Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: TR/Matsnu.EB.98 in C:\Users\marijke\Downloads\Daten_23.01.2013.zip

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 27.01.2013, 20:05   #1
herrschmacko
 
TR/Matsnu.EB.98 in C:\Users\marijke\Downloads\Daten_23.01.2013.zip - Standard

TR/Matsnu.EB.98 in C:\Users\marijke\Downloads\Daten_23.01.2013.zip



hallo zusammen,
auf unserem familien-pc befindet sich oben genannter trojaner. leider durch das öffnen eines emailanhangs eingefangen. habe bis jetzt das antivir programm laufen lassen. Die infizierte Datei wurde in Quarantäne verschoben. Malwarebytes hat keinen Fund ergeben.
Könnt ihr mir helfen den PC zu reinigen?
Vielen Dank und Grüße

Alt 28.01.2013, 12:18   #2
markusg
/// Malware-holic
 
TR/Matsnu.EB.98 in C:\Users\marijke\Downloads\Daten_23.01.2013.zip - Standard

TR/Matsnu.EB.98 in C:\Users\marijke\Downloads\Daten_23.01.2013.zip



hi
wurde der pc gesperrt?
Bitte sendet uns in Zukunft spam mails zu, wie das geht steht in meiner signatur.
Bitte warne Freunde, bekannte, Kolegen etc vor Spams mit
Flugbestätiigungen, Rechnungen, manungen, postwurfsendungen.
Sie können fakes sein, insbesondere wenn rechtschreib bzw
ausdrucksfehler zu finden sind.
Jeder, der eine solche oder ähnliche spam mail erhält, sollte die
an uns
weiterleiten, gib ihnen also meine mailadresse.
Jeder dieser Freunde, Bekannten etc sollte seine Freunde bekannte usw,
warnen, und ihnen unsere Adresse geben.
Jeder, der soziale Netzwerke nutzt, sollte die Warnung sammt unserer
adresese dort posten, mit bitte den Post zu Teilen.
Wenn du mehr bekommst, gerne her damit!
__________________

__________________

Alt 28.01.2013, 17:58   #3
herrschmacko
 
TR/Matsnu.EB.98 in C:\Users\marijke\Downloads\Daten_23.01.2013.zip - Standard

TR/Matsnu.EB.98 in C:\Users\marijke\Downloads\Daten_23.01.2013.zip



hallo,
die mail haben wir leider nicht mehr. meine frau hatte sie direkt gelöscht. der pc ist nicht gesperrt. bis jetzt habe ich noch keine verschlüsselungen oder sonstiges gesichtet. alles läuft normal. ich habe folgende logfiles:

OTL Logfile:
OTL EXTRAS Logfile:
Code:
ATTFilter
OTL logfile created on: 1/27/2013 9:35:08 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\marijke\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.86 Gb Total Physical Memory | 2.41 Gb Available Physical Memory | 62.29% Memory free
7.73 Gb Paging File | 6.07 Gb Available in Paging File | 78.59% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 179.00 Gb Total Space | 98.14 Gb Free Space | 54.82% Space Free | Partition Type: NTFS
Drive D: | 266.66 Gb Total Space | 264.01 Gb Free Space | 99.01% Space Free | Partition Type: NTFS
 
Computer Name: MARIJKE-PC | User Name: marijke | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013/01/27 21:34:47 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\marijke\Downloads\OTL.exe
PRC - [2013/01/20 20:29:18 | 028,539,272 | ---- | M] (Dropbox, Inc.) -- C:\Users\marijke\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2013/01/19 11:45:05 | 000,917,400 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/09/23 20:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/08/08 18:12:26 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012/05/10 19:39:10 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012/05/10 19:39:10 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012/03/20 23:23:33 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
PRC - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2010/06/08 08:39:00 | 000,847,360 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
PRC - [2010/05/06 07:44:44 | 001,749,504 | ---- | M] (SAMSUNG Electronics) -- C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
PRC - [2010/03/11 00:22:04 | 000,599,408 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
PRC - [2010/03/11 00:21:16 | 000,300,400 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
PRC - [2010/02/28 01:33:14 | 000,077,664 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
PRC - [2010/01/19 03:34:48 | 002,201,192 | ---- | M] (SEC) -- C:\Program Files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
PRC - [2009/10/13 11:03:04 | 000,716,800 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
PRC - [2009/06/03 12:59:02 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2009/04/15 15:52:06 | 000,091,432 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
PRC - [2009/03/05 10:54:50 | 000,311,296 | ---- | M] () -- C:\Windows\SysWOW64\Rezip.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013/01/19 11:45:05 | 003,022,232 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2010/02/28 01:33:14 | 000,077,664 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
MOD - [2009/06/03 12:59:14 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
MOD - [2009/06/03 12:59:02 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
MOD - [2006/08/12 04:48:40 | 000,049,152 | ---- | M] () -- C:\Program Files (x86)\Samsung\Easy Display Manager\HookDllPS2.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2013/01/19 11:45:05 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/11/09 11:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/09/23 20:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/05/10 19:39:10 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012/05/10 19:39:10 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/03/05 10:54:50 | 000,311,296 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\Rezip.exe -- (Rezip)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012/05/10 19:39:10 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012/05/10 19:39:10 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/12/15 15:00:00 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011/10/01 08:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011/10/01 08:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011/10/01 08:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011/10/01 08:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/06/10 20:45:38 | 001,605,632 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010/04/28 07:57:50 | 000,061,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/04/27 08:57:04 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/02/27 01:32:12 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010/02/26 19:32:58 | 000,316,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/10/05 10:08:44 | 000,087,600 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ctxusbm.sys -- (ctxusbm)
DRV:64bit: - [2009/09/28 10:22:00 | 000,395,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/27 15:55:10 | 000,083,488 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2009/06/10 21:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 21:35:42 | 000,187,392 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/28 07:38:04 | 000,013,824 | ---- | M] (SAMSUNG ELECTRONICS) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SABI.sys -- (SABI)
DRV - [2010/09/28 02:17:43 | 000,015,144 | ---- | M] (Windows (R) 2003 DDK 3790 provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\rtport.sys -- (rtport)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://samsung.msn.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=SMSTDF&pc=MASM&src=IE-SearchBox
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://samsung.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://samsung.msn.com
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{73F4BC34-40C8-4C4B-B8F5-A5A42037DB4A}: "URL" = hxxp://de.search.yahoo.com/search?fr=mcafee&p={SearchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Sichere Suche"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..extensions.enabledAddons: DivXWebPlayer%40divx.com:2.0.2.039
FF - prefs.js..extensions.enabledAddons: groovesharkUnlocker%40overlord1337:1.3
FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0035-ABCDEFFEDCBA%7D:6.0.35
FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0037-ABCDEFFEDCBA%7D:6.0.37
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1
FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=mcafee&p="
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.2.72: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.2.72: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.2.72: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.2.72: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.2.72: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/03/20 23:23:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/01/19 11:45:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/01/19 11:45:02 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/01/19 11:45:06 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/01/19 11:45:02 | 000,000,000 | ---D | M]
 
[2011/04/26 20:22:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\marijke\AppData\Roaming\mozilla\Extensions
[2012/11/24 01:02:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\marijke\AppData\Roaming\mozilla\Firefox\Profiles\g5vsxj7g.default\extensions
[2012/02/09 22:44:07 | 000,550,833 | ---- | M] () (No name found) -- C:\Users\marijke\AppData\Roaming\mozilla\firefox\profiles\g5vsxj7g.default\extensions\DivXWebPlayer@divx.com.xpi
[2012/11/13 22:01:21 | 000,029,022 | ---- | M] () (No name found) -- C:\Users\marijke\AppData\Roaming\mozilla\firefox\profiles\g5vsxj7g.default\extensions\groovesharkUnlocker@overlord1337.xpi
[2012/07/07 11:29:23 | 000,129,384 | ---- | M] () (No name found) -- C:\Users\marijke\AppData\Roaming\mozilla\firefox\profiles\g5vsxj7g.default\extensions\SciLorsGrooveUnlocker@scilor.com.xpi
[2012/11/24 01:02:10 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\marijke\AppData\Roaming\mozilla\firefox\profiles\g5vsxj7g.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/01/19 11:45:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013/01/19 11:45:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2013/01/19 11:45:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2013/01/19 11:45:06 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010/03/11 00:01:02 | 000,124,272 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\CCMSDK.dll
[2010/03/11 00:02:52 | 000,070,512 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\CgpCore.dll
[2010/03/11 00:01:48 | 000,091,504 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\confmgr.dll
[2010/03/11 00:01:24 | 000,022,384 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\ctxlogging.dll
[2010/03/11 00:40:56 | 000,423,248 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\npicaN.dll
[2010/03/11 00:02:48 | 000,023,920 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\TcpPServ.dll
[2012/06/26 21:16:01 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/08/31 05:11:44 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/06/26 21:16:01 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012/06/26 21:16:01 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011/04/27 21:58:55 | 000,001,952 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\McSiteAdvisor.xml
[2012/06/26 21:16:01 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/06/26 21:16:01 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://www.google.com
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\marijke\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
 
O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files (x86)\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RemoteControl8] C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDRShortCut] C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePPShortCut] C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\marijke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\marijke\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{498325C2-6FD4-44A8-AA57-C816289ADE0A}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5F96EEFF-043E-470A-85AA-1D0C59A2263E}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{92071B0F-B1C4-4A63-AA34-2BC15A05C928}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\application/x-ica - No CLSID value found
O18:64bit: - Protocol\Filter\ica - No CLSID value found
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/01/27 20:42:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/01/27 20:42:56 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2013/01/27 20:42:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/01/24 10:45:25 | 000,000,000 | ---D | C] -- C:\Users\marijke\AppData\Local\Programs
[2013/01/19 11:45:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
 
========== Files - Modified Within 30 Days ==========
 
[2013/01/27 21:34:11 | 000,000,000 | ---- | M] () -- C:\Users\marijke\defogger_reenable
[2013/01/27 21:13:15 | 001,500,294 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2013/01/27 21:13:15 | 000,654,852 | ---- | M] () -- C:\windows\SysNative\perfh007.dat
[2013/01/27 21:13:15 | 000,616,694 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2013/01/27 21:13:15 | 000,130,434 | ---- | M] () -- C:\windows\SysNative\perfc007.dat
[2013/01/27 21:13:15 | 000,106,816 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2013/01/27 19:55:38 | 000,013,936 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/01/27 19:55:38 | 000,013,936 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/01/27 19:47:45 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013/01/27 19:47:38 | 4148,744,192 | -HS- | M] () -- C:\hiberfil.sys
[2013/01/26 14:30:42 | 000,001,053 | ---- | M] () -- C:\Users\marijke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013/01/26 14:30:29 | 000,001,025 | ---- | M] () -- C:\Users\marijke\Desktop\Dropbox.lnk
[2013/01/11 10:11:22 | 000,277,680 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2013/01/03 10:28:07 | 000,052,311 | ---- | M] () -- C:\Users\marijke\Documents\rechnung kfz rokko.pdf
 
========== Files Created - No Company Name ==========
 
[2013/01/27 21:34:11 | 000,000,000 | ---- | C] () -- C:\Users\marijke\defogger_reenable
[2013/01/03 10:28:07 | 000,052,311 | ---- | C] () -- C:\Users\marijke\Documents\rechnung kfz rokko.pdf
[2012/03/31 09:52:57 | 000,000,908 | ---- | C] () -- C:\windows\wiso.ini
[2011/04/28 09:34:28 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/04/21 09:37:07 | 001,527,912 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2011/04/19 13:06:35 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe
 
========== ZeroAccess Check ==========
 
[2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012/11/05 20:42:07 | 000,000,000 | ---D | M] -- C:\Users\marijke\AppData\Roaming\Belastingdienst
[2012/03/31 09:54:10 | 000,000,000 | ---D | M] -- C:\Users\marijke\AppData\Roaming\Buhl Data Service
[2013/01/27 19:48:37 | 000,000,000 | ---D | M] -- C:\Users\marijke\AppData\Roaming\Dropbox
[2011/09/08 14:15:01 | 000,000,000 | ---D | M] -- C:\Users\marijke\AppData\Roaming\FreeFLVConverter
[2012/01/11 00:28:20 | 000,000,000 | ---D | M] -- C:\Users\marijke\AppData\Roaming\ICAClient
[2011/09/12 11:10:19 | 000,000,000 | ---D | M] -- C:\Users\marijke\AppData\Roaming\Orbit
[2011/09/08 13:38:54 | 000,000,000 | ---D | M] -- C:\Users\marijke\AppData\Roaming\ProgSense
[2011/06/02 13:37:16 | 000,000,000 | ---D | M] -- C:\Users\marijke\AppData\Roaming\Radmin
[2013/01/27 16:20:43 | 000,000,000 | ---D | M] -- C:\Users\marijke\AppData\Roaming\SoftGrid Client
[2011/04/21 09:38:20 | 000,000,000 | ---D | M] -- C:\Users\marijke\AppData\Roaming\TP
 
========== Purity Check ==========
 
 

< End of report >
         
--- --- ---


OTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 1/27/2013 9:35:08 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\marijke\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.86 Gb Total Physical Memory | 2.41 Gb Available Physical Memory | 62.29% Memory free
7.73 Gb Paging File | 6.07 Gb Available in Paging File | 78.59% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 179.00 Gb Total Space | 98.14 Gb Free Space | 54.82% Space Free | Partition Type: NTFS
Drive D: | 266.66 Gb Total Space | 264.01 Gb Free Space | 99.01% Space Free | Partition Type: NTFS
 
