| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Kaspersky findet: Trojaner HEUR:Trojan.Script.GenericWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
11.05.2013, 16:49
| #1 |
 |  Kaspersky findet: Trojaner HEUR:Trojan.Script.Generic Hallo, gestern hat Kaspersky zwei Trojaner gemeldet und den einen in die Quarantäne gesetzt. Der Andere steht auf Inaktiv. Wenn ich das richtig sehe, kommt einer davon aus Ebay. Ich habe die hier genannten Programm durchlaufen lassen: Code:
ATTFilter OTL logfile created on: 5/11/2013 5:22:54 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Downloads 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3.87 Gb Total Physical Memory | 2.54 Gb Available Physical Memory | 65.65% Memory free 7.74 Gb Paging File | 6.51 Gb Available in Paging File | 84.04% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 230.19 Gb Total Space | 185.67 Gb Free Space | 80.66% Space Free | Partition Type: NTFS Drive D: | 217.90 Gb Total Space | 217.80 Gb Free Space | 99.96% Space Free | Partition Type: NTFS Computer Name: *** | User Name: Anwender | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013/05/11 17:21:30 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Downloads\OTL.exe PRC - [2012/12/18 21:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012/05/22 08:38:56 | 000,160,872 | ---- | M] (Geek Software GmbH) -- C:\Program Files (x86)\PDF24\pdf24.exe PRC - [2012/03/19 13:38:47 | 002,666,880 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe PRC - [2012/03/12 15:30:06 | 000,897,024 | ---- | M] (Conexant Systems, Inc) -- C:\Program Files\Conexant\SAII\SmartAudio.exe PRC - [2011/09/01 15:19:56 | 000,440,320 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\SysWOW64\SASrv.exe PRC - [2010/11/17 14:26:10 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2010/11/17 14:26:08 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2010/03/30 08:40:20 | 000,113,296 | ---- | M] (NEC Electronics Corporation) -- C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe PRC - [2009/12/17 03:07:04 | 000,341,304 | ---- | M] (AVM Berlin) -- C:\Program Files (x86)\FRITZ!\IWatch.exe ========== Modules (No Company Name) ========== MOD - [2013/02/16 12:58:40 | 001,670,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\7366a39c36523a084bc11c230929ff92\Microsoft.VisualBasic.ni.dll MOD - [2013/02/16 12:58:39 | 001,874,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\SmartAudio\7f2bf37f8a9e93b10371fb98e1de9c6e\SmartAudio.ni.exe MOD - [2013/02/16 11:50:54 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll MOD - [2013/01/10 04:39:46 | 000,220,672 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\5baea82888a13fa558004b24e3b107cf\CustomMarshalers.ni.dll MOD - [2013/01/10 04:39:45 | 000,283,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Interop.CxHDAudioAP#\17d80cb05b074470c1e8d07eb3bc7a8c\Interop.CxHDAudioAPILib.ni.dll MOD - [2013/01/10 04:28:56 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d7d20811a7ce7cc589153648cbb1ce5c\PresentationFramework.Aero.ni.dll MOD - [2013/01/10 04:28:43 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll MOD - [2013/01/10 04:28:35 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\ff7c9a4f41f7cccc47e696c11b9f8469\PresentationFramework.ni.dll MOD - [2013/01/10 04:28:17 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll MOD - [2013/01/10 04:28:14 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\19b3d17c3ce0e264c4fb62028161adf7\PresentationCore.ni.dll MOD - [2013/01/10 04:28:06 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll MOD - [2013/01/10 04:28:02 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll MOD - [2013/01/10 04:27:59 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll MOD - [2013/01/10 04:27:58 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll MOD - [2013/01/10 04:27:49 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll MOD - [2012/03/12 15:30:08 | 000,958,976 | ---- | M] () -- C:\Program Files\Conexant\SAII\SmartAudio.Desktop.dll MOD - [2011/02/11 16:46:15 | 000,167,936 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Xml.resources\2.0.0.0_de_b77a5c561934e089\System.Xml.resources.dll MOD - [2010/11/21 05:24:01 | 000,069,120 | ---- | M] () -- C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll ========== Services (SafeList) ========== SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV:64bit: - [2009/07/14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV:64bit: - [2009/07/14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2013/04/26 22:02:19 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013/04/10 08:56:49 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012/12/18 21:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012/10/30 15:18:43 | 000,206,448 | ---- | M] (Kaspersky Lab ZAO) [Auto | Stopped] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe -- (AVP) SRV - [2012/03/19 23:44:20 | 000,276,248 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs) SRV - [2012/03/19 13:38:47 | 002,666,880 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7) SRV - [2011/09/01 15:19:56 | 000,440,320 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\SASrv.exe -- (SAService) SRV - [2010/11/17 14:26:10 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2010/11/17 14:26:08 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2010/03/18 22:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012/10/30 15:19:03 | 000,637,272 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF) DRV:64bit: - [2012/04/13 16:11:46 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2012/04/13 16:11:46 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2012/03/19 23:32:04 | 014,745,600 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2012/03/07 13:12:06 | 001,581,696 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService) DRV:64bit: - [2012/03/01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012/01/11 12:30:58 | 000,360,624 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress) DRV:64bit: - [2011/11/29 19:40:32 | 000,568,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2011/04/13 09:53:42 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd) DRV:64bit: - [2011/03/10 18:36:24 | 000,029,488 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6) DRV:64bit: - [2011/03/04 13:23:28 | 000,011,864 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kl2.sys -- (kl2) DRV:64bit: - [2011/03/04 13:23:24 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (KL1) DRV:64bit: - [2010/11/21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010/11/21 05:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc) DRV:64bit: - [2010/11/21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010/11/21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010/10/19 17:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2010/02/24 11:10:18 | 000,181,248 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc) DRV:64bit: - [2010/02/24 11:10:16 | 000,078,336 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub) DRV:64bit: - [2009/11/02 20:27:10 | 000,022,544 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt) DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/07/14 02:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM) DRV:64bit: - [2009/07/14 01:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM) DRV:64bit: - [2009/06/10 22:36:03 | 000,899,328 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\fpcibase.sys -- (FPCIBASE) DRV:64bit: - [2009/06/10 22:36:02 | 000,079,872 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avmcowan.sys -- (AVMCOWAN) DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {32B44E8F-207F-427F-91E1-0A278E8491C5} IE:64bit: - HKLM\..\SearchScopes\{32B44E8F-207F-427F-91E1-0A278E8491C5}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7FTSG IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {32B44E8F-207F-427F-91E1-0A278E8491C5} IE - HKLM\..\SearchScopes\{32B44E8F-207F-427F-91E1-0A278E8491C5}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7FTSG IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ts.fujitsu.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.google.com/ig/redirectd [Binary data over 200 bytes] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.google.com/ig/redirectd [Binary data over 200 bytes] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ts.fujitsu.com IE - HKCU\..\SearchScopes,DefaultScope = {32B44E8F-207F-427F-91E1-0A278E8491C5} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_169.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru [2012/10/30 15:19:04 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru [2012/10/30 15:19:04 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\KavAntiBanner@Kaspersky.ru [2012/10/30 15:19:04 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/04/26 21:55:14 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/04/26 21:55:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013/04/10 08:57:39 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2013/04/10 10:18:46 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2013/04/10 10:18:46 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2013/04/10 10:18:46 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2013/04/10 10:18:46 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2013/04/10 10:18:46 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2013/04/10 10:18:46 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009/06/10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll (Kaspersky Lab ZAO) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation) O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO) O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found. O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe (Conexant Systems, Inc.) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SACpl.exe (Conexant Systems, Inc.) O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO) O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation) O4 - HKLM..\Run: [PDFPrint] C:\Program Files (x86)\PDF24\pdf24.exe (Geek Software GmbH) O4:64bit: - HKLM..\RunOnce: [BrowserChoice] C:\Windows\SysNative\browserchoice.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 File not found O9:64bit: - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll (Kaspersky Lab ZAO) O9:64bit: - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO) O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO) O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6BA35DE4-8F5F-4A20-8D4E-29B3F9326D55}: DhcpNameServer = 192.168.2.1 192.168.2.