Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Ihave.net Umleitungs-Virus

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 05.03.2013, 19:36   #1
SteelRock
 
Ihave.net Umleitungs-Virus - Standard

Ihave.net Umleitungs-Virus



Hallo,

ich habe leider ein Problem mit der Umleitung bei Googlesuchergebnissen.
nach Recherche habe ich festgestellt, dass mein Problem Ihavenet.com lautet.
Auf diese Seite u.a. werde ich bei den Google-Suchergebnissen umgeleitet.
Die üblichen Sachen wie Antivirenscanner, Malewarebytes, Kaspersky-Rettungs-CD habe ich bereits versucht und hatte leider nicht den gewünschten Erfolg.

Es wäre toll wenn sich hier jemand bereit erklären könnte mir zu helfen dies loszuwerden.
Ich danke schon mal im vorraus und tolles Forum hier.

Anbei die Log's.

Danke


OTL:

Code:
ATTFilter
OTL logfile created on: 05.03.2013 18:25:06 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = \\SBSRV12\RedirectedFolders\*****\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,75 Gb Total Physical Memory | 2,51 Gb Available Physical Memory | 66,92% Memory free
7,50 Gb Paging File | 6,06 Gb Available in Paging File | 80,83% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 126,85 Gb Total Space | 87,84 Gb Free Space | 69,24% Space Free | Partition Type: NTFS
Drive D: | 338,81 Gb Total Space | 338,71 Gb Free Space | 99,97% Space Free | Partition Type: NTFS
 
Computer Name: *** | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.03.05 09:11:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- \\SBSRV12\RedirectedFolders\*****\Desktop\OTL.exe
PRC - [2012.12.18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.11.21 20:37:46 | 002,155,520 | ---- | M] (Remote Monitoring) -- C:\Program Files (x86)\Advanced Monitoring Agent GP\winagent.exe
PRC - [2012.07.16 15:37:24 | 002,677,160 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - File not found [Auto | Running] -- C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe -- (Amsp)
SRV:64bit: - [2010.03.09 07:53:05 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013.02.27 15:39:53 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.02.20 11:55:00 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.12.18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.11.21 20:37:46 | 002,155,520 | ---- | M] (Remote Monitoring) [Auto | Running] -- C:\Program Files (x86)\Advanced Monitoring Agent GP\winagent.exe -- (Advanced Monitoring Agent)
SRV - [2012.07.16 15:37:24 | 002,677,160 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2011.11.16 18:18:32 | 001,017,360 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- C:\Programme\Trend Micro\Security Agent\TmListen.exe -- (TmListen)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.02.26 10:05:42 | 000,176,128 | ---- | M] (OLYMPUS IMAGING CORP.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Olympus Shared\DeviceManager\olydvrsv.exe -- (Olympus DVR Service)
SRV - [2010.01.09 20:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.12.14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.06.23 14:34:44 | 000,090,896 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmactmon.sys -- (tmactmon)
DRV:64bit: - [2011.06.23 14:34:34 | 000,069,904 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmevtmgr.sys -- (tmevtmgr)
DRV:64bit: - [2011.06.23 14:34:24 | 000,146,192 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmcomm.sys -- (tmcomm)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 04:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.11.15 18:05:02 | 000,364,520 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci)
DRV:64bit: - [2010.11.15 18:05:00 | 000,121,832 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3)
DRV:64bit: - [2010.09.30 20:59:06 | 000,105,552 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tmtdi.sys -- (tmtdi)
DRV:64bit: - [2010.05.17 16:11:20 | 000,015,408 | ---- | M] (BIOSTAR Group) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BS_I2c64.sys -- (BS_I2cIo)
DRV:64bit: - [2010.03.09 07:54:37 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie)
DRV:64bit: - [2010.03.09 07:53:10 | 000,188,416 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010.03.09 07:53:09 | 006,368,256 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag)
DRV:64bit: - [2010.02.23 10:20:24 | 000,314,400 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010.01.27 10:05:00 | 000,231,328 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2009.12.22 01:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.06.10 14:10:47 | 000,014,136 | R--- | M] (BIOSTAR Group) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BIOS64.sys -- (BIOS)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009.06.10 14:10:47 | 000,014,136 | R--- | M] (BIOSTAR Group) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\BIOS64.sys -- (BIOS)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://companyweb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://companyweb
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{A8FF29BF-49D1-4496-B3CB-2DF7E46297DE}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=386B5E3C-CAF5-4E23-B709-13F77BFB9A5D&apn_sauid=37FE6968-46D8-4148-994A-F5686C10A5F2
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_171.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\virtualKeyboard@kaspersky.ru
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\KavAntiBanner@kaspersky.ru
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\linkfilter@kaspersky.ru
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension\ [2012.08.17 12:23:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.02.20 11:55:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.02.20 11:55:01 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012.08.16 17:16:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\****\AppData\Roaming\mozilla\Extensions
[2013.02.19 17:20:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\qimwsdn4.default\extensions
[2012.11.26 11:50:52 | 000,002,308 | ---- | M] () -- C:\Users\****\AppData\Roaming\mozilla\firefox\profiles\qimwsdn4.default\searchplugins\askcom.xml
[2013.02.20 11:54:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.02.20 11:54:54 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\Program Files (x86)\mozilla firefox\extensions\KavAntiBanner@kaspersky.ru_bak
[2013.02.20 11:54:54 | 000,000,000 | ---D | M] (Modul zur Link-Untersuchung) -- C:\Program Files (x86)\mozilla firefox\extensions\linkfilter@kaspersky.ru_bak
[2013.02.20 11:55:00 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.03.22 09:26:19 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.04 07:39:23 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.03.22 09:26:19 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.03.22 09:26:19 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.03.22 09:26:19 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.03.22 09:26:19 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: 
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.97\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.97\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.97\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U9 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll
CHR - plugin: Java Deployment Toolkit 7.0.70.11 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - Extension: Google Drive = C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Google Mail = C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Programme\Trend Micro\AMSP\module\20004\1.6.1242\6.6.1089\TmIEPlg.dll (Trend Micro Inc.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Programme\Trend Micro\AMSP\module\20004\1.6.1242\6.6.1089\TmIEPlg32.dll (Trend Micro Inc.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Trend Micro Client Framework] C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [BiosNotice] C:\Program Files (x86)\BIOSTAR\BiosNotice\BiosNotice.exe ()
O4 - HKLM..\Run: [SpeechExec Startup] C:\Program Files (x86)\Common Files\Philips Speech Shared\Components\PSP.SpeechExec.StartupApp.exe (Philips Austria GmbH - Speech Processing)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [oism] C:\Users\****\AppData\Roaming\MSCOMCT2Q.dll ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: tp-partner.com ([remote] https in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.17.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.10.30.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = tremko.local
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F414E391-451A-4677-8957-FF81F0BB1DC6}: DhcpNameServer = 10.10.30.2
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Programme\Trend Micro\AMSP\module\20004\1.6.1242\6.6.1089\TmIEPlg.dll (Trend Micro Inc.)
O18:64bit: - Protocol\Handler\tmtbim - No CLSID value found
O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Programme\Trend Micro\AMSP\module\20004\1.6.1242\6.6.1089\TmIEPlg32.dll (Trend Micro Inc.)
O18 - Protocol\Handler\tmtbim {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Programme\Trend Micro\Security Agent\UIFrameWork\ProToolbarIMRatingActiveX.dll (Trend Micro Inc.)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.03.05 09:17:43 | 000,602,112 | ---- | C] (OldTimer Tools) -- \\SBSRV12\RedirectedFolders\*****\Desktop\OTL.exe
[2013.03.05 09:17:40 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- \\SBSRV12\RedirectedFolders\*****\Desktop\tdsskiller.exe
[2013.02.20 11:54:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.02.20 09:42:35 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0
[2013.02.19 18:46:12 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Malwarebytes
[2013.02.19 18:46:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.02.19 18:46:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.02.19 18:46:06 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.02.19 18:46:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.02.19 18:45:55 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\Programs
 
========== Files - Modified Within 30 Days ==========
 
[2013.03.05 18:20:45 | 000,000,000 | ---- | M] () -- C:\Users\****\defogger_reenable
[2013.03.05 17:39:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.03.05 17:32:00 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.03.05 15:16:56 | 000,047,634 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2013.03.05 13:07:21 | 001,618,448 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.03.05 13:07:21 | 000,698,294 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.03.05 13:07:21 | 000,653,612 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.03.05 13:07:21 | 000,148,950 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.03.05 13:07:21 | 000,121,904 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.03.05 09:16:21 | 000,377,856 | ---- | M] () -- \\SBSRV12\RedirectedFolders\*****\Desktop\gmer_2.1.19115.exe
[2013.03.05 09:15:43 | 000,050,477 | ---- | M] () -- \\SBSRV12\RedirectedFolders\*****\Desktop\Defogger.exe
[2013.03.05 09:11:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- \\SBSRV12\RedirectedFolders\*****\Desktop\OTL.exe
[2013.03.05 09:03:14 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- \\SBSRV12\RedirectedFolders\*****\Desktop\tdsskiller.exe
[2013.03.05 08:49:20 | 000,007,632 | ---- | M] () -- \\SBSRV12\RedirectedFolders\*****\Desktop\bookmarks-2013-03-05.json
[2013.03.05 08:22:46 | 000,022,352 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.03.05 08:22:46 | 000,022,352 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.03.05 08:16:50 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.03.05 08:15:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.03.05 08:15:26 | 3019,350,016 | -HS- | M] () -- C:\hiberfil.sys
[2013.02.19 18:46:09 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.02.19 17:28:33 | 001,595,406 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013.02.18 13:24:35 | 000,094,208 | RHS- | M] () -- C:\Users\****\AppData\Roaming\MSCOMCT2Q.dll
[2013.02.14 08:30:01 | 000,429,088 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
 
========== Files Created - No Company Name ==========
 
[2013.03.05 18:20:45 | 000,000,000 | ---- | C] () -- C:\Users\****\defogger_reenable
[2013.03.05 09:17:47 | 000,377,856 | ---- | C] () -- \\SBSRV12\RedirectedFolders\*****\Desktop\gmer_2.1.19115.exe
[2013.03.05 09:17:45 | 000,050,477 | ---- | C] () -- \\SBSRV12\RedirectedFolders\*****\Desktop\Defogger.exe
[2013.03.05 08:49:20 | 000,007,632 | ---- | C] () -- \\SBSRV12\RedirectedFolders\*****\Desktop\bookmarks-2013-03-05.json
[2013.02.19 18:46:09 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.02.18 13:24:35 | 000,094,208 | RHS- | C] () -- C:\Users\****\AppData\Roaming\MSCOMCT2Q.dll
[2012.08.16 15:48:30 | 000,000,848 | RHS- | C] () -- C:\Users\****\ntuser.pol
[2012.08.16 14:53:30 | 000,047,634 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2012.04.30 09:01:15 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll
[2011.07.26 16:26:46 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2011.07.26 16:26:46 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2011.07.26 16:26:46 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2011.07.26 16:26:46 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2011.05.25 17:58:21 | 001,595,406 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.04.28 16:53:58 | 000,000,222 | ---- | C] () -- C:\Windows\Support.ini
[2011.04.11 14:18:10 | 000,001,035 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.04.11 08:41:00 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.09.29 08:46:11 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\de.ramicro.flex.germanlaws
[2012.08.16 17:20:51 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Philips Speech
[2012.08.16 15:49:04 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Windows Small Business Server
 
========== Purity Check ==========
 
 

< End of report >
         

Extras.txt :

Code:
ATTFilter
OTL Extras logfile created on: 05.03.2013 18:25:06 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = \\SBSRV12\RedirectedFolders\*****\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,75 Gb Total Physical Memory | 2,51 Gb Available Physical Memory | 66,92% Memory free
7,50 Gb Paging File | 6,06 Gb Available in Paging File | 80,83% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 126,85 Gb Total Space | 87,84 Gb Free Space | 69,24% Space Free | Partition Type: NTFS
Drive D: | 338,81 Gb Total Space | 338,71 Gb Free Space | 99,97% Space Free | Partition Type: NTFS
 