Computer Name: MARIJKE-PC | User Name: marijke | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [CEWE FOTOSCHAU] -- "C:\Program Files\Mein CEWE FOTOBUCH\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Mein CEWE FOTOBUCH] -- "C:\Program Files\Mein CEWE FOTOBUCH\Mein CEWE FOTOBUCH.exe" "%1" ()
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [CEWE FOTOSCHAU] -- "C:\Program Files\Mein CEWE FOTOBUCH\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Mein CEWE FOTOBUCH] -- "C:\Program Files\Mein CEWE FOTOBUCH\Mein CEWE FOTOBUCH.exe" "%1" ()
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08C6D1B2-7F49-4A39-AF32-E99A95D2B07D}" = rport=138 | protocol=17 | dir=out | app=system | 
"{08F155A7-B157-4087-8DA2-0574F578633E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{32D469AE-4A65-4279-917F-076C18D355B7}" = rport=139 | protocol=6 | dir=out | app=system | 
"{34A9EC7C-B14A-48B2-91CC-86987F678608}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{47ACC041-CA4F-486E-B485-ADAE4FB3B65B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{4C4DBCAB-9BAC-41D7-A942-BD1582A4F9F8}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{57A298F4-A108-49E4-A12B-0196497137AE}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{5DDAAD7A-E48F-417D-9556-55B487405711}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{69585953-D3DA-40C3-9FF3-BC2F1E7F9395}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{7099478B-B3D6-4364-A12D-933F8F3DB4DA}" = rport=137 | protocol=17 | dir=out | app=system | 
"{78847971-13E1-4498-8D66-46048E0B321D}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{7D46C081-EE4C-47E5-B768-A936FAB6B296}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{80E1DBE4-4D81-4F83-AC18-23D0B70640CC}" = lport=139 | protocol=6 | dir=in | app=system | 
"{81683327-42EB-49B9-91BE-BF5F81FFA6E8}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{821CAF31-5E24-4F06-A11B-640A36CF7790}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{853DE4DE-937C-4EC9-837D-E5A76BEACE6F}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{A0FE82B3-1407-43E4-8C0B-9E5651FEF8C1}" = lport=445 | protocol=6 | dir=in | app=system | 
"{A536A900-1CDC-4ACF-85F3-901AF7594448}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{AAD76EF7-CBA5-4CFD-951E-65CD6DAA660D}" = rport=445 | protocol=6 | dir=out | app=system | 
"{AC1435AA-6ADA-4E97-B5BE-07F670C10D1F}" = lport=138 | protocol=17 | dir=in | app=system | 
"{D0FC9B96-95F1-44CC-9CDA-E57C2C72C188}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{E83E5F40-589C-4A4B-8E41-51D86763631F}" = lport=137 | protocol=17 | dir=in | app=system | 
"{E9E516C7-FEA7-4E25-935B-6DCEDBA11301}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{F572339A-9FEE-47D4-ABA5-9BAD800C56FB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{FB2D05C7-94C8-4443-8311-E92A82992178}" = lport=2869 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0052185F-4EC0-4155-90E8-B4AC671186E4}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{13D664E8-A134-4759-B79E-DF3F8CAE2C1C}" = dir=in | app=c:\program files (x86)\common files\mcafee\mna\mcnasvc.exe | 
"{1643874B-7FC9-4977-AEE5-E62B8869F6DE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{164878DB-CE67-49F0-98FE-7080FAE0985A}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{16968817-39FF-440D-A0BF-691DF4DD6B0A}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{204C93D5-E461-48B2-858C-02F1E9B3C9C9}" = protocol=6 | dir=out | app=system | 
"{310EDACB-5FC7-4F05-9308-B1C804BC8BB3}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd8\powerdvd8.exe | 
"{373277FC-1F17-421C-839C-8AFDAE5634C9}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe | 
"{59A44EBE-6109-4507-B73C-E37290341B75}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{5A4CB546-335C-47B2-AF36-60D559FD276A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{5A85BD03-0DC5-4F27-8EBF-3637D4B07201}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{6C270682-6AB3-4BC9-90B0-75A57B49332D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{7079E61F-8ACD-42FB-8A9D-730AA8CE67A9}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | 
"{70B228C3-FC7A-4F43-A471-37D9490D9334}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{8C535ED5-7FE8-4AF2-A924-4E38313EF381}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{92093D6A-87FA-43BC-8470-F947BC03B480}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{9A273E8B-70E0-406E-AB84-6D935747A455}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{A7A38D60-2EBB-4D95-A434-856B9A905B86}" = protocol=6 | dir=in | app=c:\users\marijke\appdata\roaming\dropbox\bin\dropbox.exe | 
"{A8916D8D-F609-40D8-BAF7-27C4AF71F10A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{A8A8D3AF-1AE2-4E16-B58B-67DFE38A2B6F}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{BE69FC28-6D2C-490E-9B17-BE3071076C72}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{CE979443-744A-42EE-971C-615DD432484D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{EE267265-DB67-4D5F-B65F-249D07A7374C}" = protocol=17 | dir=in | app=c:\users\marijke\appdata\roaming\dropbox\bin\dropbox.exe | 
"{EE5C6888-9A1A-41C6-83B1-9E38C4D0A8B3}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{F1C06C51-379A-4301-93B4-40EDE8E10C56}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe | 
"{F67101E5-4E19-4E8B-A9AD-FC7EC41CDBDE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{F9B042C5-0303-4F4A-B9DB-86A0465CC18E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{FA25ACA3-F742-4CBD-87A6-04FAD0FFCF6D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"TCP Query User{41F91FA3-E565-47C9-8372-D04A69C69903}C:\program files (x86)\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe | 
"TCP Query User{4BB767B6-B81F-4D8C-8C22-1FED204F622D}C:\program files (x86)\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\adv\sopadver.exe | 
"TCP Query User{52BCDBEF-AAA2-442A-88E0-F7E0BFC77926}C:\program files (x86)\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\adv\sopadver.exe | 
"TCP Query User{8533A807-0D6F-4CC9-80D2-5E67AB41E32A}D:\jens ordner\spiele\anno1701.exe" = protocol=6 | dir=in | app=d:\jens ordner\spiele\anno1701.exe | 
"TCP Query User{E195E189-E006-48E4-8AB7-D5B38201BE03}C:\program files (x86)\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=c:\program files (x86)\orbitdownloader\orbitnet.exe | 
"TCP Query User{E2F4986E-D483-40FF-9430-28B72BA3EA6E}C:\program files (x86)\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe | 
"TCP Query User{FAA76525-0529-43FB-991F-D7B2C119A3AF}C:\users\marijke\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\marijke\appdata\roaming\dropbox\bin\dropbox.exe | 
"UDP Query User{3B8E5D49-A2C1-4A95-B8B7-A4105CDA284D}C:\users\marijke\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\marijke\appdata\roaming\dropbox\bin\dropbox.exe | 
"UDP Query User{4A9AAF2F-3AF8-4B0A-811D-602EB41CE897}D:\jens ordner\spiele\anno1701.exe" = protocol=17 | dir=in | app=d:\jens ordner\spiele\anno1701.exe | 
"UDP Query User{57F9C29F-D671-4BA5-A368-64DC027F61E6}C:\program files (x86)\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\adv\sopadver.exe | 
"UDP Query User{59FC6236-6D9F-4DCE-B02B-C96C37B8B83C}C:\program files (x86)\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=c:\program files (x86)\orbitdownloader\orbitnet.exe | 
"UDP Query User{5B01301A-9E41-4FE5-A47B-3C6E51D3A10D}C:\program files (x86)\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\adv\sopadver.exe | 
"UDP Query User{5B328530-8BA3-4E72-9518-35975F7CAA24}C:\program files (x86)\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe | 
"UDP Query User{DCB6AD5E-94C4-4494-8B70-C8CA13920F7E}C:\program files (x86)\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{17B77355-3934-4D0E-8FAC-C420482C8E7D}" = Windows Live Family Safety
"{1A8BA6CE-822D-4888-89E2-ACBF4308F271}" = Intel(R) PROSet/Wireless WiFi Software
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"NVIDIA Drivers" = NVIDIA Drivers
"ProInst" = Intel PROSet Wireless
"SynTPDeinstKey" = Synaptics Pointing Device Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{023D64D7-E7B4-47C7-BE6E-B7C2E8960D08}" = Citrix Online Plug-in (Web)
"{02F0B8AE-7501-4333-AFBE-6BAABFEC7637}" = WISO Steuer 2011
"{0F796312-289C-40CA-856C-9FBCF5E83342}" = REALTEK Wireless LAN Software
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution 4
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2517B7EA-6C03-4D86-A1B1-F3FE1C3BC03B}" = Radmin Viewer 3.4
"{26A24AE4-039D-4CA4-87B4-2F83216035FF}" = Java(TM) 6 Update 37
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3EED7541-55F8-4DC6-B9CD-28762D71310E}" = Samsung R-Series
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A331D24-A9E8-484F-835E-1BA7B139689C}" = EasyBatteryManager
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6F8EAC65-314D-4D86-9557-BC9312AACCB0}" = Citrix Online Plug-in (USB)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{74A579FB-EB06-497D-B194-01590D6FE51A}" = BatteryLifeExtender
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{8144262B-25B4-44F6-8204-FCC8EF50179F}" = Citrix Online Plug-in (DV)
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2433A63-5F5D-40E5-B529-9123C2B3E734}" = Anno 1701
"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI - Deutsch
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{D1434266-0486-4469-B338-A60082CC04E1}" = Atheros Client Installation Program
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}" = Samsung Update Plus
"{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel(R) Turbo Boost Technology Driver
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{EA74A293-3FAC-4D1B-AE3A-3BD47FADDC20}" = Citrix Online Plug-in (HDX)
"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F687E657-F636-44DF-8125-9FEEA2C362F5}" = Samsung Support Center
"{F9557866-B4C8-4CE5-8508-0E386BDC20B2}" = Easy Network Manager
"2476-8030-0924-5048" = Miniplan 3.1.5
"Aangifte voor buitenlandse belastingplichtigen 2011" = Aangifte voor buitenlandse belastingplichtigen 2011
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AudibleManager" = AudibleManager
"Avira AntiVir Desktop" = Avira Free Antivirus
"CitrixOnlinePluginPackWeb" = Citrix Online Plug-in - Web
"Free FLV Converter_is1" = Free FLV Converter V 7.0.0
"Huur- en zorgtoeslag 2011" = Huur- en zorgtoeslag 2011
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Marvell Miniport Driver" = Marvell Miniport Driver
"Mein CEWE FOTOBUCH" = Mein CEWE FOTOBUCH
"Mozilla Firefox 18.0.1 (x86 de)" = Mozilla Firefox 18.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"RealPlayer 15.0" = RealPlayer
"SopCast" = SopCast 3.4.0
"VLC media player" = VLC media player 1.1.11
"WinLiveSuite_Wave3" = Windows Live Essentials
"YTdetect" = Yahoo! Detect
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 8/14/2012 2:43:21 PM | Computer Name = marijke-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
 "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile  8.  Die 
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
 überein.  Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
 WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Verwenden Sie
 das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
Error - 8/14/2012 3:36:58 PM | Computer Name = marijke-PC | Source = System Restore | ID = 8193
Description = 
 
Error - 8/14/2012 3:36:58 PM | Computer Name = marijke-PC | Source = System Restore | ID = 8211
Description = 
 
Error - 8/16/2012 3:40:45 AM | Computer Name = marijke-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
 "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile  8.  Die 
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
 überein.  Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
 WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Verwenden Sie
 das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
Error - 8/16/2012 6:54:39 AM | Computer Name = marijke-PC | Source = CVHSVC | ID = 100
Description = Nur zur Information.  (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
 DownloadLatest Failed: 
 
Error - 8/23/2012 2:18:22 PM | Computer Name = marijke-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
 "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile  8.  Die 
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
 überein.  Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
 WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Verwenden Sie
 das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
Error - 8/28/2012 10:20:38 AM | Computer Name = marijke-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
 "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile  8.  Die 
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
 überein.  Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
 WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Verwenden Sie
 das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
Error - 8/30/2012 9:12:55 AM | Computer Name = marijke-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
 "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile  8.  Die 
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
 überein.  Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
 WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Verwenden Sie
 das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
Error - 9/8/2012 7:13:37 AM | Computer Name = marijke-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
 "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile  8.  Die 
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
 überein.  Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
 WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Verwenden Sie
 das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
Error - 9/13/2012 3:02:16 AM | Computer Name = marijke-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 15.0.1.4631 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 124c    Startzeit:
 01cd917c8f5add70    Endzeit: 310    Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Berichts-ID:
 d7c23092-fd70-11e1-97fe-002454cda343  
 
[ System Events ]
Error - 11/24/2012 4:08:29 PM | Computer Name = marijke-PC | Source = cdrom | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\CdRom0 gefunden.
 
Error - 11/24/2012 4:08:36 PM | Computer Name = marijke-PC | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
 
Error - 11/24/2012 4:08:42 PM | Computer Name = marijke-PC | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
 
Error - 11/24/2012 4:08:49 PM | Computer Name = marijke-PC | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
 
Error - 11/24/2012 4:08:58 PM | Computer Name = marijke-PC | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
 
Error - 11/24/2012 4:09:15 PM | Computer Name = marijke-PC | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
 
Error - 1/1/2013 9:09:58 AM | Computer Name = marijke-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 1/26/2013 9:26:07 AM | Computer Name = marijke-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Windows Search erreicht.
 