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O20:64bit: - Winlogon\Notify\klogon: DllName - (%SystemRoot%\System32\klogon.dll) - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013/04/26 22:10:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN [2013/04/26 22:08:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe [2013/04/26 22:08:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe [2013/04/26 22:08:25 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2013/04/26 21:48:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun [2013/04/26 21:48:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2013/04/26 21:47:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java ========== Files - Modified Within 30 Days ========== [2013/05/11 17:20:14 | 000,000,000 | ---- | M] () -- C:\Users\Anwender\defogger_reenable [2013/05/11 16:37:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013/05/11 08:08:08 | 000,016,768 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013/05/11 08:08:08 | 000,016,768 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013/05/11 08:06:53 | 001,612,484 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013/05/11 08:06:53 | 000,696,620 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013/05/11 08:06:53 | 000,651,938 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013/05/11 08:06:53 | 000,147,916 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013/05/11 08:06:53 | 000,120,870 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013/05/11 08:00:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013/05/11 08:00:48 | 3118,350,336 | -HS- | M] () -- C:\hiberfil.sys [2013/04/26 22:10:18 | 000,001,072 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk [2013/04/26 22:08:44 | 000,002,025 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk [2013/04/26 21:55:15 | 000,001,153 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk ========== Files Created - No Company Name ========== [2013/05/11 17:20:14 | 000,000,000 | ---- | C] () -- C:\Users\Anwender\defogger_reenable [2013/04/26 22:10:18 | 000,001,072 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk [2013/04/26 22:08:44 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk [2013/04/26 22:08:44 | 000,002,025 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk [2012/04/13 16:08:20 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin [2012/03/19 23:31:16 | 000,963,912 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin [2012/03/19 23:31:16 | 000,261,208 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin [2012/03/19 23:25:58 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll [2012/03/19 22:21:14 | 013,212,672 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll [2011/08/12 11:47:01 | 000,040,448 | ---- | C] () -- C:\Windows\REGOBJ.DLL ========== ZeroAccess Check ========== [2009/07/14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012/05/25 16:53:34 | 000,000,000 | ---D | M] -- C:\Users\Anwender\AppData\Roaming\FRITZ! [2012/05/25 12:27:48 | 000,000,000 | ---D | M] -- C:\Users\Anwender\AppData\Roaming\Fujitsu Launch Center ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 5/11/2013 5:22:54 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3.87 Gb Total Physical Memory | 2.54 Gb Available Physical Memory | 65.65% Memory free
7.74 Gb Paging File | 6.51 Gb Available in Paging File | 84.04% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 230.19 Gb Total Space | 185.67 Gb Free Space | 80.66% Space Free | Partition Type: NTFS
Drive D: | 217.90 Gb Total Space | 217.80 Gb Free Space | 99.96% Space Free | Partition Type: NTFS
Computer Name: *** | User Name: Anwender | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03647B49-03B5-4497-A591-98A6757C9FF8}" = lport=445 | protocol=6 | dir=in | app=system |
"{170A0703-1F95-4C14-A4B8-3E58DF36377A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{2D5D1557-6D37-4862-858A-AABD7D244E5A}" = rport=139 | protocol=6 | dir=out | app=system |
"{40F719D8-2B6F-4BB2-B0C4-08337FF9C32E}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{490C2A2C-6A03-4A52-BF6D-FBDDEC3CCA45}" = lport=139 | protocol=6 | dir=in | app=system |
"{52BCFC5B-335A-4B88-AE06-25E23B523327}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{5949A226-C38B-491A-9288-1DBA7F064871}" = rport=137 | protocol=17 | dir=out | app=system |
"{64B69C91-CB50-4397-A773-B444252D4B76}" = rport=445 | protocol=6 | dir=out | app=system |
"{6844CEEB-5AF1-4516-A406-1D25F007E347}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6DF092AB-7709-4E34-A3E4-DB7605CD55F7}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{799575C4-FC61-4CF4-B09E-D2A22824EF0C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7B2AE9EA-E278-4CFD-B9BA-15CA9CE41B81}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{93980BB2-80C8-42B3-ACD0-0DB114FDF3AE}" = rport=138 | protocol=17 | dir=out | app=system |
"{A381539A-72DF-4A94-A47D-D44699B2D8DE}" = lport=138 | protocol=17 | dir=in | app=system |
"{B1189A93-ECF1-43AE-AA61-FA0F2E8BB64B}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{CBF2420F-4BAF-4165-9417-E303A5903925}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{D1F9C906-29F4-47B0-9C82-E985EE661C1F}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{F258A6D0-262A-45CA-8240-8D3B8439C51E}" = lport=137 | protocol=17 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07773604-1471-4024-A051-6D0BC558B38C}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |
"{36B8F770-0B8A-41B7-81C9-19B56B08AEDE}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{5FB4D5B7-2CEF-4CB7-B0AA-53C1AED78C7B}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{6DD0D9A9-0650-428B-9E92-08D462268E81}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{878D9AA7-C66B-4A0B-9E18-96D44CDA9152}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{92758C8C-BFE0-42CE-943D-D6DFDC7DE75B}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |
"{C1349FB7-4EA6-4E52-8497-E8BF553D805D}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |
"{C66F65A1-E382-43EE-A1B3-F12375E69228}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |
"{D10DBC60-CB58-4EC3-A342-401D87546B42}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{D2E8E590-5879-4AA1-BD4C-5A6233C605B3}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{E15C82AA-C4B4-4DF0-8D3F-F41E30200CA3}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{E8A2F9E5-B2E6-4BE5-A29A-C0E07132966D}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{F27E9436-08C0-4E46-B44C-D98E3FD1E938}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"TCP Query User{E8CA6199-4625-4393-9A12-56910ADAE828}C:\windows\system32\wfs.exe" = protocol=6 | dir=in | app=c:\windows\system32\wfs.exe |
"UDP Query User{0A4AF9C7-6F20-462F-B1D7-EDEC2F757418}C:\windows\system32\wfs.exe" = protocol=17 | dir=in | app=c:\windows\system32\wfs.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4700_series" = Canon iP4700 series Printer Driver
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4803" = CanoScan 4400F
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CNXT_AUDIO_HDA" = Conexant HD Audio
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83217021FF}" = Java 7 Update 21
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Internet Security 2012
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 4.6.0
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A066194B-DC8F-449A-8E0F-B57BDD3A2072}" = SyncToy 2.1 (x86)
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D3A80508-CD83-4CA3-8671-914A1BC78B61}" = Microsoft Sync Framework 2.0 Provider Services (x86) ENU
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FF63121D-91C6-42CC-B341-F1AA729728E7}" = Microsoft Sync Framework 2.0 Core Components (x86) ENU
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"CanoScan Toolbox 5.0" = Canon CanoScan Toolbox 5.0
"DeskUpdate_is1" = DeskUpdate 4.12
"FRITZ! 2.0" = AVM FRITZ!
"InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"InstallWIX_{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Internet Security 2012
"Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.SingleImage" = Microsoft Office Home and Business 2010
"TeamViewer 7" = TeamViewer 7
"VLC media player" = VLC media player 2.0.6
"WinLiveSuite" = Windows Live Essentials
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 5/3/2013 7:30:41 AM | Computer Name = *** | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 20.0.1.4847,
Zeitstempel: 0x51650aee Name des fehlerhaften Moduls: xul.dll, Version: 20.0.1.4847,
Zeitstempel: 0x51650a09 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000b10e8 ID des fehlerhaften
Prozesses: 0xe34 Startzeit der fehlerhaften Anwendung: 0x01ce47f18f0f5403 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\firefox.exe Pfad
des fehlerhaften Moduls: C:\Program Files (x86)\Mozilla Firefox\xul.dll Berichtskennung:
e212be73-b3e4-11e2-8253-404e57434401
Error - 5/6/2013 2:34:21 AM | Computer Name = *** | Source = WinMgmt | ID = 10
Description =
Error - 5/6/2013 2:41:10 AM | Computer Name = *** | Source = WinMgmt | ID = 10
Description =
Error - 5/6/2013 7:26:24 AM | Computer Name = *** | Source = WinMgmt | ID = 10
Description =
Error - 5/7/2013 2:42:21 AM | Computer Name = *** | Source = WinMgmt | ID = 10
Description =
Error - 5/7/2013 6:08:07 AM | Computer Name = *** | Source = WinMgmt | ID = 10
Description =
Error - 5/8/2013 1:46:58 AM | Computer Name = ***| Source = WinMgmt | ID = 10
Description =
Error - 5/9/2013 4:08:50 AM | Computer Name = ***| Source = WinMgmt | ID = 10
Description =
Error - 5/10/2013 1:58:52 AM | Computer Name = ***| Source = WinMgmt | ID = 10
Description =
Error - 5/11/2013 2:02:44 AM | Computer Name = ***| Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 2/27/2013 3:08:10 AM | Computer Name = ***| Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?26.?02.?2013 um 21:31:54 unerwartet heruntergefahren.
Error - 3/5/2013 2:46:52 AM | Computer Name = ***| Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?04.?03.?2013 um 18:17:24 unerwartet heruntergefahren.
Error - 3/6/2013 3:02:30 AM | Computer Name = ***| Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?05.?03.?2013 um 21:44:05 unerwartet heruntergefahren.
Error - 3/9/2013 4:57:47 AM | Computer Name = ***| Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?08.?03.?2013 um 21:35:23 unerwartet heruntergefahren.
Error - 3/13/2013 4:01:12 PM | Computer Name = ELEKTROKFRANZ | Source = DCOM | ID = 10010
Description =
Error - 3/14/2013 4:47:24 AM | Computer Name = ***| Source = Application Popup | ID = 877
Description = Fehler [DATABASE OPEN FAILED] beim Verarbeiten der Treiberdatenbank.
Error - 3/26/2013 12:49:35 PM | Computer Name = ***| Source = Microsoft-Windows-LanguagePackSetup | ID = 1000
Description = Fehler bei der CBS-Clientinitialisierung. Letzter Fehler: 0x8007045b
Error - 3/26/2013 12:50:19 PM | Computer Name = ***| Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?26.?03.?2013 um 17:49:09 unerwartet heruntergefahren.
Error - 3/30/2013 8:06:48 AM | Computer Name = ***| Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?29.?03.?2013 um 19:21:44 unerwartet heruntergefahren.
Error - 4/2/2013 1:35:25 AM | Computer Name = ***| Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?01.?04.?2013 um 19:46:12 unerwartet heruntergefahren.
< End of report >
Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-05-11 17:37:20
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.JP2O 465,76GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\Anwender\AppData\Local\Temp\uxldruob.sys
---- Kernel code sections - GMER 2.1 ----
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 560 fffff80002bfd000 65 bytes [00, 00, 15, 02, 46, 69, 6C, ...]
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 626 fffff80002bfd042 4 bytes [00, 00, 00, 00]
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4196] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000751c1465 2 bytes [1C, 75]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4196] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000751c14bb 2 bytes [1C, 75]
.text ... * 2
---- Threads - GMER 2.1 ----
Thread C:\Windows\System32\svchost.exe [2800:4420] 000007fef2e59688
---- EOF - GMER 2.1 ----
|
|
11.05.2013, 16:52
| #2 |
| /// Malware-holic   | Kaspersky findet: Trojaner HEUR:Trojan.Script.Generic Hi
__________________poste die Kaspersky Funde, danke.
__________________ |
|
11.05.2013, 16:55
| #3 |
| | Kaspersky findet: Trojaner HEUR:Trojan.Script.Generic Hey, hoffe das meinst du:
__________________Code:
ATTFilter Typ: trojanisches Programm (2)
HEUR:Trojan.Script.Generic Unter Quarantäne 10.05.2013 17:13:44
HEUR:Trojan.Script.Generic Inaktiv 10.05.2013 17:01:16
Geändert von 2806 (11.05.2013 um 17:02 Uhr) |
|
11.05.2013, 17:05
| #4 |
| /// Malware-holic | Kaspersky findet: Trojaner HEUR:Trojan.Script.Generic Gabs keine Pfadangaben (quelle)?