Computer Name: *** | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
"PolicyVersion" = 512
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
"EnableFirewall" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\FirewallRules]
"CoreNet-ICMP6-DU-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=1:*|App=System|Name=@FirewallAPI.dll,-25110|Desc=@FirewallAPI.dll,-25112|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-ICMP4-DUFRAG-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=1|Profile=Domain|ICMP4=3:4|App=System|Name=@FirewallAPI.dll,-25251|Desc=@FirewallAPI.dll,-25257|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-DHCP-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|LPort=68|RPort=67|App=%SystemRoot%\system32\svchost.exe|Svc=dhcp|Name=@FirewallAPI.dll,-25301|Desc=@FirewallAPI.dll,-25303|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-IGMP-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=2|Profile=Domain|App=System|Name=@FirewallAPI.dll,-25376|Desc=@FirewallAPI.dll,-25382|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-IPv6-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=41|Profile=Domain|App=System|Name=@FirewallAPI.dll,-25351|Desc=@FirewallAPI.dll,-25357|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-ICMP6-LD-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=132:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25082|Desc=@FirewallAPI.dll,-25088|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-ICMP6-LQ-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=130:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25061|Desc=@FirewallAPI.dll,-25067|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-ICMP6-LR-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=131:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25068|Desc=@FirewallAPI.dll,-25074|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-ICMP6-LR2-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=143:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25075|Desc=@FirewallAPI.dll,-25081|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-ICMP6-NDA-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=136:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25026|Desc=@FirewallAPI.dll,-25032|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-ICMP6-NDS-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=135:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25019|Desc=@FirewallAPI.dll,-25025|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-ICMP6-PTB-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=2:*|App=System|Name=@FirewallAPI.dll,-25001|Desc=@FirewallAPI.dll,-25007|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-ICMP6-PP-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=4:*|App=System|Name=@FirewallAPI.dll,-25116|Desc=@FirewallAPI.dll,-25118|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-ICMP6-RA-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=134:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25012|Desc=@FirewallAPI.dll,-25018|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-Teredo-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|LPort=Teredo|App=%SystemRoot%\system32\svchost.exe|Svc=iphlpsvc|Name=@FirewallAPI.dll,-25326|Desc=@FirewallAPI.dll,-25332|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-ICMP6-TE-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=3:*|App=System|Name=@FirewallAPI.dll,-25113|Desc=@FirewallAPI.dll,-25115|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-ICMP6-DU-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=1:*|App=System|Name=@FirewallAPI.dll,-25111|Desc=@FirewallAPI.dll,-25112|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-ICMP4-DUFRAG-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=1|Profile=Domain|ICMP4=3:4|App=System|Name=@FirewallAPI.dll,-25252|Desc=@FirewallAPI.dll,-25257|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-DHCP-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Domain|LPort=68|RPort=67|App=%SystemRoot%\system32\svchost.exe|Svc=dhcp|Name=@FirewallAPI.dll,-25302|Desc=@FirewallAPI.dll,-25303|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-IGMP-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=2|Profile=Domain|App=System|Name=@FirewallAPI.dll,-25377|Desc=@FirewallAPI.dll,-25382|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-IPv6-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=41|Profile=Domain|App=System|Name=@FirewallAPI.dll,-25352|Desc=@FirewallAPI.dll,-25357|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-ICMP6-LD-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=132:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25083|Desc=@FirewallAPI.dll,-25088|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-ICMP6-LQ-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=130:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25062|Desc=@FirewallAPI.dll,-25067|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-ICMP6-LR-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=131:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25069|Desc=@FirewallAPI.dll,-25074|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-ICMP6-LR2-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=143:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25076|Desc=@FirewallAPI.dll,-25081|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-ICMP6-NDA-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=136:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25027|Desc=@FirewallAPI.dll,-25032|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-ICMP6-NDS-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=135:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25020|Desc=@FirewallAPI.dll,-25025|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-ICMP6-PTB-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=2:*|App=System|Name=@FirewallAPI.dll,-25002|Desc=@FirewallAPI.dll,-25007|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-ICMP6-PP-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=4:*|App=System|Name=@FirewallAPI.dll,-25117|Desc=@FirewallAPI.dll,-25118|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-ICMP6-RA-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=134:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25013|Desc=@FirewallAPI.dll,-25018|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-Teredo-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Domain|App=%SystemRoot%\system32\svchost.exe|Svc=iphlpsvc|Name=@FirewallAPI.dll,-25327|Desc=@FirewallAPI.dll,-25333|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-ICMP6-TE-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=3:*|App=System|Name=@FirewallAPI.dll,-25114|Desc=@FirewallAPI.dll,-25115|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-GP-LSASS-Out-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\lsass.exe|Name=@FirewallAPI.dll,-25407|Desc=@FirewallAPI.dll,-25408|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-GP-Out-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\svchost.exe|Name=@FirewallAPI.dll,-25403|Desc=@FirewallAPI.dll,-25404|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-GP-NP-Out-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|RPort=445|App=System|Name=@FirewallAPI.dll,-25401|Desc=@FirewallAPI.dll,-25401|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-ICMP6-RS-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=133:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25008|Desc=@FirewallAPI.dll,-25011|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-DNS-Out-UDP" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Domain|RPort=53|App=%SystemRoot%\system32\svchost.exe|Svc=dnscache|Name=@FirewallAPI.dll,-25405|Desc=@FirewallAPI.dll,-25406|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|LSM=TRUE|
"FPS-ICMP4-ERQ-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=1|Profile=Domain|ICMP4=8:*|Name=@FirewallAPI.dll,-28543|Desc=@FirewallAPI.dll,-28547|EmbedCtxt=@FirewallAPI.dll,-28502|Edge=FALSE|
"FPS-ICMP6-ERQ-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=128:*|Name=@FirewallAPI.dll,-28545|Desc=@FirewallAPI.dll,-28547|EmbedCtxt=@FirewallAPI.dll,-28502|Edge=FALSE|
"FPS-NB_Datagram-In-UDP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|LPort=138|App=System|Name=@FirewallAPI.dll,-28527|Desc=@FirewallAPI.dll,-28530|EmbedCtxt=@FirewallAPI.dll,-28502|Edge=FALSE|
"FPS-NB_Name-In-UDP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|LPort=137|App=System|Name=@FirewallAPI.dll,-28519|Desc=@FirewallAPI.dll,-28522|EmbedCtxt=@FirewallAPI.dll,-28502|Edge=FALSE|
"FPS-NB_Session-In-TCP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=139|App=System|Name=@FirewallAPI.dll,-28503|Desc=@FirewallAPI.dll,-28506|EmbedCtxt=@FirewallAPI.dll,-28502|Edge=FALSE|
"FPS-SMB-In-TCP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=445|App=System|Name=@FirewallAPI.dll,-28511|Desc=@FirewallAPI.dll,-28514|EmbedCtxt=@FirewallAPI.dll,-28502|Edge=FALSE|
"FPS-SpoolSvc-In-TCP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC|App=%SystemRoot%\system32\spoolsv.exe|Svc=Spooler|Name=@FirewallAPI.dll,-28535|Desc=@FirewallAPI.dll,-28538|EmbedCtxt=@FirewallAPI.dll,-28502|Edge=FALSE|
"FPS-RPCSS-In-TCP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC-EPMap|Svc=Rpcss|Name=@FirewallAPI.dll,-28539|Desc=@FirewallAPI.dll,-28542|EmbedCtxt=@FirewallAPI.dll,-28502|Edge=FALSE|
"FPS-ICMP4-ERQ-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=1|Profile=Domain|ICMP4=8:*|Name=@FirewallAPI.dll,-28544|Desc=@FirewallAPI.dll,-28547|EmbedCtxt=@FirewallAPI.dll,-28502|Edge=FALSE|
"FPS-ICMP6-ERQ-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=128:*|Name=@FirewallAPI.dll,-28546|Desc=@FirewallAPI.dll,-28547|EmbedCtxt=@FirewallAPI.dll,-28502|Edge=FALSE|
"FPS-NB_Datagram-Out-UDP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Domain|RPort=138|App=System|Name=@FirewallAPI.dll,-28531|Desc=@FirewallAPI.dll,-28534|EmbedCtxt=@FirewallAPI.dll,-28502|Edge=FALSE|
"FPS-NB_Name-Out-UDP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Domain|RPort=137|App=System|Name=@FirewallAPI.dll,-28523|Desc=@FirewallAPI.dll,-28526|EmbedCtxt=@FirewallAPI.dll,-28502|Edge=FALSE|
"FPS-NB_Session-Out-TCP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|RPort=139|App=System|Name=@FirewallAPI.dll,-28507|Desc=@FirewallAPI.dll,-28510|EmbedCtxt=@FirewallAPI.dll,-28502|Edge=FALSE|
"FPS-SMB-Out-TCP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|RPort=445|App=System|Name=@FirewallAPI.dll,-28515|Desc=@FirewallAPI.dll,-28518|EmbedCtxt=@FirewallAPI.dll,-28502|Edge=FALSE|
"RemoteAssistance-DCOM-In-TCP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC-EPMap|App=%SystemRoot%\system32\svchost.exe|Svc=rpcss|Name=@FirewallAPI.dll,-33035|Desc=@FirewallAPI.dll,-33036|EmbedCtxt=@FirewallAPI.dll,-33002|Edge=FALSE|
"RemoteAssistance-UPnPHost-In-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=2869|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-33027|Desc=@FirewallAPI.dll,-33030|EmbedCtxt=@FirewallAPI.dll,-33002|Edge=FALSE|
"RemoteAssistance-SSDPSrv-In-UDP" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-33019|Desc=@FirewallAPI.dll,-33022|EmbedCtxt=@FirewallAPI.dll,-33002|Edge=FALSE|
"RemoteAssistance-In-TCP-EdgeScope" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\msra.exe|Name=@FirewallAPI.dll,-33003|Desc=@FirewallAPI.dll,-33006|EmbedCtxt=@FirewallAPI.dll,-33002|Edge=FALSE|
"RemoteAssistance-RAServer-In-TCP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\raserver.exe|Name=@FirewallAPI.dll,-33011|Desc=@FirewallAPI.dll,-33014|EmbedCtxt=@FirewallAPI.dll,-33002|Edge=FALSE|
"RemoteAssistance-UPnPHost-Out-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-33031|Desc=@FirewallAPI.dll,-33034|EmbedCtxt=@FirewallAPI.dll,-33002|Edge=FALSE|
"RemoteAssistance-UPnP-Out-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=upnphost|Name=@FirewallAPI.dll,-33037|Desc=@FirewallAPI.dll,-33038|EmbedCtxt=@FirewallAPI.dll,-33002|Edge=FALSE|
"RemoteAssistance-SSDPSrv-Out-UDP" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Domain|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-33023|Desc=@FirewallAPI.dll,-33026|EmbedCtxt=@FirewallAPI.dll,-33002|Edge=FALSE|
"RemoteAssistance-Out-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\msra.exe|Name=@FirewallAPI.dll,-33007|Desc=@FirewallAPI.dll,-33010|EmbedCtxt=@FirewallAPI.dll,-33002|Edge=FALSE|
"RemoteAssistance-RAServer-Out-TCP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\raserver.exe|Name=@FirewallAPI.dll,-33015|Desc=@FirewallAPI.dll,-33018|EmbedCtxt=@FirewallAPI.dll,-33002|Edge=FALSE|
"RemoteDesktop-In-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=3389|App=System|Name=@FirewallAPI.dll,-28753|Desc=@FirewallAPI.dll,-28756|EmbedCtxt=@FirewallAPI.dll,-28752|Edge=FALSE|
"WMI-ASYNC-In-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|App=%systemroot%\system32\wbem\unsecapp.exe|Name=@FirewallAPI.dll,-34256|Desc=@FirewallAPI.dll,-34257|EmbedCtxt=@FirewallAPI.dll,-34251|Edge=FALSE|
"WMI-RPCSS-In-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=135|App=%SystemRoot%\system32\svchost.exe|Svc=rpcss|Name=@FirewallAPI.dll,-34252|Desc=@FirewallAPI.dll,-34253|EmbedCtxt=@FirewallAPI.dll,-34251|Edge=FALSE|
"WMI-WINMGMT-In-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\svchost.exe|Svc=winmgmt|Name=@FirewallAPI.dll,-34254|Desc=@FirewallAPI.dll,-34255|EmbedCtxt=@FirewallAPI.dll,-34251|Edge=FALSE|
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
"PolicyVersion" = 512
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\FirewallRules]
"CoreNet-ICMP6-DU-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=1:*|App=System|Name=@FirewallAPI.dll,-25110|Desc=@FirewallAPI.dll,-25112|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-ICMP4-DUFRAG-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=1|Profile=Domain|ICMP4=3:4|App=System|Name=@FirewallAPI.dll,-25251|Desc=@FirewallAPI.dll,-25257|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-DHCP-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|LPort=68|RPort=67|App=%SystemRoot%\system32\svchost.exe|Svc=dhcp|Name=@FirewallAPI.dll,-25301|Desc=@FirewallAPI.dll,-25303|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-IGMP-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=2|Profile=Domain|App=System|Name=@FirewallAPI.dll,-25376|Desc=@FirewallAPI.dll,-25382|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-IPv6-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=41|Profile=Domain|App=System|Name=@FirewallAPI.dll,-25351|Desc=@FirewallAPI.dll,-25357|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-ICMP6-LD-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=132:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25082|Desc=@FirewallAPI.dll,-25088|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-ICMP6-LQ-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=130:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25061|Desc=@FirewallAPI.dll,-25067|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-ICMP6-LR-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=131:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25068|Desc=@FirewallAPI.dll,-25074|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-ICMP6-LR2-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=143:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25075|Desc=@FirewallAPI.dll,-25081|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-ICMP6-NDA-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=136:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25026|Desc=@FirewallAPI.dll,-25032|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-ICMP6-NDS-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=135:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25019|Desc=@FirewallAPI.dll,-25025|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-ICMP6-PTB-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=2:*|App=System|Name=@FirewallAPI.dll,-25001|Desc=@FirewallAPI.dll,-25007|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-ICMP6-PP-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=4:*|App=System|Name=@FirewallAPI.dll,-25116|Desc=@FirewallAPI.dll,-25118|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-ICMP6-RA-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=134:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25012|Desc=@FirewallAPI.dll,-25018|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-Teredo-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|LPort=Teredo|App=%SystemRoot%\system32\svchost.exe|Svc=iphlpsvc|Name=@FirewallAPI.dll,-25326|Desc=@FirewallAPI.dll,-25332|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-ICMP6-TE-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=3:*|App=System|Name=@FirewallAPI.dll,-25113|Desc=@FirewallAPI.dll,-25115|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-ICMP6-DU-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=1:*|App=System|Name=@FirewallAPI.dll,-25111|Desc=@FirewallAPI.dll,-25112|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-ICMP4-DUFRAG-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=1|Profile=Domain|ICMP4=3:4|App=System|Name=@FirewallAPI.dll,-25252|Desc=@FirewallAPI.dll,-25257|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-DHCP-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Domain|LPort=68|RPort=67|App=%SystemRoot%\system32\svchost.exe|Svc=dhcp|Name=@FirewallAPI.dll,-25302|Desc=@FirewallAPI.dll,-25303|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-IGMP-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=2|Profile=Domain|App=System|Name=@FirewallAPI.dll,-25377|Desc=@FirewallAPI.dll,-25382|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-IPv6-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=41|Profile=Domain|App=System|Name=@FirewallAPI.dll,-25352|Desc=@FirewallAPI.dll,-25357|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-ICMP6-LD-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=132:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25083|Desc=@FirewallAPI.dll,-25088|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-ICMP6-LQ-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