Error - 1/26/2013 9:26:10 AM | Computer Name = marijke-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht
 gestartet:   %%1053
 
Error - 1/26/2013 9:26:10 AM | Computer Name = marijke-PC | Source = DCOM | ID = 10005
Description = 
 
 
< End of report >
         
--- --- ---



--- --- ---
__________________

Alt 28.01.2013, 18:07   #4
herrschmacko
 
TR/Matsnu.EB.98 in C:\Users\marijke\Downloads\Daten_23.01.2013.zip - Standard

TR/Matsnu.EB.98 in C:\Users\marijke\Downloads\Daten_23.01.2013.zip



wir werden alle leute warnen und deine adresse weitergeben. ich habe auf irgendeiner seite hier gelesen, dass man diese logfiles erstellen und posten soll. korrekt?
folgendes habe ich noch:

Code:
ATTFilter
GMER 2.0.18444 - hxxp://www.gmer.net
Rootkit scan 2013-01-27 22:09:14
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD50 rev.01.0 465,76GB
Running: gmer-2.0.18444.exe; Driver: C:\Users\marijke\AppData\Local\Temp\afdiifod.sys


---- User code sections - GMER 2.0 ----

.text    C:\Users\marijke\AppData\Roaming\Dropbox\bin\Dropbox.exe[1672] C:\windows\syswow64\Psapi.dll!GetModuleFileNameExW + 17                                                                                                                0000000076841401 2 bytes [84, 76]
.text    C:\Users\marijke\AppData\Roaming\Dropbox\bin\Dropbox.exe[1672] C:\windows\syswow64\Psapi.dll!EnumProcessModules + 17                                                                                                                  0000000076841419 2 bytes [84, 76]
.text    C:\Users\marijke\AppData\Roaming\Dropbox\bin\Dropbox.exe[1672] C:\windows\syswow64\Psapi.dll!GetModuleInformation + 17                                                                                                                0000000076841431 2 bytes [84, 76]
.text    C:\Users\marijke\AppData\Roaming\Dropbox\bin\Dropbox.exe[1672] C:\windows\syswow64\Psapi.dll!GetModuleInformation + 42                                                                                                                000000007684144a 2 bytes [84, 76]
.text    ...                                                                                                                                                                                                                                   * 9
.text    C:\Users\marijke\AppData\Roaming\Dropbox\bin\Dropbox.exe[1672] C:\windows\syswow64\Psapi.dll!EnumDeviceDrivers + 17                                                                                                                   00000000768414dd 2 bytes [84, 76]
.text    C:\Users\marijke\AppData\Roaming\Dropbox\bin\Dropbox.exe[1672] C:\windows\syswow64\Psapi.dll!GetDeviceDriverBaseNameA + 17                                                                                                            00000000768414f5 2 bytes [84, 76]
.text    C:\Users\marijke\AppData\Roaming\Dropbox\bin\Dropbox.exe[1672] C:\windows\syswow64\Psapi.dll!QueryWorkingSetEx + 17                                                                                                                   000000007684150d 2 bytes [84, 76]
.text    C:\Users\marijke\AppData\Roaming\Dropbox\bin\Dropbox.exe[1672] C:\windows\syswow64\Psapi.dll!GetDeviceDriverBaseNameW + 17                                                                                                            0000000076841525 2 bytes [84, 76]
.text    C:\Users\marijke\AppData\Roaming\Dropbox\bin\Dropbox.exe[1672] C:\windows\syswow64\Psapi.dll!GetModuleBaseNameW + 17                                                                                                                  000000007684153d 2 bytes [84, 76]
.text    C:\Users\marijke\AppData\Roaming\Dropbox\bin\Dropbox.exe[1672] C:\windows\syswow64\Psapi.dll!EnumProcesses + 17                                                                                                                       0000000076841555 2 bytes [84, 76]
.text    C:\Users\marijke\AppData\Roaming\Dropbox\bin\Dropbox.exe[1672] C:\windows\syswow64\Psapi.dll!GetProcessMemoryInfo + 17                                                                                                                000000007684156d 2 bytes [84, 76]
.text    C:\Users\marijke\AppData\Roaming\Dropbox\bin\Dropbox.exe[1672] C:\windows\syswow64\Psapi.dll!GetPerformanceInfo + 17                                                                                                                  0000000076841585 2 bytes [84, 76]
.text    C:\Users\marijke\AppData\Roaming\Dropbox\bin\Dropbox.exe[1672] C:\windows\syswow64\Psapi.dll!QueryWorkingSet + 17                                                                                                                     000000007684159d 2 bytes [84, 76]
.text    C:\Users\marijke\AppData\Roaming\Dropbox\bin\Dropbox.exe[1672] C:\windows\syswow64\Psapi.dll!GetModuleBaseNameA + 17                                                                                                                  00000000768415b5 2 bytes [84, 76]
.text    C:\Users\marijke\AppData\Roaming\Dropbox\bin\Dropbox.exe[1672] C:\windows\syswow64\Psapi.dll!GetModuleFileNameExA + 17                                                                                                                00000000768415cd 2 bytes [84, 76]
.text    C:\Users\marijke\AppData\Roaming\Dropbox\bin\Dropbox.exe[1672] C:\windows\syswow64\Psapi.dll!GetProcessImageFileNameW + 20                                                                                                            00000000768416b2 2 bytes [84, 76]
.text    C:\Users\marijke\AppData\Roaming\Dropbox\bin\Dropbox.exe[1672] C:\windows\syswow64\Psapi.dll!GetProcessImageFileNameW + 31                                                                                                            00000000768416bd 2 bytes [84, 76]
.text    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2476] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                                                                          0000000076841401 2 bytes [84, 76]
.text    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2476] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                                                                            0000000076841419 2 bytes [84, 76]
.text    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2476] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                                                                          0000000076841431 2 bytes [84, 76]
.text    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2476] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                                                                          000000007684144a 2 bytes [84, 76]
.text    ...                                                                                                                                                                                                                                   * 9
.text    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2476] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                                                                             00000000768414dd 2 bytes [84, 76]
.text    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2476] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                                                                      00000000768414f5 2 bytes [84, 76]
.text    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2476] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                                                                             000000007684150d 2 bytes [84, 76]
.text    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2476] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                                                                      0000000076841525 2 bytes [84, 76]
.text    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2476] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                                                                            000000007684153d 2 bytes [84, 76]
.text    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2476] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                                                                                 0000000076841555 2 bytes [84, 76]
.text    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2476] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                                                                          000000007684156d 2 bytes [84, 76]
.text    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2476] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                                                                            0000000076841585 2 bytes [84, 76]
.text    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2476] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                                                                               000000007684159d 2 bytes [84, 76]
.text    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2476] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                                                                            00000000768415b5 2 bytes [84, 76]
.text    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2476] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                                                                          00000000768415cd 2 bytes [84, 76]
.text    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2476] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                                                                      00000000768416b2 2 bytes [84, 76]
.text    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2476] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                                                                      00000000768416bd 2 bytes [84, 76]
.text    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3444] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                                                  0000000076841401 2 bytes [84, 76]
.text    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3444] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                                                    0000000076841419 2 bytes [84, 76]
.text    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3444] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                                                  0000000076841431 2 bytes [84, 76]
.text    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3444] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                                                  000000007684144a 2 bytes [84, 76]
.text    ...                                                                                                                                                                                                                                   * 9
.text    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3444] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                                                     00000000768414dd 2 bytes [84, 76]
.text    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3444] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                                              00000000768414f5 2 bytes [84, 76]
.text    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3444] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                                                     000000007684150d 2 bytes [84, 76]
.text    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3444] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                                              0000000076841525 2 bytes [84, 76]
.text    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3444] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                                                    000000007684153d 2 bytes [84, 76]
.text    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3444] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                                                         0000000076841555 2 bytes [84, 76]
.text    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3444] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                                                  000000007684156d 2 bytes [84, 76]
.text    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3444] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                                                    0000000076841585 2 bytes [84, 76]
.text    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3444] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                                                       000000007684159d 2 bytes [84, 76]
.text    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3444] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                                                    00000000768415b5 2 bytes [84, 76]
.text    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3444] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                                                  00000000768415cd 2 bytes [84, 76]
.text    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3444] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                                              00000000768416b2 2 bytes [84, 76]
.text    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3444] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                                              00000000768416bd 2 bytes [84, 76]
.text    C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE[4596] C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE!?SparseBitMask@DataSourceDescription@FlexUI@@2HB + 960  000000002da45984 4 bytes [DB, 56, 18, F6]
.text    C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE[4596] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                                                     0000000076841401 2 bytes [84, 76]
.text    C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE[4596] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                                                       0000000076841419 2 bytes [84, 76]
.text    C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE[4596] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                                                     0000000076841431 2 bytes [84, 76]
.text    C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE[4596] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                                                     000000007684144a 2 bytes [84, 76]
.text    ...                                                                                                                                                                                                                                   * 9
.text    C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE[4596] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                                                        00000000768414dd 2 bytes [84, 76]
.text    C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE[4596] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                                                 00000000768414f5 2 bytes [84, 76]
.text    C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE[4596] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                                                        000000007684150d 2 bytes [84, 76]
.text    C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE[4596] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                                                 0000000076841525 2 bytes [84, 76]
.text    C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE[4596] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                                                       000000007684153d 2 bytes [84, 76]
.text    C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE[4596] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                                                            0000000076841555 2 bytes [84, 76]
.text    C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE[4596] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                                                     000000007684156d 2 bytes [84, 76]
.text    C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE[4596] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                                                       0000000076841585 2 bytes [84, 76]
.text    C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE[4596] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                                                          000000007684159d 2 bytes [84, 76]
.text    C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE[4596] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                                                       00000000768415b5 2 bytes [84, 76]
.text    C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE[4596] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                                                     00000000768415cd 2 bytes [84, 76]
.text    C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE[4596] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                                                 00000000768416b2 2 bytes [84, 76]
.text    C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE[4596] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                                                 00000000768416bd 2 bytes [84, 76]
.text    C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4984] C:\windows\SysWOW64\ntdll.dll!NtClose                                                                                                0000000077c1f9c0 5 bytes JMP 00000001721f5f49
.text    C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4984] C:\windows\SysWOW64\ntdll.dll!NtQueryObject                                                                                          0000000077c1f9d8 5 bytes JMP 00000001721f6411
.text    C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4984] C:\windows\SysWOW64\ntdll.dll!NtOpenKey                                                                                              0000000077c1fa08 5 bytes JMP 00000001721f016d
.text    C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4984] C:\windows\SysWOW64\ntdll.dll!NtEnumerateValueKey                                                                                    0000000077c1fa20 5 bytes JMP 00000001721efbca
.text    C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4984] C:\windows\SysWOW64\ntdll.dll!NtQueryKey                                                                                             0000000077c1fa70 5 bytes JMP 00000001721efa44
.text    C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4984] C:\windows\SysWOW64\ntdll.dll!NtQueryValueKey                                                                                        0000000077c1fa88 2 bytes JMP 00000001721efb52
.text    C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4984] C:\windows\SysWOW64\ntdll.dll!NtQueryValueKey + 3                                                                                    0000000077c1fa8b 2 bytes [5D, FA]
.text    C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4984] C:\windows\SysWOW64\ntdll.dll!NtCreateKey                                                                                            0000000077c1fb20 5 bytes JMP 00000001721f0424
.text    C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4984] C:\windows\SysWOW64\ntdll.dll!NtSetInformationFile                                                                                   0000000077c1fc18 5 bytes JMP 00000001721f4369
.text    C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4984] C:\windows\SysWOW64\ntdll.dll!NtEnumerateKey                                                                                         0000000077c1fd2c 5 bytes JMP 00000001721ef9cc
.text    C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4984] C:\windows\SysWOW64\ntdll.dll!NtOpenFile                                                                                             0000000077c1fd44 5 bytes JMP 00000001721f4959
.text    C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4984] C:\windows\SysWOW64\ntdll.dll!NtQueryDirectoryFile                                                                                   0000000077c1fd78 5 bytes JMP 00000001721f39de
.text    C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4984] C:\windows\SysWOW64\ntdll.dll!NtDuplicateObject                                                                                      0000000077c1fe24 5 bytes JMP 00000001721f5fc4
