\Updater.exe PRC - [2012/12/18 16:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012/11/23 04:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2012/11/22 16:33:18 | 000,497,320 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe PRC - [2012/11/22 16:32:54 | 000,738,984 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\ForceField.exe PRC - [2012/10/04 16:57:58 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2012/08/11 18:49:57 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2012/05/14 19:37:07 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2012/05/14 19:37:05 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2012/05/14 19:37:05 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe PRC - [2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010/12/21 01:59:32 | 000,718,720 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE PRC - [2010/04/23 01:16:46 | 000,128,296 | ---- | M] (Synaptics Incorporated) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe PRC - [2008/07/15 18:09:52 | 000,090,112 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEADISRV.EXE ========== Modules (No Company Name) ========== MOD - [2011/03/17 01:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF ========== Services (SafeList) ========== SRV - [2013/04/24 09:59:22 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013/04/15 00:09:41 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013/04/08 18:44:12 | 001,320,496 | ---- | M] (pdfforge GmbH) [Auto | Running] -- C:\Program Files\PDF Architect\HelperService.exe -- (PDF Architect Helper Service) SRV - [2013/04/08 18:43:36 | 000,799,280 | ---- | M] (pdfforge GmbH) [Auto | Running] -- C:\Program Files\PDF Architect\ConversionService.exe -- (PDF Architect Service) SRV - [2013/03/27 14:02:42 | 002,447,888 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe -- (vsmon) SRV - [2013/02/28 19:09:08 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Running] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012/12/18 16:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012/11/22 16:33:18 | 000,497,320 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe -- (IswSvc) SRV - [2012/05/14 19:37:07 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012/05/14 19:37:05 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2010/12/28 00:50:30 | 031,124,344 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service) SRV - [2009/07/14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009/07/14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009/07/14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2008/07/15 18:09:52 | 000,090,112 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEADISRV.EXE -- (AEADIFilters) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tsusbhub.sys -- (tsusbhub) DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\synth3dvsc.sys -- (Synth3dVsc) DRV - [2012/12/13 11:49:38 | 000,454,744 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\System32\drivers\vsdatant.sys -- (Vsdatant) DRV - [2012/11/22 16:33:30 | 000,027,056 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL) DRV - [2012/05/14 19:37:07 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2012/05/14 19:37:07 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2012/01/09 19:59:32 | 000,468,272 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\System32\drivers\klif.sys -- (KLIF) DRV - [2012/01/09 19:59:30 | 000,133,208 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\kl1.sys -- (KL1) DRV - [2012/01/09 19:59:30 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\kl2.sys -- (kl2) DRV - [2011/12/15 16:00:35 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2011/10/14 19:25:10 | 000,231,640 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6232.sys -- (e1express) DRV - [2010/11/20 14:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus) DRV - [2010/11/20 14:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt) DRV - [2010/11/20 14:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc) DRV - [2010/11/20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010/11/20 12:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV - [2010/11/20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010/11/20 11:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID) DRV - [2010/11/20 11:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap) DRV - [2010/06/17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009/07/14 01:12:52 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tpm.sys -- (TPM) DRV - [2009/07/14 00:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) DRV - [2008/12/01 23:14:34 | 004,179,968 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV - [2006/11/27 18:44:52 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.delta-search.com/?affID=119370&babsrc=HP_ss&mntrId=a0cd22d70000000000000016cfe134ab IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://ca.msn.com/?lang=en-ca&OCID=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-ca IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 96 CE DF 72 2D D9 CC 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://www.delta-search.com/?q={searchTerms}&affID=119370&babsrc=SP_ss&mntrId=a0cd22d70000000000000016cfe134ab IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..extensions.enabledAddons: quickdrag%40mozilla.ktechcomputing.com:2.1.3.23 FF - prefs.js..extensions.enabledAddons: googledictionary%40toptip.ca:6.3 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_169.dll () FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2013/04/09 21:48:23 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\FFPDFArchitectConverter@pdfarchitect.com: C:\Program Files\PDF Architect\FFPDFArchitectExt [2013/05/06 18:29:53 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/04/15 00:09:42 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013/04/24 15:27:21 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/04/15 00:09:42 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/02/28 19:04:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\AJ\AppData\Roaming\mozilla\Extensions [2013/05/08 18:57:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\AJ\AppData\Roaming\mozilla\Firefox\Profiles\4al20v81.default\extensions [2013/04/30 17:07:40 | 000,052,496 | ---- | M] () (No name found) -- C:\Users\AJ\AppData\Roaming\mozilla\firefox\profiles\4al20v81.default\extensions\googledictionary@toptip.ca.xpi [2013/04/24 20:20:39 | 000,032,381 | ---- | M] () (No name found) -- C:\Users\AJ\AppData\Roaming\mozilla\firefox\profiles\4al20v81.default\extensions\quickdrag@mozilla.ktechcomputing.com.xpi [2013/05/08 18:57:45 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\AJ\AppData\Roaming\mozilla\firefox\profiles\4al20v81.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013/02/28 19:14:01 | 000,001,294 | ---- | M] () -- C:\Users\AJ\AppData\Roaming\mozilla\firefox\profiles\4al20v81.default\searchplugins\delta.xml [2013/04/15 00:09:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2013/04/15 00:09:42 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2013/04/15 00:09:38 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2013/02/28 19:13:23 | 000,006,484 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml [2013/04/15 00:09:38 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2013/04/15 00:09:38 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2013/04/15 00:09:38 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2013/04/15 00:09:38 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2013/04/15 00:09:38 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009/06/10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (PDF Architect Helper) - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files\PDF Architect\PDFIEHelper.dll (pdfforge GmbH) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (PDF Architect Toolbar) - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files\PDF Architect\PDFIEPlugin.dll (pdfforge GmbH) O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies) O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD) O4 - HKCU..\Run: [OfficeSyncProcess] C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: An OneNote s&enden - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 10.21.2) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ED59C9B6-8E58-4863-8DE1-1932F54CED2F}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013/05/10 20:40:59 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\AJ\Desktop\OTL.exe [2013/05/10 20:32:29 | 000,000,000 | ---D | C] -- C:\Users\AJ\Tools [2013/05/06 18:30:04 | 000,000,000 | ---D | C] -- C:\Users\AJ\Documents\PDF Architect Files [2013/05/06 18:29:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Architect [2013/05/06 18:29:51 | 000,000,000 | ---D | C] -- C:\Program Files\PDF Architect [2013/05/06 18:29:20 | 000,000,000 | ---D | C] -- C:\Users\AJ\AppData\Roaming\pdfforge [2013/05/06 18:29:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator [2013/05/06 18:29:15 | 000,095,416 | ---- | C] (pdfforge GmbH) -- C:\Windows\System32\pdfcmon.dll [2013/05/06 18:29:13 | 000,000,000 | ---D | C] -- C:\Program Files\PDFCreator [2013/05/06 18:26:53 | 000,000,000 | ---D | C] -- C:\Users\AJ\AppData\Local\Programs [2013/05/03 19:29:53 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype [2013/04/24 15:27:28 | 000,000,000 | ---D | C] -- C:\Users\AJ\AppData\Roaming\Thunderbird [2013/04/24 15:27:28 | 000,000,000 | ---D | C] -- C:\Users\AJ\AppData\Local\Thunderbird [2013/04/24 15:27:20 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird [2013/04/24 14:27:30 | 000,000,000 | ---D | C] -- C:\Users\AJ\AppData\Local\PokerStars.EU [2013/04/24 14:27:29 | 000,000,000 | ---D | C] -- C:\Users\AJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PokerStars.EU [2013/04/24 14:27:12 | 000,000,000 | ---D | C] -- C:\Program Files\PokerStars.EU [2013/04/24 14:02:26 | 000,000,000 | ---D | C] -- C:\Windows\pss [2013/04/24 13:24:47 | 000,000,000 | ---D | C] -- C:\Users\AJ\AppData\Roaming\vlc [2013/04/24 13:24:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN [2013/04/24 13:23:55 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN [2013/04/24 10:07:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2013/04/15 00:09:32 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2013/04/10 21:11:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Alarm Clock [2013/04/10 21:11:42 | 000,000,000 | ---D | C] -- C:\Program Files\FreeAlarmClock ========== Files - Modified Within 30 Days ========== [2013/05/10 21:07:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013/05/10 21:05:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013/05/10 21:05:47 | 2414,682,112 | -HS- | M] () -- C:\hiberfil.sys [2013/05/10 20:54:38 | 000,377,856 | ---- | M] () -- C:\Users\AJ\Desktop\gmer_2.1.19163.exe [2013/05/10 20:41:03 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\AJ\Desktop\OTL.exe [2013/05/10 20:39:00 | 000,000,000 | ---- | M] () -- C:\Users\AJ\defogger_reenable [2013/05/10 20:24:13 | 000,022,441 | ---- | M] () -- C:\Users\AJ\Desktop\pic3.PNG [2013/05/10 20:23:34 | 000,066,739 | ---- | M] () -- C:\Users\AJ\Desktop\pic1.PNG [2013/05/10 20:23:22 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013/05/10 20:23:22 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013/05/10 20:22:43 | 000,023,893 | ---- | M] () -- C:\Users\AJ\Desktop\pic2.PNG [2013/05/06 18:23:09 | 000,645,988 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013/05/06 18:23:09 | 000,619,642 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013/05/06 18:23:09 | 000,130,152 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013/05/06 18:23:09 | 000,107,792 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013/04/27 17:24:36 | 000,018,440 | ---- | M] () -- C:\Users\AJ\Documents\Trinkrezepte.odt [2013/04/24 14:45:42 | 000,001,507 | ---- | M] () -- C:\Users\AJ\Desktop\Home.lnk [2013/04/24 14:45:14 | 000,000,174 | ---- | M] () -- C:\Users\AJ\Desktop\Brücke.lnk [2013/04/24 11:17:28 | 000,406,272 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT ========== Files Created - No Company Name ========== [2013/05/10 20:54:36 | 000,377,856 | ---- | C] () -- C:\Users\AJ\Desktop\gmer_2.1.19163.exe [2013/05/10 20:39:00 | 000,000,000 | ---- | C] () -- C:\Users\AJ\defogger_reenable [2013/05/10 20:24:13 | 000,022,441 | ---- | C] () -- C:\Users\AJ\Desktop\pic3.PNG [2013/05/10 20:23:33 | 000,066,739 | ---- | C] () -- C:\Users\AJ\Desktop\pic1.PNG [2013/05/10 20:22:43 | 000,023,893 | ---- | C] () -- C:\Users\AJ\Desktop\pic2.PNG [2013/04/27 17:24:34 | 000,018,440 | ---- | C] () -- C:\Users\AJ\Documents\Trinkrezepte.odt [2013/04/24 15:27:24 | 000,002,051 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk [2013/04/24 14:41:47 | 000,001,507 | ---- | C] () -- C:\Users\AJ\Desktop\Home.lnk [2013/04/24 14:39:23 | 000,000,174 | ---- | C] () -- C:\Users\AJ\Desktop\Brücke.lnk [2012/01/23 19:14:26 | 000,645,988 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2012/01/23 19:14:26 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2012/01/23 19:14:26 | 000,130,152 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2012/01/23 19:14:26 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2012/01/23 19:10:27 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2012/01/22 21:26:52 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe [2012/01/22 21:25:40 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe ========== ZeroAccess Check ========== [2009/07/14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2013/02/28 19:13:03 | 000,000,000 | ---D | M] -- C:\Users\AJ\AppData\Roaming\Babylon [2012/12/11 20:07:19 | 000,000,000 | ---D | M] -- C:\Users\AJ\AppData\Roaming\CheckPoint [2013/05/06 18:29:20 | 000,000,000 | ---D | M] -- C:\Users\AJ\AppData\Roaming\pdfforge [2013/04/24 15:27:28 | 000,000,000 | ---D | M] -- C:\Users\AJ\AppData\Roaming\Thunderbird ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 10/05/2013 20:42:12 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\AJ\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy
3.00 Gb Total Physical Memory | 2.05 Gb Available Physical Memory | 68.28% Memory free
6.00 Gb Paging File | 4.51 Gb Available in Paging File | 75.23% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 88.62 Gb Total Space | 58.10 Gb Free Space | 65.57% Space Free | Partition Type: NTFS
Computer Name: TRASHER | User Name: AJ | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00ABD04B-A060-47D3-950A-F570AECE2409}" = rport=10243 | protocol=6 | dir=out | app=system |
"{012463E2-F3EA-48BC-8DFA-77543C228222}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{0ADD48EF-9B16-4DDE-B80A-DF1D19870893}" = rport=139 | protocol=6 | dir=out | app=system |
"{2178AAC3-72B8-4BEE-B9B1-09B89513F3A8}" = rport=137 | protocol=17 | dir=out | app=system |
"{30A38F0C-C6A4-409E-B7E8-248CBCF54E71}" = lport=10243 | protocol=6 | dir=in | app=system |
"{33FECB37-11E9-4A29-86B4-8B99EAB2EB5D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3543812B-B12B-4D57-8564-83412FFEF633}" = lport=137 | protocol=17 | dir=in | app=system |
"{4680EEE8-2D76-4F90-9E40-5B7E1EC46B02}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{5D3F4C39-C2B1-4980-9329-F4ACDA6CEE8B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{66EFDC84-158F-4D03-B493-E3E4B1198390}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{78C134C0-A74D-4647-88F2-9BFEB6D228C6}" = lport=2869 | protocol=6 | dir=in | app=system |
"{AB07E669-7576-463D-A8AE-DBEFA9C9BEC8}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{ABBF1550-7997-4D77-8EC7-76FC027CF094}" = rport=138 | protocol=17 | dir=out | app=system |