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
11.05.2013, 17:13
| #5 |
| | Kaspersky findet: Trojaner HEUR:Trojan.Script.GenericCode:
ATTFilter C:\Documents and Settings\All Users\Kaspersky Lab\AVP12\Temp\crypt\01F26B98_67c_Crypt_io_copy.tmp
Code:
ATTFilter hxxp://my.ebay.de/ws/eBayISAPI.dll?
MyEbayBeta&CurrentPage=MyeBayNextSelling&ssPageName=STRK:ME:LNLK:MESEX[28]
das steht unter detallierter Bericht. Leider kann man das dort nicht rauskopieren |
|
11.05.2013, 17:14
| #6 |
| /// Malware-holic | Kaspersky findet: Trojaner HEUR:Trojan.Script.Generic ok, Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ --> Kaspersky findet: Trojaner HEUR:Trojan.Script.Generic |
|
11.05.2013, 17:35
| #7 |
| | Kaspersky findet: Trojaner HEUR:Trojan.Script.GenericCode:
ATTFilter 18:29:16.0468 4192 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
18:29:16.0793 4192 ============================================================
18:29:16.0793 4192 Current date / time: 2013/05/11 18:29:16.0793
18:29:16.0793 4192 SystemInfo:
18:29:16.0793 4192
18:29:16.0793 4192 OS Version: 6.1.7601 ServicePack: 1.0
18:29:16.0793 4192 Product type: Workstation
18:29:16.0793 4192 ComputerName: ***
18:29:16.0793 4192 UserName: Anwender
18:29:16.0793 4192 Windows directory: C:\Windows
18:29:16.0793 4192 System windows directory: C:\Windows
18:29:16.0793 4192 Running under WOW64
18:29:16.0793 4192 Processor architecture: Intel x64
18:29:16.0793 4192 Number of processors: 2
18:29:16.0793 4192 Page size: 0x1000
18:29:16.0793 4192 Boot type: Normal boot
18:29:16.0793 4192 ============================================================
18:29:18.0305 4192 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:29:18.0317 4192 ============================================================
18:29:18.0317 4192 \Device\Harddisk0\DR0:
18:29:18.0318 4192 MBR partitions:
18:29:18.0330 4192 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x402000, BlocksNum 0x1CC5F000
18:29:18.0373 4192 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1D061800, BlocksNum 0x1B3CB800
18:29:18.0474 4192 ============================================================
18:29:18.0528 4192 C: <-> \Device\Harddisk0\DR0\Partition1
18:29:18.0608 4192 D: <-> \Device\Harddisk0\DR0\Partition2
18:29:18.0608 4192 ============================================================
18:29:18.0608 4192 Initialize success
18:29:18.0608 4192 ============================================================
18:30:08.0271 4800 ============================================================
18:30:08.0271 4800 Scan started
18:30:08.0271 4800 Mode: Manual; SigCheck; TDLFS;
18:30:08.0271 4800 ============================================================
18:30:09.0317 4800 ================ Scan system memory ========================
18:30:09.0317 4800 System memory - ok
18:30:09.0317 4800 ================ Scan services =============================
18:30:09.0535 4800 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
18:30:09.0691 4800 1394ohci - ok
18:30:09.0753 4800 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
18:30:09.0769 4800 ACPI - ok
18:30:09.0847 4800 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
18:30:09.0894 4800 AcpiPmi - ok
18:30:09.0956 4800 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
18:30:09.0972 4800 AdobeARMservice - ok
18:30:10.0065 4800 [ 479901C99FA62D1C3261B7ACB1228DAD ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
18:30:10.0065 4800 AdobeFlashPlayerUpdateSvc - ok
18:30:10.0097 4800 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
18:30:10.0128 4800 adp94xx - ok
18:30:10.0159 4800 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
18:30:10.0175 4800 adpahci - ok
18:30:10.0190 4800 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
18:30:10.0221 4800 adpu320 - ok
18:30:10.0237 4800 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
18:30:10.0346 4800 AeLookupSvc - ok
18:30:10.0393 4800 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
18:30:10.0440 4800 AFD - ok
18:30:10.0471 4800 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
18:30:10.0487 4800 agp440 - ok
18:30:10.0502 4800 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
18:30:10.0533 4800 ALG - ok
18:30:10.0565 4800 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
18:30:10.0580 4800 aliide - ok
18:30:10.0580 4800 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
18:30:10.0596 4800 amdide - ok
18:30:10.0627 4800 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
18:30:10.0658 4800 AmdK8 - ok
18:30:10.0674 4800 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
18:30:10.0705 4800 AmdPPM - ok
18:30:10.0721 4800 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
18:30:10.0736 4800 amdsata - ok
18:30:10.0752 4800 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
18:30:10.0767 4800 amdsbs - ok
18:30:10.0767 4800 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
18:30:10.0783 4800 amdxata - ok
18:30:10.0799 4800 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
18:30:10.0908 4800 AppID - ok
18:30:10.0939 4800 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
18:30:10.0986 4800 AppIDSvc - ok
18:30:11.0001 4800 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
18:30:11.0064 4800 Appinfo - ok
18:30:11.0095 4800 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
18:30:11.0126 4800 AppMgmt - ok
18:30:11.0142 4800 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
18:30:11.0142 4800 arc - ok
18:30:11.0173 4800 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
18:30:11.0204 4800 arcsas - ok
18:30:11.0282 4800 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
18:30:11.0313 4800 aspnet_state - ok
18:30:11.0345 4800 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
18:30:11.0391 4800 AsyncMac - ok
18:30:11.0423 4800 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
18:30:11.0438 4800 atapi - ok
18:30:11.0469 4800 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
18:30:11.0532 4800 AudioEndpointBuilder - ok
18:30:11.0532 4800 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
18:30:11.0563 4800 AudioSrv - ok
18:30:11.0610 4800 [ 43744F1D3CDE20F3925F10927C9036C2 ] AVMCOWAN C:\Windows\system32\DRIVERS\AVMCOWAN.sys
18:30:11.0641 4800 AVMCOWAN - ok
18:30:11.0703 4800 [ 6C9D5BADC8F83D410A278717C2EEA6F6 ] AVP C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
18:30:11.0735 4800 AVP - ok
18:30:11.0766 4800 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
18:30:11.0797 4800 AxInstSV - ok
18:30:11.0828 4800 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
18:30:11.0859 4800 b06bdrv - ok
18:30:11.0891 4800 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
18:30:11.0922 4800 b57nd60a - ok
18:30:11.0953 4800 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
18:30:12.0000 4800 BDESVC - ok
18:30:12.0015 4800 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
18:30:12.0047 4800 Beep - ok
18:30:12.0093 4800 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
18:30:12.0140 4800 BFE - ok
18:30:12.0187 4800 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
18:30:12.0249 4800 BITS - ok
18:30:12.0265 4800 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
18:30:12.0296 4800 blbdrive - ok
18:30:12.0327 4800 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
18:30:12.0359 4800 bowser - ok
18:30:12.0390 4800 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
18:30:12.0421 4800 BrFiltLo - ok
18:30:12.0437 4800 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
18:30:12.0452 4800 BrFiltUp - ok
18:30:12.0483 4800 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
18:30:12.0515 4800 Browser - ok
18:30:12.0530 4800 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
18:30:12.0561 4800 Brserid - ok
18:30:12.0577 4800 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
18:30:12.0608 4800 BrSerWdm - ok
18:30:12.0608 4800 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
18:30:12.0639 4800 BrUsbMdm - ok
18:30:12.0639 4800 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
18:30:12.0671 4800 BrUsbSer - ok
18:30:12.0702 4800 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
18:30:12.0717 4800 BTHMODEM - ok
18:30:12.0749 4800 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
18:30:12.0795 4800 bthserv - ok
18:30:12.0811 4800 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
18:30:12.0842 4800 cdfs - ok
18:30:12.0873 4800 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
18:30:12.0889 4800 cdrom - ok
18:30:12.0920 4800 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
18:30:12.0967 4800 CertPropSvc - ok
18:30:12.0998 4800 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
18:30:13.0014 4800 circlass - ok
18:30:13.0061 4800 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
18:30:13.0076 4800 CLFS - ok
18:30:13.0123 4800 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:30:13.0139 4800 clr_optimization_v2.0.50727_32 - ok
18:30:13.0170 4800 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
18:30:13.0185 4800 clr_optimization_v2.0.50727_64 - ok
18:30:13.0248 4800 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:30:13.0295 4800 clr_optimization_v4.0.30319_32 - ok
18:30:13.0310 4800 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
18:30:13.0326 4800 clr_optimization_v4.0.30319_64 - ok
18:30:13.0341 4800 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
18:30:13.0373 4800 CmBatt - ok
18:30:13.0388 4800 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
18:30:13.0404 4800 cmdide - ok
18:30:13.0435 4800 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
18:30:13.0466 4800 CNG - ok
18:30:13.0497 4800 [ D38A290E244FEE0E849C7A97D4D88004 ] CnxtHdAudService C:\Windows\system32\drivers\CHDRT64.sys
18:30:13.0544 4800 CnxtHdAudService - ok
18:30:13.0575 4800 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
18:30:13.0575 4800 Compbatt - ok
18:30:13.0607 4800 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
18:30:13.0653 4800 CompositeBus - ok
18:30:13.0653 4800 COMSysApp - ok
18:30:13.0685 4800 [ F08C6020E57F5E5BF2FD034DB10BEDFB ] cphs C:\Windows\SysWow64\IntelCpHeciSvc.exe
18:30:13.0716 4800 cphs - ok
18:30:13.0731 4800 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
18:30:13.0747 4800 crcdisk - ok
18:30:13.0778 4800 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
18:30:13.0809 4800 CryptSvc - ok
18:30:13.0825 4800 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
18:30:13.0856 4800 CSC - ok
18:30:13.0903 4800 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
18:30:13.0934 4800 CscService - ok
18:30:13.0965 4800 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
18:30:14.0012 4800 DcomLaunch - ok
18:30:14.0028 4800 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
18:30:14.0075 4800 defragsvc - ok
18:30:14.0090 4800 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
18:30:14.0153 4800 DfsC - ok
18:30:14.0184 4800 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
18:30:14.0231 4800 Dhcp - ok
18:30:14.0246 4800 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
18:30:14.0277 4800 discache - ok
18:30:14.0309 4800 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
18:30:14.0324 4800 Disk - ok
18:30:14.0340 4800 [ 5DB085A8A6600BE6401F2B24EECB5415 ] dmvsc C:\Windows\system32\drivers\dmvsc.sys
18:30:14.0387 4800 dmvsc - ok
18:30:14.0402 4800 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