.text    C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4984] C:\windows\SysWOW64\ntdll.dll!NtQueryAttributesFile                                                                                  0000000077c1fe3c 5 bytes JMP 00000001721f4adb
.text    C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4984] C:\windows\SysWOW64\ntdll.dll!NtCreateFile                                                                                           0000000077c20094 5 bytes JMP 00000001721f4791
.text    C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4984] C:\windows\SysWOW64\ntdll.dll!NtSetValueKey                                                                                          0000000077c201a4 5 bytes JMP 00000001721efc42
.text    C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4984] C:\windows\SysWOW64\ntdll.dll!NtDeleteFile                                                                                           0000000077c209c4 5 bytes JMP 00000001721f4584
.text    C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4984] C:\windows\SysWOW64\ntdll.dll!NtDeleteKey                                                                                            0000000077c209dc 5 bytes JMP 00000001721ecc5b
.text    C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4984] C:\windows\SysWOW64\ntdll.dll!NtDeleteValueKey                                                                                       0000000077c20a24 5 bytes JMP 00000001721ecd29
.text    C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4984] C:\windows\SysWOW64\ntdll.dll!NtFlushKey                                                                                             0000000077c20b60 5 bytes JMP 00000001721eccc2
.text    C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4984] C:\windows\SysWOW64\ntdll.dll!NtNotifyChangeKey                                                                                      0000000077c20f50 5 bytes JMP 00000001721efcba
.text    C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4984] C:\windows\SysWOW64\ntdll.dll!NtNotifyChangeMultipleKeys                                                                             0000000077c20f68 5 bytes JMP 00000001721eff45
.text    C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4984] C:\windows\SysWOW64\ntdll.dll!NtOpenKeyEx                                                                                            0000000077c20ff8 5 bytes JMP 00000001721f01fd
.text    C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4984] C:\windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile                                                                              0000000077c2131c 5 bytes JMP 00000001721f4b6b
.text    C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4984] C:\windows\SysWOW64\ntdll.dll!NtQueryMultipleValueKey                                                                                0000000077c2145c 5 bytes JMP 00000001721efec9
.text    C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4984] C:\windows\SysWOW64\ntdll.dll!NtQuerySecurityObject                                                                                  0000000077c21508 5 bytes JMP 00000001721f6389
.text    C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4984] C:\windows\SysWOW64\ntdll.dll!NtRenameKey                                                                                            0000000077c216f8 1 byte JMP 00000001721ed138
.text    C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4984] C:\windows\SysWOW64\ntdll.dll!NtRenameKey + 2                                                                                        0000000077c216fa 3 bytes {JMP 0xfffffffffa5cba40}
.text    C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4984] C:\windows\SysWOW64\ntdll.dll!NtSetInformationKey                                                                                    0000000077c21a38 5 bytes JMP 00000001721efacc
.text    C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4984] C:\windows\SysWOW64\ntdll.dll!NtSetSecurityObject                                                                                    0000000077c21b7c 5 bytes JMP 00000001721f616c
.text    C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4984] C:\windows\syswow64\kernel32.dll!CreateProcessW                                                                                      0000000075d3103d 5 bytes JMP 00000001721c93a9
.text    C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4984] C:\windows\syswow64\kernel32.dll!CreateProcessA                                                                                      0000000075d31072 5 bytes JMP 00000001721c94e7
.text    C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4984] C:\windows\syswow64\kernel32.dll!CreateProcessAsUserW                                                                                0000000075d5c9b5 5 bytes JMP 00000001721c971d
.text    C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4984] C:\windows\syswow64\kernel32.dll!SetDllDirectoryW                                                                                    0000000075db00c3 5 bytes JMP 00000001721c9efe
.text    C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4984] C:\windows\syswow64\kernel32.dll!SetDllDirectoryA                                                                                    0000000075db016b 5 bytes JMP 00000001721ca231
.text    C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4984] C:\windows\syswow64\kernel32.dll!WinExec                                                                                             0000000075db2c91 5 bytes JMP 00000001721c9aa0
.text    C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4984] C:\windows\syswow64\kernel32.dll!AllocConsole                                                                                        0000000075dd6b3e 5 bytes JMP 00000001721f7431
.text    C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4984] C:\windows\syswow64\kernel32.dll!AttachConsole                                                                                       0000000075dd6c02 5 bytes JMP 00000001721f7443
.text    C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4984] C:\windows\syswow64\KERNELBASE.dll!LoadLibraryExW                                                                                    00000000757d2aa4 5 bytes JMP 00000001721ca43c
.text    C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4984] C:\windows\syswow64\USER32.dll!CreateWindowExW                                                                                       00000000765b8a29 5 bytes JMP 00000001721f7419
.text    C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4984] C:\windows\syswow64\USER32.dll!CreateWindowExA                                                                                       00000000765bd22e 5 bytes JMP 00000001721f7401
.text    C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4984] C:\windows\syswow64\GDI32.dll!AddFontResourceW                                                                                       000000007692d2b2 5 bytes JMP 00000001721d7617
.text    C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4984] C:\windows\syswow64\GDI32.dll!AddFontResourceA                                                                                       000000007692d7bb 5 bytes JMP 00000001721d75fb
.text    C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4984] C:\windows\syswow64\ADVAPI32.dll!EnumDependentServicesW                                                                              00000000766a1e3a 7 bytes JMP 00000001721da3b9
.text    C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4984] C:\windows\syswow64\ADVAPI32.dll!EnumServicesStatusExW                                                                               00000000766ab466 7 bytes JMP 00000001721db2da
.text    C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4984] C:\windows\syswow64\ADVAPI32.dll!GetServiceKeyNameW                                                                                  00000000766c78ff 7 bytes JMP 00000001721daa60
.text    C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4984] C:\windows\syswow64\ADVAPI32.dll!GetServiceDisplayNameW                                                                              00000000766c79bb 7 bytes JMP 00000001721dac11
.text    C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4984] C:\windows\syswow64\ADVAPI32.dll!EnumServicesStatusExA                                                                               00000000766ca3e2 7 bytes JMP 00000001721db3a0
.text    C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4984] C:\windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA                                                                                00000000766e2538 5 bytes JMP 00000001721c985f
.text    C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4984] C:\windows\syswow64\ADVAPI32.dll!GetServiceKeyNameA                                                                                  0000000076701b94 7 bytes JMP 00000001721dab18
.text    C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4984] C:\windows\syswow64\ADVAPI32.dll!GetServiceDisplayNameA                                                                              0000000076701c31 7 bytes JMP 00000001721dacc9
.text    C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4984] C:\windows\syswow64\ADVAPI32.dll!EnumServicesStatusA                                                                                 0000000076702021 7 bytes JMP 00000001721db21c
.text    C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4984] C:\windows\syswow64\ADVAPI32.dll!EnumDependentServicesA                                                                              0000000076702104 7 bytes JMP 00000001721da470
.text    C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4984] C:\windows\syswow64\ADVAPI32.dll!EnumServicesStatusW                                                                                 0000000076702221 5 bytes JMP 00000001721db15e
.text    C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4984] C:\windows\SysWOW64\sechost.dll!ControlService                                                                                       0000000076824d5c 7 bytes JMP 00000001721da1fe
.text    C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4984] C:\windows\SysWOW64\sechost.dll!CloseServiceHandle                                                                                   0000000076824dc3 7 bytes JMP 00000001721da527
.text    C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4984] C:\windows\SysWOW64\sechost.dll!QueryServiceStatus                                                                                   0000000076824e4b 7 bytes JMP 00000001721da28a
.text    C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4984] C:\windows\SysWOW64\sechost.dll!QueryServiceStatusEx                                                                                 0000000076824eaf 7 bytes JMP 00000001721da31d
.text    C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4984] C:\windows\SysWOW64\sechost.dll!StartServiceW                                                                                        0000000076824f35 7 bytes JMP 00000001721da079
.text    C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4984] C:\windows\SysWOW64\sechost.dll!StartServiceA                                                                                        000000007682508d 7 bytes JMP 00000001721da10f
.text    C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4984] C:\windows\SysWOW64\sechost.dll!QueryServiceObjectSecurity                                                                           00000000768250f4 7 bytes JMP 00000001721db02c
.text    C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4984] C:\windows\SysWOW64\sechost.dll!SetServiceObjectSecurity                                                                             0000000076825181 7 bytes JMP 00000001721db0c8
.text    C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4984] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfigA                                                                                 0000000076825254 7 bytes JMP 00000001721da728
.text    C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4984] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfigW                                                                                 00000000768253d5 7 bytes JMP 00000001721da643
.text    C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4984] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfig2A                                                                                00000000768254c2 7 bytes JMP 00000001721da9ca
.text    C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4984] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfig2W                                                                                00000000768255e2 7 bytes JMP 00000001721da934
.text    C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4984] C:\windows\SysWOW64\sechost.dll!CreateServiceA                                                                                       000000007682567c 7 bytes JMP 00000001721d9e5b
.text    C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4984] C:\windows\SysWOW64\sechost.dll!CreateServiceW                                                                                       000000007682589f 7 bytes JMP 00000001721d9d85
.text    C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4984] C:\windows\SysWOW64\sechost.dll!DeleteService                                                                                        0000000076825a22 7 bytes JMP 00000001721da5b5
.text    C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4984] C:\windows\SysWOW64\sechost.dll!QueryServiceConfigA                                                                                  0000000076825a83 7 bytes JMP 00000001721dae5b
.text    C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4984] C:\windows\SysWOW64\sechost.dll!QueryServiceConfigW                                                                                  0000000076825b29 7 bytes JMP 00000001721dadc2
.text    C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4984] C:\windows\SysWOW64\sechost.dll!ControlServiceExA                                                                                    0000000076825ca0 7 bytes JMP 00000001721d9535
.text    C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4984] C:\windows\SysWOW64\sechost.dll!ControlServiceExW                                                                                    0000000076825d8c 7 bytes JMP 00000001721d94bc
.text    C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4984] C:\windows\SysWOW64\sechost.dll!OpenSCManagerW                                                                                       00000000768263ad 7 bytes JMP 00000001721d9a83
.text    C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4984] C:\windows\SysWOW64\sechost.dll!OpenSCManagerA                                                                                       00000000768264f0 7 bytes JMP 00000001721d9b0f
.text    C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4984] C:\windows\SysWOW64\sechost.dll!QueryServiceConfig2A                                                                                 0000000076826633 7 bytes JMP 00000001721daf90
.text    C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4984] C:\windows\SysWOW64\sechost.dll!QueryServiceConfig2W                                                                                 000000007682680c 7 bytes JMP 00000001721daef4
.text    C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4984] C:\windows\SysWOW64\sechost.dll!OpenServiceW                                                                                         000000007682714b 7 bytes JMP 00000001721d9bf8
.text    C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4984] C:\windows\SysWOW64\sechost.dll!OpenServiceA                                                                                         0000000076827245 7 bytes JMP 00000001721d9c84
.text    C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4984] C:\windows\syswow64\ole32.dll!CoRegisterPSClsid                                                                                      0000000075a5c56e 5 bytes JMP 00000001721e11c4
.text    C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4984] C:\windows\syswow64\ole32.dll!CoResumeClassObjects + 7                                                                               0000000075a5ea09 7 bytes JMP 00000001721e1795
.text    C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4984] C:\windows\syswow64\ole32.dll!OleRun                                                                                                 0000000075a607de 5 bytes JMP 00000001721e1650
.text    C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4984] C:\windows\syswow64\ole32.dll!CoRegisterClassObject                                                                                  0000000075a621e1 5 bytes JMP 00000001721e22c5
.text    C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4984] C:\windows\syswow64\ole32.dll!OleUninitialize                                                                                        0000000075a6eba1 6 bytes JMP 00000001721e156f
.text    C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4984] C:\windows\syswow64\ole32.dll!OleInitialize                                                                                          0000000075a6efd7 5 bytes JMP 00000001721e14ff
.text    C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4984] C:\windows\syswow64\ole32.dll!CoGetPSClsid                                                                                           0000000075a726b9 5 bytes JMP 00000001721e133c
.text    C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4984] C:\windows\syswow64\ole32.dll!CoGetClassObject                                                                                       0000000075a854ad 5 bytes JMP 00000001721e2853
.text    C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4984] C:\windows\syswow64\ole32.dll!CoInitializeEx                                                                                         0000000075a909ad 5 bytes JMP 00000001721e13af
.text    C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4984] C:\windows\syswow64\ole32.dll!CoUninitialize                                                                                         0000000075a986d3 5 bytes JMP 00000001721e1431
.text    C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4984] C:\windows\syswow64\ole32.dll!CoCreateInstance                                                                                       0000000075a99d0b 5 bytes JMP 00000001721e3b21
.text    C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4984] C:\windows\syswow64\ole32.dll!CoCreateInstanceEx                                                                                     0000000075a99d4e 5 bytes JMP 00000001721e1c5c
.text    C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4984] C:\windows\syswow64\ole32.dll!CoSuspendClassObjects + 7                                                                              0000000075abbb09 7 bytes JMP 00000001721e16c0
.text    C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4984] C:\windows\syswow64\ole32.dll!CoRevokeClassObject                                                                                    0000000075adeacf 5 bytes JMP 00000001721e0c21
.text    C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4984] C:\windows\syswow64\ole32.dll!CoGetInstanceFromFile                                                                                  0000000075b1340b 5 bytes JMP 00000001721e2d13
.text    C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4984] C:\windows\syswow64\ole32.dll!OleRegEnumFormatEtc                                                                                    0000000075b5cfd9 5 bytes JMP 00000001721e15da
.text    C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4984] C:\windows\syswow64\oleaut32.dll!RegisterActiveObject                                                                                00000000769b279e 5 bytes JMP 00000001721e0eb4
.text    C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4984] C:\windows\syswow64\oleaut32.dll!RevokeActiveObject                                                                                  00000000769b3294 5 bytes JMP 00000001721e0fd5
.text    C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4984] C:\windows\syswow64\oleaut32.dll!GetActiveObject                                                                                     00000000769c8f40 5 bytes JMP 00000001721e1048