"{C347766E-BFF8-4D0B-B86E-8ABC633D80AC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C85E1973-5E6D-4D85-9821-C769CA30CE26}" = lport=445 | protocol=6 | dir=in | app=system |
"{D172C79D-FF95-4195-A7AB-2171A7A04871}" = rport=445 | protocol=6 | dir=out | app=system |
"{D9F87314-7E4E-4A19-8E41-370EC494140D}" = lport=138 | protocol=17 | dir=in | app=system |
"{E204231F-3FD0-4CC1-A6D9-77BADF806E09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{ED68C18C-68A4-491F-9436-4BBA0D05010C}" = lport=139 | protocol=6 | dir=in | app=system |
"{F308B5BD-3E08-47A3-9B0B-E0E8212322CD}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F3F216B3-5FBF-4044-91CC-DDC6019603EC}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F7C38FC6-9B8F-42C1-9383-2B4BCD32F450}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{164FE3A0-8F3B-4D07-9A7F-5FAA4A1262B0}" = protocol=6 | dir=out | app=system |
"{17244EB5-4D52-40A7-8E0B-AC3766A8D731}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1EC51D46-BFE8-4F5C-931D-6CDBF8040274}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{242115A6-FCB8-4ED0-BDCB-3D8389E59837}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{36772BF9-CEC3-4260-A39B-9029A48ECEED}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{371E7D7E-FE97-4360-8D77-3A3DB877E629}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{4A4F2ABF-279D-4F77-8555-648C87D23FF2}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{5B10A036-2CDA-4167-8366-16A5849908C1}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{708961B1-69C5-4D3E-B403-9B52C96D8B26}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{82AFC2CA-378E-4E69-8654-47CFE0C25848}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8B562CD4-62F9-401D-A45C-A028F7BF7299}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8D12490F-02E6-4FAD-A3BC-FBCEE8457799}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{954BEF8D-933A-4913-BBC8-CE424520B16F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9E9601F6-AACE-423F-BCC5-3EB5BB299C18}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A685F1E0-9B1D-4D38-A931-8F2841060A79}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{AC296525-515C-4253-BF1C-503111A84CDE}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{BA7211C9-059D-41C9-8224-DAA6AC31FD8A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{BC832549-2D48-45BF-A916-3A2E94BCBBDD}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{DB0FD85E-2B0A-45B0-B302-0B9F68AA2119}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{EBDA3F50-70C8-47E6-8AB7-A6A30BE98712}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F47EBABF-B781-48AE-ABF2-584A1C3FC479}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{FA8B721B-3846-47E3-864E-FE57565240BB}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{064A929A-4DE8-40CF-A901-BD40C14E4D25}" = PDF Architect
"{26A24AE4-039D-4CA4-87B4-2F83216030FF}" = Java(TM) 6 Update 30
"{26A24AE4-039D-4CA4-87B4-2F83217021FF}" = Java 7 Update 21
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{53652DA6-AD2D-4B0F-80BA-6F3CFE2B48D7}" = ZoneAlarm Security
"{54CCA4E2-D15D-4927-A866-2D33BFED4A8E}" = ZoneAlarm Firewall
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{8ED5A2F1-338F-4608-8AF7-BCD1ADC1E1F7}_is1" = Free Alarm Clock 2.7.0
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUSR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9532F6E0-ED0A-41A4-87F9-49478E44E8C1}" = ZoneAlarm Antivirus
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.6) - Deutsch
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_10140588" = ThinkPad Modem
"Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de)
"Mozilla Thunderbird 17.0.5 (x86 de)" = Mozilla Thunderbird 17.0.5 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"PokerStars.eu" = PokerStars.eu
"Power Management Driver" = ThinkPad Power Management Driver
"SynTPDeinstKey" = ThinkPad UltraNav Driver
"VLC media player" = VLC media player 2.0.6
"Winamp" = Winamp
"ZoneAlarm Free Firewall" = ZoneAlarm Free Firewall
"ZoneAlarm LTD Toolbar" = ZoneAlarm LTD Toolbar
"ZoneAlarm Security Toolbar" = ZoneAlarm Security Toolbar
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Detector Plug-in
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 11/12/2012 14:20:06 | Computer Name = AJ-PC | Source = Application Hang | ID = 1002
Description = The program chrome.exe version 23.0.1271.95 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: df0 Start
Time: 01cdd7ca67c59f7f Termination Time: 14 Application Path: C:\Users\AJ\AppData\Local\Google\Chrome\Application\chrome.exe
Report
Id: 47c9b9dd-43bf-11e2-afca-0016cfe134ab
Error - 02/03/2013 03:08:39 | Computer Name = AJ-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\program files\checkpoint\Install\Clean_tool64.exe".
Dependent
Assembly Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"
could not be found. Please use sxstrace.exe for detailed diagnosis.
Error - 02/03/2013 03:08:41 | Computer Name = AJ-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\program files\checkpoint\Install\Clean_tool64.exe".
Dependent
Assembly Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"
could not be found. Please use sxstrace.exe for detailed diagnosis.
Error - 14/03/2013 13:29:46 | Computer Name = AJ-PC | Source = MsiInstaller | ID = 11310
Description =
Error - 09/04/2013 15:47:37 | Computer Name = AJ-PC | Source = Microsoft-Windows-RestartManager | ID = 10006
Description = Application or service 'ZoneAlarm LTD Toolbar IswSvc' could not be
shut down.
Error - 09/04/2013 15:47:37 | Computer Name = AJ-PC | Source = Microsoft-Windows-RestartManager | ID = 10006
Description = Application or service 'ZoneAlarm LTD Toolbar IswSvc' could not be
shut down.
Error - 16/04/2013 15:20:16 | Computer Name = AJ-PC | Source = Application Error | ID = 1000
Description = Faulting application name: firefox.exe, version: 20.0.1.4847, time
stamp: 0x51650aee Faulting module name: xul.dll, version: 20.0.1.4847, time stamp:
0x51650a09 Exception code: 0xc0000005 Fault offset: 0x000b10e8 Faulting process id:
0xab4 Faulting application start time: 0x01ce3aad965af7eb Faulting application path:
C:\Program Files\Mozilla Firefox\firefox.exe Faulting module path: C:\Program Files\Mozilla
Firefox\xul.dll Report Id: ab0514f3-a6ca-11e2-a8bf-0016cfe134ab
Error - 27/04/2013 18:04:27 | Computer Name = Trasher | Source = Application Error | ID = 1000
Description = Faulting application name: firefox.exe, version: 20.0.1.4847, time
stamp: 0x51650aee Faulting module name: xul.dll, version: 20.0.1.4847, time stamp:
0x51650a09 Exception code: 0xc0000005 Fault offset: 0x000b10e8 Faulting process id:
0xf7c Faulting application start time: 0x01ce435af57f18fe Faulting application path:
C:\Program Files\Mozilla Firefox\firefox.exe Faulting module path: C:\Program Files\Mozilla
Firefox\xul.dll Report Id: 6d1be188-af86-11e2-9f3a-0016cfe134ab
Error - 28/04/2013 13:00:00 | Computer Name = Trasher | Source = Windows Backup | ID = 4103
Description =
Error - 05/05/2013 13:00:01 | Computer Name = Trasher | Source = Windows Backup | ID = 4103
Description =
[ System Events ]
Error - 02/05/2013 11:21:48 | Computer Name = Trasher | Source = volsnap | ID = 393241
Description = The shadow copies of volume C: were deleted because the shadow copy
storage could not grow in time. Consider reducing the IO load on the system or
choose a shadow copy storage volume that is not being shadow copied.
Error - 08/05/2013 12:45:30 | Computer Name = Trasher | Source = volsnap | ID = 393241
Description = The shadow copies of volume C: were deleted because the shadow copy
storage could not grow in time. Consider reducing the IO load on the system or
choose a shadow copy storage volume that is not being shadow copied.
Error - 08/05/2013 12:48:48 | Computer Name = Trasher | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Windows
Defender service to connect.
Error - 08/05/2013 12:48:48 | Computer Name = Trasher | Source = Service Control Manager | ID = 7000
Description = The Windows Defender service failed to start due to the following
error: %%1053
Error - 08/05/2013 17:35:10 | Computer Name = Trasher | Source = EventLog | ID = 6008
Description = The previous system shutdown at 11:32:56 PM on ?08/?05/?2013 was unexpected.
Error - 08/05/2013 17:35:01 | Computer Name = Trasher | Source = volsnap | ID = 393241
Description = The shadow copies of volume C: were deleted because the shadow copy
storage could not grow in time. Consider reducing the IO load on the system or
choose a shadow copy storage volume that is not being shadow copied.
Error - 09/05/2013 00:55:35 | Computer Name = Trasher | Source = EventLog | ID = 6008
Description = The previous system shutdown at 6:52:12 AM on ?09/?05/?2013 was unexpected.
Error - 09/05/2013 00:55:26 | Computer Name = Trasher | Source = volsnap | ID = 393241
Description = The shadow copies of volume C: were deleted because the shadow copy
storage could not grow in time. Consider reducing the IO load on the system or
choose a shadow copy storage volume that is not being shadow copied.
Error - 10/05/2013 12:12:38 | Computer Name = Trasher | Source = volsnap | ID = 393241
Description = The shadow copies of volume C: were deleted because the shadow copy
storage could not grow in time. Consider reducing the IO load on the system or
choose a shadow copy storage volume that is not being shadow copied.
Error - 10/05/2013 14:17:27 | Computer Name = Trasher | Source = EventLog | ID = 6008
Description = The previous system shutdown at 8:15:09 PM on ?10/?05/?2013 was unexpected.
< End of report >
Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-05-10 22:22:12
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 HTS721010G9SA00 rev.MCZIC10V 93.16GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\AJ\AppData\Local\Temp\uxddipoc.sys
---- System - GMER 2.1 ----
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwAdjustPrivilegesToken [0x8EC5D8AA]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwAlpcConnectPort [0x8E82E082]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwAlpcCreatePort [0x8E82E94A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwAlpcSendWaitReceivePort [0x8EC7685A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwClose [0x8EC5E324]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwConnectPort [0x8E82DAD8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreateEvent [0x8EC5E894]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwCreateFile [0x8E827334]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwCreateKey [0x8E8491DA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreateMutant [0x8EC5E782]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwCreatePort [0x8E82E5E2]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwCreateProcess [0x8E842F1C]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwCreateProcessEx [0x8E843344]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwCreateSection [0x8E84D96E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreateSemaphore [0x8EC5E9AC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreateThread [0x8EC5DEDA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreateThreadEx [0x8EC5E04A]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwCreateUserProcess [0x8E8437B8]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwCreateWaitablePort [0x8E82E740]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwDebugActiveProcess [0x8EC5ED6C]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwDeleteFile [0x8E828070]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwDeleteKey [0x8E84ACCE]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwDeleteValueKey [0x8E84A580]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwDeviceIoControlFile [0x8EC5E366]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwDuplicateObject [0x8E841CFC]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwLoadDriver [0x8E821D46]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwLoadKey [0x8E84B760]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwLoadKey2 [0x8E84B99E]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwLoadKeyEx [0x8E84BE50]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwMapViewOfSection [0x8E84DD2C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwNotifyChangeKey [0x8EC746AC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwOpenEvent [0x8EC5E926]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwOpenFile [0x8E827C22]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwOpenMutant [0x8EC5E80E]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwOpenProcess [0x8E845430]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwOpenSection [0x8EC5F1AE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwOpenSemaphore [0x8EC5EA3E]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwOpenThread [0x8E84501E]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwProtectVirtualMemory [0x8E85A340]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwQueryDirectoryObject [0x8EC5EB7A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwQueryObject [0x8EC748A4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwQuerySection [0x8EC5F6F0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwQueueApcThread [0x8EC5EFFE]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwRenameKey [0x8E84C838]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwReplaceKey [0x8E84C11A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwReplyPort [0x8EC76648]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwReplyWaitReceivePort [0x8EC76596]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwRequestWaitReplyPort [0x8E82D67C]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwRestoreKey [0x8E84D29E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwResumeThread [0x8EC5FC10]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwSecureConnectPort [0x8E82DDA4]
SSDT 8F048803 ZwSetContextThread
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwSetInformationFile [0x8E82847C]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwSetInformationObject [0x8E85A204]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSetInformationToken [0x8EC5EC18]
SSDT 8F04880D ZwSetSecurityObject
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwSetSystemInformation [0x8E821410]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwSetValueKey [0x8E849CA0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSuspendProcess [0x8EC5F934]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSuspendThread [0x8EC5FA6E]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwSystemDebugControl [0x8E844042]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwTerminateProcess [0x8E843D72]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwTerminateThread [0x8EC5DBDA]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwUnloadDriver [0x8E822198]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwUnmapViewOfSection [0x8EC5F5A8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwWriteVirtualMemory [0x8EC5DD70]
---- Kernel code sections - GMER 2.1 ----
.text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 81A8DA09 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 81AC71F2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 10D7 81ACE22C 4 Bytes [AA, D8, C5, 8E]
.text ntkrnlpa.exe!KeRemoveQueueEx + 10FF 81ACE254 8 Bytes [82, E0, 82, 8E, 4A, E9, 82, ...]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1143 81ACE298 4 Bytes [5A, 68, C7, 8E]
.text ntkrnlpa.exe!KeRemoveQueueEx + 116F 81ACE2C4 4 Bytes [24, E3, C5, 8E]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1193 81ACE2E8 4 Bytes [D8, DA, 82, 8E]
.text ...