18:30:14.0449 4800 Dnscache - ok
18:30:14.0480 4800 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
18:30:14.0527 4800 dot3svc - ok
18:30:14.0543 4800 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
18:30:14.0589 4800 DPS - ok
18:30:14.0621 4800 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
18:30:14.0636 4800 drmkaud - ok
18:30:14.0667 4800 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
18:30:14.0699 4800 DXGKrnl - ok
18:30:14.0730 4800 [ 03F4C5C12FC1C69F838DA723475EF650 ] e1cexpress C:\Windows\system32\DRIVERS\e1c62x64.sys
18:30:14.0745 4800 e1cexpress - ok
18:30:14.0761 4800 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
18:30:14.0808 4800 EapHost - ok
18:30:14.0855 4800 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
18:30:14.0917 4800 ebdrv - ok
18:30:14.0948 4800 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
18:30:14.0964 4800 EFS - ok
18:30:15.0011 4800 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
18:30:15.0042 4800 ehRecvr - ok
18:30:15.0057 4800 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
18:30:15.0089 4800 ehSched - ok
18:30:15.0120 4800 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
18:30:15.0151 4800 elxstor - ok
18:30:15.0151 4800 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
18:30:15.0182 4800 ErrDev - ok
18:30:15.0213 4800 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
18:30:15.0245 4800 EventSystem - ok
18:30:15.0276 4800 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
18:30:15.0338 4800 exfat - ok
18:30:15.0354 4800 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
18:30:15.0385 4800 fastfat - ok
18:30:15.0416 4800 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
18:30:15.0447 4800 Fax - ok
18:30:15.0479 4800 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
18:30:15.0510 4800 fdc - ok
18:30:15.0541 4800 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
18:30:15.0572 4800 fdPHost - ok
18:30:15.0588 4800 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
18:30:15.0619 4800 FDResPub - ok
18:30:15.0650 4800 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
18:30:15.0666 4800 FileInfo - ok
18:30:15.0666 4800 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
18:30:15.0728 4800 Filetrace - ok
18:30:15.0744 4800 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
18:30:15.0759 4800 flpydisk - ok
18:30:15.0775 4800 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
18:30:15.0791 4800 FltMgr - ok
18:30:15.0822 4800 [ C4C183E6551084039EC862DA1C945E3D ] FontCache C:\Windows\system32\FntCache.dll
18:30:15.0853 4800 FontCache - ok
18:30:15.0900 4800 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
18:30:15.0900 4800 FontCache3.0.0.0 - ok
18:30:15.0947 4800 [ CE7593C10A04D08F9B043890216F5728 ] FPCIBASE C:\Windows\system32\DRIVERS\fpcibase.sys
18:30:15.0993 4800 FPCIBASE - ok
18:30:15.0993 4800 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
18:30:16.0009 4800 FsDepends - ok
18:30:16.0040 4800 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
18:30:16.0056 4800 Fs_Rec - ok
18:30:16.0071 4800 [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
18:30:16.0087 4800 fvevol - ok
18:30:16.0134 4800 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
18:30:16.0149 4800 gagp30kx - ok
18:30:16.0181 4800 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
18:30:16.0227 4800 gpsvc - ok
18:30:16.0259 4800 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
18:30:16.0290 4800 hcw85cir - ok
18:30:16.0305 4800 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
18:30:16.0337 4800 HdAudAddService - ok
18:30:16.0368 4800 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
18:30:16.0383 4800 HDAudBus - ok
18:30:16.0399 4800 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
18:30:16.0415 4800 HidBatt - ok
18:30:16.0430 4800 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
18:30:16.0461 4800 HidBth - ok
18:30:16.0477 4800 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
18:30:16.0493 4800 HidIr - ok
18:30:16.0524 4800 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
18:30:16.0555 4800 hidserv - ok
18:30:16.0586 4800 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
18:30:16.0602 4800 HidUsb - ok
18:30:16.0617 4800 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
18:30:16.0680 4800 hkmsvc - ok
18:30:16.0711 4800 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
18:30:16.0742 4800 HomeGroupListener - ok
18:30:16.0773 4800 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
18:30:16.0789 4800 HomeGroupProvider - ok
18:30:16.0820 4800 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
18:30:16.0836 4800 HpSAMD - ok
18:30:16.0867 4800 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
18:30:16.0914 4800 HTTP - ok
18:30:16.0914 4800 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
18:30:16.0929 4800 hwpolicy - ok
18:30:16.0961 4800 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
18:30:16.0976 4800 i8042prt - ok
18:30:17.0007 4800 [ C224331A54571C8C9162F7714400BBBD ] iaStor C:\Windows\system32\drivers\iaStor.sys
18:30:17.0007 4800 iaStor - ok
18:30:17.0039 4800 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
18:30:17.0054 4800 iaStorV - ok
18:30:17.0085 4800 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
18:30:17.0117 4800 idsvc - ok
18:30:17.0304 4800 [ 371D7F91C0D2314EB984A4A6CBEABC92 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
18:30:17.0600 4800 igfx - ok
18:30:17.0631 4800 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
18:30:17.0647 4800 iirsp - ok
18:30:17.0678 4800 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
18:30:17.0725 4800 IKEEXT - ok
18:30:17.0741 4800 [ DD587A55390ED2295BCE6D36AD567DA9 ] Impcd C:\Windows\system32\drivers\Impcd.sys
18:30:17.0787 4800 Impcd - ok
18:30:17.0803 4800 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
18:30:17.0819 4800 intelide - ok
18:30:17.0834 4800 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
18:30:17.0865 4800 intelppm - ok
18:30:17.0881 4800 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
18:30:17.0928 4800 IPBusEnum - ok
18:30:17.0943 4800 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:30:17.0975 4800 IpFilterDriver - ok
18:30:18.0006 4800 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
18:30:18.0037 4800 iphlpsvc - ok
18:30:18.0053 4800 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
18:30:18.0084 4800 IPMIDRV - ok
18:30:18.0084 4800 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
18:30:18.0146 4800 IPNAT - ok
18:30:18.0193 4800 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
18:30:18.0209 4800 IRENUM - ok
18:30:18.0224 4800 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
18:30:18.0224 4800 isapnp - ok
18:30:18.0255 4800 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
18:30:18.0255 4800 iScsiPrt - ok
18:30:18.0271 4800 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
18:30:18.0287 4800 kbdclass - ok
18:30:18.0302 4800 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
18:30:18.0318 4800 kbdhid - ok
18:30:18.0333 4800 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
18:30:18.0349 4800 KeyIso - ok
18:30:18.0396 4800 [ E656FE10D6D27794AFA08136685A69E8 ] KL1 C:\Windows\system32\DRIVERS\kl1.sys
18:30:18.0411 4800 KL1 - ok
18:30:18.0411 4800 [ D865DD8B0448E3F963D68C04C532858F ] kl2 C:\Windows\system32\DRIVERS\kl2.sys
18:30:18.0427 4800 kl2 - ok
18:30:18.0474 4800 [ 8490798365236B6C8E54DEDD27A42D07 ] KLIF C:\Windows\system32\DRIVERS\klif.sys
18:30:18.0489 4800 KLIF - ok
18:30:18.0521 4800 [ 89FB5A33D7171B6D84F5EB721D5055E1 ] KLIM6 C:\Windows\system32\DRIVERS\klim6.sys
18:30:18.0536 4800 KLIM6 - ok
18:30:18.0552 4800 [ 9468D07E91BA136D82415F5DFC1FE168 ] klmouflt C:\Windows\system32\DRIVERS\klmouflt.sys
18:30:18.0552 4800 klmouflt - ok
18:30:18.0567 4800 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
18:30:18.0583 4800 KSecDD - ok
18:30:18.0599 4800 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
18:30:18.0614 4800 KSecPkg - ok
18:30:18.0630 4800 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
18:30:18.0677 4800 ksthunk - ok
18:30:18.0692 4800 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
18:30:18.0739 4800 KtmRm - ok
18:30:18.0770 4800 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
18:30:18.0801 4800 LanmanServer - ok
18:30:18.0833 4800 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
18:30:18.0864 4800 LanmanWorkstation - ok
18:30:18.0895 4800 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
18:30:18.0926 4800 lltdio - ok
18:30:18.0942 4800 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
18:30:18.0989 4800 lltdsvc - ok
18:30:19.0004 4800 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
18:30:19.0035 4800 lmhosts - ok
18:30:19.0113 4800 [ CF8C9F61108B3FA3D99E0A4F4B2C3CB9 ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
18:30:19.0113 4800 LMS - ok
18:30:19.0129 4800 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
18:30:19.0160 4800 LSI_FC - ok
18:30:19.0191 4800 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
18:30:19.0191 4800 LSI_SAS - ok
18:30:19.0207 4800 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
18:30:19.0223 4800 LSI_SAS2 - ok
18:30:19.0238 4800 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
18:30:19.0254 4800 LSI_SCSI - ok
18:30:19.0269 4800 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
18:30:19.0316 4800 luafv - ok
18:30:19.0316 4800 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
18:30:19.0332 4800 Mcx2Svc - ok
18:30:19.0347 4800 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
18:30:19.0363 4800 megasas - ok
18:30:19.0379 4800 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
18:30:19.0394 4800 MegaSR - ok
18:30:19.0425 4800 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
18:30:19.0425 4800 MEIx64 - ok
18:30:19.0457 4800 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
18:30:19.0488 4800 MMCSS - ok
18:30:19.0519 4800 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
18:30:19.0550 4800 Modem - ok
18:30:19.0566 4800 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
18:30:19.0581 4800 monitor - ok
18:30:19.0597 4800 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
18:30:19.0613 4800 mouclass - ok
18:30:19.0644 4800 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
18:30:19.0659 4800 mouhid - ok
18:30:19.0691 4800 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
18:30:19.0691 4800 mountmgr - ok
18:30:19.0737 4800 [ 7EDBBB9351A38C6BB0FE98CFD44DB430 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
18:30:19.0737 4800 MozillaMaintenance - ok
18:30:19.0753 4800 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
18:30:19.0769 4800 mpio - ok
18:30:19.0784 4800 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
18:30:19.0815 4800 mpsdrv - ok
18:30:19.0847 4800 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
18:30:19.0878 4800 MpsSvc - ok
18:30:19.0893 4800 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
18:30:19.0925 4800 MRxDAV - ok
18:30:19.0956 4800 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
18:30:20.0003 4800 mrxsmb - ok
18:30:20.0018 4800 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:30:20.0049 4800 mrxsmb10 - ok
18:30:20.0081 4800 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:30:20.0112 4800 mrxsmb20 - ok