---- User IAT/EAT - GMER 2.0 ----

IAT      C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2396] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmAddToStreamDWord]                                               [7fef872741c] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT      C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2396] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSet]                                                            [7fef8725f10] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT      C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2396] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmEndSession]                                                     [7fef8725674] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT      C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2396] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmStartSession]                                                   [7fef8725e2c] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT      C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2396] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmStartUpload]                                                    [7fef8727f48] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT      C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2396] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSetAppVersion]                                                  [7fef8726a38] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT      C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2396] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSetMachineId]                                                   [7fef8726ee8] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT      C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2396] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmWriteSharedMachineId]                                           [7fef8727b58] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT      C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2396] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmCreateNewId]                                                    [7fef8727ea0] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT      C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2396] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmReadSharedMachineId]                                            [7fef87278b0] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT      C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2396] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmGetSession]                                                     [7fef8724fb4] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT      C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2396] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSetAppId]                                                       [7fef8725d38] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT      C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2396] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmAddToStreamString]                                              [7fef8727584] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll

---- Threads - GMER 2.0 ----

Thread   C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [1904:3756]                                                                                                                                                                  000000001000e2eb
Thread   C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [1904:3876]                                                                                                                                                                  00000000010166e0
Thread   C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [1904:3880]                                                                                                                                                                  00000000010166e0
Thread   C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [1904:3884]                                                                                                                                                                  00000000010166e0
Thread   C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [1904:3888]                                                                                                                                                                  0000000001012560
Thread   C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [2860:3236]                                                                                                                                                                    000000006d578f84
Thread   C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [2860:3240]                                                                                                                                                                    000000006d57925e
Thread   C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [2860:3244]                                                                                                                                                                    000000006d578bd0
Thread   C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3256:3000]                                                                                                                                                                        000000006c096314
Thread   C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3256:3100]                                                                                                                                                                        000000006c09539b
Thread   C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3256:4492]                                                                                                                                                                        0000000071fdc724
Thread   C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3256:2516]                                                                                                                                                                        0000000071fdc724
Thread   C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3256:1920]                                                                                                                                                                        0000000071fdc724
Thread   C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3256:2964]                                                                                                                                                                        0000000071fdc724
Thread   C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3256:4856]                                                                                                                                                                        0000000071fdc724
Thread   C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3256:2520]                                                                                                                                                                        0000000071fdc724
Thread   C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3256:5028]                                                                                                                                                                        0000000071fdc724
Thread   C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3256:2212]                                                                                                                                                                        0000000071fdc724
Thread   C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3256:444]                                                                                                                                                                         0000000071fdc724
Thread   C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3256:116]                                                                                                                                                                         0000000071fdc724
Thread   C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3256:4636]                                                                                                                                                                        0000000071fdc724
Thread   C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3256:2452]                                                                                                                                                                        0000000071fdc724
Thread   C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3256:3324]                                                                                                                                                                        0000000071fdc724
Thread   C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3256:2924]                                                                                                                                                                        0000000077c52e25
Thread   C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3256:1508]                                                                                                                                                                        0000000071fdc724
Thread   C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3256:2036]                                                                                                                                                                        00000000735927e1
Thread   C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3256:3252]                                                                                                                                                                        0000000071fdc724
Thread   C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3256:4236]                                                                                                                                                                        0000000071fdc724
Thread   C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3256:3092]                                                                                                                                                                        00000000740b32fb
Thread   C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3256:4384]                                                                                                                                                                        0000000071fdc724
Thread   C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3256:3424]                                                                                                                                                                        0000000071fdc724
Thread   C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3256:4092]                                                                                                                                                                        0000000071fdc724
Thread   C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3256:4024]                                                                                                                                                                        0000000071fdc724
Thread   C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3256:2276]                                                                                                                                                                        0000000071fdc724
Thread   C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3256:4204]                                                                                                                                                                        0000000071fdc724
Thread   C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3256:2164]                                                                                                                                                                        0000000071fdc724
Thread   C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3256:4608]                                                                                                                                                                        0000000071fdc724
Thread   C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3256:3692]                                                                                                                                                                        0000000071fdc724
Thread   C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3256:5036]                                                                                                                                                                        0000000071fdc724
Thread   C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3256:3148]                                                                                                                                                                        0000000071fdc724
Thread   C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3256:5024]                                                                                                                                                                        0000000071fdc724
Thread   C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3256:4368]                                                                                                                                                                        0000000071fdc724
Thread   C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3256:364]                                                                                                                                                                         0000000077c53e45
Thread   C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3256:1452]                                                                                                                                                                        0000000074bb62ee
Thread   C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3256:752]                                                                                                                                                                         0000000071fdc724
Thread   C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3256:2540]                                                                                                                                                                        0000000071fdc724
Thread   C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3256:3696]                                                                                                                                                                        0000000077c53e45
Thread   C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3256:1636]                                                                                                                                                                        0000000077c53e45
---- Processes - GMER 2.0 ----

Library  ? (*** suspicious ***) @ C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [1280]                                                                                                                                                0000000074040000
Library  ? (*** suspicious ***) @ C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe [1852]                                                                                                                                      0000000072d80000
Library  ? (*** suspicious ***) @ C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [1904]                                                                                                                                              0000000074000000
Library  ? (*** suspicious ***) @ C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [2860]                                                                                                                                                0000000076840000
Library  ? (*** suspicious ***) @ C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe [2944]                                                                                                                                           0000000076210000

---- Registry - GMER 2.0 ----

Reg      HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0026b654eb87                                                                                                                                                           
Reg      HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0026b654edff                                                                                                                                                           
Reg      HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0026b654f56e                                                                                                                                                           
Reg      HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0026b654f652                                                                                                                                                           
Reg      HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0026b66b6864                                                                                                                                                           
Reg      HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0026b66b6982                                                                                                                                                           
Reg      HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0026b654eb87 (not active ControlSet)                                                                                                                                       
Reg      HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0026b654edff (not active ControlSet)                                                                                                                                       
Reg      HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0026b654f56e (not active ControlSet)                                                                                                                                       
Reg      HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0026b654f652 (not active ControlSet)                                                                                                                                       
Reg      HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0026b66b6864 (not active ControlSet)                                                                                                                                       
Reg      HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0026b66b6982 (not active ControlSet)                                                                                                                                       

---- Disk sectors - GMER 2.0 ----

Disk     \Device\Harddisk0\DR0                                                                                                                                                                                                                 unknown MBR code

---- EOF - GMER 2.0 ----
         
Antivir ergab dieses:

Code:
ATTFilter
Exportierte Ereignisse:

24.01.2013 10:44 [System Scanner] Malware gefunden
      Die Datei 'C:\Users\marijke\Downloads\Daten_23.01.2013.zip'
      enthielt einen Virus oder unerwünschtes Programm 'TR/Matsnu.EB.98' [trojan].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '54eaa286.qua' 
      verschoben!
         
Schonmal vielen Dank!

Alt 29.01.2013, 14:44   #5
markusg
/// Malware-holic
 
TR/Matsnu.EB.98 in C:\Users\marijke\Downloads\Daten_23.01.2013.zip - Standard

TR/Matsnu.EB.98 in C:\Users\marijke\Downloads\Daten_23.01.2013.zip



hi
da habt ihr wohl glück gehabt.
in zukunft trotzdem verdächtige Mails an uns, und freunde warnen.
gibt trotzdem noch was, dass mir nicht gefällt.
download tdss killer:
http://www.trojaner-board.de/82358-t...entfernen.html
Klicke auf Change parameters
• Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system
• Klick auf OK und anschließend auf Start scan
- bei funden erst mal immer skip wählen, log posten
c: öffnen, tdsskiller-datum-version.txt öffnen, Inhalt posten

__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 29.01.2013, 21:27   #6
herrschmacko
 
TR/Matsnu.EB.98 in C:\Users\marijke\Downloads\Daten_23.01.2013.zip - Standard

TR/Matsnu.EB.98 in C:\Users\marijke\Downloads\Daten_23.01.2013.zip



bin leider erst seitdem wir den trojaner drauf haben auf euer board aufmerksam geworden. genial was ihr macht.
so hier tdsskiller log:

Code:
ATTFilter
22:22:22.0525 2460  TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
22:22:22.0681 2460  ============================================================
22:22:22.0681 2460  Current date / time: 2013/01/29 22:22:22.0681
22:22:22.0681 2460  SystemInfo:
22:22:22.0681 2460  
22:22:22.0681 2460  OS Version: 6.1.7601 ServicePack: 1.0
22:22:22.0681 2460  Product type: Workstation
22:22:22.0681 2460  ComputerName: MARIJKE-PC
22:22:22.0681 2460  UserName: marijke
22:22:22.0681 2460  Windows directory: C:\windows
22:22:22.0681 2460  System windows directory: C:\windows
22:22:22.0681 2460  Running under WOW64
22:22:22.0681 2460  Processor architecture: Intel x64
22:22:22.0681 2460  Number of processors: 4
22:22:22.0681 2460  Page size: 0x1000
22:22:22.0681 2460  Boot type: Normal boot
22:22:22.0681 2460  ============================================================
22:22:23.0430 2460  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:22:23.0430 2460  ============================================================
22:22:23.0430 2460  \Device\Harddisk0\DR0:
22:22:23.0430 2460  MBR partitions:
22:22:23.0430 2460  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2800800, BlocksNum 0x32000
22:22:23.0430 2460  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x2832800, BlocksNum 0x16600000
22:22:23.0445 2460  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x18E33000, BlocksNum 0x21552800
22:22:23.0445 2460  ============================================================
22:22:23.0477 2460  C: <-> \Device\Harddisk0\DR0\Partition2
22:22:23.0508 2460  D: <-> \Device\Harddisk0\DR0\Partition3
22:22:23.0508 2460  ============================================================
22:22:23.0508 2460  Initialize success
22:22:23.0508 2460  ============================================================
22:24:08.0829 0604  ============================================================
22:24:08.0829 0604  Scan started
22:24:08.0829 0604  Mode: Manual; SigCheck; TDLFS; 
22:24:08.0829 0604  ============================================================
22:24:09.0079 0604  ================ Scan system memory ========================
22:24:09.0079 0604  System memory - ok
22:24:09.0079 0604  ================ Scan services =============================
22:24:09.0297 0604  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\windows\system32\drivers\1394ohci.sys
22:24:09.0406 0604  1394ohci - ok
22:24:09.0469 0604  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\windows\system32\drivers\ACPI.sys
22:24:09.0516 0604  ACPI - ok
22:24:09.0562 0604  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\windows\system32\drivers\acpipmi.sys
22:24:09.0609 0604  AcpiPmi - ok
22:24:09.0718 0604  [ B1EA9681502EE57F87DB71D726288A5B ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
22:24:09.0750 0604  AdobeARMservice - ok
22:24:09.0828 0604  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\windows\system32\DRIVERS\adp94xx.sys
22:24:09.0874 0604  adp94xx - ok
22:24:09.0890 0604  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\windows\system32\DRIVERS\adpahci.sys
22:24:09.0937 0604  adpahci - ok
22:24:09.0952 0604  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\windows\system32\DRIVERS\adpu320.sys
22:24:09.0984 0604  adpu320 - ok
22:24:10.0015 0604  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\windows\System32\aelupsvc.dll
22:24:10.0140 0604  AeLookupSvc - ok
22:24:10.0202 0604  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\windows\system32\drivers\afd.sys
22:24:10.0249 0604  AFD - ok
22:24:10.0296 0604  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\windows\system32\drivers\agp440.sys
22:24:10.0327 0604  agp440 - ok
22:24:10.0358 0604  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\windows\System32\alg.exe
22:24:10.0436 0604  ALG - ok
22:24:10.0483 0604  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\windows\system32\drivers\aliide.sys
22:24:10.0514 0604  aliide - ok
22:24:10.0530 0604  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\windows\system32\drivers\amdide.sys
22:24:10.0545 0604  amdide - ok
22:24:10.0592 0604  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\windows\system32\DRIVERS\amdk8.sys
22:24:10.0623 0604  AmdK8 - ok
22:24:10.0639 0604  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\windows\system32\DRIVERS\amdppm.sys
22:24:10.0701 0604  AmdPPM - ok
22:24:10.0748 0604  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\windows\system32\drivers\amdsata.sys
22:24:10.0779 0604  amdsata - ok
22:24:10.0810 0604  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\windows\system32\DRIVERS\amdsbs.sys
22:24:10.0857 0604  amdsbs - ok
22:24:10.0873 0604  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\windows\system32\drivers\amdxata.sys
22:24:10.0904 0604  amdxata - ok
22:24:11.0013 0604  [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
22:24:11.0029 0604  AntiVirSchedulerService - ok
22:24:11.0076 0604  [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService  C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
22:24:11.0107 0604  AntiVirService - ok
22:24:11.0138 0604  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\windows\system32\drivers\appid.sys
22:24:11.0263 0604  AppID - ok
22:24:11.0278 0604  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\windows\System32\appidsvc.dll
22:24:11.0388 0604  AppIDSvc - ok
22:24:11.0434 0604  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\windows\System32\appinfo.dll
22:24:11.0512 0604  Appinfo - ok
22:24:11.0544 0604  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\windows\system32\DRIVERS\arc.sys
22:24:11.0575 0604  arc - ok
22:24:11.0590 0604  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\windows\system32\DRIVERS\arcsas.sys
22:24:11.0622 0604  arcsas - ok
22:24:11.0653 0604  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\windows\system32\DRIVERS\asyncmac.sys
22:24:11.0746 0604  AsyncMac - ok
22:24:11.0793 0604  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\windows\system32\drivers\atapi.sys
22:24:11.0824 0604  atapi - ok
22:24:11.0902 0604  [ 2C0BB386E86670BB1B1A57CAAEF3E50D ] athr            C:\windows\system32\DRIVERS\athrx.sys
22:24:12.0027 0604  athr - ok
22:24:12.0090 0604  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
22:24:12.0168 0604  AudioEndpointBuilder - ok
22:24:12.0183 0604  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\windows\System32\Audiosrv.dll
22:24:12.0277 0604  AudioSrv - ok
22:24:12.0370 0604  [ 26E38B5A58C6C55FAFBC563EEDDB0867 ] avgntflt        C:\windows\system32\DRIVERS\avgntflt.sys
22:24:12.0402 0604  avgntflt - ok
22:24:12.0480 0604  [ 9D1F00BEFF84CBBF46D7F052BC7E0565 ] avipbb          C:\windows\system32\DRIVERS\avipbb.sys
22:24:12.0511 0604  avipbb - ok
22:24:12.0573 0604  [ 248DB59FC86DE44D2779F4C7FB1A567D ] avkmgr          C:\windows\system32\DRIVERS\avkmgr.sys
22:24:12.0604 0604  avkmgr - ok
22:24:12.0636 0604  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\windows\System32\AxInstSV.dll
22:24:12.0745 0604  AxInstSV - ok
22:24:12.0792 0604  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\windows\system32\DRIVERS\bxvbda.sys
22:24:12.0870 0604  b06bdrv - ok
22:24:12.0916 0604  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\windows\system32\DRIVERS\b57nd60a.sys
22:24:12.0979 0604  b57nd60a - ok
22:24:13.0041 0604  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\windows\System32\bdesvc.dll
22:24:13.0104 0604  BDESVC - ok
22:24:13.0135 0604  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\windows\system32\drivers\Beep.sys
22:24:13.0228 0604  Beep - ok
22:24:13.0306 0604  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\windows\System32\bfe.dll
22:24:13.0416 0604  BFE - ok
22:24:13.0462 0604  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\windows\System32\qmgr.dll
22:24:13.0603 0604  BITS - ok
22:24:13.0634 0604  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\windows\system32\DRIVERS\blbdrive.sys
22:24:13.0681 0604  blbdrive - ok
22:24:13.0728 0604  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\windows\system32\DRIVERS\bowser.sys
22:24:13.0759 0604  bowser - ok
22:24:13.0790 0604  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\windows\system32\DRIVERS\BrFiltLo.sys
22:24:13.0821 0604  BrFiltLo - ok
22:24:13.0852 0604  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\windows\system32\DRIVERS\BrFiltUp.sys
22:24:13.0884 0604  BrFiltUp - ok
22:24:13.0915 0604  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\windows\System32\browser.dll
22:24:13.0977 0604  Browser - ok
22:24:14.0008 0604  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\windows\System32\Drivers\Brserid.sys
22:24:14.0086 0604  Brserid - ok
22:24:14.0086 0604  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\windows\System32\Drivers\BrSerWdm.sys
22:24:14.0133 0604  BrSerWdm - ok
22:24:14.0164 0604  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\windows\System32\Drivers\BrUsbMdm.sys
22:24:14.0227 0604  BrUsbMdm - ok
22:24:14.0242 0604  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\windows\System32\Drivers\BrUsbSer.sys
22:24:14.0274 0604  BrUsbSer - ok
22:24:14.0336 0604  [ CF98190A94F62E405C8CB255018B2315 ] BthEnum         C:\windows\system32\drivers\BthEnum.sys
22:24:14.0430 0604  BthEnum - ok
22:24:14.0461 0604  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\windows\system32\DRIVERS\bthmodem.sys
22:24:14.0508 0604  BTHMODEM - ok
22:24:14.0554 0604  [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan          C:\windows\system32\DRIVERS\bthpan.sys
22:24:14.0601 0604  BthPan - ok
22:24:14.0679 0604  [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT         C:\windows\System32\Drivers\BTHport.sys
22:24:14.0757 0604  BTHPORT - ok
22:24:14.0788 0604  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\windows\system32\bthserv.dll
22:24:14.0898 0604  bthserv - ok
22:24:14.0929 0604  [ F188B7394D81010767B6DF3178519A37 ] BTHUSB          C:\windows\System32\Drivers\BTHUSB.sys
22:24:14.0976 0604  BTHUSB - ok
22:24:15.0007 0604  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\windows\system32\DRIVERS\cdfs.sys
22:24:15.0100 0604  cdfs - ok
22:24:15.0147 0604  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\windows\system32\drivers\cdrom.sys
22:24:15.0194 0604  cdrom - ok
22:24:15.0241 0604  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\windows\System32\certprop.dll
22:24:15.0350 0604  CertPropSvc - ok
22:24:15.0381 0604  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\windows\system32\DRIVERS\circlass.sys
22:24:15.0444 0604  circlass - ok
22:24:15.0475 0604  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\windows\system32\CLFS.sys
22:24:15.0522 0604  CLFS - ok
22:24:15.0584 0604  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:24:15.0600 0604  clr_optimization_v2.0.50727_32 - ok
22:24:15.0678 0604  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
22:24:15.0693 0604  clr_optimization_v2.0.50727_64 - ok
22:24:15.0771 0604  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:24:15.0818 0604  clr_optimization_v4.0.30319_32 - ok
22:24:15.0849 0604  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
22:24:15.0880 0604  clr_optimization_v4.0.30319_64 - ok
22:24:15.0912 0604  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\windows\system32\DRIVERS\CmBatt.sys
22:24:15.0958 0604  CmBatt - ok
22:24:15.0990 0604  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\windows\system32\drivers\cmdide.sys
22:24:16.0005 0604  cmdide - ok
22:24:16.0068 0604  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG             C:\windows\system32\Drivers\cng.sys
22:24:16.0114 0604  CNG - ok
22:24:16.0177 0604  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\windows\system32\DRIVERS\compbatt.sys
22:24:16.0208 0604  Compbatt - ok
22:24:16.0255 0604  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\windows\system32\drivers\CompositeBus.sys
22:24:16.0286 0604  CompositeBus - ok
22:24:16.0302 0604  COMSysApp - ok
22:24:16.0333 0604  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\windows\system32\DRIVERS\crcdisk.sys
22:24:16.0364 0604  crcdisk - ok
22:24:16.0411 0604  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\windows\system32\cryptsvc.dll
22:24:16.0458 0604  CryptSvc - ok
22:24:16.0520 0604  [ BA8E5B2291C01EF71CA80E25F0C79D55 ] ctxusbm         C:\windows\system32\DRIVERS\ctxusbm.sys
22:24:16.0551 0604  ctxusbm - ok
22:24:16.0660 0604  [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc          C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
22:24:16.0723 0604  cvhsvc - ok
22:24:16.0770 0604  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\windows\system32\rpcss.dll
22:24:16.0879 0604  DcomLaunch - ok
22:24:16.0910 0604  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\windows\System32\defragsvc.dll
22:24:16.0988 0604  defragsvc - ok
22:24:17.0035 0604  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\windows\system32\Drivers\dfsc.sys
22:24:17.0128 0604  DfsC - ok
22:24:17.0175 0604  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\windows\system32\dhcpcore.dll
22:24:17.0238 0604  Dhcp - ok
22:24:17.0269 0604  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\windows\system32\drivers\discache.sys
22:24:17.0362 0604  discache - ok
22:24:17.0409 0604  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\windows\system32\DRIVERS\disk.sys
22:24:17.0440 0604  Disk - ok
22:24:17.0472 0604  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\windows\System32\dnsrslvr.dll
22:24:17.0534 0604  Dnscache - ok
22:24:17.0581 0604  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\windows\System32\dot3svc.dll
22:24:17.0690 0604  dot3svc - ok
22:24:17.0721 0604  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\windows\system32\dps.dll
22:24:17.0799 0604  DPS - ok
22:24:17.0846 0604  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\windows\system32\drivers\drmkaud.sys
22:24:17.0877 0604  drmkaud - ok
22:24:17.0924 0604  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\windows\System32\drivers\dxgkrnl.sys
22:24:18.0002 0604  DXGKrnl - ok
22:24:18.0033 0604  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\windows\System32\eapsvc.dll
22:24:18.0142 0604  EapHost - ok
22:24:18.0236 0604  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\windows\system32\DRIVERS\evbda.sys
22:24:18.0423 0604  ebdrv - ok
22:24:18.0470 0604  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\windows\System32\lsass.exe
22:24:18.0517 0604  EFS - ok
22:24:18.0595 0604  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\windows\ehome\ehRecvr.exe
22:24:18.0688 0604  ehRecvr - ok
22:24:18.0720 0604  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\windows\ehome\ehsched.exe
22:24:18.0766 0604  ehSched - ok
22:24:18.0829 0604  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\windows\system32\DRIVERS\elxstor.sys
22:24:18.0876 0604  elxstor - ok
22:24:18.0907 0604  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\windows\system32\drivers\errdev.sys
22:24:18.0954 0604  ErrDev - ok
22:24:19.0016 0604  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\windows\system32\es.dll
22:24:19.0141 0604  EventSystem - ok
22:24:19.0156 0604  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\windows\system32\drivers\exfat.sys
22:24:19.0250 0604  exfat - ok
22:24:19.0297 0604  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\windows\system32\drivers\fastfat.sys
22:24:19.0375 0604  fastfat - ok
22:24:19.0437 0604  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\windows\system32\fxssvc.exe
22:24:19.0531 0604  Fax - ok
22:24:19.0562 0604  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\windows\system32\DRIVERS\fdc.sys
22:24:19.0578 0604  fdc - ok
22:24:19.0624 0604  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\windows\system32\fdPHost.dll
22:24:19.0702 0604  fdPHost - ok
22:24:19.0734 0604  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\windows\system32\fdrespub.dll
22:24:19.0812 0604  FDResPub - ok
22:24:19.0858 0604  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\windows\system32\drivers\fileinfo.sys
22:24:19.0890 0604  FileInfo - ok
22:24:19.0905 0604  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\windows\system32\drivers\filetrace.sys
22:24:20.0014 0604  Filetrace - ok
22:24:20.0046 0604  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\windows\system32\DRIVERS\flpydisk.sys
22:24:20.0077 0604  flpydisk - ok
22:24:20.0108 0604  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\windows\system32\drivers\fltmgr.sys
22:24:20.0139 0604  FltMgr - ok
22:24:20.0170 0604  [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache       C:\windows\system32\FntCache.dll
22:24:20.0264 0604  FontCache - ok
22:24:20.0326 0604  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
22:24:20.0342 0604  FontCache3.0.0.0 - ok
22:24:20.0389 0604  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\windows\system32\drivers\FsDepends.sys
22:24:20.0420 0604  FsDepends - ok
22:24:20.0467 0604  [ 2BF3B36B96D015AF666B6AA63AE2E38F ] fssfltr         C:\windows\system32\DRIVERS\fssfltr.sys
22:24:20.0498 0604  fssfltr - ok
22:24:20.0576 0604  [ 45B52394F9624237F33A8A3D73C0B221 ] fsssvc          C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
22:24:20.0623 0604  fsssvc - ok
22:24:20.0670 0604  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\windows\system32\drivers\Fs_Rec.sys