=130:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25062|Desc=@FirewallAPI.dll,-25067|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-ICMP6-LR-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=131:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25069|Desc=@FirewallAPI.dll,-25074|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-ICMP6-LR2-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=143:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25076|Desc=@FirewallAPI.dll,-25081|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-ICMP6-NDA-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=136:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25027|Desc=@FirewallAPI.dll,-25032|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-ICMP6-NDS-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=135:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25020|Desc=@FirewallAPI.dll,-25025|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-ICMP6-PTB-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=2:*|App=System|Name=@FirewallAPI.dll,-25002|Desc=@FirewallAPI.dll,-25007|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-ICMP6-PP-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=4:*|App=System|Name=@FirewallAPI.dll,-25117|Desc=@FirewallAPI.dll,-25118|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-ICMP6-RA-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=134:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25013|Desc=@FirewallAPI.dll,-25018|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-Teredo-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Domain|App=%SystemRoot%\system32\svchost.exe|Svc=iphlpsvc|Name=@FirewallAPI.dll,-25327|Desc=@FirewallAPI.dll,-25333|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-ICMP6-TE-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=3:*|App=System|Name=@FirewallAPI.dll,-25114|Desc=@FirewallAPI.dll,-25115|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-GP-LSASS-Out-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\lsass.exe|Name=@FirewallAPI.dll,-25407|Desc=@FirewallAPI.dll,-25408|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-GP-Out-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\svchost.exe|Name=@FirewallAPI.dll,-25403|Desc=@FirewallAPI.dll,-25404|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-GP-NP-Out-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|RPort=445|App=System|Name=@FirewallAPI.dll,-25401|Desc=@FirewallAPI.dll,-25401|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-ICMP6-RS-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=133:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25008|Desc=@FirewallAPI.dll,-25011|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-DNS-Out-UDP" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Domain|RPort=53|App=%SystemRoot%\system32\svchost.exe|Svc=dnscache|Name=@FirewallAPI.dll,-25405|Desc=@FirewallAPI.dll,-25406|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|LSM=TRUE|
"FPS-ICMP4-ERQ-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=1|Profile=Domain|ICMP4=8:*|Name=@FirewallAPI.dll,-28543|Desc=@FirewallAPI.dll,-28547|EmbedCtxt=@FirewallAPI.dll,-28502|Edge=FALSE|
"FPS-ICMP6-ERQ-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=128:*|Name=@FirewallAPI.dll,-28545|Desc=@FirewallAPI.dll,-28547|EmbedCtxt=@FirewallAPI.dll,-28502|Edge=FALSE|
"FPS-NB_Datagram-In-UDP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|LPort=138|App=System|Name=@FirewallAPI.dll,-28527|Desc=@FirewallAPI.dll,-28530|EmbedCtxt=@FirewallAPI.dll,-28502|Edge=FALSE|
"FPS-NB_Name-In-UDP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|LPort=137|App=System|Name=@FirewallAPI.dll,-28519|Desc=@FirewallAPI.dll,-28522|EmbedCtxt=@FirewallAPI.dll,-28502|Edge=FALSE|
"FPS-NB_Session-In-TCP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=139|App=System|Name=@FirewallAPI.dll,-28503|Desc=@FirewallAPI.dll,-28506|EmbedCtxt=@FirewallAPI.dll,-28502|Edge=FALSE|
"FPS-SMB-In-TCP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=445|App=System|Name=@FirewallAPI.dll,-28511|Desc=@FirewallAPI.dll,-28514|EmbedCtxt=@FirewallAPI.dll,-28502|Edge=FALSE|
"FPS-SpoolSvc-In-TCP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC|App=%SystemRoot%\system32\spoolsv.exe|Svc=Spooler|Name=@FirewallAPI.dll,-28535|Desc=@FirewallAPI.dll,-28538|EmbedCtxt=@FirewallAPI.dll,-28502|Edge=FALSE|
"FPS-RPCSS-In-TCP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC-EPMap|Svc=Rpcss|Name=@FirewallAPI.dll,-28539|Desc=@FirewallAPI.dll,-28542|EmbedCtxt=@FirewallAPI.dll,-28502|Edge=FALSE|
"FPS-ICMP4-ERQ-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=1|Profile=Domain|ICMP4=8:*|Name=@FirewallAPI.dll,-28544|Desc=@FirewallAPI.dll,-28547|EmbedCtxt=@FirewallAPI.dll,-28502|Edge=FALSE|
"FPS-ICMP6-ERQ-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=128:*|Name=@FirewallAPI.dll,-28546|Desc=@FirewallAPI.dll,-28547|EmbedCtxt=@FirewallAPI.dll,-28502|Edge=FALSE|
"FPS-NB_Datagram-Out-UDP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Domain|RPort=138|App=System|Name=@FirewallAPI.dll,-28531|Desc=@FirewallAPI.dll,-28534|EmbedCtxt=@FirewallAPI.dll,-28502|Edge=FALSE|
"FPS-NB_Name-Out-UDP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Domain|RPort=137|App=System|Name=@FirewallAPI.dll,-28523|Desc=@FirewallAPI.dll,-28526|EmbedCtxt=@FirewallAPI.dll,-28502|Edge=FALSE|
"FPS-NB_Session-Out-TCP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|RPort=139|App=System|Name=@FirewallAPI.dll,-28507|Desc=@FirewallAPI.dll,-28510|EmbedCtxt=@FirewallAPI.dll,-28502|Edge=FALSE|
"FPS-SMB-Out-TCP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|RPort=445|App=System|Name=@FirewallAPI.dll,-28515|Desc=@FirewallAPI.dll,-28518|EmbedCtxt=@FirewallAPI.dll,-28502|Edge=FALSE|
"RemoteAssistance-DCOM-In-TCP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC-EPMap|App=%SystemRoot%\system32\svchost.exe|Svc=rpcss|Name=@FirewallAPI.dll,-33035|Desc=@FirewallAPI.dll,-33036|EmbedCtxt=@FirewallAPI.dll,-33002|Edge=FALSE|
"RemoteAssistance-UPnPHost-In-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=2869|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-33027|Desc=@FirewallAPI.dll,-33030|EmbedCtxt=@FirewallAPI.dll,-33002|Edge=FALSE|
"RemoteAssistance-SSDPSrv-In-UDP" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-33019|Desc=@FirewallAPI.dll,-33022|EmbedCtxt=@FirewallAPI.dll,-33002|Edge=FALSE|
"RemoteAssistance-In-TCP-EdgeScope" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\msra.exe|Name=@FirewallAPI.dll,-33003|Desc=@FirewallAPI.dll,-33006|EmbedCtxt=@FirewallAPI.dll,-33002|Edge=FALSE|
"RemoteAssistance-RAServer-In-TCP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\raserver.exe|Name=@FirewallAPI.dll,-33011|Desc=@FirewallAPI.dll,-33014|EmbedCtxt=@FirewallAPI.dll,-33002|Edge=FALSE|
"RemoteAssistance-UPnPHost-Out-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-33031|Desc=@FirewallAPI.dll,-33034|EmbedCtxt=@FirewallAPI.dll,-33002|Edge=FALSE|
"RemoteAssistance-UPnP-Out-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=upnphost|Name=@FirewallAPI.dll,-33037|Desc=@FirewallAPI.dll,-33038|EmbedCtxt=@FirewallAPI.dll,-33002|Edge=FALSE|
"RemoteAssistance-SSDPSrv-Out-UDP" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Domain|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-33023|Desc=@FirewallAPI.dll,-33026|EmbedCtxt=@FirewallAPI.dll,-33002|Edge=FALSE|
"RemoteAssistance-Out-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\msra.exe|Name=@FirewallAPI.dll,-33007|Desc=@FirewallAPI.dll,-33010|EmbedCtxt=@FirewallAPI.dll,-33002|Edge=FALSE|
"RemoteAssistance-RAServer-Out-TCP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\raserver.exe|Name=@FirewallAPI.dll,-33015|Desc=@FirewallAPI.dll,-33018|EmbedCtxt=@FirewallAPI.dll,-33002|Edge=FALSE|
"RemoteDesktop-In-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=3389|App=System|Name=@FirewallAPI.dll,-28753|Desc=@FirewallAPI.dll,-28756|EmbedCtxt=@FirewallAPI.dll,-28752|Edge=FALSE|
"WMI-ASYNC-In-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|App=%systemroot%\system32\wbem\unsecapp.exe|Name=@FirewallAPI.dll,-34256|Desc=@FirewallAPI.dll,-34257|EmbedCtxt=@FirewallAPI.dll,-34251|Edge=FALSE|
"WMI-RPCSS-In-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=135|App=%SystemRoot%\system32\svchost.exe|Svc=rpcss|Name=@FirewallAPI.dll,-34252|Desc=@FirewallAPI.dll,-34253|EmbedCtxt=@FirewallAPI.dll,-34251|Edge=FALSE|
"WMI-WINMGMT-In-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\svchost.exe|Svc=winmgmt|Name=@FirewallAPI.dll,-34254|Desc=@FirewallAPI.dll,-34255|EmbedCtxt=@FirewallAPI.dll,-34251|Edge=FALSE|
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03AC7061-BD46-4797-8426-25FB9DD63211}" = lport=29478 | protocol=6 | dir=in | name=trend micro worry-free business security agent listener | 
"{0486B84B-CCCD-42E0-AC36-56F3C61921B2}" = rport=137 | protocol=17 | dir=out | app=system | 
"{1987DA7F-124A-4F64-A7ED-06AFD8FE9A39}" = lport=138 | protocol=17 | dir=in | app=system | 
"{2E700F59-F940-4A5B-A626-1DF2AFCC85DF}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | 
"{2E9144B8-9097-4A46-AB53-871AC7E57F45}" = rport=138 | protocol=17 | dir=out | app=system | 
"{338E8BB2-A15D-47B0-BF89-5DFEE7FFC75E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{4A3C014D-7352-48A9-9813-0D41A9F17170}" = lport=139 | protocol=6 | dir=in | app=system | 
"{7C1B9F0F-4CF0-4D31-ACAD-5E4E79F4BCE6}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{7D3869BA-8021-4EAB-84E5-BF8D52352037}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{83C18BFE-0B24-4BB4-B78C-961370B63AC5}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{B543EE7F-284C-4D05-BBA0-E59E613D9761}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{C08D51FA-B07D-4050-894A-C4D7872C84DA}" = rport=139 | protocol=6 | dir=out | app=system | 
"{D509614C-9F3D-4633-9B27-AB61327A38C2}" = lport=137 | protocol=17 | dir=in | app=system | 
"{E15B46CA-3E01-46BB-876B-3297B66062C6}" = rport=445 | protocol=6 | dir=out | app=system | 
"{E2C31F6D-B883-4887-94E3-7E9F2F95AAA3}" = lport=445 | protocol=6 | dir=in | app=system | 
"{EC01A631-B3F5-4A0C-AD7A-8C73DE59ACA9}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{109F8F78-F608-4DE4-9D5B-E38F2DBE8C3E}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{2BE3EC3F-2EF7-4A1D-B291-4DFFD3EFFAF2}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{31228139-6065-4216-8AE6-FEEE02D9A95C}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{3329058B-0D4F-44DC-A1F1-EA11B3FA2013}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{37D20118-A7AC-42C8-88B0-B65CE7C8316E}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe | 
"{3A78109B-4B83-4D46-B602-E6A7B81FD284}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{5FC0CEF1-C009-424D-BAA1-CD5FB85C6C6D}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe | 
"{96C2B7D8-2604-4762-8ECD-8121D2FF6BC3}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe | 
"{A5A2564F-040E-48FB-8AB9-849A889A5765}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe | 
"{AE80077F-3CDC-412F-9678-6451A355CC8A}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe | 
"{E1870189-84FD-47FD-8EF4-A24B67643B5C}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{E617365E-548C-422E-8FC7-5E4FD15515B8}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0A07E717-BB5D-4B99-840B-6C5DED52B277}" = Trend Micro Worry-Free Business Security Agent
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5C72F8A3-BF39-4733-B41E-0ED7EF622E37}" = Windows Small Business Server 2011 Standard ClientAgent
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{64555D45-1F57-BF1D-1A5E-BFD4C8C0ADB4}" = ATI Catalyst Install Manager
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{CCBF4FD7-F4D2-4DB0-BC0E-F4EC42220EFF}" = Microsoft SQL Server Compact 4.0 x64 DEU
"{CD886EE3-07DE-76F1-79DA-0D2C31551559}" = ccc-utility64
"{EA08048C-3823-4DC8-B169-1D5D11FFC19F}_is1" = PDF-XChange 4
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"SecCommerce SecSigner" = SecCommerce SecSigner 3.6
"Wofie" = Trend Micro Worry-Free Business Security Agent
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01201D0C-0AD2-471D-8CB6-E1574A5A0D8D}" = TextControl 14.0 SP4
"{021BC94E-D464-4B9D-96F1-C6566B476A71}" = DDBAC
"{0879415B-4038-A4ED-276C-80E2C24502E8}" = CCC Help Polish
"{0A07E717-BB5D-4B99-840B-6C5DED52B277}" = Trend Micro Worry-Free Business Security Agent
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{1798D459-6B8B-474B-868D-1229EADA3B95}" = Adobe AIR
"{1E4A6F03-4D71-4496-9B2D-71C8B59F64DE}" = BiosNotice
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{22674A89-CE4D-428D-BA79-4446933FBAF0}" = RA-MICRO Systemdateien
"{22B6DCC1-704A-4763-A475-A13EB499D08E}" = Advanced Monitoring Agent GP
"{23114BAB-A7F2-160F-4CF8-20F5917C5063}" = CCC Help Dutch
"{2592ACCF-8D9B-4CF8-B791-16A94A8A75B8}" = RA-MICRO Infragistics 10.3
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{2D290157-1B44-1620-073B-F91546386AEF}" = CCC Help German
"{349B4707-5F45-49EB-9A9D-8F89C94355F2}" = Microsoft Sync Framework 2.1 Provider Services (x86) DEU 
"{4599E55A-9861-AA8D-AD77-A62649FB1B88}" = Catalyst Control Center Graphics Full New
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI
"{599556F6-88AA-D1B4-BBEE-E6DBEB69E958}" = CCC Help Thai
"{61E455F8-99A8-D65F-B6E3-06B998B7F26F}" = CCC Help Greek
"{6758053B-9A6D-4C1C-AB7B-C881342C4145}" = MailStore Outlook Add-in 7.0.7.7671
"{67E6A5BC-CA30-46DE-2A8E-C17BD52D3A60}" = Catalyst Control Center Graphics Full Existing
"{69C2B39D-F060-49AD-8877-01C4144A8424}" = Microsoft Surface 2.0 Runtime
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7121136B-462F-46F7-8FC0-6A35E8DC2D5B}" = DDBAC
"{772E433B-907F-D183-9521-4FB6C6126E24}" = CCC Help Danish
"{788755AD-6DD7-4736-9CA9-24B05D87845C}" = Microsoft Surface Toolkit Runtime for Windows Touch Beta
"{796DDBD5-999C-EE26-EB08-AD16FF82B620}" = CCC Help Italian
"{7A1107CD-A2EF-B18D-65E6-D8496CC99BB7}" = Catalyst Control Center InstallProxy
"{7C3D2C23-FF8C-DF11-1110-220FD024E94B}" = CCC Help Spanish
"{80DB9145-FFA6-A9EA-0684-6F09BCEE5324}" = CCC Help Swedish
"{8303FC1B-3B58-19D3-DBCD-DF63144463DB}" = CCC Help Hungarian
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{885624C0-B9C5-469D-95D6-0DBC8D75AC92}" = DDBAC
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B37A414-1480-607C-8A06-3C6DAC20CA87}" = Catalyst Control Center Graphics Light
"{8EC37670-CFF6-851D-F6F4-D730E2DCF827}" = CCC Help Norwegian
"{90140000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2010
"{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.STANDARD_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.STANDARD_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.STANDARD_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.STANDARD_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.STANDARD_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.STANDARD_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.STANDARD_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.STANDARD_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.STANDARD_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.STANDARD_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.STANDARD_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.STANDARD_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.STANDARD_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.STANDARD_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2010 Primary Interop Assemblies
"{94FF7296-8022-FFB5-2B31-3B72524DDF2A}" = Catalyst Control Center Graphics Previews Vista
"{987B04C4-B5AC-4AD6-A7E9-8D681085B850}" = AMD USB Filter Driver
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9F5B8E0-1935-0CE0-08B3-7128820A7B08}" = CCC Help Portuguese
"{AA35FD9B-BD64-2229-371C-5217D43F3829}" = CCC Help Japanese
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.6) - Deutsch
"{AFF3DA5E-9426-57DA-3B59-9E67A426214B}" = CCC Help Turkish
"{B31F6A27-F7B6-EA98-2168-B256A929F49B}" = Catalyst Control Center Localization All
"{B82285B9-60A7-85E6-2AFF-F7CC65530EA1}" = CCC Help Russian
"{BAC15A55-B97D-AD8C-54AF-5E6B681BC839}" = CCC Help Chinese Standard
"{BF73A77C-55FD-4F59-928C-DBFDEC52E623}" = Catalyst Control Center Core Implementation
"{C5177FC1-B7C4-41DE-129F-54B273EBCD09}" = Catalyst Control Center Graphics Previews Common
"{C7C05C54-21D1-4DA7-9473-C47CB13D6A40}" = CCC Help Czech
"{C9F3DB27-447C-8569-9E5A-F2DB69C5BE4D}" = ccc-core-static
"{CC9DCD22-4CB5-4A99-B58A-B36CAC75B340}" = SpeechExec Pro Dictate
"{D0F06337-3406-4162-9990-7853DCE4F345}" = Microsoft Sync Framework 2.1 Core Components (x86) DEU 
"{D584C0DD-5994-8AC4-FC21-ED1E5F3B3B95}" = CCC Help English
"{DB3C5DC4-A7A0-4890-B31C-3220B43B25EC}" = Advanced Monitoring Agent GP
"{DD794783-8313-CEFC-0A34-B9F596B09F76}" = CCC Help French
"{DE726A89-0BF3-433D-B975-4201BF2E8156}" = RA-MICRO Leadtools
"{DFC3AA0C-E8F1-2DCB-4EA2-073E20131FC5}" = CCC Help Korean
"{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}" = Asmedia ASM104x USB 3.0 Host Controller Driver
"{E6415AEF-3B3E-43FF-AD3A-0258D854E7D6}" = Microsoft Sync Framework 2.0 Core Components (x86) DEU 
"{E90A1941-4989-4172-AB5C-DBCB02202A84}" = Microsoft Sync Framework 2.0 Provider Services (x86) DEU 
"{EC15998D-5C48-43D9-B5A6-43085531B31C}" = RA-MICRO Elster
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F7A8377A-3062-43B8-94F4-4E30EA43A9E9}" = Windows Small Business Server 2011 Standard WMI Provider
"{FA2AD46D-06FB-8883-6CE5-349EC371D173}" = CCC Help Finnish
"{FB3E4248-8793-6A02-7862-4D56FABC814B}" = CCC Help Chinese Traditional
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Advanced Monitoring Agent GP" = Advanced Monitoring Agent GP
"Frutiger CI Fonts" = Frutiger CI Fonts Installer
"Google Chrome" = Google Chrome
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Mozilla Firefox 19.0 (x86 de)" = Mozilla Firefox 19.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.STANDARD" = Microsoft Office Standard 2010
"ra-micro Deinstallation" = RA-MICRO Deinstallation
"TeamViewer 7 Host" = TeamViewer 7 Host
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 20.02.2013 03:15:02 | Computer Name = WKS10.tremko.local | Source = Windows Search Service | ID = 7040
Description = 
 