18:30:20.0127 4800 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
18:30:20.0143 4800 msahci - ok
18:30:20.0143 4800 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
18:30:20.0159 4800 msdsm - ok
18:30:20.0174 4800 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
18:30:20.0205 4800 MSDTC - ok
18:30:20.0237 4800 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
18:30:20.0268 4800 Msfs - ok
18:30:20.0299 4800 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
18:30:20.0346 4800 mshidkmdf - ok
18:30:20.0346 4800 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
18:30:20.0361 4800 msisadrv - ok
18:30:20.0377 4800 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
18:30:20.0408 4800 MSiSCSI - ok
18:30:20.0408 4800 msiserver - ok
18:30:20.0439 4800 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
18:30:20.0471 4800 MSKSSRV - ok
18:30:20.0486 4800 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
18:30:20.0517 4800 MSPCLOCK - ok
18:30:20.0533 4800 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
18:30:20.0564 4800 MSPQM - ok
18:30:20.0580 4800 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
18:30:20.0595 4800 MsRPC - ok
18:30:20.0611 4800 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
18:30:20.0611 4800 mssmbios - ok
18:30:20.0642 4800 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
18:30:20.0673 4800 MSTEE - ok
18:30:20.0689 4800 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
18:30:20.0720 4800 MTConfig - ok
18:30:20.0720 4800 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
18:30:20.0736 4800 Mup - ok
18:30:20.0767 4800 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
18:30:20.0798 4800 napagent - ok
18:30:20.0845 4800 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
18:30:20.0861 4800 NativeWifiP - ok
18:30:20.0907 4800 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
18:30:20.0923 4800 NDIS - ok
18:30:20.0939 4800 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
18:30:21.0001 4800 NdisCap - ok
18:30:21.0017 4800 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
18:30:21.0032 4800 NdisTapi - ok
18:30:21.0048 4800 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
18:30:21.0095 4800 Ndisuio - ok
18:30:21.0095 4800 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
18:30:21.0141 4800 NdisWan - ok
18:30:21.0157 4800 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
18:30:21.0188 4800 NDProxy - ok
18:30:21.0219 4800 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
18:30:21.0266 4800 NetBIOS - ok
18:30:21.0282 4800 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
18:30:21.0313 4800 NetBT - ok
18:30:21.0329 4800 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
18:30:21.0329 4800 Netlogon - ok
18:30:21.0360 4800 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
18:30:21.0407 4800 Netman - ok
18:30:21.0438 4800 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:30:21.0453 4800 NetMsmqActivator - ok
18:30:21.0453 4800 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:30:21.0469 4800 NetPipeActivator - ok
18:30:21.0500 4800 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
18:30:21.0531 4800 netprofm - ok
18:30:21.0531 4800 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:30:21.0531 4800 NetTcpActivator - ok
18:30:21.0547 4800 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:30:21.0547 4800 NetTcpPortSharing - ok
18:30:21.0578 4800 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
18:30:21.0578 4800 nfrd960 - ok
18:30:21.0609 4800 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
18:30:21.0625 4800 NlaSvc - ok
18:30:21.0641 4800 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
18:30:21.0672 4800 Npfs - ok
18:30:21.0703 4800 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
18:30:21.0734 4800 nsi - ok
18:30:21.0750 4800 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
18:30:21.0781 4800 nsiproxy - ok
18:30:21.0828 4800 [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
18:30:21.0859 4800 Ntfs - ok
18:30:21.0875 4800 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
18:30:21.0921 4800 Null - ok
18:30:21.0953 4800 [ 088CD71003F21F96F01C63955150A1FB ] nusb3hub C:\Windows\system32\DRIVERS\nusb3hub.sys
18:30:21.0968 4800 nusb3hub - ok
18:30:21.0984 4800 [ D90A2D44E93DAEA47AEA946D9E87000F ] nusb3xhc C:\Windows\system32\DRIVERS\nusb3xhc.sys
18:30:22.0015 4800 nusb3xhc - ok
18:30:22.0062 4800 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
18:30:22.0077 4800 nvraid - ok
18:30:22.0077 4800 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
18:30:22.0093 4800 nvstor - ok
18:30:22.0109 4800 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
18:30:22.0140 4800 nv_agp - ok
18:30:22.0155 4800 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
18:30:22.0171 4800 ohci1394 - ok
18:30:22.0218 4800 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:30:22.0233 4800 ose - ok
18:30:22.0327 4800 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
18:30:22.0421 4800 osppsvc - ok
18:30:22.0452 4800 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
18:30:22.0499 4800 p2pimsvc - ok
18:30:22.0514 4800 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
18:30:22.0545 4800 p2psvc - ok
18:30:22.0561 4800 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
18:30:22.0577 4800 Parport - ok
18:30:22.0608 4800 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
18:30:22.0623 4800 partmgr - ok
18:30:22.0639 4800 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
18:30:22.0670 4800 PcaSvc - ok
18:30:22.0686 4800 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
18:30:22.0701 4800 pci - ok
18:30:22.0717 4800 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
18:30:22.0717 4800 pciide - ok
18:30:22.0733 4800 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
18:30:22.0748 4800 pcmcia - ok
18:30:22.0764 4800 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
18:30:22.0779 4800 pcw - ok
18:30:22.0795 4800 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
18:30:22.0842 4800 PEAUTH - ok
18:30:22.0889 4800 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
18:30:22.0935 4800 PeerDistSvc - ok
18:30:22.0982 4800 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
18:30:23.0013 4800 PerfHost - ok
18:30:23.0060 4800 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
18:30:23.0107 4800 pla - ok
18:30:23.0154 4800 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
18:30:23.0185 4800 PlugPlay - ok
18:30:23.0201 4800 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
18:30:23.0216 4800 PNRPAutoReg - ok
18:30:23.0232 4800 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
18:30:23.0247 4800 PNRPsvc - ok
18:30:23.0279 4800 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
18:30:23.0325 4800 PolicyAgent - ok
18:30:23.0357 4800 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
18:30:23.0388 4800 Power - ok
18:30:23.0419 4800 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
18:30:23.0450 4800 PptpMiniport - ok
18:30:23.0466 4800 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
18:30:23.0481 4800 Processor - ok
18:30:23.0497 4800 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
18:30:23.0528 4800 ProfSvc - ok
18:30:23.0544 4800 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
18:30:23.0544 4800 ProtectedStorage - ok
18:30:23.0575 4800 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
18:30:23.0622 4800 Psched - ok
18:30:23.0653 4800 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
18:30:23.0684 4800 ql2300 - ok
18:30:23.0715 4800 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
18:30:23.0731 4800 ql40xx - ok
18:30:23.0747 4800 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
18:30:23.0762 4800 QWAVE - ok
18:30:23.0778 4800 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
18:30:23.0809 4800 QWAVEdrv - ok
18:30:23.0809 4800 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
18:30:23.0840 4800 RasAcd - ok
18:30:23.0856 4800 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
18:30:23.0887 4800 RasAgileVpn - ok
18:30:23.0903 4800 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
18:30:23.0949 4800 RasAuto - ok
18:30:23.0981 4800 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
18:30:24.0012 4800 Rasl2tp - ok
18:30:24.0043 4800 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
18:30:24.0074 4800 RasMan - ok
18:30:24.0090 4800 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
18:30:24.0137 4800 RasPppoe - ok
18:30:24.0152 4800 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
18:30:24.0183 4800 RasSstp - ok
18:30:24.0199 4800 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
18:30:24.0246 4800 rdbss - ok
18:30:24.0261 4800 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
18:30:24.0277 4800 rdpbus - ok
18:30:24.0308 4800 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
18:30:24.0355 4800 RDPCDD - ok
18:30:24.0355 4800 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
18:30:24.0386 4800 RDPDR - ok
18:30:24.0417 4800 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
18:30:24.0449 4800 RDPENCDD - ok
18:30:24.0495 4800 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
18:30:24.0558 4800 RDPREFMP - ok
18:30:24.0573 4800 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
18:30:24.0589 4800 RDPWD - ok
18:30:24.0605 4800 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
18:30:24.0620 4800 rdyboost - ok
18:30:24.0651 4800 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
18:30:24.0683 4800 RemoteAccess - ok
18:30:24.0714 4800 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
18:30:24.0745 4800 RemoteRegistry - ok
18:30:24.0792 4800 [ 388D3DD1A6457280F3BADBA9F3ACD6B1 ] ROOTMODEM C:\Windows\system32\Drivers\RootMdm.sys
18:30:24.0823 4800 ROOTMODEM - ok
18:30:24.0839 4800 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
18:30:24.0870 4800 RpcEptMapper - ok
18:30:24.0901 4800 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
18:30:24.0917 4800 RpcLocator - ok
18:30:24.0948 4800 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
18:30:24.0979 4800 RpcSs - ok
18:30:24.0979 4800 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
18:30:25.0026 4800 rspndr - ok
18:30:25.0041 4800 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
18:30:25.0057 4800 s3cap - ok
18:30:25.0057 4800 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
18:30:25.0073 4800 SamSs - ok
18:30:25.0073 4800 SAService - ok
18:30:25.0104 4800 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
18:30:25.0119 4800 sbp2port - ok
18:30:25.0135 4800 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
18:30:25.0182 4800 SCardSvr - ok
18:30:25.0197 4800 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
18:30:25.0229 4800 scfilter - ok
18:30:25.0244 4800 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
18:30:25.0307 4800 Schedule - ok
18:30:25.0322 4800 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
18:30:25.0353 4800 SCPolicySvc - ok
18:30:25.0385 4800 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
18:30:25.0416 4800 SDRSVC - ok
18:30:25.0447 4800 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
18:30:25.0478 4800 secdrv - ok
18:30:25.0494 4800 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
18:30:25.0525 4800 seclogon - ok