22:24:20.0701 0604  Fs_Rec - ok
22:24:20.0763 0604  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\windows\system32\DRIVERS\fvevol.sys
22:24:20.0810 0604  fvevol - ok
22:24:20.0872 0604  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\windows\system32\DRIVERS\gagp30kx.sys
22:24:20.0888 0604  gagp30kx - ok
22:24:20.0935 0604  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\windows\System32\gpsvc.dll
22:24:21.0028 0604  gpsvc - ok
22:24:21.0044 0604  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\windows\system32\drivers\hcw85cir.sys
22:24:21.0106 0604  hcw85cir - ok
22:24:21.0153 0604  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
22:24:21.0216 0604  HdAudAddService - ok
22:24:21.0262 0604  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\windows\system32\drivers\HDAudBus.sys
22:24:21.0309 0604  HDAudBus - ok
22:24:21.0325 0604  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\windows\system32\DRIVERS\HidBatt.sys
22:24:21.0356 0604  HidBatt - ok
22:24:21.0372 0604  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\windows\system32\DRIVERS\hidbth.sys
22:24:21.0418 0604  HidBth - ok
22:24:21.0450 0604  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\windows\system32\DRIVERS\hidir.sys
22:24:21.0481 0604  HidIr - ok
22:24:21.0496 0604  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\windows\system32\hidserv.dll
22:24:21.0590 0604  hidserv - ok
22:24:21.0652 0604  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\windows\system32\DRIVERS\hidusb.sys
22:24:21.0684 0604  HidUsb - ok
22:24:21.0730 0604  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\windows\system32\kmsvc.dll
22:24:21.0840 0604  hkmsvc - ok
22:24:21.0886 0604  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\windows\system32\ListSvc.dll
22:24:21.0933 0604  HomeGroupListener - ok
22:24:21.0949 0604  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\windows\system32\provsvc.dll
22:24:21.0980 0604  HomeGroupProvider - ok
22:24:22.0027 0604  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\windows\system32\drivers\HpSAMD.sys
22:24:22.0042 0604  HpSAMD - ok
22:24:22.0074 0604  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\windows\system32\drivers\HTTP.sys
22:24:22.0183 0604  HTTP - ok
22:24:22.0214 0604  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\windows\system32\drivers\hwpolicy.sys
22:24:22.0245 0604  hwpolicy - ok
22:24:22.0292 0604  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\windows\system32\drivers\i8042prt.sys
22:24:22.0308 0604  i8042prt - ok
22:24:22.0339 0604  [ A5F72BB0D024E7E463344105BE613AE4 ] iaStor          C:\windows\system32\DRIVERS\iaStor.sys
22:24:22.0370 0604  iaStor - ok
22:24:22.0417 0604  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\windows\system32\drivers\iaStorV.sys
22:24:22.0464 0604  iaStorV - ok
22:24:22.0526 0604  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
22:24:22.0588 0604  idsvc - ok
22:24:22.0776 0604  [ A87261EF1546325B559374F5689CF5BC ] igfx            C:\windows\system32\DRIVERS\igdkmd64.sys
22:24:23.0010 0604  igfx - ok
22:24:23.0041 0604  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\windows\system32\DRIVERS\iirsp.sys
22:24:23.0072 0604  iirsp - ok
22:24:23.0119 0604  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\windows\System32\ikeext.dll
22:24:23.0244 0604  IKEEXT - ok
22:24:23.0275 0604  [ DD587A55390ED2295BCE6D36AD567DA9 ] Impcd           C:\windows\system32\DRIVERS\Impcd.sys
22:24:23.0322 0604  Impcd - ok
22:24:23.0431 0604  [ 801946CE25DD2179FE68599826B0BB88 ] IntcAzAudAddService C:\windows\system32\drivers\RTKVHD64.sys
22:24:23.0540 0604  IntcAzAudAddService - ok
22:24:23.0587 0604  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\windows\system32\drivers\intelide.sys
22:24:23.0618 0604  intelide - ok
22:24:23.0649 0604  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\windows\system32\DRIVERS\intelppm.sys
22:24:23.0696 0604  intelppm - ok
22:24:23.0743 0604  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\windows\system32\ipbusenum.dll
22:24:23.0852 0604  IPBusEnum - ok
22:24:23.0883 0604  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\windows\system32\DRIVERS\ipfltdrv.sys
22:24:23.0992 0604  IpFilterDriver - ok
22:24:24.0039 0604  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\windows\System32\iphlpsvc.dll
22:24:24.0102 0604  iphlpsvc - ok
22:24:24.0133 0604  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\windows\system32\drivers\IPMIDrv.sys
22:24:24.0180 0604  IPMIDRV - ok
22:24:24.0211 0604  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\windows\system32\drivers\ipnat.sys
22:24:24.0304 0604  IPNAT - ok
22:24:24.0320 0604  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\windows\system32\drivers\irenum.sys
22:24:24.0367 0604  IRENUM - ok
22:24:24.0398 0604  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\windows\system32\drivers\isapnp.sys
22:24:24.0429 0604  isapnp - ok
22:24:24.0460 0604  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\windows\system32\drivers\msiscsi.sys
22:24:24.0507 0604  iScsiPrt - ok
22:24:24.0523 0604  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\windows\system32\drivers\kbdclass.sys
22:24:24.0554 0604  kbdclass - ok
22:24:24.0585 0604  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\windows\system32\drivers\kbdhid.sys
22:24:24.0616 0604  kbdhid - ok
22:24:24.0632 0604  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\windows\system32\lsass.exe
22:24:24.0648 0604  KeyIso - ok
22:24:24.0679 0604  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\windows\system32\Drivers\ksecdd.sys
22:24:24.0710 0604  KSecDD - ok
22:24:24.0726 0604  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg         C:\windows\system32\Drivers\ksecpkg.sys
22:24:24.0757 0604  KSecPkg - ok
22:24:24.0804 0604  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\windows\system32\drivers\ksthunk.sys
22:24:24.0897 0604  ksthunk - ok
22:24:24.0913 0604  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\windows\system32\msdtckrm.dll
22:24:25.0006 0604  KtmRm - ok
22:24:25.0038 0604  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\windows\system32\srvsvc.dll
22:24:25.0147 0604  LanmanServer - ok
22:24:25.0194 0604  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\windows\System32\wkssvc.dll
22:24:25.0287 0604  LanmanWorkstation - ok
22:24:25.0318 0604  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\windows\system32\DRIVERS\lltdio.sys
22:24:25.0412 0604  lltdio - ok
22:24:25.0443 0604  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\windows\System32\lltdsvc.dll
22:24:25.0537 0604  lltdsvc - ok
22:24:25.0568 0604  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\windows\System32\lmhsvc.dll
22:24:25.0630 0604  lmhosts - ok
22:24:25.0693 0604  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\windows\system32\DRIVERS\lsi_fc.sys
22:24:25.0708 0604  LSI_FC - ok
22:24:25.0724 0604  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\windows\system32\DRIVERS\lsi_sas.sys
22:24:25.0755 0604  LSI_SAS - ok
22:24:25.0771 0604  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\windows\system32\DRIVERS\lsi_sas2.sys
22:24:25.0802 0604  LSI_SAS2 - ok
22:24:25.0818 0604  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\windows\system32\DRIVERS\lsi_scsi.sys
22:24:25.0833 0604  LSI_SCSI - ok
22:24:25.0849 0604  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\windows\system32\drivers\luafv.sys
22:24:25.0942 0604  luafv - ok
22:24:26.0005 0604  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\windows\system32\Mcx2Svc.dll
22:24:26.0036 0604  Mcx2Svc - ok
22:24:26.0052 0604  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\windows\system32\DRIVERS\megasas.sys
22:24:26.0067 0604  megasas - ok
22:24:26.0083 0604  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\windows\system32\DRIVERS\MegaSR.sys
22:24:26.0130 0604  MegaSR - ok
22:24:26.0145 0604  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\windows\system32\mmcss.dll
22:24:26.0254 0604  MMCSS - ok
22:24:26.0270 0604  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\windows\system32\drivers\modem.sys
22:24:26.0332 0604  Modem - ok
22:24:26.0364 0604  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\windows\system32\DRIVERS\monitor.sys
22:24:26.0410 0604  monitor - ok
22:24:26.0442 0604  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\windows\system32\DRIVERS\mouclass.sys
22:24:26.0473 0604  mouclass - ok
22:24:26.0504 0604  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\windows\system32\DRIVERS\mouhid.sys
22:24:26.0535 0604  mouhid - ok
22:24:26.0566 0604  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\windows\system32\drivers\mountmgr.sys
22:24:26.0598 0604  mountmgr - ok
22:24:26.0676 0604  [ 9C3758018DED02F4AE53CCA1C5F084A2 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
22:24:26.0707 0604  MozillaMaintenance - ok
22:24:26.0785 0604  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\windows\system32\drivers\mpio.sys
22:24:26.0816 0604  mpio - ok
22:24:26.0847 0604  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\windows\system32\drivers\mpsdrv.sys
22:24:26.0910 0604  mpsdrv - ok
22:24:26.0972 0604  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\windows\system32\mpssvc.dll
22:24:27.0097 0604  MpsSvc - ok
22:24:27.0128 0604  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\windows\system32\drivers\mrxdav.sys
22:24:27.0175 0604  MRxDAV - ok
22:24:27.0206 0604  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\windows\system32\DRIVERS\mrxsmb.sys
22:24:27.0237 0604  mrxsmb - ok
22:24:27.0268 0604  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\windows\system32\DRIVERS\mrxsmb10.sys
22:24:27.0315 0604  mrxsmb10 - ok
22:24:27.0331 0604  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\windows\system32\DRIVERS\mrxsmb20.sys
22:24:27.0362 0604  mrxsmb20 - ok
22:24:27.0393 0604  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\windows\system32\drivers\msahci.sys
22:24:27.0424 0604  msahci - ok
22:24:27.0440 0604  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\windows\system32\drivers\msdsm.sys
22:24:27.0487 0604  msdsm - ok
22:24:27.0502 0604  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\windows\System32\msdtc.exe
22:24:27.0534 0604  MSDTC - ok
22:24:27.0580 0604  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\windows\system32\drivers\Msfs.sys
22:24:27.0690 0604  Msfs - ok
22:24:27.0705 0604  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\windows\System32\drivers\mshidkmdf.sys
22:24:27.0799 0604  mshidkmdf - ok
22:24:27.0830 0604  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\windows\system32\drivers\msisadrv.sys
22:24:27.0861 0604  msisadrv - ok
22:24:27.0892 0604  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\windows\system32\iscsiexe.dll
22:24:27.0970 0604  MSiSCSI - ok
22:24:27.0970 0604  msiserver - ok
22:24:28.0017 0604  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\windows\system32\drivers\MSKSSRV.sys
22:24:28.0095 0604  MSKSSRV - ok
22:24:28.0126 0604  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\windows\system32\drivers\MSPCLOCK.sys
22:24:28.0204 0604  MSPCLOCK - ok
22:24:28.0220 0604  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\windows\system32\drivers\MSPQM.sys
22:24:28.0314 0604  MSPQM - ok
22:24:28.0345 0604  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\windows\system32\drivers\MsRPC.sys
22:24:28.0392 0604  MsRPC - ok
22:24:28.0423 0604  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\windows\system32\drivers\mssmbios.sys
22:24:28.0454 0604  mssmbios - ok
22:24:28.0485 0604  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\windows\system32\drivers\MSTEE.sys
22:24:28.0579 0604  MSTEE - ok
22:24:28.0594 0604  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\windows\system32\DRIVERS\MTConfig.sys
22:24:28.0610 0604  MTConfig - ok
22:24:28.0626 0604  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\windows\system32\Drivers\mup.sys
22:24:28.0657 0604  Mup - ok
22:24:28.0704 0604  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\windows\system32\qagentRT.dll
22:24:28.0797 0604  napagent - ok
22:24:28.0844 0604  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\windows\system32\DRIVERS\nwifi.sys
22:24:28.0875 0604  NativeWifiP - ok
22:24:28.0922 0604  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\windows\system32\drivers\ndis.sys
22:24:28.0984 0604  NDIS - ok
22:24:29.0016 0604  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\windows\system32\DRIVERS\ndiscap.sys
22:24:29.0094 0604  NdisCap - ok
22:24:29.0125 0604  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\windows\system32\DRIVERS\ndistapi.sys
22:24:29.0218 0604  NdisTapi - ok
22:24:29.0281 0604  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\windows\system32\DRIVERS\ndisuio.sys
22:24:29.0359 0604  Ndisuio - ok
22:24:29.0406 0604  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\windows\system32\DRIVERS\ndiswan.sys
22:24:29.0499 0604  NdisWan - ok
22:24:29.0546 0604  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\windows\system32\drivers\NDProxy.sys
22:24:29.0640 0604  NDProxy - ok
22:24:29.0671 0604  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\windows\system32\DRIVERS\netbios.sys
22:24:29.0764 0604  NetBIOS - ok
22:24:29.0811 0604  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\windows\system32\DRIVERS\netbt.sys
22:24:29.0889 0604  NetBT - ok
22:24:29.0905 0604  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\windows\system32\lsass.exe
22:24:29.0936 0604  Netlogon - ok
22:24:29.0967 0604  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\windows\System32\netman.dll
22:24:30.0061 0604  Netman - ok
22:24:30.0092 0604  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\windows\System32\netprofm.dll
22:24:30.0201 0604  netprofm - ok
22:24:30.0217 0604  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:24:30.0248 0604  NetTcpPortSharing - ok
22:24:30.0295 0604  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\windows\system32\DRIVERS\nfrd960.sys
22:24:30.0310 0604  nfrd960 - ok
22:24:30.0342 0604  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\windows\System32\nlasvc.dll
22:24:30.0388 0604  NlaSvc - ok
22:24:30.0404 0604  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\windows\system32\drivers\Npfs.sys
22:24:30.0482 0604  Npfs - ok
22:24:30.0513 0604  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\windows\system32\nsisvc.dll
22:24:30.0591 0604  nsi - ok
22:24:30.0607 0604  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\windows\system32\drivers\nsiproxy.sys
22:24:30.0700 0604  nsiproxy - ok
22:24:30.0778 0604  [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs            C:\windows\system32\drivers\Ntfs.sys
22:24:30.0888 0604  Ntfs - ok
22:24:30.0903 0604  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\windows\system32\drivers\Null.sys
22:24:31.0012 0604  Null - ok
22:24:31.0059 0604  [ CB599955CE2CE9694721562F9481CD84 ] NVHDA           C:\windows\system32\drivers\nvhda64v.sys
22:24:31.0075 0604  NVHDA - ok
22:24:31.0371 0604  [ A518A34F345ABF771E66AC48932FFEA8 ] nvlddmkm        C:\windows\system32\DRIVERS\nvlddmkm.sys
22:24:31.0761 0604  nvlddmkm - ok
22:24:31.0792 0604  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\windows\system32\drivers\nvraid.sys
22:24:31.0824 0604  nvraid - ok
22:24:31.0870 0604  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\windows\system32\drivers\nvstor.sys
22:24:31.0902 0604  nvstor - ok
22:24:31.0964 0604  [ 5FDEB48CD1A35C6754F6E345308B99D5 ] nvsvc           C:\windows\system32\nvvsvc.exe
22:24:31.0995 0604  nvsvc - ok
22:24:32.0042 0604  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\windows\system32\drivers\nv_agp.sys
22:24:32.0058 0604  nv_agp - ok
22:24:32.0089 0604  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\windows\system32\drivers\ohci1394.sys
22:24:32.0120 0604  ohci1394 - ok
22:24:32.0198 0604  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:24:32.0229 0604  ose - ok
22:24:32.0401 0604  [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
22:24:32.0635 0604  osppsvc - ok
22:24:32.0666 0604  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\windows\system32\pnrpsvc.dll
22:24:32.0728 0604  p2pimsvc - ok
22:24:32.0744 0604  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\windows\system32\p2psvc.dll
22:24:32.0791 0604  p2psvc - ok
22:24:32.0853 0604  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\windows\system32\DRIVERS\parport.sys
22:24:32.0900 0604  Parport - ok
22:24:32.0931 0604  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\windows\system32\drivers\partmgr.sys
22:24:32.0962 0604  partmgr - ok
22:24:32.0994 0604  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\windows\System32\pcasvc.dll
22:24:33.0040 0604  PcaSvc - ok
22:24:33.0087 0604  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\windows\system32\drivers\pci.sys
22:24:33.0118 0604  pci - ok
22:24:33.0165 0604  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\windows\system32\drivers\pciide.sys
22:24:33.0196 0604  pciide - ok
22:24:33.0228 0604  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\windows\system32\DRIVERS\pcmcia.sys
22:24:33.0274 0604  pcmcia - ok
22:24:33.0290 0604  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\windows\system32\drivers\pcw.sys