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x8F215000, 0x23097E, 0xE8000020]
---- User code sections - GMER 2.1 ----
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[1728] USER32.dll!GetUpdateRect + CF 75A4A644 5 Bytes JMP 20CC9266 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
---- Devices - GMER 2.1 ----
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys
Device \Driver\BTHUSB \Device\00000074 bthport.sys
Device \Driver\BTHUSB \Device\00000076 bthport.sys
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0016cfe134ab
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0016cfe134ab (not active ControlSet)
---- EOF - GMER 2.1 ----
Geändert von chaoshelge (10.05.2013 um 22:13 Uhr) Grund: Posten in CODE-Tags |
|
10.05.2013, 22:02
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | TR/Crypt.EPACK.Gen2 und TR/Dropper.Gen Rechner hängt sich auf (Firefox) Hallo und
__________________ Zitat:
Oder ist das rein zufällig ein Büro-/Firmen-PC bzw. ein Uni-Rechner? Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die jemals fündig geworden? Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520 Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!  Lesestoff:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
|
10.05.2013, 22:16
| #3 |
| | TR/Crypt.EPACK.Gen2 und TR/Dropper.Gen Rechner hängt sich auf (Firefox) Danke für den Hinweis.
__________________Habe den Rechner von meinem Schwager, welcher im int. Managment tätig ist... Zu den OTL Extra-Logfiles muss ich sagen, dass ich den ersten Scan ohne "Rechtsklick Administratorenrechte" gemacht habe. Diese beiden Files dann gelöscht. Neuen Scan mit Rechtskliuck. Da hatte ich dann nur die OTL, aber keine Extra mehr. Also habe ich die Extrafiles wieder hergestellt. Hoffe, das hat das Vorhaben nicht unterminiert. Gruss |
|
10.05.2013, 22:21
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/Crypt.EPACK.Gen2 und TR/Dropper.Gen Rechner hängt sich auf (Firefox) Das beantwortet meine Frage, ob es jemals Funde von einem Virenscanner gab aber nicht wirklich.
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
10.05.2013, 22:26
| #5 |
| | TR/Crypt.EPACK.Gen2 und TR/Dropper.Gen Rechner hängt sich auf (Firefox) Nun ja, habe den Rechner seit Nov. Ausser den beiden protokollierten ist mir keiner bekannt. |
|
10.05.2013, 22:30
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/Crypt.EPACK.Gen2 und TR/Dropper.Gen Rechner hängt sich auf (Firefox) Ok, das ist ne brauchbare Aussage!  Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Note: Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards. Dann bitte jetzt Combofix ausführen: Scan mit Combofix
__________________ --> TR/Crypt.EPACK.Gen2 und TR/Dropper.Gen Rechner hängt sich auf (Firefox) |
|
10.05.2013, 22:58
| #7 |
| | TR/Crypt.EPACK.Gen2 und TR/Dropper.Gen Rechner hängt sich auf (Firefox)Code:
ATTFilter ComboFix 13-05-10.03 - AJ 10/05/2013 23:39:45.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.2.1033.18.3070.1121 [GMT 2:00]
Running from: c:\users\AJ\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AV: ZoneAlarm Free Firewall Antivirus *Disabled/Updated* {DE038A5B-9EDD-18A9-2361-FF7D98D43730}
FW: ZoneAlarm Free Firewall Firewall *Disabled* {E6380B7E-D4B2-19F1-083E-56486607704B}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: ZoneAlarm Free Firewall Anti-Spyware *Disabled/Updated* {65626BBF-B8E7-1727-19D1-C40FE3537D8D}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2013-04-10 to 2013-05-10 )))))))))))))))))))))))))))))))
.
.
2013-05-10 21:50 . 2013-05-10 21:50 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-05-10 20:27 . 2013-05-10 20:27 -------- d-----w- c:\program files\7-Zip
2013-05-10 18:32 . 2013-05-10 20:27 -------- d-----w- c:\users\AJ\Tools
2013-05-06 16:29 . 2013-05-06 16:30 -------- d-----w- c:\program files\PDF Architect
2013-05-06 16:29 . 2013-05-06 16:29 -------- d-----w- c:\users\AJ\AppData\Roaming\pdfforge
2013-05-06 16:29 . 2013-04-09 13:13 95416 ----a-w- c:\windows\system32\pdfcmon.dll
2013-05-06 16:29 . 2012-05-05 09:54 662288 ----a-w- c:\windows\system32\MSCOMCT2.OCX
2013-05-06 16:29 . 2012-05-05 09:54 137000 ----a-w- c:\windows\system32\MSMAPI32.OCX
2013-05-06 16:29 . 2013-05-06 16:30 -------- d-----w- c:\program files\PDFCreator
2013-05-06 16:29 . 2012-05-05 09:54 23552 ----a-w- c:\windows\system32\MSMPIDE.DLL
2013-05-06 16:29 . 1998-07-06 16:56 125712 ----a-w- c:\windows\system32\VB6DE.DLL
2013-05-06 16:29 . 1998-07-06 16:55 158208 ----a-w- c:\windows\system32\MSCMCDE.DLL
2013-05-06 16:29 . 1998-07-06 16:55 64512 ----a-w- c:\windows\system32\MSCC2DE.DLL
2013-05-06 16:26 . 2013-05-06 16:26 -------- d-----w- c:\users\AJ\AppData\Local\Programs
2013-05-03 17:29 . 2013-05-03 17:29 -------- d-----w- c:\program files\Common Files\Skype
2013-04-29 09:07 . 2013-04-29 09:09 -------- d-----w- c:\users\Guest
2013-04-24 13:27 . 2013-04-24 13:27 -------- d-----w- c:\users\AJ\AppData\Roaming\Thunderbird
2013-04-24 13:27 . 2013-04-24 13:27 -------- d-----w- c:\users\AJ\AppData\Local\Thunderbird
2013-04-24 13:27 . 2013-04-24 13:27 -------- d-----w- c:\program files\Mozilla Thunderbird
2013-04-24 12:27 . 2013-04-24 12:29 -------- d-----w- c:\users\AJ\AppData\Local\PokerStars.EU
2013-04-24 12:27 . 2013-04-24 12:28 -------- d-----w- c:\program files\PokerStars.EU
2013-04-24 11:24 . 2013-04-24 11:29 -------- d-----w- c:\users\AJ\AppData\Roaming\vlc
2013-04-24 11:23 . 2013-04-24 11:23 -------- d-----w- c:\program files\VideoLAN
2013-04-24 09:07 . 2012-12-16 14:13 295424 ----a-w- c:\windows\system32\atmfd.dll
2013-04-24 09:07 . 2012-12-16 14:13 34304 ----a-w- c:\windows\system32\atmlib.dll
2013-04-24 08:56 . 2013-04-17 04:31 6906960 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{41335CF6-0FF5-46FC-9B49-7F7B8806F3C7}\mpengine.dll
2013-04-24 08:56 . 2012-03-01 05:46 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2013-04-24 08:56 . 2012-03-01 05:33 159232 ----a-w- c:\windows\system32\imagehlp.dll
2013-04-24 08:56 . 2012-03-01 05:29 5120 ----a-w- c:\windows\system32\wmi.dll
2013-04-24 08:50 . 2012-11-02 05:11 376832 ----a-w- c:\windows\system32\dpnet.dll
2013-04-24 08:50 . 2012-06-06 05:05 143360 ----a-w- c:\program files\Common Files\System\ado\msjro.dll
2013-04-24 08:50 . 2012-06-06 05:05 372736 ----a-w- c:\program files\Common Files\System\ado\msadox.dll
2013-04-24 08:50 . 2012-06-06 05:05 57344 ----a-w- c:\program files\Common Files\System\ado\msador15.dll
2013-04-24 08:50 . 2012-06-06 05:05 352256 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll
2013-04-24 08:50 . 2012-06-06 05:05 212992 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll
2013-04-24 08:50 . 2012-06-06 05:05 1019904 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2013-04-24 08:50 . 2012-06-06 05:03 805376 ----a-w- c:\windows\system32\cdosys.dll
2013-04-24 08:49 . 2012-05-14 04:33 769024 ----a-w- c:\windows\system32\localspl.dll
2013-04-24 08:49 . 2012-11-23 02:48 49152 ----a-w- c:\windows\system32\taskhost.exe
2013-04-24 08:48 . 2013-03-19 05:04 3968856 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-04-24 08:48 . 2013-03-19 05:04 3913560 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-04-24 08:48 . 2013-03-19 04:48 38912 ----a-w- c:\windows\system32\csrsrv.dll
2013-04-24 08:48 . 2013-03-19 02:49 69632 ----a-w- c:\windows\system32\smss.exe
2013-04-24 08:48 . 2012-06-02 04:36 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2013-04-24 08:48 . 2012-06-02 04:36 1159680 ----a-w- c:\windows\system32\crypt32.dll
2013-04-24 08:48 . 2012-06-02 04:36 103936 ----a-w- c:\windows\system32\cryptnet.dll
2013-04-24 08:46 . 2012-06-06 05:05 1236992 ----a-w- c:\windows\system32\msxml3.dll
2013-04-24 08:46 . 2010-06-26 03:24 2048 ----a-w- c:\windows\system32\msxml3r.dll
2013-04-24 08:36 . 2012-11-09 04:42 2048 ----a-w- c:\windows\system32\tzres.dll
2013-04-24 08:12 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2013-04-24 08:12 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
2013-04-24 08:12 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2013-04-24 08:12 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
2013-04-24 08:12 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
2013-04-24 08:12 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2013-04-24 08:12 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
2013-04-24 08:11 . 2012-06-02 13:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
2013-04-24 08:11 . 2012-06-02 13:12 33792 ----a-w- c:\windows\system32\wuapp.exe
2013-04-24 08:07 . 2013-04-24 08:07 -------- d-----w- c:\program files\Common Files\Java
2013-04-24 08:07 . 2013-04-24 08:07 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-24 08:07 . 2012-09-07 17:24 866720 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-04-24 08:07 . 2012-02-14 18:02 788896 ----a-w- c:\windows\system32\deployJava1.dll
2013-04-24 07:59 . 2012-04-12 18:19 691592 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-04-24 07:59 . 2012-01-22 18:32 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-11 23:10 . 2012-01-22 17:53 237088 ------w- c:\windows\system32\MpSigStub.exe
2013-04-14 22:09 . 2013-04-14 22:09 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OfficeSyncProcess"="c:\program files\Microsoft Office\Office14\MSOSYNC.EXE" [2010-12-20 718720]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ZoneAlarm"="c:\program files\CheckPoint\ZoneAlarm\zatray.exe" [2013-03-27 73832]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-08-11 348664]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2009-05-18 1314816]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-04-22 1725736]
"ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2012-11-22 738984]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-12-03 07:35 946352 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-10-11 20:56 59280 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
2010-03-13 13:54 91520 ----a-w- c:\program files\Microsoft Office\Office14\BCSSync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-10-25 02:12 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [x]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [x]
S2 ISWKL;ZoneAlarm LTD Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [x]
S2 IswSvc;ZoneAlarm LTD Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\IswSvc.exe [x]
S2 PDF Architect Helper Service;PDF Architect Helper Service;c:\program files\PDF Architect\HelperService.exe [x]
S2 PDF Architect Service;PDF Architect Service;c:\program files\PDF Architect\ConversionService.exe [x]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - UXDDIPOC
*Deregistered* - uxddipoc
.