Error - 20.02.2013 03:15:02 | Computer Name = WKS10.tremko.local | Source = Windows Search Service | ID = 7042
Description = 
 
Error - 20.02.2013 03:15:02 | Computer Name = WKS10.tremko.local | Source = Windows Search Service | ID = 9002
Description = 
 
Error - 20.02.2013 03:15:02 | Computer Name = WKS10.tremko.local | Source = Windows Search Service | ID = 3029
Description = 
 
Error - 20.02.2013 03:15:03 | Computer Name = WKS10.tremko.local | Source = Windows Search Service | ID = 3029
Description = 
 
Error - 20.02.2013 03:15:03 | Computer Name = WKS10.tremko.local | Source = Windows Search Service | ID = 3028
Description = 
 
Error - 20.02.2013 03:15:03 | Computer Name = WKS10.tremko.local | Source = Windows Search Service | ID = 3058
Description = 
 
Error - 20.02.2013 03:15:03 | Computer Name = WKS10.tremko.local | Source = Windows Search Service | ID = 7010
Description = 
 
Error - 20.02.2013 06:05:53 | Computer Name = WKS10.tremko.local | Source = WinMgmt | ID = 10
Description = 
 
Error - 21.02.2013 03:27:24 | Computer Name = WKS10.tremko.local | Source = WinMgmt | ID = 10
Description = 
 
Error - 21.02.2013 13:28:49 | Computer Name = WKS10.tremko.local | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 05.03.2013 08:03:39 | Computer Name = WKS10.tremko.local | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk5\DR5 gefunden.
 
Error - 05.03.2013 11:00:58 | Computer Name = WKS10.tremko.local | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus
 lautet: 10.
 
Error - 05.03.2013 11:00:58 | Computer Name = WKS10.tremko.local | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus
 lautet: 10.
 
Error - 05.03.2013 11:01:43 | Computer Name = WKS10.tremko.local | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus
 lautet: 10.
 
Error - 05.03.2013 11:01:43 | Computer Name = WKS10.tremko.local | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus
 lautet: 10.
 
Error - 05.03.2013 11:16:36 | Computer Name = WKS10.tremko.local | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk5\DR6 gefunden.
 
Error - 05.03.2013 11:16:36 | Computer Name = WKS10.tremko.local | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk5\DR6 gefunden.
 
Error - 05.03.2013 11:16:37 | Computer Name = WKS10.tremko.local | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk5\DR6 gefunden.
 
Error - 05.03.2013 11:16:37 | Computer Name = WKS10.tremko.local | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk5\DR6 gefunden.
 
Error - 05.03.2013 11:16:38 | Computer Name = WKS10.tremko.local | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk5\DR6 gefunden.
 
 
< End of report >
         

Gmer.txt:


Code:
ATTFilter
GMER 2.1.19115 - hxxp://www.gmer.net
Rootkit scan 2013-03-05 19:13:52
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD5000AAJS-00A8B2 rev.01.03B01 465,76GB
Running: gmer_2.1.19115.exe; Driver: C:\Users\***T~1.TRE\AppData\Local\Temp\fxldqpog.sys


---- User code sections - GMER 2.1 ----

.text   C:\Program Files (x86)\Advanced Monitoring Agent GP\winagent.exe[1760] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69   0000000076f61465 2 bytes [F6, 76]
.text   C:\Program Files (x86)\Advanced Monitoring Agent GP\winagent.exe[1760] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155  0000000076f614bb 2 bytes [F6, 76]
.text   ...                                                                                                                              * 2

---- Threads - GMER 2.1 ----

Thread  C:\Windows\SysWOW64\rundll32.exe [3364:3468]                                                                                     000000000024f430
Thread  C:\Windows\SysWOW64\rundll32.exe [3364:3472]                                                                                     0000000000263a80
Thread  C:\Windows\SysWOW64\rundll32.exe [3364:3656]                                                                                     0000000000263a10
Thread  C:\Windows\SysWOW64\rundll32.exe [3364:2720]                                                                                     00000000008080a3
Thread  C:\Windows\SysWOW64\rundll32.exe [3364:2384]                                                                                     0000000000805235
Thread  C:\Windows\SysWOW64\rundll32.exe [3364:2728]                                                                                     0000000000805755

---- EOF - GMER 2.1 ----
         

Alt 05.03.2013, 19:53   #2
markusg
/// Malware-holic
 
Ihave.net Umleitungs-Virus - Standard

Ihave.net Umleitungs-Virus



Hi,


otl fix

Fixen mit OTL

  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.

Code:
ATTFilter
:OTL
[2013.02.18 13:24:35 | 000,094,208 | RHS- | M] () -- C:\Users\****\AppData\Roaming\MSCOMCT2Q.dll
O4 - HKCU..\Run: [oism] C:\Users\****\AppData\Roaming\MSCOMCT2Q.dll ()
:files
:Commands
[emptytemp]
         
  • Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
  • Schließe bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread

Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang
in den Thread posten!




Drücke bitte die + E Taste.
  • Öffne dein Systemlaufwerk ( meistens C: )
  • Suche nun
    folgenden Ordner: _OTL und öffne diesen.
  • Mache einen Rechtsklick auf den Ordner Movedfiles --> Senden an --> Zip-Komprimierter Ordner

  • Dies wird eine Movedfiles.zip Datei in _OTL erstellen
  • Lade diese bitte in unseren Uploadchannel
    hoch. ( Durchsuchen --> C:\_OTL\Movedfiles.zip )
Teile mir mit ob der Upload problemlos geklappt hat. Danke im voraus

downloade get info:
http://markusg.trojaner-board.de/GetInfo.exe
doppelklicke die .exe
im selben ordner wird nun eine .txt erstellt:
summary-info.txt
diese doppelklicken und deren inhalt posten.

Frage:
hast du zum infektionszeitpunkt, bzw evtl. einen tag davor, etwas runtergeladen und instaliert bzw ausgeführt?
wurdest du beim besuch einer seite aufgefordert etwas zu instalieren bzw runterzuladen? diese infos hätte ich auch gern als private nachicht.
__________________

__________________

Alt 06.03.2013, 08:44   #3
SteelRock
 
Ihave.net Umleitungs-Virus - Standard

Ihave.net Umleitungs-Virus



Hallo,

zuerst mal danke, dass du dich meines Problems annimmst.

Das fixen mit OTL.exe hat wohl geklappt, aber das Programm estellt weder eine Textdatei auf dem Desktop noch das Verzeichnis C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt.

Nach dem Fix-Vorgang zeigt er an "Fehler beim Erstellen des Logfiles" und verlangt dann einen Neustart. Direkt nach dem Neustart erscheint eine Sicherheitswarnung, dass OTL.exe ausgeführt werden soll. Nach dem Bestätigen der Sicherheitswarnung kommt erneut von
OTL die Nachricht "Fehler beim Erstellen des Logfiles". Dann öffnet sich der Editor ohne Inhalt.

Hierbei erscheint dann die Fehlermeldung

"Die Syntax für den Dateinamen, Verzeichnisnamen oder Datenträgerbezeichnung ist falsch"

Ich hab es bereits mit ausgeschalteter Antivirensoftware, ausgeschalteter Benutzerkontensteuerung versucht und OTL immer als Administrator ausgeführt.
Leider klappt es nicht. Eine Idee?
__________________

Alt 06.03.2013, 17:37   #4
markusg
/// Malware-holic
 
Ihave.net Umleitungs-Virus - Standard

Ihave.net Umleitungs-Virus



dann mach mal den Rest
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 06.03.2013, 18:36   #5
SteelRock
 
Ihave.net Umleitungs-Virus - Standard

Ihave.net Umleitungs-Virus



Hallo,

ok. Ich dache, ohne die OTL Datei würde es keinen Sinn machen.

Hier die getinfo summary-info.txt:

Code:
ATTFilter
System volume information:	 dwHighDateTime = 0x1cbf847,dwLowDateTime = 0xc0d6fc58
System32:			 dwHighDateTime = 0x1ca0431,dwLowDateTime = 0xfec9a6f8
dwSerialNumber = 0xe2d0e11d
         


Alt 06.03.2013, 18:37   #6
markusg
/// Malware-holic
 
Ihave.net Umleitungs-Virus - Standard

Ihave.net Umleitungs-Virus



hi upload fehlt noch und die Frage beantworten
da sehe ich dann, ob der Fix gelaufen is
__________________
--> Ihave.net Umleitungs-Virus

Alt 06.03.2013, 18:44   #7
SteelRock
 
Ihave.net Umleitungs-Virus - Standard

Ihave.net Umleitungs-Virus



Hallo,

den Upload kann ich leider nicht durchführen, da das verzeichnis

C:\_OTL\Movedfiles.zip

nicht existiert. Es gibt leider keinen _OTL Ordner.

Das hatt ich mit meinem früheren Post gemeint.


P.S. Bezüglich der Frage ist die PN unterwegs

Alt 06.03.2013, 19:06   #8
markusg
/// Malware-holic
 
Ihave.net Umleitungs-Virus - Standard

Ihave.net Umleitungs-Virus



Hi,
dann mal erst mal folgenes:
Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 07.03.2013, 10:02   #9
SteelRock
 
Ihave.net Umleitungs-Virus - Standard

Ihave.net Umleitungs-Virus



Hallo,

hier ist die TDSS Log:

Code:
ATTFilter
09:54:22.0238 4880  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
09:54:22.0488 4880  ============================================================
09:54:22.0488 4880  Current date / time: 2013/03/07 09:54:22.0488
09:54:22.0488 4880  SystemInfo:
09:54:22.0488 4880  
09:54:22.0488 4880  OS Version: 6.1.7601 ServicePack: 1.0
09:54:22.0488 4880  Product type: Workstation
09:54:22.0488 4880  ComputerName: WKS10
09:54:22.0488 4880  UserName: ***
09:54:22.0488 4880  Windows directory: C:\Windows
09:54:22.0488 4880  System windows directory: C:\Windows
09:54:22.0488 4880  Running under WOW64
09:54:22.0488 4880  Processor architecture: Intel x64
09:54:22.0488 4880  Number of processors: 3
09:54:22.0488 4880  Page size: 0x1000
09:54:22.0488 4880  Boot type: Normal boot
09:54:22.0488 4880  ============================================================
09:54:23.0330 4880  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
09:54:23.0377 4880  ============================================================
09:54:23.0377 4880  \Device\Harddisk0\DR0:
09:54:23.0392 4880  MBR partitions:
09:54:23.0392 4880  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
09:54:23.0392 4880  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xFDB5800
09:54:23.0392 4880  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0xFDE8000, BlocksNum 0x2A59D800
09:54:23.0392 4880  ============================================================
09:54:23.0408 4880  C: <-> \Device\Harddisk0\DR0\Partition2
09:54:23.0424 4880  D: <-> \Device\Harddisk0\DR0\Partition3
09:54:23.0424 4880  ============================================================
09:54:23.0424 4880  Initialize success
09:54:23.0424 4880  ============================================================
09:55:38.0352 2224  ============================================================
09:55:38.0352 2224  Scan started
09:55:38.0352 2224  Mode: Manual; SigCheck; TDLFS; 
09:55:38.0352 2224  ============================================================
09:55:38.0726 2224  ================ Scan system memory ========================
09:55:38.0726 2224  System memory - ok
09:55:38.0726 2224  ================ Scan services =============================
09:55:38.0851 2224  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
09:55:38.0945 2224  1394ohci - ok
09:55:38.0960 2224  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
09:55:38.0976 2224  ACPI - ok
09:55:38.0992 2224  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
09:55:39.0007 2224  AcpiPmi - ok
09:55:39.0101 2224  [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
09:55:39.0132 2224  AdobeARMservice - ok
09:55:39.0226 2224  [ 9942DC4CC265CDA00486504444EF521D ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
09:55:39.0241 2224  AdobeFlashPlayerUpdateSvc - ok
09:55:39.0288 2224  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
09:55:39.0335 2224  adp94xx - ok
09:55:39.0350 2224  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
09:55:39.0366 2224  adpahci - ok
09:55:39.0382 2224  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
09:55:39.0397 2224  adpu320 - ok
09:55:39.0506 2224  [ 9341A520CE5BCD5BE7E55E5D318D93A7 ] Advanced Monitoring Agent C:\Program Files (x86)\Advanced Monitoring Agent GP\winagent.exe
09:55:39.0553 2224  Advanced Monitoring Agent ( UnsignedFile.Multi.Generic ) - warning
09:55:39.0553 2224  Advanced Monitoring Agent - detected UnsignedFile.Multi.Generic (1)
09:55:39.0584 2224  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
09:55:39.0616 2224  AeLookupSvc - ok
09:55:39.0647 2224  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
09:55:39.0678 2224  AFD - ok
09:55:39.0694 2224  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
09:55:39.0709 2224  agp440 - ok
09:55:39.0725 2224  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
09:55:39.0740 2224  ALG - ok
09:55:39.0756 2224  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
09:55:39.0756 2224  aliide - ok
09:55:39.0787 2224  [ E0FD88EAD5D8B1FAE64A500D1D825C6D ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
09:55:39.0803 2224  AMD External Events Utility - ok
09:55:39.0818 2224  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
09:55:39.0834 2224  amdide - ok
09:55:39.0850 2224  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
09:55:39.0865 2224  AmdK8 - ok
09:55:40.0006 2224  [ 9337B5FABC03CA44CD355F700DA9B25B ] amdkmdag        C:\Windows\system32\DRIVERS\atipmdag.sys
09:55:40.0177 2224  amdkmdag - ok
09:55:40.0193 2224  [ 560688A447E7A87F43774A2FF23A3E52 ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
09:55:40.0208 2224  amdkmdap - ok
09:55:40.0224 2224  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
09:55:40.0240 2224  AmdPPM - ok
09:55:40.0271 2224  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
09:55:40.0302 2224  amdsata - ok
09:55:40.0333 2224  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
09:55:40.0349 2224  amdsbs - ok
09:55:40.0364 2224  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
09:55:40.0380 2224  amdxata - ok
09:55:40.0442 2224  [ 24C5AAB82E681147E8F3D33FD416DAC8 ] Amsp            C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
09:55:40.0505 2224  Amsp - ok
09:55:40.0536 2224  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
09:55:40.0567 2224  AppID - ok
09:55:40.0583 2224  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
09:55:40.0614 2224  AppIDSvc - ok
09:55:40.0630 2224  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\Windows\System32\appinfo.dll
09:55:40.0661 2224  Appinfo - ok
09:55:40.0692 2224  [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt         C:\Windows\System32\appmgmts.dll
09:55:40.0723 2224  AppMgmt - ok
09:55:40.0739 2224  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\drivers\arc.sys
09:55:40.0754 2224  arc - ok
09:55:40.0770 2224  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\drivers\arcsas.sys
09:55:40.0786 2224  arcsas - ok
09:55:40.0801 2224  [ E3B9C89D2ED4A538AB2FC6EC76FA2B17 ] asmthub3        C:\Windows\system32\DRIVERS\asmthub3.sys
09:55:40.0832 2224  asmthub3 - ok
09:55:40.0832 2224  [ 88CE83BE5176020BE39194A6369AF2C2 ] asmtxhci        C:\Windows\system32\DRIVERS\asmtxhci.sys
09:55:40.0864 2224  asmtxhci - ok
09:55:40.0926 2224  [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
09:55:40.0957 2224  aspnet_state - ok
09:55:40.0988 2224  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
09:55:41.0035 2224  AsyncMac - ok
09:55:41.0035 2224  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
09:55:41.0051 2224  atapi - ok
09:55:41.0066 2224  [ 7C5D273E29DCC5505469B299C6F29163 ] AtiPcie         C:\Windows\system32\DRIVERS\AtiPcie.sys
09:55:41.0082 2224  AtiPcie - ok
09:55:41.0113 2224  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
09:55:41.0207 2224  AudioEndpointBuilder - ok
09:55:41.0222 2224  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
09:55:41.0254 2224  AudioSrv - ok
09:55:41.0269 2224  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
09:55:41.0300 2224  AxInstSV - ok
09:55:41.0332 2224  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
09:55:41.0363 2224  b06bdrv - ok
09:55:41.0394 2224  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
09:55:41.0410 2224  b57nd60a - ok
09:55:41.0441 2224  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
09:55:41.0472 2224  BDESVC - ok
09:55:41.0472 2224  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
09:55:41.0503 2224  Beep - ok
09:55:41.0534 2224  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
09:55:41.0581 2224  BFE - ok
09:55:41.0612 2224  [ 00CADB1BC2D0030F0B2A1063618B6BD7 ] BIOS            C:\Windows\system32\drivers\BIOS64.sys
09:55:41.0628 2224  BIOS - ok
09:55:41.0659 2224  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
09:55:41.0722 2224  BITS - ok
09:55:41.0737 2224  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
09:55:41.0768 2224  blbdrive - ok
09:55:41.0784 2224  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
09:55:41.0800 2224  bowser - ok
09:55:41.0831 2224  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
09:55:41.0846 2224  BrFiltLo - ok
09:55:41.0846 2224  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
09:55:41.0878 2224  BrFiltUp - ok
09:55:41.0909 2224  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
09:55:41.0956 2224  Browser - ok
09:55:41.0971 2224  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
09:55:42.0018 2224  Brserid - ok
09:55:42.0034 2224  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
09:55:42.0049 2224  BrSerWdm - ok
09:55:42.0065 2224  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
09:55:42.0080 2224  BrUsbMdm - ok
09:55:42.0080 2224  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
09:55:42.0096 2224  BrUsbSer - ok
09:55:42.0127 2224  [ 83601BBE5563D92C1FDB4E960D84DC77 ] BS_I2cIo        C:\Windows\system32\drivers\BS_I2c64.sys
09:55:42.0127 2224  BS_I2cIo - ok
09:55:42.0143 2224  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
09:55:42.0158 2224  BTHMODEM - ok
09:55:42.0190 2224  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
09:55:42.0221 2224  bthserv - ok
09:55:42.0236 2224  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
09:55:42.0268 2224  cdfs - ok
09:55:42.0283 2224  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
09:55:42.0299 2224  cdrom - ok
09:55:42.0314 2224  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
09:55:42.0346 2224  CertPropSvc - ok
09:55:42.0361 2224  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\drivers\circlass.sys
09:55:42.0377 2224  circlass - ok
09:55:42.0408 2224  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
09:55:42.0424 2224  CLFS - ok
09:55:42.0470 2224  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
09:55:42.0502 2224  clr_optimization_v2.0.50727_32 - ok
09:55:42.0533 2224  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
09:55:42.0548 2224  clr_optimization_v2.0.50727_64 - ok
09:55:42.0595 2224  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
09:55:42.0626 2224  clr_optimization_v4.0.30319_32 - ok
09:55:42.0626 2224  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
09:55:42.0642 2224  clr_optimization_v4.0.30319_64 - ok
09:55:42.0658 2224  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
09:55:42.0673 2224  CmBatt - ok
09:55:42.0689 2224  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
09:55:42.0704 2224  cmdide - ok
09:55:42.0736 2224  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG             C:\Windows\system32\Drivers\cng.sys
09:55:42.0767 2224  CNG - ok
09:55:42.0782 2224  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
09:55:42.0782 2224  Compbatt - ok
09:55:42.0814 2224  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
09:55:42.0829 2224  CompositeBus - ok
09:55:42.0845 2224  COMSysApp - ok
09:55:42.0845 2224  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
09:55:42.0860 2224  crcdisk - ok
09:55:42.0876 2224  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
09:55:42.0907 2224  CryptSvc - ok
09:55:42.0938 2224  [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC             C:\Windows\system32\drivers\csc.sys
09:55:43.0001 2224  CSC - ok
09:55:43.0016 2224  [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService      C:\Windows\System32\cscsvc.dll
09:55:43.0063 2224  CscService - ok
09:55:43.0094 2224  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
09:55:43.0172 2224  DcomLaunch - ok
09:55:43.0204 2224  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
09:55:43.0235 2224  defragsvc - ok
09:55:43.0250 2224  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
09:55:43.0282 2224  DfsC - ok
09:55:43.0313 2224  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
09:55:43.0344 2224  Dhcp - ok
09:55:43.0360 2224  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
09:55:43.0391 2224  discache - ok
09:55:43.0422 2224  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\drivers\disk.sys
09:55:43.0422 2224  Disk - ok
09:55:43.0453 2224  [ 5DB085A8A6600BE6401F2B24EECB5415 ] dmvsc           C:\Windows\system32\drivers\dmvsc.sys
09:55:43.0500 2224  dmvsc - ok
09:55:43.0531 2224  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
09:55:43.0594 2224  Dnscache - ok
09:55:43.0609 2224  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
09:55:43.0672 2224  dot3svc - ok
09:55:43.0672 2224  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
09:55:43.0703 2224  DPS - ok
09:55:43.0734 2224  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
09:55:43.0750 2224  drmkaud - ok
09:55:43.0781 2224  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
09:55:43.0812 2224  DXGKrnl - ok
09:55:43.0812 2224  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
09:55:43.0843 2224  EapHost - ok
09:55:43.0921 2224  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\drivers\evbda.sys
09:55:44.0046 2224  ebdrv - ok
09:55:44.0077 2224  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
09:55:44.0124 2224  EFS - ok
09:55:44.0155 2224  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
09:55:44.0202 2224  ehRecvr - ok
09:55:44.0218 2224  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
09:55:44.0233 2224  ehSched - ok
09:55:44.0249 2224  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
09:55:44.0280 2224  elxstor - ok
09:55:44.0296 2224  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
09:55:44.0311 2224  ErrDev - ok
09:55:44.0358 2224  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
09:55:44.0389 2224  EventSystem - ok
09:55:44.0405 2224  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
09:55:44.0452 2224  exfat - ok
09:55:44.0467 2224  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
09:55:44.0498 2224  fastfat - ok
09:55:44.0530 2224  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
09:55:44.0592 2224  Fax - ok
09:55:44.0608 2224  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\drivers\fdc.sys
09:55:44.0639 2224  fdc - ok
09:55:44.0639 2224  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
09:55:44.0686 2224  fdPHost - ok
09:55:44.0701 2224  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
09:55:44.0732 2224  FDResPub - ok
09:55:44.0748 2224  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
09:55:44.0764 2224  FileInfo - ok
09:55:44.0764 2224  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
09:55:44.0795 2224  Filetrace - ok
09:55:44.0810 2224  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
09:55:44.0826 2224  flpydisk - ok
09:55:44.0826 2224  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
09:55:44.0842 2224  FltMgr - ok
09:55:44.0888 2224  [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache       C:\Windows\system32\FntCache.dll
09:55:44.0966 2224  FontCache - ok
09:55:45.0013 2224  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
09:55:45.0029 2224  FontCache3.0.0.0 - ok
09:55:45.0029 2224  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
09:55:45.0044 2224  FsDepends - ok
09:55:45.0076 2224  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
09:55:45.0091 2224  Fs_Rec - ok
09:55:45.0107 2224  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
09:55:45.0138 2224  fvevol - ok
09:55:45.0154 2224  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
09:55:45.0154 2224  gagp30kx - ok
09:55:45.0200 2224  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
09:55:45.0294 2224  gpsvc - ok
09:55:45.0341 2224  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
09:55:45.0372 2224  gupdate - ok
09:55:45.0388 2224  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
09:55:45.0403 2224  gupdatem - ok
09:55:45.0419 2224  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
09:55:45.0434 2224  hcw85cir - ok
09:55:45.0466 2224  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
09:55:45.0497 2224  HdAudAddService - ok
09:55:45.0512 2224  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
09:55:45.0544 2224  HDAudBus - ok
09:55:45.0544 2224  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
09:55:45.0559 2224  HidBatt - ok
09:55:45.0575 2224  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
09:55:45.0590 2224  HidBth - ok
09:55:45.0606 2224  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\drivers\hidir.sys
09:55:45.0622 2224  HidIr - ok
09:55:45.0653 2224  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
09:55:45.0684 2224  hidserv - ok
09:55:45.0700 2224  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
09:55:45.0715 2224  HidUsb - ok
09:55:45.0715 2224  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
09:55:45.0746 2224  hkmsvc - ok
09:55:45.0762 2224  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
09:55:45.0793 2224  HomeGroupListener - ok
09:55:45.0824 2224  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
09:55:45.0856 2224  HomeGroupProvider - ok
09:55:45.0871 2224  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
09:55:45.0887 2224  HpSAMD - ok
09:55:45.0918 2224  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