18:30:25.0541 4800 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
18:30:25.0587 4800 SENS - ok
18:30:25.0603 4800 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
18:30:25.0634 4800 SensrSvc - ok
18:30:25.0665 4800 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
18:30:25.0681 4800 Serenum - ok
18:30:25.0697 4800 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
18:30:25.0728 4800 Serial - ok
18:30:25.0743 4800 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
18:30:25.0759 4800 sermouse - ok
18:30:25.0775 4800 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
18:30:25.0806 4800 SessionEnv - ok
18:30:25.0821 4800 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
18:30:25.0837 4800 sffdisk - ok
18:30:25.0853 4800 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
18:30:25.0884 4800 sffp_mmc - ok
18:30:25.0884 4800 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
18:30:25.0899 4800 sffp_sd - ok
18:30:25.0931 4800 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
18:30:25.0946 4800 sfloppy - ok
18:30:25.0962 4800 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
18:30:26.0009 4800 SharedAccess - ok
18:30:26.0024 4800 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
18:30:26.0071 4800 ShellHWDetection - ok
18:30:26.0087 4800 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
18:30:26.0102 4800 SiSRaid2 - ok
18:30:26.0118 4800 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
18:30:26.0133 4800 SiSRaid4 - ok
18:30:26.0165 4800 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
18:30:26.0196 4800 Smb - ok
18:30:26.0243 4800 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
18:30:26.0258 4800 SNMPTRAP - ok
18:30:26.0258 4800 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
18:30:26.0274 4800 spldr - ok
18:30:26.0289 4800 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
18:30:26.0336 4800 Spooler - ok
18:30:26.0383 4800 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
18:30:26.0461 4800 sppsvc - ok
18:30:26.0477 4800 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
18:30:26.0523 4800 sppuinotify - ok
18:30:26.0555 4800 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
18:30:26.0586 4800 srv - ok
18:30:26.0601 4800 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
18:30:26.0617 4800 srv2 - ok
18:30:26.0633 4800 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
18:30:26.0664 4800 srvnet - ok
18:30:26.0695 4800 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
18:30:26.0742 4800 SSDPSRV - ok
18:30:26.0757 4800 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
18:30:26.0789 4800 SstpSvc - ok
18:30:26.0789 4800 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
18:30:26.0804 4800 stexstor - ok
18:30:26.0835 4800 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
18:30:26.0867 4800 stisvc - ok
18:30:26.0898 4800 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
18:30:26.0898 4800 storflt - ok
18:30:26.0929 4800 [ C40841817EF57D491F22EB103DA587CC ] StorSvc C:\Windows\system32\storsvc.dll
18:30:26.0960 4800 StorSvc - ok
18:30:26.0976 4800 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
18:30:26.0976 4800 storvsc - ok
18:30:26.0991 4800 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
18:30:27.0007 4800 swenum - ok
18:30:27.0007 4800 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
18:30:27.0054 4800 swprv - ok
18:30:27.0101 4800 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
18:30:27.0147 4800 SysMain - ok
18:30:27.0163 4800 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
18:30:27.0194 4800 TabletInputService - ok
18:30:27.0210 4800 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
18:30:27.0257 4800 TapiSrv - ok
18:30:27.0272 4800 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
18:30:27.0303 4800 TBS - ok
18:30:27.0335 4800 [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
18:30:27.0381 4800 Tcpip - ok
18:30:27.0413 4800 [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
18:30:27.0444 4800 TCPIP6 - ok
18:30:27.0459 4800 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
18:30:27.0475 4800 tcpipreg - ok
18:30:27.0491 4800 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
18:30:27.0522 4800 TDPIPE - ok
18:30:27.0553 4800 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
18:30:27.0569 4800 TDTCP - ok
18:30:27.0584 4800 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
18:30:27.0615 4800 tdx - ok
18:30:27.0693 4800 [ A4D2CE94B028EF1E437CF4AC3D8FF26C ] TeamViewer7 C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
18:30:27.0740 4800 TeamViewer7 - ok
18:30:27.0756 4800 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
18:30:27.0771 4800 TermDD - ok
18:30:27.0787 4800 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
18:30:27.0834 4800 TermService - ok
18:30:27.0849 4800 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
18:30:27.0865 4800 Themes - ok
18:30:27.0881 4800 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
18:30:27.0912 4800 THREADORDER - ok
18:30:27.0927 4800 [ DBCC20C02E8A3E43B03C304A4E40A84F ] TPM C:\Windows\system32\drivers\tpm.sys
18:30:27.0959 4800 TPM - ok
18:30:27.0974 4800 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
18:30:28.0005 4800 TrkWks - ok
18:30:28.0052 4800 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
18:30:28.0083 4800 TrustedInstaller - ok
18:30:28.0099 4800 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
18:30:28.0146 4800 tssecsrv - ok
18:30:28.0161 4800 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
18:30:28.0177 4800 TsUsbFlt - ok
18:30:28.0208 4800 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
18:30:28.0208 4800 TsUsbGD - ok
18:30:28.0224 4800 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
18:30:28.0271 4800 tunnel - ok
18:30:28.0271 4800 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
18:30:28.0286 4800 uagp35 - ok
18:30:28.0302 4800 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
18:30:28.0349 4800 udfs - ok
18:30:28.0380 4800 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
18:30:28.0380 4800 UI0Detect - ok
18:30:28.0411 4800 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
18:30:28.0411 4800 uliagpkx - ok
18:30:28.0427 4800 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
18:30:28.0442 4800 umbus - ok
18:30:28.0458 4800 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
18:30:28.0489 4800 UmPass - ok
18:30:28.0505 4800 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
18:30:28.0536 4800 UmRdpService - ok
18:30:28.0614 4800 [ B5160F84057BD9A2CB0B857E1E1648BA ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
18:30:28.0661 4800 UNS - ok
18:30:28.0692 4800 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
18:30:28.0723 4800 upnphost - ok
18:30:28.0770 4800 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
18:30:28.0801 4800 usbccgp - ok
18:30:28.0817 4800 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
18:30:28.0848 4800 usbcir - ok
18:30:28.0863 4800 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
18:30:28.0895 4800 usbehci - ok
18:30:28.0926 4800 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
18:30:28.0941 4800 usbhub - ok
18:30:28.0957 4800 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
18:30:28.0973 4800 usbohci - ok
18:30:29.0004 4800 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
18:30:29.0019 4800 usbprint - ok
18:30:29.0066 4800 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
18:30:29.0082 4800 usbscan - ok
18:30:29.0097 4800 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:30:29.0144 4800 USBSTOR - ok
18:30:29.0160 4800 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
18:30:29.0191 4800 usbuhci - ok
18:30:29.0207 4800 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
18:30:29.0253 4800 UxSms - ok
18:30:29.0253 4800 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
18:30:29.0269 4800 VaultSvc - ok
18:30:29.0269 4800 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
18:30:29.0285 4800 vdrvroot - ok
18:30:29.0300 4800 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
18:30:29.0347 4800 vds - ok
18:30:29.0363 4800 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
18:30:29.0378 4800 vga - ok
18:30:29.0394 4800 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
18:30:29.0425 4800 VgaSave - ok
18:30:29.0441 4800 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
18:30:29.0456 4800 vhdmp - ok
18:30:29.0472 4800 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
18:30:29.0487 4800 viaide - ok
18:30:29.0503 4800 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
18:30:29.0519 4800 vmbus - ok
18:30:29.0519 4800 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
18:30:29.0550 4800 VMBusHID - ok
18:30:29.0565 4800 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
18:30:29.0565 4800 volmgr - ok
18:30:29.0597 4800 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
18:30:29.0612 4800 volmgrx - ok
18:30:29.0628 4800 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
18:30:29.0643 4800 volsnap - ok
18:30:29.0675 4800 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
18:30:29.0690 4800 vsmraid - ok
18:30:29.0721 4800 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
18:30:29.0784 4800 VSS - ok
18:30:29.0799 4800 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
18:30:29.0815 4800 vwifibus - ok
18:30:29.0846 4800 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
18:30:29.0893 4800 W32Time - ok
18:30:29.0924 4800 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
18:30:29.0940 4800 WacomPen - ok
18:30:29.0971 4800 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
18:30:29.0987 4800 WANARP - ok
18:30:30.0002 4800 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
18:30:30.0018 4800 Wanarpv6 - ok
18:30:30.0065 4800 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
18:30:30.0111 4800 wbengine - ok
18:30:30.0127 4800 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
18:30:30.0143 4800 WbioSrvc - ok
18:30:30.0174 4800 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
18:30:30.0205 4800 wcncsvc - ok
18:30:30.0221 4800 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
18:30:30.0267 4800 WcsPlugInService - ok
18:30:30.0283 4800 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
18:30:30.0299 4800 Wd - ok
18:30:30.0330 4800 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
18:30:30.0345 4800 Wdf01000 - ok
18:30:30.0361 4800 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
18:30:30.0408 4800 WdiServiceHost - ok
18:30:30.0408 4800 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
18:30:30.0423 4800 WdiSystemHost - ok
18:30:30.0439 4800 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
18:30:30.0455 4800 WebClient - ok
18:30:30.0470 4800 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
18:30:30.0517 4800 Wecsvc - ok
18:30:30.0533 4800 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
18:30:30.0579 4800 wercplsupport - ok
18:30:30.0595 4800 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
18:30:30.0642 4800 WerSvc - ok
18:30:30.0657 4800 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
18:30:30.0689 4800 WfpLwf - ok
18:30:30.0689 4800 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
18:30:30.0704 4800 WIMMount - ok
18:30:30.0720 4800 WinDefend - ok
18:30:30.0720 4800 WinHttpAutoProxySvc - ok