Contents of the 'Scheduled Tasks' folder
.
2013-05-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-12 07:59]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.delta-search.com/?affID=119370&babsrc=HP_ss&mntrId=a0cd22d70000000000000016cfe134ab
IE: An OneNote s&enden - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\AJ\AppData\Roaming\Mozilla\Firefox\Profiles\4al20v81.default\
FF - ExtSQL: 2013-04-09 21:48; {FFB96CC1-7EB3-449D-B827-DB661701C6BB}; c:\program files\CheckPoint\ZAForceField\TrustChecker
FF - ExtSQL: 2013-04-24 19:20; googledictionary@toptip.ca; c:\users\AJ\AppData\Roaming\Mozilla\Firefox\Profiles\4al20v81.default\extensions\googledictionary@toptip.ca.xpi
FF - ExtSQL: 2013-04-24 20:20; quickdrag@mozilla.ktechcomputing.com; c:\users\AJ\AppData\Roaming\Mozilla\Firefox\Profiles\4al20v81.default\extensions\quickdrag@mozilla.ktechcomputing.com.xpi
FF - ExtSQL: 2013-05-06 18:29; FFPDFArchitectConverter@pdfarchitect.com; c:\program files\PDF Architect\FFPDFArchitectExt
FF - user.js: extensions.delta.tlbrSrchUrl -
FF - user.js: extensions.delta.id - a0cd22d70000000000000016cfe134ab
FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
FF - user.js: extensions.delta.instlDay - 15764
FF - user.js: extensions.delta.vrsn - 1.8.10.0
FF - user.js: extensions.delta.vrsni - 1.8.10.0
FF - user.js: extensions.delta.vrsnTs - 1.8.10.018:13
FF - user.js: extensions.delta.prtnrId - delta
FF - user.js: extensions.delta.prdct - delta
FF - user.js: extensions.delta.aflt - babsst
FF - user.js: extensions.delta.smplGrp - none
FF - user.js: extensions.delta.tlbrId - base
FF - user.js: extensions.delta.instlRef - sst
FF - user.js: extensions.delta.dfltLng - en
FF - user.js: extensions.delta.excTlbr - false
FF - user.js: extensions.delta.admin - false
FF - user.js: extensions.delta.autoRvrt - false
FF - user.js: extensions.delta.rvrt - false
FF - user.js: extensions.delta.newTab - false
FF - user.js: extensions.zonealarm.tlbrSrchUrl - hxxp://search.zonealarm.com/search?src=tb&tbid=base2013&Lan={dfltLng}&gu=743f799b4f704713a609397cbaca5950&tu=10GX0007U2B0008&sku=&tstsId=&ver=&&q=
FF - user.js: extensions.zonealarm.id - a0cd22d70000000000000016cfe134ab
FF - user.js: extensions.zonealarm.appId - {C56C48A0-DA4E-46F6-9859-1553DC865F84}
FF - user.js: extensions.zonealarm.instlDay - 15804
FF - user.js: extensions.zonealarm.vrsn - 1.8.11.11
FF - user.js: extensions.zonealarm.vrsni - 1.8.11.11
FF - user.js: extensions.zonealarm.vrsnTs - 1.8.11.1121:45
FF - user.js: extensions.zonealarm.prtnrId - checkpoint
FF - user.js: extensions.zonealarm.prdct - zonealarm
FF - user.js: extensions.zonealarm.aflt - 1025
FF - user.js: extensions.zonealarm.smplGrp - none
FF - user.js: extensions.zonealarm.tlbrId - base2013
FF - user.js: extensions.zonealarm.instlRef - ZLN25546142391619-1001
FF - user.js: extensions.zonealarm.dfltLng - en
FF - user.js: extensions.zonealarm.excTlbr - false
FF - user.js: extensions.zonealarm.ffxUnstlRst - false
FF - user.js: extensions.zonealarm.admin - false
FF - user.js: extensions.zonealarm.autoRvrt - false
FF - user.js: extensions.zonealarm.rvrt - true
FF - user.js: extensions.zonealarm.dfltSrch - true
FF - user.js: extensions.zonealarm.srchPrvdr - Search By ZoneAlarm
FF - user.js: extensions.zonealarm.kw_url - hxxp://search.zonealarm.com/search?src=sp&tbid=base2013&Lan=en&gu=743f799b4f704713a609397cbaca5950&tu=10GX0007U2B0008&sku=&tstsId=&ver=&&q=
FF - user.js: extensions.zonealarm.dnsErr - true
FF - user.js: extensions.zonealarm.newTab - false
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(524)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
.
- - - - - - - > 'Explorer.exe'(7456)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
.
Completion time: 2013-05-10 23:55:21
ComboFix-quarantined-files.txt 2013-05-10 21:55
.
Pre-Run: 61,851,701,248 bytes free
Post-Run: 63,026,700,288 bytes free
.
- - End Of File - - 7A1B2905B84789388672B7BCD9E42EC4
|
|
10.05.2013, 23:06
| #8 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/Crypt.EPACK.Gen2 und TR/Dropper.Gen Rechner hängt sich auf (Firefox)Zitat:
Zwei Sicherheitsprogramme vertragen sich in den seltensten Fällen, zudem kannst du auf ZoneAlarm-Firewall pfeifen, die von Windows entspricht allen Sicherheitsanforderungen. Bitte ZoneAlarm komplette deinstallieren, gib mit Bescheid wenn fertig
__________________ Logfiles bitte immer in CODE-Tags posten |
|
10.05.2013, 23:19
| #9 |
| | TR/Crypt.EPACK.Gen2 und TR/Dropper.Gen Rechner hängt sich auf (Firefox) ZA ist deinstalliert. |
|
12.05.2013, 19:34
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/Crypt.EPACK.Gen2 und TR/Dropper.Gen Rechner hängt sich auf (Firefox) Bitte die drei Tools MBAR / aswMBR / TDSSkiller nun ausführen und die Logs in CODE-Tags posten MBAR (Malwarebytes Anti-Rootkit) Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers aswMBR Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). TDSS-Killer Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ Logfiles bitte immer in CODE-Tags posten |
|
12.05.2013, 20:59
| #11 |
| | TR/Crypt.EPACK.Gen2 und TR/Dropper.Gen Rechner hängt sich auf (Firefox) Hallo, danke, dass Du dran bleibst... Habe das erste Programm ausgeführt, kein Fund und kein Scan notwendig. Avast hat dann mitten im Scan abgebrochen. W7 hat mir angeboten im Netz nach einer Problemlösung zu suchen, das wars. Nun bin ich unsicher, ob ich den letzten Schritt trotzdem noch ausführen soll. Gruss Helge |
|
12.05.2013, 21:19
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/Crypt.EPACK.Gen2 und TR/Dropper.Gen Rechner hängt sich auf (Firefox) Am Ende der Anleitung zu aswMBR wurde doch deswegen extra ein Hinweis gebracht
__________________ Logfiles bitte immer in CODE-Tags posten |
|
12.05.2013, 21:34
| #13 |
| | TR/Crypt.EPACK.Gen2 und TR/Dropper.Gen Rechner hängt sich auf (Firefox) Entschuldige... Code:
ATTFilter ---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.05.0.1001
(c) Malwarebytes Corporation 2011-2012
OS version: 6.1.7601 Windows 7 Service Pack 1 x86
Account is Administrative
Internet Explorer version: 9.0.8112.16421
Java version: 1.6.0_30
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.161000 GHz
Memory total: 3219578880, free: 2134323200
------------ Kernel report ------------
05/12/2013 21:02:27
------------ Loaded modules -----------
\SystemRoot\system32\ntkrnlpa.exe
\SystemRoot\system32\halmacpi.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\system32\DRIVERS\kl1.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\drivers\intelide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\DRIVERS\pcmcia.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\vmbus.sys
\SystemRoot\system32\drivers\winhv.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\vmstorfl.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\CLASSPNP.SYS
\SystemRoot\system32\drivers\cdrom.sys
\SystemRoot\system32\DRIVERS\klif.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\kl2.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\system32\DRIVERS\ssmdrv.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\avkmgr.sys
\SystemRoot\system32\DRIVERS\avipbb.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\e1e6232.sys
\SystemRoot\system32\DRIVERS\netw5v32.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\drivers\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\nscirda.sys
\SystemRoot\system32\drivers\irenum.sys
\SystemRoot\system32\drivers\tpm.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\ibmpmdrv.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\rdpbus.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\drivers\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\ADIHdAud.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\DRIVERS\HSXHWAZL.sys
\SystemRoot\system32\DRIVERS\HSX_DPV.sys
\SystemRoot\system32\DRIVERS\HSX_CNXT.sys
\SystemRoot\system32\drivers\modem.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\Drivers\BTHUSB.sys
\SystemRoot\System32\Drivers\bthport.sys
\SystemRoot\system32\DRIVERS\rfcomm.sys
\SystemRoot\system32\drivers\BthEnum.sys
\SystemRoot\system32\DRIVERS\bthpan.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\avgntflt.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\WinUSB.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\SystemRoot\system32\DRIVERS\irda.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\DRIVERS\mdmxsdk.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\system32\DRIVERS\xaudio.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\wininet.dll
\Windows\System32\msctf.dll
\Windows\System32\ws2_32.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\Wldap32.dll
\Windows\System32\lpk.dll
\Windows\System32\difxapi.dll
\Windows\System32\urlmon.dll
\Windows\System32\imagehlp.dll
\Windows\System32\kernel32.dll
\Windows\System32\oleaut32.dll
\Windows\System32\imm32.dll
\Windows\System32\advapi32.dll
\Windows\System32\normaliz.dll
\Windows\System32\psapi.dll
\Windows\System32\clbcatq.dll
\Windows\System32\ole32.dll
\Windows\System32\msvcrt.dll
\Windows\System32\nsi.dll
\Windows\System32\shell32.dll
\Windows\System32\user32.dll
\Windows\System32\gdi32.dll
\Windows\System32\usp10.dll
\Windows\System32\shlwapi.dll
\Windows\System32\setupapi.dll
\Windows\System32\sechost.dll
\Windows\System32\comdlg32.dll
\Windows\System32\iertutil.dll
\Windows\System32\crypt32.dll
\Windows\System32\KernelBase.dll
\Windows\System32\wintrust.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\devobj.dll
\Windows\System32\comctl32.dll
\Windows\System32\msasn1.dll
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff855b37a0
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-0\
Lower Device Object: 0xffffffff8554a030
Lower Device Driver Name: \Driver\atapi\
Driver name found: atapi
Initialization returned 0x0
Port sub-driver loaded: \??\C:\Windows\System32\drivers\ataport.sys (0x0)
Load Function returned 0x0
Downloaded database version: v2013.05.12.05
Downloaded database version: v2013.05.07.01
Initializing...
Done!
<<<2>>>
Device number: 0, partition: 1
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff855b37a0, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff855b33d8, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff855b37a0, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff85081848, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff8554a030, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0xffffffffa85ad6a8, 0xffffffff855b37a0, 0xffffffff84acaac8
Lower DeviceData: 0xffffffffa8564a08, 0xffffffff8554a030, 0xffffffff84aca3a0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning directory: C:\Windows\system32\drivers...
<<<2>>>
Device number: 0, partition: 1
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: D6719FEF
Partition information:
Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 63 Numsec = 185839857
Partition file system is NTFS
Partition is bootable
Partition 1 type is Other (0x12)
Partition is NOT ACTIVE.
Partition starts at LBA: 185839920 Numsec = 9525600
Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Disk Size: 100030242816 bytes
Sector size: 512 bytes
Scanning physical sectors of unpartitioned space on drive 0 (1-62-195351568-195371568)...
Done!
Performing system, memory and registry scan...
Done!