09:55:46.0012 2224  HTTP - ok
09:55:46.0027 2224  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
09:55:46.0027 2224  hwpolicy - ok
09:55:46.0058 2224  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
09:55:46.0074 2224  i8042prt - ok
09:55:46.0105 2224  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
09:55:46.0121 2224  iaStorV - ok
09:55:46.0152 2224  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
09:55:46.0230 2224  idsvc - ok
09:55:46.0230 2224  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
09:55:46.0246 2224  iirsp - ok
09:55:46.0277 2224  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
09:55:46.0355 2224  IKEEXT - ok
09:55:46.0433 2224  [ C03463214D23B46B991F582821C8DF69 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
09:55:46.0511 2224  IntcAzAudAddService - ok
09:55:46.0511 2224  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
09:55:46.0526 2224  intelide - ok
09:55:46.0542 2224  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\drivers\intelppm.sys
09:55:46.0558 2224  intelppm - ok
09:55:46.0589 2224  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
09:55:46.0620 2224  IPBusEnum - ok
09:55:46.0620 2224  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
09:55:46.0651 2224  IpFilterDriver - ok
09:55:46.0682 2224  [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
09:55:46.0714 2224  iphlpsvc - ok
09:55:46.0729 2224  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
09:55:46.0745 2224  IPMIDRV - ok
09:55:46.0760 2224  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
09:55:46.0792 2224  IPNAT - ok
09:55:46.0807 2224  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
09:55:46.0823 2224  IRENUM - ok
09:55:46.0838 2224  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
09:55:46.0854 2224  isapnp - ok
09:55:46.0870 2224  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
09:55:46.0885 2224  iScsiPrt - ok
09:55:46.0901 2224  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
09:55:46.0901 2224  kbdclass - ok
09:55:46.0916 2224  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
09:55:46.0932 2224  kbdhid - ok
09:55:46.0948 2224  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
09:55:46.0963 2224  KeyIso - ok
09:55:46.0979 2224  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
09:55:47.0010 2224  KSecDD - ok
09:55:47.0026 2224  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
09:55:47.0041 2224  KSecPkg - ok
09:55:47.0057 2224  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
09:55:47.0088 2224  ksthunk - ok
09:55:47.0104 2224  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
09:55:47.0150 2224  KtmRm - ok
09:55:47.0166 2224  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
09:55:47.0197 2224  LanmanServer - ok
09:55:47.0213 2224  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
09:55:47.0244 2224  LanmanWorkstation - ok
09:55:47.0275 2224  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
09:55:47.0306 2224  lltdio - ok
09:55:47.0322 2224  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
09:55:47.0353 2224  lltdsvc - ok
09:55:47.0369 2224  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
09:55:47.0416 2224  lmhosts - ok
09:55:47.0431 2224  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
09:55:47.0447 2224  LSI_FC - ok
09:55:47.0462 2224  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
09:55:47.0462 2224  LSI_SAS - ok
09:55:47.0478 2224  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
09:55:47.0478 2224  LSI_SAS2 - ok
09:55:47.0494 2224  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
09:55:47.0509 2224  LSI_SCSI - ok
09:55:47.0525 2224  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
09:55:47.0556 2224  luafv - ok
09:55:47.0587 2224  [ 92EB844D90615CB266F84C3202B8786E ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
09:55:47.0587 2224  MBAMProtector - ok
09:55:47.0650 2224  [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler   C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
09:55:47.0681 2224  MBAMScheduler - ok
09:55:47.0712 2224  [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService     C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
09:55:47.0743 2224  MBAMService - ok
09:55:47.0759 2224  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
09:55:47.0774 2224  Mcx2Svc - ok
09:55:47.0790 2224  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\drivers\megasas.sys
09:55:47.0806 2224  megasas - ok
09:55:47.0821 2224  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
09:55:47.0837 2224  MegaSR - ok
09:55:47.0884 2224  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
09:55:47.0915 2224  MMCSS - ok
09:55:47.0915 2224  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
09:55:47.0946 2224  Modem - ok
09:55:47.0977 2224  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
09:55:47.0993 2224  monitor - ok
09:55:48.0008 2224  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
09:55:48.0024 2224  mouclass - ok
09:55:48.0040 2224  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
09:55:48.0055 2224  mouhid - ok
09:55:48.0071 2224  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
09:55:48.0071 2224  mountmgr - ok
09:55:48.0133 2224  [ 5C5E45DDABEFBC9F564F1D5C83258B8F ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
09:55:48.0180 2224  MozillaMaintenance - ok
09:55:48.0211 2224  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
09:55:48.0242 2224  mpio - ok
09:55:48.0258 2224  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
09:55:48.0305 2224  mpsdrv - ok
09:55:48.0336 2224  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
09:55:48.0414 2224  MpsSvc - ok
09:55:48.0414 2224  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
09:55:48.0445 2224  MRxDAV - ok
09:55:48.0461 2224  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
09:55:48.0477 2224  mrxsmb - ok
09:55:48.0508 2224  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
09:55:48.0523 2224  mrxsmb10 - ok
09:55:48.0539 2224  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
09:55:48.0555 2224  mrxsmb20 - ok
09:55:48.0570 2224  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
09:55:48.0586 2224  msahci - ok
09:55:48.0601 2224  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
09:55:48.0617 2224  msdsm - ok
09:55:48.0648 2224  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
09:55:48.0664 2224  MSDTC - ok
09:55:48.0695 2224  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
09:55:48.0726 2224  Msfs - ok
09:55:48.0726 2224  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
09:55:48.0757 2224  mshidkmdf - ok
09:55:48.0773 2224  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
09:55:48.0789 2224  msisadrv - ok
09:55:48.0804 2224  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
09:55:48.0835 2224  MSiSCSI - ok
09:55:48.0851 2224  msiserver - ok
09:55:48.0867 2224  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
09:55:48.0898 2224  MSKSSRV - ok
09:55:48.0913 2224  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
09:55:48.0945 2224  MSPCLOCK - ok
09:55:48.0945 2224  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
09:55:48.0976 2224  MSPQM - ok
09:55:48.0991 2224  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
09:55:49.0007 2224  MsRPC - ok
09:55:49.0023 2224  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
09:55:49.0038 2224  mssmbios - ok
09:55:49.0054 2224  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
09:55:49.0085 2224  MSTEE - ok
09:55:49.0085 2224  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
09:55:49.0101 2224  MTConfig - ok
09:55:49.0116 2224  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
09:55:49.0147 2224  Mup - ok
09:55:49.0163 2224  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
09:55:49.0210 2224  napagent - ok
09:55:49.0241 2224  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
09:55:49.0257 2224  NativeWifiP - ok
09:55:49.0288 2224  [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS            C:\Windows\system32\drivers\ndis.sys
09:55:49.0319 2224  NDIS - ok
09:55:49.0335 2224  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
09:55:49.0366 2224  NdisCap - ok
09:55:49.0381 2224  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
09:55:49.0397 2224  NdisTapi - ok
09:55:49.0413 2224  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
09:55:49.0444 2224  Ndisuio - ok
09:55:49.0475 2224  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
09:55:49.0506 2224  NdisWan - ok
09:55:49.0522 2224  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
09:55:49.0553 2224  NDProxy - ok
09:55:49.0569 2224  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
09:55:49.0600 2224  NetBIOS - ok
09:55:49.0615 2224  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
09:55:49.0647 2224  NetBT - ok
09:55:49.0678 2224  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
09:55:49.0693 2224  Netlogon - ok
09:55:49.0725 2224  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
09:55:49.0756 2224  Netman - ok
09:55:49.0787 2224  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
09:55:49.0787 2224  NetMsmqActivator - ok
09:55:49.0803 2224  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
09:55:49.0803 2224  NetPipeActivator - ok
09:55:49.0818 2224  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
09:55:49.0849 2224  netprofm - ok
09:55:49.0865 2224  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
09:55:49.0865 2224  NetTcpActivator - ok
09:55:49.0881 2224  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
09:55:49.0881 2224  NetTcpPortSharing - ok
09:55:49.0896 2224  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
09:55:49.0912 2224  nfrd960 - ok
09:55:49.0927 2224  [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc          C:\Windows\System32\nlasvc.dll
09:55:49.0959 2224  NlaSvc - ok
09:55:49.0974 2224  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
09:55:50.0005 2224  Npfs - ok
09:55:50.0021 2224  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
09:55:50.0052 2224  nsi - ok
09:55:50.0068 2224  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
09:55:50.0099 2224  nsiproxy - ok
09:55:50.0146 2224  [ A2F74975097F52A00745F9637451FDD8 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
09:55:50.0193 2224  Ntfs - ok
09:55:50.0193 2224  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
09:55:50.0224 2224  Null - ok
09:55:50.0255 2224  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
09:55:50.0255 2224  nvraid - ok
09:55:50.0271 2224  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
09:55:50.0286 2224  nvstor - ok
09:55:50.0317 2224  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
09:55:50.0317 2224  nv_agp - ok
09:55:50.0333 2224  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
09:55:50.0349 2224  ohci1394 - ok
09:55:50.0395 2224  [ 45121447E0728A949329C1C1907BDCC2 ] Olympus DVR Service C:\Program Files (x86)\Common Files\Olympus Shared\DeviceManager\olydvrsv.exe
09:55:50.0411 2224  Olympus DVR Service ( UnsignedFile.Multi.Generic ) - warning
09:55:50.0411 2224  Olympus DVR Service - detected UnsignedFile.Multi.Generic (1)
09:55:50.0458 2224  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
09:55:50.0489 2224  ose - ok
09:55:50.0598 2224  [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
09:55:50.0661 2224  osppsvc - ok
09:55:50.0692 2224  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
09:55:50.0723 2224  p2pimsvc - ok
09:55:50.0739 2224  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
09:55:50.0754 2224  p2psvc - ok
09:55:50.0785 2224  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\drivers\parport.sys
09:55:50.0801 2224  Parport - ok
09:55:50.0817 2224  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
09:55:50.0832 2224  partmgr - ok
09:55:50.0848 2224  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
09:55:50.0863 2224  PcaSvc - ok
09:55:50.0879 2224  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
09:55:50.0895 2224  pci - ok
09:55:50.0910 2224  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
09:55:50.0910 2224  pciide - ok
09:55:50.0926 2224  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
09:55:50.0941 2224  pcmcia - ok
09:55:50.0941 2224  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
09:55:50.0957 2224  pcw - ok
09:55:50.0973 2224  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
09:55:51.0019 2224  PEAUTH - ok
09:55:51.0066 2224  [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
09:55:51.0113 2224  PeerDistSvc - ok
09:55:51.0175 2224  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
09:55:51.0191 2224  PerfHost - ok
09:55:51.0238 2224  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
09:55:51.0285 2224  pla - ok
09:55:51.0331 2224  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
09:55:51.0394 2224  PlugPlay - ok
09:55:51.0409 2224  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
09:55:51.0441 2224  PNRPAutoReg - ok
09:55:51.0456 2224  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
09:55:51.0472 2224  PNRPsvc - ok
09:55:51.0487 2224  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
09:55:51.0534 2224  PolicyAgent - ok
09:55:51.0565 2224  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
09:55:51.0597 2224  Power - ok
09:55:51.0612 2224  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
09:55:51.0643 2224  PptpMiniport - ok
09:55:51.0659 2224  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\drivers\processr.sys
09:55:51.0675 2224  Processor - ok
09:55:51.0690 2224  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
09:55:51.0721 2224  ProfSvc - ok
09:55:51.0737 2224  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
09:55:51.0753 2224  ProtectedStorage - ok
09:55:51.0768 2224  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
09:55:51.0799 2224  Psched - ok
09:55:51.0846 2224  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
09:55:51.0893 2224  ql2300 - ok
09:55:51.0893 2224  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
09:55:51.0909 2224  ql40xx - ok
09:55:51.0924 2224  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
09:55:51.0955 2224  QWAVE - ok
09:55:51.0955 2224  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
09:55:51.0987 2224  QWAVEdrv - ok
09:55:52.0002 2224  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
09:55:52.0033 2224  RasAcd - ok
09:55:52.0049 2224  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
09:55:52.0080 2224  RasAgileVpn - ok
09:55:52.0096 2224  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
09:55:52.0127 2224  RasAuto - ok
09:55:52.0143 2224  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
09:55:52.0174 2224  Rasl2tp - ok
09:55:52.0205 2224  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
09:55:52.0236 2224  RasMan - ok
09:55:52.0252 2224  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
09:55:52.0283 2224  RasPppoe - ok
09:55:52.0283 2224  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
09:55:52.0314 2224  RasSstp - ok
09:55:52.0345 2224  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
09:55:52.0377 2224  rdbss - ok
09:55:52.0392 2224  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
09:55:52.0408 2224  rdpbus - ok
09:55:52.0423 2224  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
09:55:52.0455 2224  RDPCDD - ok
09:55:52.0470 2224  [ 1B6163C503398B23FF8B939C67747683 ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
09:55:52.0486 2224  RDPDR - ok
09:55:52.0486 2224  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
09:55:52.0517 2224  RDPENCDD - ok
09:55:52.0533 2224  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
09:55:52.0564 2224  RDPREFMP - ok
09:55:52.0579 2224  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
09:55:52.0595 2224  RDPWD - ok
09:55:52.0626 2224  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
09:55:52.0642 2224  rdyboost - ok
09:55:52.0657 2224  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
09:55:52.0689 2224  RemoteAccess - ok
09:55:52.0704 2224  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
09:55:52.0735 2224  RemoteRegistry - ok
09:55:52.0751 2224  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
09:55:52.0782 2224  RpcEptMapper - ok
09:55:52.0813 2224  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
09:55:52.0829 2224  RpcLocator - ok
09:55:52.0845 2224  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
09:55:52.0876 2224  RpcSs - ok
09:55:52.0891 2224  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
09:55:52.0923 2224  rspndr - ok
09:55:52.0954 2224  [ D6D381B76056C668679723938F06F16C ] RTHDMIAzAudService C:\Windows\system32\drivers\RtHDMIVX.sys
09:55:52.0969 2224  RTHDMIAzAudService - ok
09:55:53.0001 2224  [ 66F9F7161D147B6486A22FEB9425930D ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
09:55:53.0047 2224  RTL8167 - ok
09:55:53.0063 2224  [ E60C0A09F997826C7627B244195AB581 ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
09:55:53.0094 2224  s3cap - ok