18:30:30.0751 4800 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
18:30:30.0798 4800 Winmgmt - ok
18:30:30.0845 4800 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
18:30:30.0891 4800 WinRM - ok
18:30:30.0923 4800 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
18:30:30.0954 4800 Wlansvc - ok
18:30:30.0985 4800 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
18:30:30.0985 4800 wlcrasvc - ok
18:30:31.0032 4800 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
18:30:31.0079 4800 wlidsvc - ok
18:30:31.0094 4800 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
18:30:31.0110 4800 WmiAcpi - ok
18:30:31.0125 4800 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
18:30:31.0141 4800 wmiApSrv - ok
18:30:31.0157 4800 WMPNetworkSvc - ok
18:30:31.0188 4800 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
18:30:31.0203 4800 WPCSvc - ok
18:30:31.0219 4800 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
18:30:31.0235 4800 WPDBusEnum - ok
18:30:31.0250 4800 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
18:30:31.0297 4800 ws2ifsl - ok
18:30:31.0328 4800 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
18:30:31.0344 4800 wscsvc - ok
18:30:31.0344 4800 WSearch - ok
18:30:31.0391 4800 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
18:30:31.0437 4800 wuauserv - ok
18:30:31.0453 4800 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
18:30:31.0484 4800 WudfPf - ok
18:30:31.0500 4800 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
18:30:31.0515 4800 WUDFRd - ok
18:30:31.0547 4800 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
18:30:31.0562 4800 wudfsvc - ok
18:30:31.0578 4800 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
18:30:31.0609 4800 WwanSvc - ok
18:30:31.0625 4800 ================ Scan global ===============================
18:30:31.0640 4800 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
18:30:31.0656 4800 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
18:30:31.0671 4800 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
18:30:31.0687 4800 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
18:30:31.0703 4800 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
18:30:31.0703 4800 [Global] - ok
18:30:31.0703 4800 ================ Scan MBR ==================================
18:30:31.0718 4800 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
18:30:32.0061 4800 \Device\Harddisk0\DR0 - ok
18:30:32.0061 4800 ================ Scan VBR ==================================
18:30:32.0108 4800 [ 38E2F6FC6F2119B55FE9C998CCF64D9E ] \Device\Harddisk0\DR0\Partition1
18:30:32.0108 4800 \Device\Harddisk0\DR0\Partition1 - ok
18:30:32.0124 4800 [ EA0681BD8C8BEC059C8A80F8DE6D3CDC ] \Device\Harddisk0\DR0\Partition2
18:30:32.0124 4800 \Device\Harddisk0\DR0\Partition2 - ok
18:30:32.0124 4800 ============================================================
18:30:32.0124 4800 Scan finished
18:30:32.0124 4800 ============================================================
18:30:32.0139 4792 Detected object count: 0
18:30:32.0139 4792 Actual detected object count: 0
|
|
11.05.2013, 17:40
| #8 |
| /// Malware-holic | Kaspersky findet: Trojaner HEUR:Trojan.Script.Generic Hi, Scan mit Combofix
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
11.05.2013, 17:55
| #9 |
| | Kaspersky findet: Trojaner HEUR:Trojan.Script.Generic bitteschön: Code:
ATTFilter ComboFix 13-05-11.01 - Anwender 11.05.2013 18:46:27.1.2 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.3965.2800 [GMT 2:00]
ausgeführt von:: c:\users\***\Downloads\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Updated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}
FW: Kaspersky Internet Security *Disabled* {1691B380-548E-1A7A-BE85-9A42CE15AEFF}
SP: Kaspersky Internet Security *Disabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\{0AD9850D-BF56-443A-A6AF-4E512099020F}.xps
c:\users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\{3FB160B0-A2C4-41DA-A8FB-6A21A5D16704}.xps
c:\users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\{B1E1C3B5-0EB2-4D67-96E3-E1D2D737FADD}.xps
c:\users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\{D7407590-F17D-4DCE-B7F3-62FF1241FAB6}.xps
c:\users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\{D7487CB5-CF6A-4D40-BDD1-FFBCF66D1DD6}.xps
c:\users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\{DF175A4B-33F3-4A14-9DEB-53A517170FC7}.xps
c:\users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\{FD4021BE-DE89-4E6F-8015-E0C581088000}.xps
c:\users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\{FDD2A295-CD57-4E79-BBF0-2345AABB7185}.xps
c:\windows\IsUn0407.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-04-11 bis 2013-05-11 ))))))))))))))))))))))))))))))
.
.
2013-05-10 06:01 . 2013-04-10 03:46 9317456 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{43E6A9B0-DE69-4032-AE08-EC437A83C60E}\mpengine.dll
2013-04-26 20:08 . 2013-04-26 20:08 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2013-04-26 19:55 . 2013-04-10 06:57 263064 ----a-w- c:\program files (x86)\Mozilla Firefox\components\browsercomps.dll
2013-04-26 19:55 . 2013-04-10 06:57 96664 ----a-w- c:\program files (x86)\Mozilla Firefox\webapprt-stub.exe
2013-04-26 19:55 . 2013-04-10 06:57 170232 ----a-w- c:\program files (x86)\Mozilla Firefox\webapp-uninstaller.exe
2013-04-26 19:55 . 2013-04-10 06:57 26520 ----a-w- c:\program files (x86)\Mozilla Firefox\plugin-hang-ui.exe
2013-04-26 19:55 . 2013-04-10 06:56 74136 ----a-w- c:\program files (x86)\Mozilla Firefox\breakpadinjector.dll
2013-04-26 19:48 . 2013-04-26 19:48 -------- d-----w- c:\program files (x86)\Common Files\Java
2013-04-26 19:48 . 2013-04-26 19:47 866720 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-04-26 19:48 . 2013-04-26 19:47 788896 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-04-26 19:48 . 2013-04-26 19:47 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-04-26 19:47 . 2013-04-26 19:47 -------- d-----w- c:\program files (x86)\Java
2013-04-24 08:40 . 2013-04-12 14:45 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-09 08:07 . 2010-06-24 09:33 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-02 00:06 . 2010-11-21 03:27 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-04-26 20:02 . 2012-05-25 14:15 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-04-26 20:02 . 2012-05-25 14:15 691592 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-04-10 22:48 . 2012-05-25 11:36 72702784 ----a-w- c:\windows\system32\MRT.exe
2013-03-19 06:04 . 2013-04-10 15:15 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-19 05:46 . 2013-04-10 15:15 43520 ----a-w- c:\windows\system32\csrsrv.dll
2013-03-19 05:04 . 2013-04-10 15:15 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04 . 2013-04-10 15:15 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47 . 2013-04-10 15:15 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll
2013-03-19 03:06 . 2013-04-10 15:15 112640 ----a-w- c:\windows\system32\smss.exe
2013-03-01 03:36 . 2013-04-10 15:15 3153408 ----a-w- c:\windows\system32\win32k.sys
2013-02-22 06:57 . 2013-04-10 22:47 17817088 ----a-w- c:\windows\system32\mshtml.dll
2013-02-22 06:29 . 2013-04-10 22:47 10925568 ----a-w- c:\windows\system32\ieframe.dll
2013-02-22 06:27 . 2013-04-10 22:47 2312704 ----a-w- c:\windows\system32\jscript9.dll
2013-02-22 06:21 . 2013-04-10 22:47 1346560 ----a-w- c:\windows\system32\urlmon.dll
2013-02-22 06:20 . 2013-04-10 22:47 1392128 ----a-w- c:\windows\system32\wininet.dll
2013-02-22 06:19 . 2013-04-10 22:47 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2013-02-22 06:18 . 2013-04-10 22:47 237056 ----a-w- c:\windows\system32\url.dll
2013-02-22 06:17 . 2013-04-10 22:47 85504 ----a-w- c:\windows\system32\jsproxy.dll
2013-02-22 06:15 . 2013-04-10 22:47 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2013-02-22 06:15 . 2013-04-10 22:47 599040 ----a-w- c:\windows\system32\vbscript.dll
2013-02-22 06:15 . 2013-04-10 22:47 816640 ----a-w- c:\windows\system32\jscript.dll
2013-02-22 06:14 . 2013-04-10 22:47 729088 ----a-w- c:\windows\system32\msfeeds.dll
2013-02-22 06:13 . 2013-04-10 22:47 2147840 ----a-w- c:\windows\system32\iertutil.dll
2013-02-22 06:13 . 2013-04-10 22:47 96768 ----a-w- c:\windows\system32\mshtmled.dll
2013-02-22 06:12 . 2013-04-10 22:47 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2013-02-22 06:09 . 2013-04-10 22:47 248320 ----a-w- c:\windows\system32\ieui.dll
2013-02-22 03:46 . 2013-04-10 22:47 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
2013-02-22 03:38 . 2013-04-10 22:47 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2013-02-22 03:37 . 2013-04-10 22:47 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-02-22 03:34 . 2013-04-10 22:47 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-02-22 03:34 . 2013-04-10 22:47 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-02-22 03:31 . 2013-04-10 22:47 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2013-02-15 06:08 . 2013-04-10 15:16 44032 ----a-w- c:\windows\system32\tsgqec.dll
2013-02-15 06:06 . 2013-04-10 15:16 3717632 ----a-w- c:\windows\system32\mstscax.dll
2013-02-15 06:02 . 2013-04-10 15:16 158720 ----a-w- c:\windows\system32\aaclient.dll
2013-02-15 04:37 . 2013-04-10 15:16 3217408 ----a-w- c:\windows\SysWow64\mstscax.dll
2013-02-15 04:34 . 2013-04-10 15:16 131584 ----a-w- c:\windows\SysWow64\aaclient.dll
2013-02-15 03:25 . 2013-04-10 15:16 36864 ----a-w- c:\windows\SysWow64\tsgqec.dll
2013-02-12 05:45 . 2013-03-13 10:12 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45 . 2013-03-13 10:12 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45 . 2013-03-13 10:12 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45 . 2013-03-13 10:12 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48 . 2013-03-13 10:12 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-13 10:12 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-02-12 04:12 . 2013-03-26 06:40 19968 ----a-w- c:\windows\system32\drivers\usb8023.sys
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-03-30 113296]
"PDFPrint"="c:\program files (x86)\PDF24\pdf24.exe" [2012-05-22 160872]
"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe" [2012-10-30 206448]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
ISDNWatch.lnk - c:\program files (x86)\FRITZ!\IWatch.exe [2012-5-25 341304]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
LaunchCenter.lnk - c:\program files\Fujitsu\LaunchCenter\LaunchCenter.exe [2012-5-25 375296]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2011-04-13 158976]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [2011-03-04 11864]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2011-03-10 29488]
S2 SAService;Conexant SmartAudio service;c:\windows\system32\SAsrv.exe [x]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-03-19 2666880]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-11-17 2656280]
S3 AVMCOWAN;AVM ISDN CoNDIS WAN CAPI Driver;c:\windows\system32\DRIVERS\AVMCOWAN.sys [2009-06-10 79872]
S3 FPCIBASE;AVM FRITZ!Card PCI;c:\windows\system32\DRIVERS\fpcibase.sys [2009-06-10 899328]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-11-02 22544]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-02-24 78336]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-02-24 181248]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 93321780
*Deregistered* - 93321780
.