Scan finished
=======================================
Code:
ATTFilter aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-05-12 22:22:45
-----------------------------
22:22:45.232 OS Version: Windows 6.1.7601 Service Pack 1
22:22:45.232 Number of processors: 2 586 0xE08
22:22:45.232 ComputerName: TRASHER UserName: AJ
22:22:45.762 Initialize success
22:23:01.066 AVAST engine defs: 13051200
22:23:08.429 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
22:23:08.429 Disk 0 Vendor: HTS721010G9SA00 MCZIC10V Size: 95396MB BusType: 3
22:23:08.616 Disk 0 MBR read successfully
22:23:08.616 Disk 0 MBR scan
22:23:08.632 Disk 0 Windows 7 default MBR code
22:23:08.647 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 90742 MB offset 63
22:23:08.678 Disk 0 Partition 2 00 12 Compaq diag MSDOS5.0 4651 MB offset 185839920
22:23:08.725 Disk 0 scanning sectors +195365520
22:23:08.772 Disk 0 scanning C:\Windows\system32\drivers
22:23:24.403 Service scanning
22:24:04.480 Modules scanning
22:24:17.599 Disk 0 trace - called modules:
22:24:17.631 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS intelide.sys PCIIDEX.SYS atapi.sys
22:24:17.646 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x855b37a0]
22:24:17.646 3 CLASSPNP.SYS[8b39f59e] -> nt!IofCallDriver -> [0x85081848]
22:24:17.662 5 ACPI.sys[8a8973d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x8554a030]
22:24:17.677 Scan finished successfully
22:24:46.116 Disk 0 MBR has been saved successfully to "C:\Users\AJ\Desktop\MBR.dat"
22:24:46.116 The log file has been saved successfully to "C:\Users\AJ\Desktop\aswMBR.txt"
Code:
ATTFilter 22:27:06.0812 5864 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
22:27:07.0124 5864 ============================================================
22:27:07.0124 5864 Current date / time: 2013/05/12 22:27:07.0124
22:27:07.0124 5864 SystemInfo:
22:27:07.0124 5864
22:27:07.0124 5864 OS Version: 6.1.7601 ServicePack: 1.0
22:27:07.0124 5864 Product type: Workstation
22:27:07.0124 5864 ComputerName: TRASHER
22:27:07.0124 5864 UserName: AJ
22:27:07.0124 5864 Windows directory: C:\Windows
22:27:07.0124 5864 System windows directory: C:\Windows
22:27:07.0124 5864 Processor architecture: Intel x86
22:27:07.0124 5864 Number of processors: 2
22:27:07.0124 5864 Page size: 0x1000
22:27:07.0124 5864 Boot type: Normal boot
22:27:07.0124 5864 ============================================================
22:27:08.0216 5864 Drive \Device\Harddisk0\DR0 - Size: 0x174A446000 (93.16 Gb), SectorSize: 0x200, Cylinders: 0x3279, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000050
22:27:08.0216 5864 ============================================================
22:27:08.0216 5864 \Device\Harddisk0\DR0:
22:27:08.0216 5864 MBR partitions:
22:27:08.0216 5864 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xB13B0F1
22:27:08.0216 5864 ============================================================
22:27:08.0232 5864 C: <-> \Device\Harddisk0\DR0\Partition1
22:27:08.0232 5864 ============================================================
22:27:08.0232 5864 Initialize success
22:27:08.0232 5864 ============================================================
22:27:18.0949 4348 ============================================================
22:27:18.0949 4348 Scan started
22:27:18.0949 4348 Mode: Manual; SigCheck; TDLFS;
22:27:18.0949 4348 ============================================================
22:27:19.0308 4348 ================ Scan system memory ========================
22:27:19.0308 4348 System memory - ok
22:27:19.0308 4348 ================ Scan services =============================
22:27:19.0526 4348 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
22:27:19.0651 4348 1394ohci - ok
22:27:19.0713 4348 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys
22:27:19.0760 4348 ACPI - ok
22:27:19.0869 4348 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
22:27:19.0963 4348 AcpiPmi - ok
22:27:20.0025 4348 [ 6C61BCEB60C2C187E6F96001FD69493E ] ADIHdAudAddService C:\Windows\system32\drivers\ADIHdAud.sys
22:27:20.0103 4348 ADIHdAudAddService - ok
22:27:20.0213 4348 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
22:27:20.0244 4348 AdobeARMservice - ok
22:27:20.0322 4348 [ 479901C99FA62D1C3261B7ACB1228DAD ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
22:27:20.0369 4348 AdobeFlashPlayerUpdateSvc - ok
22:27:20.0431 4348 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
22:27:20.0462 4348 adp94xx - ok
22:27:20.0493 4348 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
22:27:20.0509 4348 adpahci - ok
22:27:20.0540 4348 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
22:27:20.0556 4348 adpu320 - ok
22:27:20.0603 4348 [ 4DC6B0772D1698F04FC79053A21C8260 ] AEADIFilters C:\Windows\system32\AEADISRV.EXE
22:27:20.0634 4348 AEADIFilters - ok
22:27:20.0665 4348 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
22:27:20.0712 4348 AeLookupSvc - ok
22:27:20.0759 4348 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys
22:27:20.0837 4348 AFD - ok
22:27:20.0883 4348 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys
22:27:20.0915 4348 agp440 - ok
22:27:20.0961 4348 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
22:27:20.0993 4348 aic78xx - ok
22:27:21.0039 4348 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
22:27:21.0086 4348 ALG - ok
22:27:21.0102 4348 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys
22:27:21.0117 4348 aliide - ok
22:27:21.0133 4348 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
22:27:21.0149 4348 amdagp - ok
22:27:21.0164 4348 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys
22:27:21.0180 4348 amdide - ok
22:27:21.0211 4348 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
22:27:21.0258 4348 AmdK8 - ok
22:27:21.0273 4348 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
22:27:21.0305 4348 AmdPPM - ok
22:27:21.0336 4348 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\Windows\system32\drivers\amdsata.sys
22:27:21.0351 4348 amdsata - ok
22:27:21.0414 4348 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
22:27:21.0445 4348 amdsbs - ok
22:27:21.0476 4348 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\Windows\system32\drivers\amdxata.sys
22:27:21.0492 4348 amdxata - ok
22:27:21.0554 4348 [ 0A1CC583E8147004E4AD4625D7FBF88C ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
22:27:21.0601 4348 AntiVirSchedulerService - ok
22:27:21.0601 4348 [ C9A36EF935ACED86AEDF93E97E606911 ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe
22:27:21.0617 4348 AntiVirService - ok
22:27:21.0663 4348 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys
22:27:21.0726 4348 AppID - ok
22:27:21.0773 4348 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
22:27:21.0819 4348 AppIDSvc - ok
22:27:21.0851 4348 [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo C:\Windows\System32\appinfo.dll
22:27:21.0882 4348 Appinfo - ok
22:27:21.0929 4348 [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt C:\Windows\System32\appmgmts.dll
22:27:21.0944 4348 AppMgmt - ok
22:27:22.0007 4348 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys
22:27:22.0022 4348 arc - ok
22:27:22.0038 4348 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
22:27:22.0053 4348 arcsas - ok
22:27:22.0069 4348 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
22:27:22.0209 4348 AsyncMac - ok
22:27:22.0241 4348 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys
22:27:22.0256 4348 atapi - ok
22:27:22.0303 4348 [ 2039E24FE00639A9123DCD6F22D42D74 ] Ati External Event Utility C:\Windows\system32\Ati2evxx.exe
22:27:22.0412 4348 Ati External Event Utility - ok
22:27:22.0599 4348 [ D2E9ACB68FA61C911CC21E07F87705BF ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
22:27:22.0787 4348 atikmdag - ok
22:27:22.0833 4348 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
22:27:22.0896 4348 AudioEndpointBuilder - ok
22:27:22.0911 4348 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
22:27:22.0943 4348 Audiosrv - ok
22:27:22.0974 4348 [ D5541F0AFB767E85FC412FC609D96A74 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
22:27:22.0989 4348 avgntflt - ok
22:27:23.0036 4348 [ 7D967A682D4694DF7FA57D63A2DB01FE ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
22:27:23.0052 4348 avipbb - ok
22:27:23.0067 4348 [ 271CFD1A989209B1964E24D969552BF7 ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
22:27:23.0083 4348 avkmgr - ok
22:27:23.0130 4348 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll
22:27:23.0192 4348 AxInstSV - ok
22:27:23.0239 4348 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
22:27:23.0286 4348 b06bdrv - ok
22:27:23.0317 4348 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
22:27:23.0333 4348 b57nd60x - ok
22:27:23.0379 4348 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
22:27:23.0426 4348 BDESVC - ok
22:27:23.0442 4348 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
22:27:23.0489 4348 Beep - ok
22:27:23.0551 4348 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\Windows\System32\bfe.dll
22:27:23.0613 4348 BFE - ok
22:27:23.0660 4348 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\Windows\system32\qmgr.dll
22:27:23.0723 4348 BITS - ok
22:27:23.0738 4348 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
22:27:23.0769 4348 blbdrive - ok
22:27:23.0816 4348 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
22:27:23.0879 4348 bowser - ok
22:27:23.0910 4348 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
22:27:24.0003 4348 BrFiltLo - ok
22:27:24.0019 4348 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
22:27:24.0050 4348 BrFiltUp - ok
22:27:24.0081 4348 [ 77361D72A04F18809D0EFB6CCEB74D4B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
22:27:24.0128 4348 BridgeMP - ok
22:27:24.0175 4348 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\Windows\System32\browser.dll
22:27:24.0206 4348 Browser - ok
22:27:24.0253 4348 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
22:27:24.0269 4348 Brserid - ok
22:27:24.0300 4348 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
22:27:24.0331 4348 BrSerWdm - ok
22:27:24.0347 4348 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
22:27:24.0378 4348 BrUsbMdm - ok
22:27:24.0393 4348 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
22:27:24.0425 4348 BrUsbSer - ok
22:27:24.0487 4348 [ 2865A5C8E98C70C605F417908CEBB3A4 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
22:27:24.0549 4348 BthEnum - ok
22:27:24.0565 4348 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
22:27:24.0596 4348 BTHMODEM - ok
22:27:24.0643 4348 [ AD1872E5829E8A2C3B5B4B641C3EAB0E ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
22:27:24.0674 4348 BthPan - ok
22:27:24.0721 4348 [ C2FBF6D271D9A94D839C416BF186EAD9 ] BTHPORT C:\Windows\system32\Drivers\BTHport.sys
22:27:24.0737 4348 BTHPORT - ok
22:27:24.0783 4348 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
22:27:24.0815 4348 bthserv - ok
22:27:24.0830 4348 [ C81E9413A25A439F436B1D4B6A0CF9E9 ] BTHUSB C:\Windows\system32\Drivers\BTHUSB.sys
22:27:24.0861 4348 BTHUSB - ok
22:27:24.0986 4348 catchme - ok
22:27:25.0017 4348 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
22:27:25.0080 4348 cdfs - ok
22:27:25.0142 4348 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\drivers\cdrom.sys
22:27:25.0173 4348 cdrom - ok
22:27:25.0236 4348 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll
22:27:25.0298 4348 CertPropSvc - ok
22:27:25.0345 4348 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
22:27:25.0376 4348 circlass - ok
22:27:25.0407 4348 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
22:27:25.0439 4348 CLFS - ok
22:27:25.0517 4348 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:27:25.0548 4348 clr_optimization_v2.0.50727_32 - ok
22:27:25.0563 4348 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
22:27:25.0595 4348 CmBatt - ok
22:27:25.0610 4348 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
22:27:25.0626 4348 cmdide - ok
22:27:25.0673 4348 [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG C:\Windows\system32\Drivers\cng.sys
22:27:25.0704 4348 CNG - ok
22:27:25.0751 4348 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
22:27:25.0782 4348 Compbatt - ok
22:27:25.0829 4348 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
22:27:25.0860 4348 CompositeBus - ok
22:27:25.0875 4348 COMSysApp - ok
22:27:25.0907 4348 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
22:27:25.0922 4348 crcdisk - ok
22:27:25.0953 4348 [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc C:\Windows\system32\cryptsvc.dll
22:27:25.0985 4348 CryptSvc - ok
22:27:26.0016 4348 [ 3C2177A897B4CA2788C6FB0C3FD81D4B ] CSC C:\Windows\system32\drivers\csc.sys
22:27:26.0063 4348 CSC - ok
22:27:26.0094 4348 [ 15F93B37F6801943360D9EB42485D5D3 ] CscService C:\Windows\System32\cscsvc.dll
22:27:26.0141 4348 CscService - ok
22:27:26.0172 4348 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll
22:27:26.0234 4348 DcomLaunch - ok
22:27:26.0281 4348 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
22:27:26.0343 4348 defragsvc - ok
22:27:26.0406 4348 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
22:27:26.0453 4348 DfsC - ok
22:27:26.0499 4348 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll
22:27:26.0546 4348 Dhcp - ok
22:27:26.0577 4348 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
22:27:26.0624 4348 discache - ok
22:27:26.0671 4348 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys
22:27:26.0687 4348 Disk - ok
22:27:26.0718 4348 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
22:27:26.0749 4348 Dnscache - ok
22:27:26.0796 4348 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll
22:27:26.0858 4348 dot3svc - ok
22:27:26.0905 4348 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll
22:27:26.0936 4348 DPS - ok
22:27:26.0999 4348 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
22:27:27.0045 4348 drmkaud - ok
22:27:27.0108 4348 [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
22:27:27.0170 4348 DXGKrnl - ok
22:27:27.0233 4348 [ E1EEE3216482DB7DB5666125C3969CD0 ] e1express C:\Windows\system32\DRIVERS\e1e6232.sys
22:27:27.0264 4348 e1express - ok
22:27:27.0311 4348 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
22:27:27.0357 4348 EapHost - ok
22:27:27.0513 4348 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
22:27:27.0607 4348 ebdrv - ok
22:27:27.0638 4348 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe
22:27:27.0669 4348 EFS - ok
22:27:27.0763 4348 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
22:27:27.0810 4348 ehRecvr - ok
22:27:27.0857 4348 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
22:27:27.0872 4348 ehSched - ok
22:27:27.0935 4348 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
22:27:27.0981 4348 elxstor - ok
22:27:27.0997 4348 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
22:27:28.0013 4348 ErrDev - ok
22:27:28.0075 4348 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
22:27:28.0153 4348 EventSystem - ok
22:27:28.0169 4348 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
22:27:28.0215 4348 exfat - ok
22:27:28.0231 4348 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
22:27:28.0278 4348 fastfat - ok
22:27:28.0325 4348 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe
22:27:28.0387 4348 Fax - ok
22:27:28.0418 4348 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
22:27:28.0434 4348 fdc - ok
22:27:28.0465 4348 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
22:27:28.0527 4348 fdPHost - ok
22:27:28.0527 4348 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
22:27:28.0590 4348 FDResPub - ok
22:27:28.0605 4348 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
22:27:28.0621 4348 FileInfo - ok
22:27:28.0637 4348 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
22:27:28.0668 4348 Filetrace - ok
22:27:28.0699 4348 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
22:27:28.0715 4348 flpydisk - ok
22:27:28.0730 4348 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
22:27:28.0761 4348 FltMgr - ok
22:27:28.0824 4348 [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache C:\Windows\system32\FntCache.dll
22:27:28.0871 4348 FontCache - ok
22:27:28.0949 4348 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
22:27:28.0980 4348 FontCache3.0.0.0 - ok
22:27:29.0011 4348 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
22:27:29.0027 4348 FsDepends - ok
22:27:29.0042 4348 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
22:27:29.0058 4348 Fs_Rec - ok
22:27:29.0105 4348 [ 8A73E79089B282100B9393B644CB853B ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
22:27:29.0136 4348 fvevol - ok
22:27:29.0151 4348 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
22:27:29.0167 4348 gagp30kx - ok
22:27:29.0214 4348 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll
22:27:29.0276 4348 gpsvc - ok
22:27:29.0307 4348 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
22:27:29.0354 4348 hcw85cir - ok
22:27:29.0401 4348 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
22:27:29.0432 4348 HdAudAddService - ok
22:27:29.0448 4348 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
22:27:29.0479 4348 HDAudBus - ok
22:27:29.0495 4348 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
22:27:29.0541 4348 HidBatt - ok
22:27:29.0573 4348 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
22:27:29.0588 4348 HidBth - ok
22:27:29.0651 4348 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
22:27:29.0697 4348 HidIr - ok
22:27:29.0729 4348 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\System32\hidserv.dll
22:27:29.0775 4348 hidserv - ok
22:27:29.0838 4348 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
22:27:29.0885 4348 HidUsb - ok
22:27:29.0931 4348 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll
22:27:29.0978 4348 hkmsvc - ok
22:27:30.0025 4348 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
22:27:30.0056 4348 HomeGroupListener - ok
22:27:30.0103 4348 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
22:27:30.0134 4348 HomeGroupProvider - ok
22:27:30.0165 4348 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
22:27:30.0181 4348 HpSAMD - ok
22:27:30.0275 4348 [ 7BC42C65B5C6281777C1A7605B253BA8 ] HSF_DPV C:\Windows\system32\DRIVERS\HSX_DPV.sys
22:27:30.0337 4348 HSF_DPV - ok
22:27:30.0368 4348 [ 9EBF2D102CCBB6BCDFBF1B7922F8BA2E ] HSXHWAZL C:\Windows\system32\DRIVERS\HSXHWAZL.sys
22:27:30.0399 4348 HSXHWAZL - ok
22:27:30.0446 4348 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys
22:27:30.0493 4348 HTTP - ok
22:27:30.0524 4348 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
22:27:30.0540 4348 hwpolicy - ok
22:27:30.0587 4348 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
22:27:30.0649 4348 i8042prt - ok
22:27:30.0711 4348 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
22:27:30.0743 4348 iaStorV - ok
22:27:30.0789 4348 [ BF648877413F6160E480814A24942B65 ] IBMPMDRV C:\Windows\system32\DRIVERS\ibmpmdrv.sys
22:27:30.0805 4348 IBMPMDRV - ok
22:27:30.0805 4348 [ A75CE11915E4ECC5E1597D6E0F7BB2DB ] IBMPMSVC C:\Windows\system32\ibmpmsvc.exe
22:27:30.0821 4348 IBMPMSVC - ok
22:27:30.0914 4348 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
22:27:30.0961 4348 idsvc - ok
22:27:31.0008 4348 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
22:27:31.0023 4348 iirsp - ok
22:27:31.0086 4348 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll
22:27:31.0148 4348 IKEEXT - ok
22:27:31.0179 4348 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys
22:27:31.0195 4348 intelide - ok
22:27:31.0242 4348 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
22:27:31.0257 4348 intelppm - ok
22:27:31.0304 4348 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
22:27:31.0335 4348 IPBusEnum - ok
22:27:31.0351 4348 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:27:31.0429 4348 IpFilterDriver - ok
22:27:31.0476 4348 [ 4D65A07B795D6674312F879D09AA7663 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
22:27:31.0538 4348 iphlpsvc - ok
22:27:31.0569 4348 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
22:27:31.0616 4348 IPMIDRV - ok
22:27:31.0663 4348 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
22:27:31.0725 4348 IPNAT - ok
22:27:31.0741 4348 [ 9F7E491FB0BA0F9E370163834FC1FE31 ] irda C:\Windows\system32\DRIVERS\irda.sys
22:27:31.0835 4348 irda - ok
22:27:31.0850 4348 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
22:27:31.0897 4348 IRENUM - ok
22:27:31.0928 4348 [ 4220D2F03D5C4226D0A1AA4B84025E45 ] Irmon C:\Windows\System32\irmon.dll
22:27:31.0959 4348 Irmon - ok
22:27:32.0006 4348 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
22:27:32.0037 4348 isapnp - ok
22:27:32.0069 4348 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
22:27:32.0100 4348 iScsiPrt - ok
22:27:32.0131 4348 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
22:27:32.0147 4348 kbdclass - ok
22:27:32.0162 4348 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
22:27:32.0193 4348 kbdhid - ok
22:27:32.0209 4348 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe
22:27:32.0225 4348 KeyIso - ok
22:27:32.0287 4348 [ 186B54479D98E48AEE0E9ADA4B3C4D31 ] KL1 C:\Windows\system32\DRIVERS\kl1.sys
22:27:32.0318 4348 KL1 - ok
22:27:32.0318 4348 [ BF485BFBA13C0AB116701FD9C55324D0 ] kl2 C:\Windows\system32\DRIVERS\kl2.sys
22:27:32.0334 4348 kl2 - ok
22:27:32.0381 4348 [ 46FA00BEF951762919B66269371C22AF ] KLIF C:\Windows\system32\DRIVERS\klif.sys
22:27:32.0396 4348 KLIF - ok
22:27:32.0427 4348 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
22:27:32.0443 4348 KSecDD - ok
22:27:32.0474 4348 [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
22:27:32.0490 4348 KSecPkg - ok
22:27:32.0537 4348 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
22:27:32.0630 4348 KtmRm - ok
22:27:32.0677 4348 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\System32\srvsvc.dll
22:27:32.0739 4348 LanmanServer - ok
22:27:32.0755 4348 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
22:27:32.0786 4348 LanmanWorkstation - ok
22:27:32.0849 4348 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
22:27:32.0895 4348 lltdio - ok
22:27:32.0942 4348 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
22:27:32.0973 4348 lltdsvc - ok
22:27:32.0989 4348 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
22:27:33.0036 4348 lmhosts - ok
22:27:33.0067 4348 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
22:27:33.0098 4348 LSI_FC - ok
22:27:33.0098 4348 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
22:27:33.0114 4348 LSI_SAS - ok
22:27:33.0129 4348 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
22:27:33.0145 4348 LSI_SAS2 - ok
22:27:33.0176 4348 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
22:27:33.0192 4348 LSI_SCSI - ok
22:27:33.0192 4348 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
22:27:33.0239 4348 luafv - ok
22:27:33.0270 4348 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
22:27:33.0301 4348 Mcx2Svc - ok
22:27:33.0317 4348 [ 0CEA2D0D3FA284B85ED5B68365114F76 ] mdmxsdk C:\Windows\system32\DRIVERS\mdmxsdk.sys
22:27:33.0332 4348 mdmxsdk - ok
22:27:33.0363 4348 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
22:27:33.0379 4348 megasas - ok
22:27:33.0410 4348 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
22:27:33.0441 4348 MegaSR - ok
22:27:33.0488 4348 Microsoft SharePoint Workspace Audit Service - ok
22:27:33.0535 4348 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
22:27:33.0597 4348 MMCSS - ok
22:27:33.0613 4348 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
22:27:33.0675 4348 Modem - ok
22:27:33.0707 4348 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
22:27:33.0722 4348 monitor - ok
22:27:33.0769 4348 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
22:27:33.0785 4348 mouclass - ok
22:27:33.0831 4348 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
22:27:33.0847 4348 mouhid - ok
22:27:33.0878 4348 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
22:27:33.0894 4348 mountmgr - ok
22:27:33.0956 4348 [ 7EDBBB9351A38C6BB0FE98CFD44DB430 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
22:27:33.0987 4348 MozillaMaintenance - ok
22:27:34.0019 4348 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys
22:27:34.0034 4348 mpio - ok
22:27:34.0050 4348 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
22:27:34.0097 4348 mpsdrv - ok
22:27:34.0143 4348 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\Windows\system32\mpssvc.dll
22:27:34.0206 4348 MpsSvc - ok
22:27:34.0253 4348 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
22:27:34.0284 4348 MRxDAV - ok
22:27:34.0331 4348 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
22:27:34.0377 4348 mrxsmb - ok
22:27:34.0393 4348 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:27:34.0424 4348 mrxsmb10 - ok
22:27:34.0440 4348 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:27:34.0487 4348 mrxsmb20 - ok
22:27:34.0533 4348 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys
22:27:34.0565 4348 msahci - ok
22:27:34.0580 4348 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys
22:27:34.0596 4348 msdsm - ok
22:27:34.0611 4348 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
22:27:34.0643 4348 MSDTC - ok
22:27:34.0689 4348 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
22:27:34.0721 4348 Msfs - ok
22:27:34.0736 4348 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
22:27:34.0783 4348 mshidkmdf - ok
22:27:34.0799 4348 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
22:27:34.0814 4348 msisadrv - ok
22:27:34.0877 4348 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
22:27:34.0923 4348 MSiSCSI - ok
22:27:34.0923 4348 msiserver - ok
22:27:34.0955 4348 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
22:27:35.0001 4348 MSKSSRV - ok
22:27:35.0017 4348 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
22:27:35.0064 4348 MSPCLOCK - ok
22:27:35.0095 4348 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
22:27:35.0157 4348 MSPQM - ok
22:27:35.0173 4348 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
22:27:35.0204 4348 MsRPC - ok
22:27:35.0235 4348 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
22:27:35.0251 4348 mssmbios - ok
22:27:35.0267 4348 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
22:27:35.0298 4348 MSTEE - ok
22:27:35.0313 4348 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
22:27:35.0345 4348 MTConfig - ok
22:27:35.0360 4348 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
22:27:35.0376 4348 Mup - ok
22:27:35.0423 4348 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll
22:27:35.0469 4348 napagent - ok
22:27:35.0532 4348 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
22:27:35.0610 4348 NativeWifiP - ok
22:27:35.0657 4348 [ E7C54812A2AAF43316EB6930C1FFA108 ] NDIS C:\Windows\system32\drivers\ndis.sys
22:27:35.0688 4348 NDIS - ok
22:27:35.0703 4348 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