09:55:53.0094 2224  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
09:55:53.0125 2224  SamSs - ok
09:55:53.0141 2224  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
09:55:53.0157 2224  sbp2port - ok
09:55:53.0188 2224  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
09:55:53.0235 2224  SCardSvr - ok
09:55:53.0235 2224  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
09:55:53.0266 2224  scfilter - ok
09:55:53.0297 2224  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
09:55:53.0359 2224  Schedule - ok
09:55:53.0375 2224  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
09:55:53.0406 2224  SCPolicySvc - ok
09:55:53.0422 2224  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
09:55:53.0437 2224  SDRSVC - ok
09:55:53.0469 2224  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
09:55:53.0500 2224  secdrv - ok
09:55:53.0500 2224  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
09:55:53.0531 2224  seclogon - ok
09:55:53.0562 2224  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
09:55:53.0593 2224  SENS - ok
09:55:53.0593 2224  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
09:55:53.0609 2224  SensrSvc - ok
09:55:53.0625 2224  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\drivers\serenum.sys
09:55:53.0640 2224  Serenum - ok
09:55:53.0656 2224  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\drivers\serial.sys
09:55:53.0671 2224  Serial - ok
09:55:53.0687 2224  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
09:55:53.0703 2224  sermouse - ok
09:55:53.0718 2224  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
09:55:53.0749 2224  SessionEnv - ok
09:55:53.0749 2224  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
09:55:53.0765 2224  sffdisk - ok
09:55:53.0781 2224  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
09:55:53.0796 2224  sffp_mmc - ok
09:55:53.0796 2224  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
09:55:53.0827 2224  sffp_sd - ok
09:55:53.0843 2224  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
09:55:53.0859 2224  sfloppy - ok
09:55:53.0874 2224  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
09:55:53.0905 2224  SharedAccess - ok
09:55:53.0921 2224  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
09:55:53.0952 2224  ShellHWDetection - ok
09:55:53.0968 2224  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
09:55:53.0983 2224  SiSRaid2 - ok
09:55:53.0983 2224  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
09:55:53.0999 2224  SiSRaid4 - ok
09:55:54.0015 2224  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
09:55:54.0046 2224  Smb - ok
09:55:54.0077 2224  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
09:55:54.0093 2224  SNMPTRAP - ok
09:55:54.0093 2224  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
09:55:54.0108 2224  spldr - ok
09:55:54.0124 2224  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
09:55:54.0155 2224  Spooler - ok
09:55:54.0249 2224  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
09:55:54.0327 2224  sppsvc - ok
09:55:54.0342 2224  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
09:55:54.0373 2224  sppuinotify - ok
09:55:54.0405 2224  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
09:55:54.0420 2224  srv - ok
09:55:54.0436 2224  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
09:55:54.0467 2224  srv2 - ok
09:55:54.0467 2224  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
09:55:54.0483 2224  srvnet - ok
09:55:54.0498 2224  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
09:55:54.0545 2224  SSDPSRV - ok
09:55:54.0561 2224  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
09:55:54.0592 2224  SstpSvc - ok
09:55:54.0607 2224  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\drivers\stexstor.sys
09:55:54.0623 2224  stexstor - ok
09:55:54.0654 2224  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
09:55:54.0685 2224  stisvc - ok
09:55:54.0701 2224  [ 7785DC213270D2FC066538DAF94087E7 ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
09:55:54.0717 2224  storflt - ok
09:55:54.0732 2224  [ C40841817EF57D491F22EB103DA587CC ] StorSvc         C:\Windows\system32\storsvc.dll
09:55:54.0748 2224  StorSvc - ok
09:55:54.0763 2224  [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc         C:\Windows\system32\drivers\storvsc.sys
09:55:54.0779 2224  storvsc - ok
09:55:54.0795 2224  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
09:55:54.0810 2224  swenum - ok
09:55:54.0826 2224  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
09:55:54.0873 2224  swprv - ok
09:55:54.0904 2224  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
09:55:54.0966 2224  SysMain - ok
09:55:54.0982 2224  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
09:55:54.0997 2224  TabletInputService - ok
09:55:55.0013 2224  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
09:55:55.0044 2224  TapiSrv - ok
09:55:55.0060 2224  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
09:55:55.0091 2224  TBS - ok
09:55:55.0169 2224  [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
09:55:55.0247 2224  Tcpip - ok
09:55:55.0294 2224  [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
09:55:55.0325 2224  TCPIP6 - ok
09:55:55.0341 2224  [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
09:55:55.0372 2224  tcpipreg - ok
09:55:55.0387 2224  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
09:55:55.0403 2224  TDPIPE - ok
09:55:55.0419 2224  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
09:55:55.0434 2224  TDTCP - ok
09:55:55.0450 2224  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
09:55:55.0481 2224  tdx - ok
09:55:55.0575 2224  [ B1CE840C2405E8FA499DC62090F5DB06 ] TeamViewer7     C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
09:55:55.0637 2224  TeamViewer7 - ok
09:55:55.0637 2224  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
09:55:55.0653 2224  TermDD - ok
09:55:55.0684 2224  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
09:55:55.0731 2224  TermService - ok
09:55:55.0746 2224  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
09:55:55.0762 2224  Themes - ok
09:55:55.0762 2224  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
09:55:55.0793 2224  THREADORDER - ok
09:55:55.0809 2224  [ 95AB85CF9C7EDC62845D21BB596B0093 ] tmactmon        C:\Windows\system32\DRIVERS\tmactmon.sys
09:55:55.0824 2224  tmactmon - ok
09:55:55.0855 2224  [ 0B975F08621CADF7F8EC164E1A991CF3 ] tmcomm          C:\Windows\system32\DRIVERS\tmcomm.sys
09:55:55.0855 2224  tmcomm - ok
09:55:55.0871 2224  [ AEA9012CFC3C4B2A167B210C523B9B65 ] tmevtmgr        C:\Windows\system32\DRIVERS\tmevtmgr.sys
09:55:55.0887 2224  tmevtmgr - ok
09:55:55.0933 2224  [ 2C5BDCB2EFAB4CA5B88DAF2C97A5794D ] TmListen        C:\Program Files\Trend Micro\Security Agent\tmlisten.exe
09:55:55.0949 2224  TmListen - ok
09:55:55.0965 2224  [ 77B9BEBB0769F45EF770297196EF3506 ] tmtdi           C:\Windows\system32\DRIVERS\tmtdi.sys
09:55:55.0980 2224  tmtdi - ok
09:55:55.0980 2224  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
09:55:56.0027 2224  TrkWks - ok
09:55:56.0058 2224  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
09:55:56.0089 2224  TrustedInstaller - ok
09:55:56.0089 2224  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
09:55:56.0121 2224  tssecsrv - ok
09:55:56.0152 2224  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
09:55:56.0167 2224  TsUsbFlt - ok
09:55:56.0183 2224  [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
09:55:56.0199 2224  TsUsbGD - ok
09:55:56.0230 2224  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
09:55:56.0292 2224  tunnel - ok
09:55:56.0308 2224  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
09:55:56.0323 2224  uagp35 - ok
09:55:56.0339 2224  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
09:55:56.0370 2224  udfs - ok
09:55:56.0386 2224  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
09:55:56.0401 2224  UI0Detect - ok
09:55:56.0417 2224  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
09:55:56.0433 2224  uliagpkx - ok
09:55:56.0448 2224  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
09:55:56.0464 2224  umbus - ok
09:55:56.0464 2224  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\drivers\umpass.sys
09:55:56.0479 2224  UmPass - ok
09:55:56.0511 2224  [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService    C:\Windows\System32\umrdp.dll
09:55:56.0526 2224  UmRdpService - ok
09:55:56.0542 2224  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
09:55:56.0573 2224  upnphost - ok
09:55:56.0604 2224  [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
09:55:56.0620 2224  usbaudio - ok
09:55:56.0635 2224  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
09:55:56.0651 2224  usbccgp - ok
09:55:56.0667 2224  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
09:55:56.0682 2224  usbcir - ok
09:55:56.0698 2224  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
09:55:56.0713 2224  usbehci - ok
09:55:56.0729 2224  [ 2C780746DC44A28FE67004DC58173F05 ] usbfilter       C:\Windows\system32\DRIVERS\usbfilter.sys
09:55:56.0745 2224  usbfilter - ok
09:55:56.0760 2224  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
09:55:56.0791 2224  usbhub - ok
09:55:56.0807 2224  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
09:55:56.0807 2224  usbohci - ok
09:55:56.0823 2224  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\drivers\usbprint.sys
09:55:56.0854 2224  usbprint - ok
09:55:56.0869 2224  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
09:55:56.0885 2224  USBSTOR - ok
09:55:56.0901 2224  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
09:55:56.0916 2224  usbuhci - ok
09:55:56.0947 2224  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
09:55:56.0979 2224  UxSms - ok
09:55:56.0994 2224  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
09:55:57.0010 2224  VaultSvc - ok
09:55:57.0025 2224  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
09:55:57.0041 2224  vdrvroot - ok
09:55:57.0057 2224  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
09:55:57.0103 2224  vds - ok
09:55:57.0119 2224  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
09:55:57.0135 2224  vga - ok
09:55:57.0135 2224  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
09:55:57.0166 2224  VgaSave - ok
09:55:57.0181 2224  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
09:55:57.0197 2224  vhdmp - ok
09:55:57.0197 2224  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
09:55:57.0213 2224  viaide - ok
09:55:57.0228 2224  [ 86EA3E79AE350FEA5331A1303054005F ] vmbus           C:\Windows\system32\drivers\vmbus.sys
09:55:57.0244 2224  vmbus - ok
09:55:57.0259 2224  [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
09:55:57.0275 2224  VMBusHID - ok
09:55:57.0306 2224  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
09:55:57.0306 2224  volmgr - ok
09:55:57.0322 2224  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
09:55:57.0337 2224  volmgrx - ok
09:55:57.0353 2224  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
09:55:57.0369 2224  volsnap - ok
09:55:57.0384 2224  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
09:55:57.0400 2224  vsmraid - ok
09:55:57.0447 2224  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
09:55:57.0493 2224  VSS - ok
09:55:57.0509 2224  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
09:55:57.0525 2224  vwifibus - ok
09:55:57.0540 2224  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
09:55:57.0571 2224  W32Time - ok
09:55:57.0587 2224  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
09:55:57.0603 2224  WacomPen - ok
09:55:57.0634 2224  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
09:55:57.0665 2224  WANARP - ok
09:55:57.0665 2224  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
09:55:57.0696 2224  Wanarpv6 - ok
09:55:57.0743 2224  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
09:55:57.0790 2224  wbengine - ok
09:55:57.0790 2224  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
09:55:57.0821 2224  WbioSrvc - ok
09:55:57.0837 2224  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
09:55:57.0852 2224  wcncsvc - ok
09:55:57.0868 2224  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
09:55:57.0899 2224  WcsPlugInService - ok
09:55:57.0915 2224  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\drivers\wd.sys
09:55:57.0915 2224  Wd - ok
09:55:57.0946 2224  [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
09:55:58.0024 2224  Wdf01000 - ok
09:55:58.0024 2224  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
09:55:58.0086 2224  WdiServiceHost - ok
09:55:58.0086 2224  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
09:55:58.0117 2224  WdiSystemHost - ok
09:55:58.0133 2224  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
09:55:58.0149 2224  WebClient - ok
09:55:58.0164 2224  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
09:55:58.0195 2224  Wecsvc - ok
09:55:58.0211 2224  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
09:55:58.0258 2224  wercplsupport - ok
09:55:58.0273 2224  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
09:55:58.0305 2224  WerSvc - ok
09:55:58.0320 2224  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
09:55:58.0351 2224  WfpLwf - ok
09:55:58.0367 2224  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
09:55:58.0383 2224  WIMMount - ok
09:55:58.0383 2224  WinDefend - ok
09:55:58.0398 2224  WinHttpAutoProxySvc - ok
09:55:58.0429 2224  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
09:55:58.0492 2224  Winmgmt - ok
09:55:58.0539 2224  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
09:55:58.0601 2224  WinRM - ok
09:55:58.0648 2224  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
09:55:58.0663 2224  WinUsb - ok
09:55:58.0726 2224  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
09:55:58.0819 2224  Wlansvc - ok
09:55:58.0851 2224  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
09:55:58.0866 2224  WmiAcpi - ok
09:55:58.0898 2224  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
09:55:58.0913 2224  wmiApSrv - ok
09:55:58.0944 2224  WMPNetworkSvc - ok
09:55:58.0960 2224  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
09:55:58.0976 2224  WPCSvc - ok
09:55:58.0991 2224  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
09:55:59.0022 2224  WPDBusEnum - ok
09:55:59.0038 2224  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
09:55:59.0069 2224  ws2ifsl - ok
09:55:59.0085 2224  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
09:55:59.0100 2224  wscsvc - ok
09:55:59.0100 2224  WSearch - ok
09:55:59.0194 2224  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
09:55:59.0288 2224  wuauserv - ok
09:55:59.0288 2224  [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
09:55:59.0334 2224  WudfPf - ok
09:55:59.0366 2224  [ CF8D590BE3373029D57AF80914190682 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
09:55:59.0412 2224  WUDFRd - ok
09:55:59.0428 2224  [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
09:55:59.0459 2224  wudfsvc - ok
09:55:59.0475 2224  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
09:55:59.0506 2224  WwanSvc - ok
09:55:59.0522 2224  ================ Scan global ===============================
09:55:59.0537 2224  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
09:55:59.0553 2224  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
09:55:59.0568 2224  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
09:55:59.0584 2224  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
09:55:59.0615 2224  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
09:55:59.0631 2224  [Global] - ok
09:55:59.0631 2224  ================ Scan MBR ==================================
09:55:59.0631 2224  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
09:55:59.0927 2224  \Device\Harddisk0\DR0 - ok
09:55:59.0927 2224  ================ Scan VBR ==================================
09:55:59.0927 2224  [ 03B7D939B5A2866E6E5309AE92859FBA ] \Device\Harddisk0\DR0\Partition1
09:55:59.0927 2224  \Device\Harddisk0\DR0\Partition1 - ok
09:55:59.0958 2224  [ DA8946B590AAFB24CB521BE96BBBBB54 ] \Device\Harddisk0\DR0\Partition2
09:55:59.0958 2224  \Device\Harddisk0\DR0\Partition2 - ok
09:55:59.0974 2224  [ 2F444ED938A729B5DD5CC0B2AB54A38F ] \Device\Harddisk0\DR0\Partition3
09:55:59.0974 2224  \Device\Harddisk0\DR0\Partition3 - ok
09:55:59.0974 2224  ============================================================
09:55:59.0974 2224  Scan finished
09:55:59.0974 2224  ============================================================
09:55:59.0990 1860  Detected object count: 2
09:55:59.0990 1860  Actual detected object count: 2
09:56:24.0045 1860  Advanced Monitoring Agent ( UnsignedFile.Multi.Generic ) - skipped by user
09:56:24.0045 1860  Advanced Monitoring Agent ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:56:24.0045 1860  Olympus DVR Service ( UnsignedFile.Multi.Generic ) - skipped by user
09:56:24.0045 1860  Olympus DVR Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:56:28.0632 4352  Deinitialize success
         