Inhalt des "geplante Tasks" Ordners
.
2013-05-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-25 20:02]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2011-09-06 563328]
"SmartAudio"="c:\program files\CONEXANT\SAII\SACpl.exe" [2012-02-21 1647616]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-03-19 170264]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-03-19 398616]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-03-19 439064]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"BrowserChoice"="browserchoice.exe" [2010-02-23 294912]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://ts.fujitsu.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: An OneNote s&enden - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1 192.168.2.1
FF - ProfilePath -
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
AddRemove-FRITZ! 2.0 - c:\windows\IsUn0407.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.BMP\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLive.PhotoGallery.bmp.15.4"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.DIB\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLive.PhotoGallery.bmp.15.4"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ICO\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLive.PhotoGallery.ico.15.4"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.JFIF\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLive.PhotoGallery.jpg.15.4"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.JPE\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLive.PhotoGallery.jpg.15.4"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.JPEG\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLive.PhotoGallery.jpg.15.4"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.JPG\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLive.PhotoGallery.jpg.15.4"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.PNG\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLive.PhotoGallery.png.15.4"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.TIF\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLive.PhotoGallery.tif.15.4"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.TIFF\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLive.PhotoGallery.tif.15.4"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.WDP\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLive.PhotoGallery.wdp.15.4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-05-11 18:51:56
ComboFix-quarantined-files.txt 2013-05-11 16:51
.
Vor Suchlauf: 8 Verzeichnis(se), 200.671.211.520 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 201.170.522.112 Bytes frei
.
- - End Of File - - 44BDB0326A7D5896F448534DF41BA830
|
|
11.05.2013, 18:19
| #10 |
| /// Malware-holic | Kaspersky findet: Trojaner HEUR:Trojan.Script.Generic Hi, malwarebytes: Downloade Dir bitte Malwarebytes
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
11.05.2013, 19:05
| #11 |
| | Kaspersky findet: Trojaner HEUR:Trojan.Script.GenericCode:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.05.11.06 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Anwender :: *** [Administrator] 11.05.2013 19:23:25 mbam-log-2013-05-11 (19-23-25).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 382078 Laufzeit: 28 Minute(n), 44 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) lg |
|
11.05.2013, 19:22
| #12 |
| /// Malware-holic | Kaspersky findet: Trojaner HEUR:Trojan.Script.Generic Hi, lade den CCleaner standard: CCleaner - Download - Filepony falls der CCleaner bereits instaliert, überspringen. öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
11.05.2013, 19:39
| #13 |
| | Kaspersky findet: Trojaner HEUR:Trojan.Script.Generic hoffentlich ist es verständlich: Code:
ATTFilter Adobe Flash Player 11 ActiveX Adobe Systems Incorporated 13.03.2013 6,00MB 11.6.602.180 unbekannt Adobe Flash Player 11 Plugin Adobe Systems Incorporated 26.04.2013 6,00MB 11.7.700.169 unbekannt Adobe Reader XI (11.0.02) - Deutsch Adobe Systems Incorporated 26.04.2013 133MB 11.0.02 notwendig AVM FRITZ! AVM Berlin 01.06.2012 notwendig Canon CanoScan Toolbox 5.0 29.06.2012 notwendig Canon iP4700 series Printer Driver 25.05.2012 notwendig CanoScan 4400F 14.09.2012 notwendig CCleaner Piriform 23.04.2013 4.01 Conexant HD Audio Conexant 25.05.2012 8.32.35.0 unbekannt DeskUpdate 4.12 Fujitsu Technology Solutions 25.05.2012 3,27MB 4.12.0088 unbekannt Intel(R) Management Engine Components Intel Corporation 25.05.2012 7.0.0.1144 unbekannt Java 7 Update 21 Oracle 26.04.2013 129MB 7.0.210 unbekannt Kaspersky Internet Security 2012 Kaspersky Lab 25.05.2012 12.0.0.374 notwendig Malwarebytes Anti-Malware Version 1.75.0.1300 Malwarebytes Corporation 11.05.2013 19,2MB 1.75.0.1300 unbekannt Microsoft .NET Framework 4 Client Profile Microsoft Corporation 15.04.2011 38,8MB 4.0.30319 unbekannt Microsoft .NET Framework 4 Extended Microsoft Corporation 15.04.2011 51,9MB 4.0.30319 unbekannt Microsoft Office Home and Business 2010 Microsoft Corporation 25.05.2012 14.0.6029.1000 notwendig Microsoft Silverlight Microsoft Corporation 13.03.2013 50,6MB 5.1.20125.0 unbekannt Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 25.05.2012 1,69MB 3.1.0000 unbekannt Microsoft Sync Framework 2.0 Core Components (x86) ENU Microsoft Corporation 25.05.2012 959KB 2.0.1578.0 unbekannt Microsoft Sync Framework 2.0 Provider Services (x86) ENU Microsoft Corporation 25.05.2012 2,27MB 2.0.1578.0 unbekannt Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 25.05.2012 300KB 8.0.56336 unbekannt Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Corporation 28.05.2012 838KB 8.0.61000 unbekannt Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Corporation 25.05.2012 784KB 9.0.30729.4148 unbekannt Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Corporation 25.05.2012 788KB 9.0.30729.6161 unbekannt Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 25.05.2012 592KB 9.0.30729.4148 unbekannt Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 25.05.2012 600KB 9.0.30729.6161 unbekannt Mozilla Firefox 20.0.1 (x86 de) Mozilla 26.04.2013 44,7MB 20.0.1 notwendig Mozilla Maintenance Service Mozilla 26.04.2013 330KB 20.0.1 unbekannt NEC Electronics USB 3.0 Host Controller Driver NEC Electronics Corporation 25.05.2012 1,02MB 1.0.20.0 unbekannt PDF24 Creator 4.6.0 PDF24.org 25.05.2012 33,8MB notwendig SyncToy 2.1 (x86) Microsoft 25.05.2012 1,43MB 2.1.0 notwendig TeamViewer 7 TeamViewer 25.05.2012 7.0.12979 notwendig VLC media player 2.0.6 VideoLAN 26.04.2013 2.0.6 notwendig Windows Live Essentials Microsoft Corporation 25.05.2012 15.4.3508.1109 unbekannt Windows Live Mesh ActiveX control for remote connections Microsoft Corporation 25.05.2012 5,57MB 15.4.5722.2 unbekannt |
|
11.05.2013, 19:46
| #14 |
| /// Malware-holic | Kaspersky findet: Trojaner HEUR:Trojan.Script.Generic deinstaliere: Adobe Flash Player alle Adobe - Adobe Flash Player installieren neueste version laden, instalieren. bitte auch mal den adobe reader wie folgt konfigurieren: adobe reader öffnen, bearbeiten, voreinstellungen. allgemein: nur zertifizierte zusatz module verwenden, anhaken. Sicherheit (erweitert) Erweiterte Sicherheit anhaken und alle Dateien auswählen. internet: hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc. es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht. bei javascript den haken bei java script verwenden raus nehmen bei updater, automatisch instalieren wählen. übernehmen /ok deinstaliere: Java klicke: Download der Java-Software für Windows Offline laden, und instalieren kaspersky: Kaspersky Lab: Virenschutz für Heimanwender und Unternehmen Neuste Version laden, Upgrades sind kostenlos. TeamViewer : würde ich nur bei Bedarf instalieren, ansonsten, bitte Version 8 instalieren. deinstaliere: Windows Live , alle für dich unnötigen Öffne CCleaner, analysieren, starten, PC neustarten. Downloade Dir bitte  AdwCleaner auf deinen Desktop.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
11.05.2013, 20:20
| #15 |
| | Kaspersky findet: Trojaner HEUR:Trojan.Script.Generic so habe alles ausgeführt, hier kommt der log: Code:
ATTFilter # AdwCleaner v2.300 - Datei am 11/05/2013 um 21:14:56 erstellt
# Aktualisiert am 28/04/2013 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzer : Anwender - ***
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\***\Downloads\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Ordner Gelöscht : C:\ProgramData\Partner
***** [Registrierungsdatenbank] *****
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16476
[OK] Die Registrierungsdatenbank ist sauber.
*************************
AdwCleaner[S1].txt - [619 octets] - [11/05/2013 21:14:56]
########## EOF - \AdwCleaner[S1].txt - [678 octets] ##########
|
|
| Themen zu Kaspersky findet: Trojaner HEUR:Trojan.Script.Generic |
| autorun, bho, canon, error, failed, firefox, flash player, helper, heur, heur:trojan.script.generic, home, install.exe, kaspersky, launch, logfile, mozilla, object, plug-in, popup, programm, registry, rundll, scan, security, software, tastatur, trojan.script.generic, trojaner, usb, windows |
WARNUNG an die MITLESER: 
Linear-Darstellung