22:27:35.0750 4348 NdisCap - ok
22:27:35.0797 4348 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
22:27:35.0859 4348 NdisTapi - ok
22:27:35.0906 4348 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
22:27:35.0969 4348 Ndisuio - ok
22:27:36.0015 4348 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
22:27:36.0078 4348 NdisWan - ok
22:27:36.0109 4348 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
22:27:36.0156 4348 NDProxy - ok
22:27:36.0203 4348 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
22:27:36.0265 4348 NetBIOS - ok
22:27:36.0296 4348 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
22:27:36.0343 4348 NetBT - ok
22:27:36.0374 4348 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe
22:27:36.0390 4348 Netlogon - ok
22:27:36.0437 4348 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
22:27:36.0499 4348 Netman - ok
22:27:36.0515 4348 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
22:27:36.0577 4348 netprofm - ok
22:27:36.0608 4348 [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:27:36.0624 4348 NetTcpPortSharing - ok
22:27:36.0795 4348 [ 58218EC6B61B1169CF54AAB0D00F5FE2 ] netw5v32 C:\Windows\system32\DRIVERS\netw5v32.sys
22:27:36.0873 4348 netw5v32 - ok
22:27:36.0920 4348 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
22:27:36.0936 4348 nfrd960 - ok
22:27:36.0983 4348 [ 912084381D30D8B89EC4E293053F4710 ] NlaSvc C:\Windows\System32\nlasvc.dll
22:27:37.0029 4348 NlaSvc - ok
22:27:37.0061 4348 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
22:27:37.0107 4348 Npfs - ok
22:27:37.0154 4348 [ 6D8D2E5652FC2442C810C5D8BE784148 ] NSCIRDA C:\Windows\system32\DRIVERS\nscirda.sys
22:27:37.0185 4348 NSCIRDA - ok
22:27:37.0232 4348 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
22:27:37.0279 4348 nsi - ok
22:27:37.0326 4348 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
22:27:37.0373 4348 nsiproxy - ok
22:27:37.0435 4348 [ 5E43D2B0EE64123D4880DFA6626DEFDE ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
22:27:37.0482 4348 Ntfs - ok
22:27:37.0497 4348 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
22:27:37.0544 4348 Null - ok
22:27:37.0575 4348 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\Windows\system32\drivers\nvraid.sys
22:27:37.0591 4348 nvraid - ok
22:27:37.0622 4348 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\Windows\system32\drivers\nvstor.sys
22:27:37.0638 4348 nvstor - ok
22:27:37.0669 4348 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
22:27:37.0716 4348 nv_agp - ok
22:27:37.0731 4348 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
22:27:37.0763 4348 ohci1394 - ok
22:27:37.0825 4348 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:27:37.0856 4348 ose - ok
22:27:38.0075 4348 [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
22:27:38.0277 4348 osppsvc - ok
22:27:38.0324 4348 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
22:27:38.0371 4348 p2pimsvc - ok
22:27:38.0387 4348 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
22:27:38.0418 4348 p2psvc - ok
22:27:38.0465 4348 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
22:27:38.0511 4348 Parport - ok
22:27:38.0543 4348 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys
22:27:38.0558 4348 partmgr - ok
22:27:38.0574 4348 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
22:27:38.0621 4348 Parvdm - ok
22:27:38.0667 4348 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
22:27:38.0730 4348 PcaSvc - ok
22:27:38.0761 4348 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys
22:27:38.0777 4348 pci - ok
22:27:38.0808 4348 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys
22:27:38.0823 4348 pciide - ok
22:27:38.0855 4348 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
22:27:38.0870 4348 pcmcia - ok
22:27:38.0886 4348 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
22:27:38.0901 4348 pcw - ok
22:27:38.0979 4348 [ 20372BE109FEE1C37E2D5216680DB9EB ] PDF Architect Helper Service C:\Program Files\PDF Architect\HelperService.exe
22:27:39.0026 4348 PDF Architect Helper Service - ok
22:27:39.0057 4348 [ B90A279073A815A4AA2C45A09EE004FA ] PDF Architect Service C:\Program Files\PDF Architect\ConversionService.exe
22:27:39.0089 4348 PDF Architect Service - ok
22:27:39.0135 4348 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
22:27:39.0182 4348 PEAUTH - ok
22:27:39.0260 4348 [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
22:27:39.0338 4348 PeerDistSvc - ok
22:27:39.0432 4348 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll
22:27:39.0494 4348 pla - ok
22:27:39.0557 4348 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll
22:27:39.0619 4348 PlugPlay - ok
22:27:39.0650 4348 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
22:27:39.0681 4348 PNRPAutoReg - ok
22:27:39.0713 4348 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
22:27:39.0744 4348 PNRPsvc - ok
22:27:39.0775 4348 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
22:27:39.0869 4348 PolicyAgent - ok
22:27:39.0915 4348 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll
22:27:39.0962 4348 Power - ok
22:27:39.0993 4348 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
22:27:40.0040 4348 PptpMiniport - ok
22:27:40.0071 4348 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys
22:27:40.0087 4348 Processor - ok
22:27:40.0134 4348 [ 43CA4CCC22D52FB58E8988F0198851D0 ] ProfSvc C:\Windows\system32\profsvc.dll
22:27:40.0243 4348 ProfSvc - ok
22:27:40.0259 4348 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
22:27:40.0274 4348 ProtectedStorage - ok
22:27:40.0290 4348 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
22:27:40.0337 4348 Psched - ok
22:27:40.0399 4348 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
22:27:40.0461 4348 ql2300 - ok
22:27:40.0493 4348 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
22:27:40.0508 4348 ql40xx - ok
22:27:40.0555 4348 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
22:27:40.0602 4348 QWAVE - ok
22:27:40.0617 4348 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
22:27:40.0664 4348 QWAVEdrv - ok
22:27:40.0680 4348 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
22:27:40.0727 4348 RasAcd - ok
22:27:40.0789 4348 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
22:27:40.0851 4348 RasAgileVpn - ok
22:27:40.0883 4348 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
22:27:40.0914 4348 RasAuto - ok
22:27:40.0961 4348 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
22:27:40.0992 4348 Rasl2tp - ok
22:27:41.0039 4348 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll
22:27:41.0085 4348 RasMan - ok
22:27:41.0101 4348 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
22:27:41.0148 4348 RasPppoe - ok
22:27:41.0163 4348 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
22:27:41.0210 4348 RasSstp - ok
22:27:41.0241 4348 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
22:27:41.0319 4348 rdbss - ok
22:27:41.0351 4348 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
22:27:41.0397 4348 rdpbus - ok
22:27:41.0429 4348 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
22:27:41.0475 4348 RDPCDD - ok
22:27:41.0507 4348 [ B973FCFC50DC1434E1970A146F7E3885 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
22:27:41.0538 4348 RDPDR - ok
22:27:41.0569 4348 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
22:27:41.0616 4348 RDPENCDD - ok
22:27:41.0631 4348 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
22:27:41.0678 4348 RDPREFMP - ok
22:27:41.0725 4348 [ 68A0387F58E226DEEE23D9715955572A ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
22:27:41.0787 4348 RdpVideoMiniport - ok
22:27:41.0803 4348 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
22:27:41.0834 4348 RDPWD - ok
22:27:41.0897 4348 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
22:27:41.0928 4348 rdyboost - ok
22:27:41.0959 4348 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
22:27:42.0037 4348 RemoteAccess - ok
22:27:42.0084 4348 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
22:27:42.0131 4348 RemoteRegistry - ok
22:27:42.0162 4348 [ CB928D9E6DAF51879DD6BA8D02F01321 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
22:27:42.0209 4348 RFCOMM - ok
22:27:42.0240 4348 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
22:27:42.0287 4348 RpcEptMapper - ok
22:27:42.0318 4348 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
22:27:42.0380 4348 RpcLocator - ok
22:27:42.0412 4348 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\System32\rpcss.dll
22:27:42.0443 4348 RpcSs - ok
22:27:42.0490 4348 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
22:27:42.0552 4348 rspndr - ok
22:27:42.0583 4348 [ 7FA7F2E249A5DCBB7970630E15E1F482 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
22:27:42.0614 4348 s3cap - ok
22:27:42.0630 4348 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe
22:27:42.0661 4348 SamSs - ok
22:27:42.0692 4348 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
22:27:42.0708 4348 sbp2port - ok
22:27:42.0739 4348 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
22:27:42.0786 4348 SCardSvr - ok
22:27:42.0786 4348 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
22:27:42.0833 4348 scfilter - ok
22:27:42.0895 4348 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll
22:27:42.0973 4348 Schedule - ok
22:27:43.0004 4348 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll
22:27:43.0036 4348 SCPolicySvc - ok
22:27:43.0067 4348 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll
22:27:43.0098 4348 SDRSVC - ok
22:27:43.0145 4348 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
22:27:43.0176 4348 secdrv - ok
22:27:43.0207 4348 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
22:27:43.0254 4348 seclogon - ok
22:27:43.0270 4348 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\system32\sens.dll
22:27:43.0316 4348 SENS - ok
22:27:43.0332 4348 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
22:27:43.0363 4348 SensrSvc - ok
22:27:43.0379 4348 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
22:27:43.0394 4348 Serenum - ok
22:27:43.0410 4348 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
22:27:43.0457 4348 Serial - ok
22:27:43.0472 4348 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
22:27:43.0504 4348 sermouse - ok
22:27:43.0550 4348 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll
22:27:43.0582 4348 SessionEnv - ok
22:27:43.0613 4348 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
22:27:43.0644 4348 sffdisk - ok
22:27:43.0660 4348 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
22:27:43.0691 4348 sffp_mmc - ok
22:27:43.0722 4348 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
22:27:43.0738 4348 sffp_sd - ok
22:27:43.0769 4348 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
22:27:43.0800 4348 sfloppy - ok
22:27:43.0862 4348 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
22:27:43.0956 4348 SharedAccess - ok
22:27:43.0987 4348 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
22:27:44.0034 4348 ShellHWDetection - ok
22:27:44.0050 4348 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys
22:27:44.0081 4348 sisagp - ok
22:27:44.0128 4348 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
22:27:44.0143 4348 SiSRaid2 - ok
22:27:44.0159 4348 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
22:27:44.0174 4348 SiSRaid4 - ok
22:27:44.0221 4348 [ 3467821FD04A66C9786DF0C8C0219A73 ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
22:27:44.0252 4348 SkypeUpdate - ok
22:27:44.0284 4348 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
22:27:44.0315 4348 Smb - ok
22:27:44.0377 4348 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
22:27:44.0408 4348 SNMPTRAP - ok
22:27:44.0424 4348 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
22:27:44.0440 4348 spldr - ok
22:27:44.0502 4348 [ 866A43013535DC8587C258E43579C764 ] Spooler C:\Windows\System32\spoolsv.exe
22:27:44.0549 4348 Spooler - ok
22:27:44.0689 4348 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe
22:27:44.0783 4348 sppsvc - ok
22:27:44.0814 4348 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll
22:27:44.0845 4348 sppuinotify - ok
22:27:44.0876 4348 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys
22:27:44.0923 4348 srv - ok
22:27:44.0954 4348 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
22:27:44.0986 4348 srv2 - ok
22:27:45.0048 4348 [ E00FDFAFF025E94F9821153750C35A6D ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL3.SYS
22:27:45.0079 4348 SrvHsfHDA - ok
22:27:45.0126 4348 [ CEB4E3B6890E1E42DCA6694D9E59E1A0 ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV3.SYS
22:27:45.0173 4348 SrvHsfV92 - ok
22:27:45.0204 4348 [ BC0C7EA89194C299F051C24119000E17 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
22:27:45.0235 4348 SrvHsfWinac - ok
22:27:45.0282 4348 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
22:27:45.0344 4348 srvnet - ok
22:27:45.0391 4348 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
22:27:45.0469 4348 SSDPSRV - ok
22:27:45.0500 4348 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\Windows\system32\DRIVERS\ssmdrv.sys
22:27:45.0500 4348 ssmdrv - ok
22:27:45.0516 4348 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
22:27:45.0563 4348 SstpSvc - ok
22:27:45.0610 4348 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
22:27:45.0625 4348 stexstor - ok
22:27:45.0672 4348 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll
22:27:45.0719 4348 StiSvc - ok