Alt 08.03.2013, 20:15   #10
markusg
/// Malware-holic
 
Ihave.net Umleitungs-Virus - Standard

Ihave.net Umleitungs-Virus



Hi,
Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 09.03.2013, 13:13   #11
SteelRock
 
Ihave.net Umleitungs-Virus - Standard

Ihave.net Umleitungs-Virus



Hallo,

hier die ComboFix.txt :

Code:
ATTFilter
ComboFix 13-03-07.03 - *** 09.03.2013  13:00:27.1.3 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.3839.2640 [GMT 1:00]
ausgeführt von:: \\SBSRV12\RedirectedFolders\***\Desktop\ComboFix.exe
AV: Trend Micro Security Agent *Disabled/Updated* {7193B549-236F-55EE-9AEC-F65279E59A92}
SP: Trend Micro Security Agent *Disabled/Updated* {CAF254AD-0555-5A60-A05C-CD200262D02F}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\****\AppData\Roaming\MSCOMCT2Q.dll
c:\windows\SysWow64\muzapp.exe
c:\windows\SysWow64\System32\MASetupCleaner.exe
c:\windows\SysWow64\System32\muzapp.exe
c:\windows\XSxS
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-02-09 bis 2013-03-09  ))))))))))))))))))))))))))))))
.
.
2013-03-09 12:03 . 2013-03-09 12:03	--------	d-----w-	c:\users\***\AppData\Local\temp
2013-03-09 12:03 . 2013-03-09 12:03	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-03-06 15:30 . 2013-03-06 15:30	--------	d-----w-	c:\windows\Sun
2013-03-06 07:53 . 2013-02-08 00:28	9162192	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{F09C026A-B931-421F-AD21-7F15FC186386}\mpengine.dll
2013-03-05 08:22 . 2013-03-05 08:22	95648	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-02-20 08:42 . 2013-02-20 10:56	--------	d---a-w-	C:\Kaspersky Rescue Disk 10.0
2013-02-19 17:46 . 2013-02-19 17:46	--------	d-----w-	c:\users\****\AppData\Roaming\Malwarebytes
2013-02-19 17:46 . 2013-02-19 17:46	--------	d-----w-	c:\programdata\Malwarebytes
2013-02-19 17:46 . 2013-02-19 17:46	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2013-02-19 17:46 . 2012-12-14 15:49	24176	----a-w-	c:\windows\system32\drivers\mbam.sys
2013-02-19 17:45 . 2013-02-19 17:45	--------	d-----w-	c:\users\****\AppData\Local\Programs
2013-02-13 18:55 . 2013-01-05 05:53	5553512	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-02-13 18:55 . 2013-01-05 05:00	3967848	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2013-02-13 18:55 . 2013-01-05 05:00	3913064	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2013-02-13 18:54 . 2013-01-04 03:26	3153408	----a-w-	c:\windows\system32\win32k.sys
2013-02-13 18:50 . 2013-01-09 01:10	996352	----a-w-	c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-13 18:50 . 2013-01-08 22:01	768000	----a-w-	c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-13 18:50 . 2013-01-04 02:47	2048	----a-w-	c:\windows\SysWow64\user.exe
2013-02-13 18:50 . 2013-01-04 05:46	215040	----a-w-	c:\windows\system32\winsrv.dll
2013-02-13 18:50 . 2013-01-04 04:51	5120	----a-w-	c:\windows\SysWow64\wow32.dll
2013-02-13 18:50 . 2013-01-04 02:47	25600	----a-w-	c:\windows\SysWow64\setup16.exe
2013-02-13 18:50 . 2013-01-04 02:47	7680	----a-w-	c:\windows\SysWow64\instnm.exe
2013-02-13 18:50 . 2013-01-04 02:47	14336	----a-w-	c:\windows\SysWow64\ntvdm64.dll
2013-02-13 18:45 . 2013-01-03 06:00	1913192	----a-w-	c:\windows\system32\drivers\tcpip.sys
2013-02-13 18:45 . 2013-01-03 06:00	288088	----a-w-	c:\windows\system32\drivers\FWPKCLNT.SYS
2013-02-13 18:44 . 2013-01-09 01:04	2382848	----a-w-	c:\windows\system32\mshtml.tlb
2013-02-13 18:44 . 2013-01-08 21:56	2382848	----a-w-	c:\windows\SysWow64\mshtml.tlb
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-05 08:22 . 2012-08-17 07:50	861088	----a-w-	c:\windows\SysWow64\npDeployJava1.dll
2013-03-05 08:22 . 2011-04-28 16:18	782240	----a-w-	c:\windows\SysWow64\deployJava1.dll
2013-02-27 14:39 . 2012-04-04 06:17	691568	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-02-27 14:39 . 2011-05-18 07:11	71024	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-01-17 00:28 . 2010-11-21 03:27	273840	------w-	c:\windows\system32\MpSigStub.exe
2013-01-04 04:43 . 2013-02-13 18:50	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2012-12-16 17:11 . 2012-12-21 18:54	46080	----a-w-	c:\windows\system32\atmlib.dll
2012-12-16 14:45 . 2012-12-21 18:54	367616	----a-w-	c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-21 18:54	295424	----a-w-	c:\windows\SysWow64\atmfd.dll
2012-12-16 14:13 . 2012-12-21 18:54	34304	----a-w-	c:\windows\SysWow64\atmlib.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BiosNotice"="c:\program files (x86)\BIOSTAR\BiosNotice\BiosNotice.exe" [2010-10-13 1003008]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-10 98304]
"SpeechExec Startup"="c:\program files (x86)\Common Files\Philips Speech Shared\Components\PSP.SpeechExec.StartupApp.exe" [2010-03-08 16384]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
R2 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]
R3 Olympus DVR Service;Olympus DVR Service;c:\program files (x86)\Common Files\Olympus Shared\DeviceManager\olydvrsv.exe [2010-02-26 176128]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
S1 BIOS;BIOS;c:\windows\system32\drivers\BIOS64.sys [2009-06-10 14136]
S1 BS_I2cIo;BS_I2cIo;c:\windows\system32\drivers\BS_I2c64.sys [2010-05-17 15408]
S2 Advanced Monitoring Agent;Advanced Monitoring Agent;c:\program files (x86)\Advanced Monitoring Agent GP\winagent.exe [2012-11-21 2155520]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-03-09 202752]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-07-16 2677160]
S2 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys [2011-06-23 69904]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [2010-11-15 121832]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [2010-11-15 364520]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-02-23 314400]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-12-22 38456]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-03-05 17:32	1630672	----a-w-	c:\program files (x86)\Google\Chrome\Application\25.0.1364.152\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-03-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 14:39]
.
2013-03-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-28 08:22]
.
2013-03-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-28 08:22]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-10-05 11474024]
"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2011-10-17 219480]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://companyweb
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: An OneNote s&enden - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.10.30.2
FF - ProfilePath - c:\users\****\AppData\Roaming\Mozilla\Firefox\Profiles\qimwsdn4.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_171_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_171_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-03-09  13:05:25
ComboFix-quarantined-files.txt  2013-03-09 12:05
.
Vor Suchlauf: 12 Verzeichnis(se), 96.741.339.136 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 96.465.801.216 Bytes frei
.
- - End Of File - - D0B51190FC24E1F00893ED47E3E06FB2
         
Gruß,

Alt 11.03.2013, 18:13   #12
markusg
/// Malware-holic
 
Ihave.net Umleitungs-Virus - Standard

Ihave.net Umleitungs-Virus



hi

lade den CCleaner standard:
CCleaner - Download - Filepony
falls der CCleaner
bereits instaliert, überspringen.
öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 11.03.2013, 18:55   #13
SteelRock
 
Ihave.net Umleitungs-Virus - Standard

Ihave.net Umleitungs-Virus



Hallo anbei die Liste

Code:
ATTFilter
Adobe AIR	Adobe Systems Incorporated	14.01.2013		3.5.0.880				NOTWENDIG
Adobe Flash Player 11 ActiveX	Adobe Systems Incorporated	27.02.2013	6,00MB	11.6.602.171		NOTWENDIG
Adobe Flash Player 11 Plugin	Adobe Systems Incorporated	27.02.2013	6,00MB	11.6.602.171		UNBEKANNT
Adobe Reader X (10.1.6) - Deutsch	Adobe Systems Incorporated	05.03.2013	169MB	10.1.6		NOTWENDIG
Advanced Monitoring Agent GP	Remote Monitoring Services	16.08.2012		1.0.0			UNBEKANNT
Asmedia ASM104x USB 3.0 Host Controller Driver	Asmedia Technology	11.04.2011	2,08MB	1.2.9.0		UNBEKANNT
ATI Catalyst Install Manager	ATI Technologies, Inc.	11.04.2011	22,1MB	3.0.765.0			NOTWENDIG
BiosNotice		11.04.2011								UNBEKANNT
CCleaner	Piriform	25.02.2013		3.28					UNNÖTIG
DDBAC	DataDesign	30.04.2012	8,65MB	4.3.77						UNBEKANNT
Frutiger CI Fonts Installer	16.08.2012		1.0					NOTWENDIG
Google Chrome	Google Inc.	28.12.2012		25.0.1364.152				UNNÖTIG
Java 7 Update 17	Oracle	05.03.2013	129MB	7.0.170					UBEKANNT
Java(TM) 6 Update 31	Oracle	20.02.2012	95,1MB	6.0.310					UBEKANNT
JavaFX 2.1.1	Oracle Corporation	17.08.2012	20,8MB	2.1.1				UBEKANNT
MailStore Outlook Add-in 7.0.7.7671	MailStore Software GmbH	16.08.2012	5,69MB	7.10.0					NOTWENDIG
Malwarebytes Anti-Malware Version 1.70.0.1100	Malwarebytes Corporation	19.02.2013	18,4MB	1.70.0.1100		UNNÖTIG
Microsoft .NET Framework 4 Client Profile	Microsoft Corporation	11.04.2012	38,8MB	4.0.30320			NOTWENDIG
Microsoft .NET Framework 4 Client Profile DEU Language Pack	Microsoft Corporation	11.04.2012	2,93MB	4.0.30320	NOTWENDIG
Microsoft .NET Framework 4 Extended	Microsoft Corporation	23.08.2012	51,9MB	4.0.30319				NOTWENDIG
Microsoft Office 2010 Primary Interop Assemblies	Microsoft Corporation	23.08.2012	6,77MB	14.0.4763.1024 	        UBEKANNT
Microsoft Office Standard 2010	Microsoft Corporation	16.08.2012		14.0.6029.1000					NOTWENDIG
Microsoft Silverlight	Microsoft Corporation	11.05.2012	100MB	4.1.10329.0						UNNÖTIG
Microsoft SQL Server Compact 4.0 x64 DEU	Microsoft Corporation	23.08.2012	20,4MB	4.0.8482.1 	       		UNBEKANNT
Microsoft Surface 2.0 Runtime	Microsoft Corporation	14.01.2013	1,06MB	2.0.21114.00			 	        UNBEKANNT
Microsoft Surface Toolkit Runtime for Windows Touch Beta	Microsoft Corporation	25.05.2011	231KB	1.5.10404.01 	UNBEKANNT
Microsoft Sync Framework 2.0 Core Components (x86) DEU 	Microsoft Corporation	28.04.2011	976KB	2.0.1578.0 	        UNBEKANNT
Microsoft Sync Framework 2.0 Provider Services (x86) DEU 	Microsoft Corporation	28.04.2011	2,31MB	2.0.1578.0 	UNBEKANNT
Microsoft Sync Framework 2.1 Core Components (x86) DEU 	Microsoft Corporation	23.08.2012	1,00MB	2.1.1648.0 	        UNBEKANNT
Microsoft Sync Framework 2.1 Provider Services (x86) DEU 	Microsoft Corporation	23.08.2012	2,32MB	2.1.1648.0 	UNBEKANNT
Microsoft Visual C++ 2005 Redistributable	Microsoft Corporation	17.08.2012	300KB	8.0.61001 	    		UNBEKANNT
Microsoft Visual C++ 2005 Redistributable (x64)	Microsoft Corporation	17.08.2012	572KB	8.0.61000 	     		UNBEKANNT
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148	Microsoft Corporation	11.04.2011	788KB	9.0.30729.4148 	        UNBEKANNT
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161	Microsoft Corporation	16.06.2011	788KB	9.0.30729.6161 	        UNBEKANNT
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148	Microsoft Corporation	28.04.2011	592KB	9.0.30729.4148 	        UNBEKANNT
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161	Microsoft Corporation	16.06.2011	600KB	9.0.30729.6161 	        UNBEKANNT
Mozilla Firefox 19.0.2 (x86 de)	Mozilla	09.03.2013	43,9MB	19.0.2				NOTWENDIG
Mozilla Maintenance Service	Mozilla	09.03.2013	330KB	19.0.2 	        		UNBEKANNT
PDF-XChange 4	Tracker Software Products Ltd	28.04.2011		4.0.162.0		UNNÖTIG
RA-MICRO Deinstallation	RA-MICRO Software GmbH	23.08.2012								NOTWENDIG
RA-MICRO Elster	RA-MICRO GmbH & Co KGaA	14.01.2013	49,5MB	4.25.0000						NOTWENDIG
RA-MICRO Infragistics 10.3	RA-MICRO Software GmbH	28.04.2011	39,3MB	10.01.30101				NOTWENDIG
RA-MICRO Leadtools	RA-MICRO Software GmbH	28.04.2011	45,9MB	2.01.0000					NOTWENDIG
RA-MICRO Systemdateien	RA-MICRO Software GmbH	28.04.2011	42,5MB	1.2.2010.0					NOTWENDIG
Realtek Ethernet Controller Driver For Windows 7	Realtek	11.04.2011		7.12.1218.2009			NOTWENDIG
Realtek HDMI Audio Driver for ATI	Realtek Semiconductor Corp.	11.04.2011		6.0.1.6034		NOTWENDIG
Realtek High Definition Audio Driver	Realtek Semiconductor Corp.	11.04.2011		6.0.1.6215		NOTWENDIG
SecCommerce SecSigner 3.6	SecCommerce Informationssysteme GmbH	14.01.2013		3.6			NOTWENDIG
SpeechExec Pro Dictate	Philips Speech Processing, Dictation Systems	28.04.2011	38,4MB	5.0.440.00		NOTWENDIG
TeamViewer 7 Host	TeamViewer	16.08.2012		7.0.13989						NOTWENDIG
TextControl 14.0 SP4	RA-MICRO Software GmbH	28.04.2011	6,14MB	2.00.0000					NOTWENDIG
Trend Micro Worry-Free Business Security Agent	Trend Micro Inc.	17.08.2012		7.0.2316		NOTWENDIG
Windows Small Business Server 2011 Standard ClientAgent	Microsoft Corporation	16.08.2012	75,0KB	6.1.7900.1	NOTWENDIG
         

Alt 12.03.2013, 20:10   #14
markusg
/// Malware-holic
 
Ihave.net Umleitungs-Virus - Standard

Ihave.net Umleitungs-Virus



deinstaliere:
Adobe Flash Player alle
Adobe - Adobe Flash Player installieren
neueste version laden, instalieren.
adobe reader:
Adobe - Adobe Reader herunterladen - Alle Versionen
haken bei mcafee security scan raus nehmen
bitte auch mal den adobe reader wie folgt konfigurieren:
adobe reader öffnen, bearbeiten, voreinstellungen.
allgemein:
nur zertifizierte zusatz module verwenden, anhaken.
Sicherheit (erweitert)
Erweiterte Sicherheit anhaken
und alle Dateien auswählen.
internet:
hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc.
es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht.
bei javascript den haken bei java script verwenden raus nehmen
bei updater, automatisch instalieren wählen.
übernehmen /ok

deinstaliere:
Google
Java(TM) 6
Microsoft Silverlight
PDF
TeamViewer : würde ich nur bei Bedarf instalieren, oder zumindest Version 8

Öffne CCleaner, analysieren, starten, pc neustarten
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 13.03.2013, 18:06   #15
SteelRock
 
Ihave.net Umleitungs-Virus - Standard

Ihave.net Umleitungs-Virus



Hallo,

danke. Hier die Log-Datei von Adw-Cleaner:

Code:
ATTFilter
# AdwCleaner v2.114 - Datei am 13/03/2013 um 18:01:17 erstellt
# Aktualisiert am 05/03/2013 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzer : *** - WKS10
# Bootmodus : Normal
# Ausgeführt unter : \\SBSRV12\RedirectedFolders\***\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Ordner Gelöscht : C:\ProgramData\Ask
Ordner Gelöscht : C:\ProgramData\Tarma Installer

***** [Registrierungsdatenbank] *****


***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16470

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v19.0.2 (de)

-\\ Google Chrome v [Version kann nicht ermittelt werden]

*************************

AdwCleaner[S1].txt - [779 octets] - [13/03/2013 18:01:17]

########## EOF - C:\AdwCleaner[S1].txt - [838 octets] ##########
         

Gruß,

Antwort

Themen zu Ihave.net Umleitungs-Virus
.com, adobe, adobe flash player, bho, error, explorer, firefox, flash player, format, helper, ihavenet.com, install.exe, intranet, log, logfile, microsoft, mozilla, olympus, plug-in, problem, programme, realtek, registry, rundll, scan, security, senden, surface, temp, warnung, windows




Zum Thema Ihave.net Umleitungs-Virus - Hallo, ich habe leider ein Problem mit der Umleitung bei Googlesuchergebnissen. nach Recherche habe ich festgestellt, dass mein Problem Ihavenet.com lautet. Auf diese Seite u.a. werde ich bei den Google-Suchergebnissen - Ihave.net Umleitungs-Virus...
Archiv
Du betrachtest: Ihave.net Umleitungs-Virus auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.