22:27:45.0734 4348 [ 472AF0311073DCECEAA8FA18BA2BDF89 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
22:27:45.0750 4348 storflt - ok
22:27:45.0781 4348 [ DCAFFD62259E0BDB433DD67B5BB37619 ] storvsc C:\Windows\system32\drivers\storvsc.sys
22:27:45.0797 4348 storvsc - ok
22:27:45.0812 4348 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\drivers\swenum.sys
22:27:45.0828 4348 swenum - ok
22:27:45.0859 4348 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
22:27:45.0953 4348 swprv - ok
22:27:45.0953 4348 Synth3dVsc - ok
22:27:46.0015 4348 [ D7DC30B8B41E7A913C3FCCC0631E72EC ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
22:27:46.0046 4348 SynTP - ok
22:27:46.0124 4348 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll
22:27:46.0171 4348 SysMain - ok
22:27:46.0202 4348 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
22:27:46.0249 4348 TabletInputService - ok
22:27:46.0280 4348 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll
22:27:46.0327 4348 TapiSrv - ok
22:27:46.0374 4348 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
22:27:46.0405 4348 TBS - ok
22:27:46.0468 4348 [ 7C0507D2391AF5933600CBCED799F277 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
22:27:46.0530 4348 Tcpip - ok
22:27:46.0561 4348 [ 7C0507D2391AF5933600CBCED799F277 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
22:27:46.0592 4348 TCPIP6 - ok
22:27:46.0639 4348 [ CCA24162E055C3714CE5A88B100C64ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
22:27:46.0686 4348 tcpipreg - ok
22:27:46.0717 4348 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
22:27:46.0748 4348 TDPIPE - ok
22:27:46.0780 4348 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
22:27:46.0811 4348 TDTCP - ok
22:27:46.0842 4348 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
22:27:46.0889 4348 tdx - ok
22:27:46.0904 4348 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\drivers\termdd.sys
22:27:46.0920 4348 TermDD - ok
22:27:46.0967 4348 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll
22:27:47.0029 4348 TermService - ok
22:27:47.0060 4348 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
22:27:47.0092 4348 Themes - ok
22:27:47.0123 4348 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
22:27:47.0154 4348 THREADORDER - ok
22:27:47.0201 4348 [ 5AD05191DC8B444A7BA4D79B76C42A30 ] TPM C:\Windows\system32\drivers\tpm.sys
22:27:47.0216 4348 TPM - ok
22:27:47.0248 4348 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
22:27:47.0294 4348 TrkWks - ok
22:27:47.0372 4348 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
22:27:47.0435 4348 TrustedInstaller - ok
22:27:47.0482 4348 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
22:27:47.0544 4348 tssecsrv - ok
22:27:47.0591 4348 [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
22:27:47.0622 4348 TsUsbFlt - ok
22:27:47.0622 4348 tsusbhub - ok
22:27:47.0684 4348 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
22:27:47.0731 4348 tunnel - ok
22:27:47.0762 4348 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
22:27:47.0778 4348 uagp35 - ok
22:27:47.0825 4348 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys
22:27:47.0887 4348 udfs - ok
22:27:47.0934 4348 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
22:27:47.0965 4348 UI0Detect - ok
22:27:47.0996 4348 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
22:27:48.0012 4348 uliagpkx - ok
22:27:48.0043 4348 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\drivers\umbus.sys
22:27:48.0059 4348 umbus - ok
22:27:48.0106 4348 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
22:27:48.0137 4348 UmPass - ok
22:27:48.0199 4348 [ 409994A8EACEEE4E328749C0353527A0 ] UmRdpService C:\Windows\System32\umrdp.dll
22:27:48.0230 4348 UmRdpService - ok
22:27:48.0293 4348 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
22:27:48.0324 4348 upnphost - ok
22:27:48.0371 4348 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
22:27:48.0402 4348 usbccgp - ok
22:27:48.0449 4348 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys
22:27:48.0496 4348 usbcir - ok
22:27:48.0511 4348 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
22:27:48.0527 4348 usbehci - ok
22:27:48.0558 4348 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
22:27:48.0589 4348 usbhub - ok
22:27:48.0605 4348 [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci C:\Windows\system32\drivers\usbohci.sys
22:27:48.0636 4348 usbohci - ok
22:27:48.0667 4348 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
22:27:48.0714 4348 usbprint - ok
22:27:48.0761 4348 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:27:48.0792 4348 USBSTOR - ok
22:27:48.0823 4348 [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
22:27:48.0839 4348 usbuhci - ok
22:27:48.0870 4348 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
22:27:48.0917 4348 UxSms - ok
22:27:48.0948 4348 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe
22:27:48.0964 4348 VaultSvc - ok
22:27:48.0995 4348 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
22:27:49.0010 4348 vdrvroot - ok
22:27:49.0057 4348 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe
22:27:49.0104 4348 vds - ok
22:27:49.0151 4348 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
22:27:49.0229 4348 vga - ok
22:27:49.0260 4348 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
22:27:49.0291 4348 VgaSave - ok
22:27:49.0307 4348 VGPU - ok
22:27:49.0385 4348 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
22:27:49.0416 4348 vhdmp - ok
22:27:49.0447 4348 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys
22:27:49.0463 4348 viaagp - ok
22:27:49.0478 4348 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
22:27:49.0510 4348 ViaC7 - ok
22:27:49.0541 4348 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys
22:27:49.0556 4348 viaide - ok
22:27:49.0572 4348 [ C2F2911156FDC7817C52829C86DA494E ] vmbus C:\Windows\system32\drivers\vmbus.sys
22:27:49.0603 4348 vmbus - ok
22:27:49.0619 4348 [ D4D77455211E204F370D08F4963063CE ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
22:27:49.0634 4348 VMBusHID - ok
22:27:49.0650 4348 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys
22:27:49.0666 4348 volmgr - ok
22:27:49.0697 4348 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
22:27:49.0744 4348 volmgrx - ok
22:27:49.0759 4348 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
22:27:49.0775 4348 volsnap - ok
22:27:49.0806 4348 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
22:27:49.0822 4348 vsmraid - ok
22:27:49.0884 4348 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe
22:27:49.0978 4348 VSS - ok
22:27:50.0009 4348 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
22:27:50.0040 4348 vwifibus - ok
22:27:50.0071 4348 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
22:27:50.0134 4348 W32Time - ok
22:27:50.0165 4348 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
22:27:50.0180 4348 WacomPen - ok
22:27:50.0227 4348 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
22:27:50.0274 4348 WANARP - ok
22:27:50.0290 4348 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
22:27:50.0321 4348 Wanarpv6 - ok
22:27:50.0383 4348 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe
22:27:50.0430 4348 wbengine - ok
22:27:50.0492 4348 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
22:27:50.0539 4348 WbioSrvc - ok
22:27:50.0586 4348 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll
22:27:50.0633 4348 wcncsvc - ok
22:27:50.0664 4348 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
22:27:50.0695 4348 WcsPlugInService - ok
22:27:50.0726 4348 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys
22:27:50.0742 4348 Wd - ok
22:27:50.0773 4348 [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
22:27:50.0789 4348 Wdf01000 - ok
22:27:50.0836 4348 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
22:27:50.0867 4348 WdiServiceHost - ok
22:27:50.0867 4348 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
22:27:50.0898 4348 WdiSystemHost - ok
22:27:50.0929 4348 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll
22:27:50.0976 4348 WebClient - ok
22:27:50.0992 4348 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
22:27:51.0038 4348 Wecsvc - ok
22:27:51.0054 4348 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
22:27:51.0085 4348 wercplsupport - ok
22:27:51.0116 4348 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
22:27:51.0163 4348 WerSvc - ok
22:27:51.0210 4348 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
22:27:51.0257 4348 WfpLwf - ok
22:27:51.0272 4348 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
22:27:51.0288 4348 WIMMount - ok
22:27:51.0335 4348 [ 5A77AC34A0FFB70CE8B35B524FEDE9BA ] winachsf C:\Windows\system32\DRIVERS\HSX_CNXT.sys
22:27:51.0366 4348 winachsf - ok
22:27:51.0444 4348 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
22:27:51.0506 4348 WinDefend - ok
22:27:51.0506 4348 WinHttpAutoProxySvc - ok
22:27:51.0584 4348 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
22:27:51.0616 4348 Winmgmt - ok
22:27:51.0678 4348 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll
22:27:51.0756 4348 WinRM - ok
22:27:51.0803 4348 [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb C:\Windows\system32\DRIVERS\WinUSB.sys
22:27:51.0834 4348 WinUsb - ok
22:27:51.0896 4348 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
22:27:51.0959 4348 Wlansvc - ok
22:27:51.0990 4348 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
22:27:52.0037 4348 WmiAcpi - ok
22:27:52.0084 4348 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
22:27:52.0115 4348 wmiApSrv - ok
22:27:52.0224 4348 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
22:27:52.0271 4348 WMPNetworkSvc - ok
22:27:52.0302 4348 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
22:27:52.0318 4348 WPCSvc - ok
22:27:52.0364 4348 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
22:27:52.0396 4348 WPDBusEnum - ok
22:27:52.0427 4348 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
22:27:52.0505 4348 ws2ifsl - ok
22:27:52.0552 4348 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\system32\wscsvc.dll
22:27:52.0567 4348 wscsvc - ok
22:27:52.0567 4348 WSearch - ok
22:27:52.0661 4348 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
22:27:52.0739 4348 wuauserv - ok
22:27:52.0770 4348 [ E714A1C0354636837E20CCBF00888EE7 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
22:27:52.0801 4348 WudfPf - ok
22:27:52.0864 4348 [ 1023EE888C9B47178C5293ED5336AB69 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
22:27:52.0926 4348 WUDFRd - ok
22:27:52.0973 4348 [ 8D1E1E529A2C9E9B6A85B55A345F7629 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
22:27:53.0020 4348 wudfsvc - ok
22:27:53.0051 4348 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll
22:27:53.0098 4348 WwanSvc - ok
22:27:53.0129 4348 [ 88AF537264F2B818DA15479CEEAF5D7C ] XAudio C:\Windows\system32\DRIVERS\xaudio.sys
22:27:53.0160 4348 XAudio - ok
22:27:53.0191 4348 [ 15A317674A08DF26BE65164D959E9203 ] XAudioService C:\Windows\system32\DRIVERS\xaudio.exe
22:27:53.0222 4348 XAudioService - ok
22:27:53.0254 4348 ================ Scan global ===============================
22:27:53.0300 4348 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
22:27:53.0316 4348 [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
22:27:53.0332 4348 [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
22:27:53.0363 4348 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
22:27:53.0410 4348 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
22:27:53.0425 4348 [Global] - ok
22:27:53.0425 4348 ================ Scan MBR ==================================
22:27:53.0441 4348 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
22:27:53.0706 4348 \Device\Harddisk0\DR0 - ok
22:27:53.0706 4348 ================ Scan VBR ==================================
22:27:53.0722 4348 [ 580CA3902D5F4F13236AC3E3CA42D136 ] \Device\Harddisk0\DR0\Partition1
22:27:53.0722 4348 \Device\Harddisk0\DR0\Partition1 - ok
22:27:53.0722 4348 ============================================================
22:27:53.0722 4348 Scan finished
22:27:53.0722 4348 ============================================================
22:27:53.0737 4124 Detected object count: 0
22:27:53.0737 4124 Actual detected object count: 0
22:33:59.0545 3848 Deinitialize success
|
|
12.05.2013, 21:37
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/Crypt.EPACK.Gen2 und TR/Dropper.Gen Rechner hängt sich auf (Firefox) Du hast das falsche Log von MBAR gepostet
__________________ Logfiles bitte immer in CODE-Tags posten |
|
12.05.2013, 22:16
| #15 |
| | TR/Crypt.EPACK.Gen2 und TR/Dropper.Gen Rechner hängt sich auf (Firefox)Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.05.0.1001
www.malwarebytes.org
Database version: v2013.05.12.05
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
AJ :: TRASHER [administrator]
12/05/2013 21:11:56
mbar-log-2013-05-12 (21-11-56).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 25534
Time elapsed: 8 minute(s), 35 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
|
|
| Themen zu TR/Crypt.EPACK.Gen2 und TR/Dropper.Gen Rechner hängt sich auf (Firefox) |
| avira, bilder, erkannt, escan, firefox, folge, folgende, folgenden, hallo zusammen, hänge, hängen, hängt, hängt sich auf, install.exe, msiinstaller, neue, neuen, nichts, plug-in, reagiert, rechner, rechner hängt sich auf, richtig, setup, tr/crypt.epack.gen2, tr/dropper.gen, updates, zusammen |
Linear-Darstellung