22:24:33.0321 0604  pcw - ok
22:24:33.0352 0604  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\windows\system32\drivers\peauth.sys
22:24:33.0446 0604  PEAUTH - ok
22:24:33.0555 0604  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\windows\SysWow64\perfhost.exe
22:24:33.0602 0604  PerfHost - ok
22:24:33.0664 0604  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\windows\system32\pla.dll
22:24:33.0805 0604  pla - ok
22:24:33.0852 0604  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\windows\system32\umpnpmgr.dll
22:24:33.0898 0604  PlugPlay - ok
22:24:33.0914 0604  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\windows\system32\pnrpauto.dll
22:24:33.0945 0604  PNRPAutoReg - ok
22:24:33.0976 0604  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\windows\system32\pnrpsvc.dll
22:24:34.0008 0604  PNRPsvc - ok
22:24:34.0054 0604  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\windows\System32\ipsecsvc.dll
22:24:34.0179 0604  PolicyAgent - ok
22:24:34.0226 0604  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\windows\system32\umpo.dll
22:24:34.0320 0604  Power - ok
22:24:34.0382 0604  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\windows\system32\DRIVERS\raspptp.sys
22:24:34.0460 0604  PptpMiniport - ok
22:24:34.0491 0604  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\windows\system32\DRIVERS\processr.sys
22:24:34.0538 0604  Processor - ok
22:24:34.0569 0604  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\windows\system32\profsvc.dll
22:24:34.0632 0604  ProfSvc - ok
22:24:34.0663 0604  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\windows\system32\lsass.exe
22:24:34.0678 0604  ProtectedStorage - ok
22:24:34.0741 0604  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\windows\system32\DRIVERS\pacer.sys
22:24:34.0834 0604  Psched - ok
22:24:34.0897 0604  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\windows\system32\DRIVERS\ql2300.sys
22:24:35.0006 0604  ql2300 - ok
22:24:35.0037 0604  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\windows\system32\DRIVERS\ql40xx.sys
22:24:35.0084 0604  ql40xx - ok
22:24:35.0115 0604  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\windows\system32\qwave.dll
22:24:35.0178 0604  QWAVE - ok
22:24:35.0193 0604  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\windows\system32\drivers\qwavedrv.sys
22:24:35.0240 0604  QWAVEdrv - ok
22:24:35.0256 0604  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\windows\system32\DRIVERS\rasacd.sys
22:24:35.0334 0604  RasAcd - ok
22:24:35.0380 0604  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\windows\system32\DRIVERS\AgileVpn.sys
22:24:35.0458 0604  RasAgileVpn - ok
22:24:35.0490 0604  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\windows\System32\rasauto.dll
22:24:35.0583 0604  RasAuto - ok
22:24:35.0614 0604  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\windows\system32\DRIVERS\rasl2tp.sys
22:24:35.0708 0604  Rasl2tp - ok
22:24:35.0755 0604  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\windows\System32\rasmans.dll
22:24:35.0880 0604  RasMan - ok
22:24:35.0926 0604  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\windows\system32\DRIVERS\raspppoe.sys
22:24:36.0020 0604  RasPppoe - ok
22:24:36.0036 0604  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\windows\system32\DRIVERS\rassstp.sys
22:24:36.0129 0604  RasSstp - ok
22:24:36.0160 0604  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\windows\system32\DRIVERS\rdbss.sys
22:24:36.0254 0604  rdbss - ok
22:24:36.0270 0604  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\windows\system32\DRIVERS\rdpbus.sys
22:24:36.0301 0604  rdpbus - ok
22:24:36.0316 0604  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\windows\system32\DRIVERS\RDPCDD.sys
22:24:36.0410 0604  RDPCDD - ok
22:24:36.0426 0604  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\windows\system32\drivers\rdpencdd.sys
22:24:36.0504 0604  RDPENCDD - ok
22:24:36.0535 0604  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\windows\system32\drivers\rdprefmp.sys
22:24:36.0613 0604  RDPREFMP - ok
22:24:36.0644 0604  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\windows\system32\drivers\RDPWD.sys
22:24:36.0675 0604  RDPWD - ok
22:24:36.0738 0604  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\windows\system32\drivers\rdyboost.sys
22:24:36.0769 0604  rdyboost - ok
22:24:36.0784 0604  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\windows\System32\mprdim.dll
22:24:36.0894 0604  RemoteAccess - ok
22:24:36.0925 0604  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\windows\system32\regsvc.dll
22:24:37.0018 0604  RemoteRegistry - ok
22:24:37.0081 0604  [ F85AE59A52885F4B09AADAFB23001A3B ] Rezip           C:\windows\SysWOW64\Rezip.exe
22:24:37.0112 0604  Rezip ( UnsignedFile.Multi.Generic ) - warning
22:24:37.0112 0604  Rezip - detected UnsignedFile.Multi.Generic (1)
22:24:37.0159 0604  [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM          C:\windows\system32\DRIVERS\rfcomm.sys
22:24:37.0221 0604  RFCOMM - ok
22:24:37.0284 0604  [ 7CCAEBCAB6FC1ED0206C07E083E79207 ] RichVideo       C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
22:24:37.0299 0604  RichVideo - ok
22:24:37.0330 0604  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\windows\System32\RpcEpMap.dll
22:24:37.0424 0604  RpcEptMapper - ok
22:24:37.0455 0604  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\windows\system32\locator.exe
22:24:37.0486 0604  RpcLocator - ok
22:24:37.0533 0604  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\windows\system32\rpcss.dll
22:24:37.0611 0604  RpcSs - ok
22:24:37.0642 0604  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\windows\system32\DRIVERS\rspndr.sys
22:24:37.0720 0604  rspndr - ok
22:24:37.0752 0604  [ BAEFEE35D27A5440D35092CE10267BEC ] RTL8167         C:\windows\system32\DRIVERS\Rt64win7.sys
22:24:37.0783 0604  RTL8167 - ok
22:24:37.0861 0604  [ 4CA0DBA9E224473D664C25E411F5A3BD ] rtport          C:\windows\SysWOW64\drivers\rtport.sys
22:24:37.0876 0604  rtport - ok
22:24:37.0923 0604  [ 62DB6CC4B0818F1B5F3441241B098F12 ] SABI            C:\windows\system32\Drivers\SABI.sys
22:24:37.0954 0604  SABI - ok
22:24:37.0970 0604  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\windows\system32\lsass.exe
22:24:38.0001 0604  SamSs - ok
22:24:38.0032 0604  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\windows\system32\drivers\sbp2port.sys
22:24:38.0064 0604  sbp2port - ok
22:24:38.0095 0604  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\windows\System32\SCardSvr.dll
22:24:38.0188 0604  SCardSvr - ok
22:24:38.0235 0604  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\windows\system32\DRIVERS\scfilter.sys
22:24:38.0329 0604  scfilter - ok
22:24:38.0391 0604  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\windows\system32\schedsvc.dll
22:24:38.0532 0604  Schedule - ok
22:24:38.0563 0604  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\windows\System32\certprop.dll
22:24:38.0625 0604  SCPolicySvc - ok
22:24:38.0656 0604  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\windows\System32\SDRSVC.dll
22:24:38.0719 0604  SDRSVC - ok
22:24:38.0766 0604  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\windows\system32\drivers\secdrv.sys
22:24:38.0859 0604  secdrv - ok
22:24:38.0890 0604  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\windows\system32\seclogon.dll
22:24:38.0953 0604  seclogon - ok
22:24:39.0000 0604  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\windows\System32\sens.dll
22:24:39.0093 0604  SENS - ok
22:24:39.0109 0604  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\windows\system32\sensrsvc.dll
22:24:39.0187 0604  SensrSvc - ok
22:24:39.0234 0604  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\windows\system32\DRIVERS\serenum.sys
22:24:39.0296 0604  Serenum - ok
22:24:39.0312 0604  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\windows\system32\DRIVERS\serial.sys
22:24:39.0358 0604  Serial - ok
22:24:39.0405 0604  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\windows\system32\DRIVERS\sermouse.sys
22:24:39.0436 0604  sermouse - ok
22:24:39.0483 0604  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\windows\system32\sessenv.dll
22:24:39.0592 0604  SessionEnv - ok
22:24:39.0639 0604  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\windows\system32\drivers\sffdisk.sys
22:24:39.0686 0604  sffdisk - ok
22:24:39.0702 0604  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\windows\system32\drivers\sffp_mmc.sys
22:24:39.0733 0604  sffp_mmc - ok
22:24:39.0748 0604  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\windows\system32\drivers\sffp_sd.sys
22:24:39.0795 0604  sffp_sd - ok
22:24:39.0826 0604  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\windows\system32\DRIVERS\sfloppy.sys
22:24:39.0873 0604  sfloppy - ok
22:24:39.0936 0604  [ C6CC9297BD53E5229653303E556AA539 ] Sftfs           C:\windows\system32\DRIVERS\Sftfslh.sys
22:24:39.0982 0604  Sftfs - ok
22:24:40.0060 0604  [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist         C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
22:24:40.0092 0604  sftlist - ok
22:24:40.0107 0604  [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay         C:\windows\system32\DRIVERS\Sftplaylh.sys
22:24:40.0138 0604  Sftplay - ok
22:24:40.0170 0604  [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir        C:\windows\system32\DRIVERS\Sftredirlh.sys
22:24:40.0201 0604  Sftredir - ok
22:24:40.0232 0604  [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol          C:\windows\system32\DRIVERS\Sftvollh.sys
22:24:40.0263 0604  Sftvol - ok
22:24:40.0279 0604  [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa          C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
22:24:40.0310 0604  sftvsa - ok
22:24:40.0341 0604  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\windows\System32\ipnathlp.dll
22:24:40.0450 0604  SharedAccess - ok
22:24:40.0497 0604  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\windows\System32\shsvcs.dll
22:24:40.0591 0604  ShellHWDetection - ok
22:24:40.0622 0604  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\windows\system32\DRIVERS\SiSRaid2.sys
22:24:40.0638 0604  SiSRaid2 - ok
22:24:40.0653 0604  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\windows\system32\DRIVERS\sisraid4.sys
22:24:40.0669 0604  SiSRaid4 - ok
22:24:40.0747 0604  [ A4FAB5F7818A69DA6E740943CB8F7CA9 ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
22:24:40.0840 0604  SkypeUpdate - ok
22:24:40.0856 0604  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\windows\system32\DRIVERS\smb.sys
22:24:40.0950 0604  Smb - ok
22:24:40.0996 0604  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\windows\System32\snmptrap.exe
22:24:41.0043 0604  SNMPTRAP - ok
22:24:41.0074 0604  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\windows\system32\drivers\spldr.sys
22:24:41.0106 0604  spldr - ok
22:24:41.0137 0604  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\windows\System32\spoolsv.exe
22:24:41.0199 0604  Spooler - ok
22:24:41.0293 0604  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\windows\system32\sppsvc.exe
22:24:41.0449 0604  sppsvc - ok
22:24:41.0480 0604  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\windows\system32\sppuinotify.dll
22:24:41.0558 0604  sppuinotify - ok
22:24:41.0605 0604  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\windows\system32\DRIVERS\srv.sys
22:24:41.0652 0604  srv - ok
22:24:41.0667 0604  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\windows\system32\DRIVERS\srv2.sys
22:24:41.0714 0604  srv2 - ok
22:24:41.0730 0604  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\windows\system32\DRIVERS\srvnet.sys
22:24:41.0761 0604  srvnet - ok
22:24:41.0792 0604  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\windows\System32\ssdpsrv.dll
22:24:41.0886 0604  SSDPSRV - ok
22:24:41.0901 0604  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\windows\system32\sstpsvc.dll
22:24:41.0995 0604  SstpSvc - ok
22:24:42.0026 0604  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\windows\system32\DRIVERS\stexstor.sys
22:24:42.0042 0604  stexstor - ok
22:24:42.0104 0604  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\windows\System32\wiaservc.dll
22:24:42.0182 0604  stisvc - ok
22:24:42.0198 0604  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\windows\system32\drivers\swenum.sys
22:24:42.0229 0604  swenum - ok
22:24:42.0260 0604  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\windows\System32\swprv.dll
22:24:42.0369 0604  swprv - ok
22:24:42.0432 0604  [ 3C80203C725C28CEA5713D1AB242880A ] SynTP           C:\windows\system32\DRIVERS\SynTP.sys
22:24:42.0463 0604  SynTP - ok
22:24:42.0541 0604  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\windows\system32\sysmain.dll
22:24:42.0650 0604  SysMain - ok
22:24:42.0681 0604  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\windows\System32\TabSvc.dll
22:24:42.0759 0604  TabletInputService - ok
22:24:42.0790 0604  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\windows\System32\tapisrv.dll
22:24:42.0915 0604  TapiSrv - ok
22:24:42.0946 0604  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\windows\System32\tbssvc.dll
22:24:43.0040 0604  TBS - ok
22:24:43.0118 0604  [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip           C:\windows\system32\drivers\tcpip.sys
22:24:43.0258 0604  Tcpip - ok
22:24:43.0305 0604  [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6          C:\windows\system32\DRIVERS\tcpip.sys
22:24:43.0383 0604  TCPIP6 - ok
22:24:43.0430 0604  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\windows\system32\drivers\tcpipreg.sys
22:24:43.0461 0604  tcpipreg - ok
22:24:43.0492 0604  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\windows\system32\drivers\tdpipe.sys
22:24:43.0539 0604  TDPIPE - ok
22:24:43.0570 0604  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\windows\system32\drivers\tdtcp.sys
22:24:43.0602 0604  TDTCP - ok
22:24:43.0633 0604  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\windows\system32\DRIVERS\tdx.sys
22:24:43.0726 0604  tdx - ok
22:24:43.0773 0604  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\windows\system32\drivers\termdd.sys
22:24:43.0804 0604  TermDD - ok
22:24:43.0867 0604  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\windows\System32\termsrv.dll
22:24:43.0976 0604  TermService - ok
22:24:44.0007 0604  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\windows\system32\themeservice.dll
22:24:44.0070 0604  Themes - ok
22:24:44.0101 0604  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\windows\system32\mmcss.dll
22:24:44.0179 0604  THREADORDER - ok
22:24:44.0179 0604  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\windows\System32\trkwks.dll
22:24:44.0288 0604  TrkWks - ok
22:24:44.0335 0604  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
22:24:44.0413 0604  TrustedInstaller - ok
22:24:44.0444 0604  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\windows\system32\DRIVERS\tssecsrv.sys
22:24:44.0553 0604  tssecsrv - ok
22:24:44.0600 0604  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\windows\system32\drivers\tsusbflt.sys
22:24:44.0647 0604  TsUsbFlt - ok
22:24:44.0694 0604  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\windows\system32\DRIVERS\tunnel.sys
22:24:44.0787 0604  tunnel - ok
22:24:44.0818 0604  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\windows\system32\DRIVERS\uagp35.sys
22:24:44.0850 0604  uagp35 - ok
22:24:44.0881 0604  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\windows\system32\DRIVERS\udfs.sys
22:24:44.0974 0604  udfs - ok
22:24:45.0006 0604  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\windows\system32\UI0Detect.exe
22:24:45.0052 0604  UI0Detect - ok
22:24:45.0068 0604  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\windows\system32\drivers\uliagpkx.sys
22:24:45.0084 0604  uliagpkx - ok
22:24:45.0099 0604  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\windows\system32\drivers\umbus.sys
22:24:45.0130 0604  umbus - ok
22:24:45.0177 0604  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\windows\system32\DRIVERS\umpass.sys
22:24:45.0224 0604  UmPass - ok
22:24:45.0271 0604  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\windows\System32\upnphost.dll
22:24:45.0396 0604  upnphost - ok
22:24:45.0442 0604  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\windows\system32\DRIVERS\usbccgp.sys
22:24:45.0489 0604  usbccgp - ok
22:24:45.0536 0604  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\windows\system32\drivers\usbcir.sys
22:24:45.0583 0604  usbcir - ok
22:24:45.0630 0604  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\windows\system32\drivers\usbehci.sys
22:24:45.0661 0604  usbehci - ok
22:24:45.0692 0604  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\windows\system32\DRIVERS\usbhub.sys
22:24:45.0708 0604  usbhub - ok
22:24:45.0754 0604  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\windows\system32\drivers\usbohci.sys
22:24:45.0786 0604  usbohci - ok
22:24:45.0801 0604  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\windows\system32\DRIVERS\usbprint.sys
22:24:45.0848 0604  usbprint - ok
22:24:45.0864 0604  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\windows\system32\DRIVERS\USBSTOR.SYS
22:24:45.0926 0604  USBSTOR - ok
22:24:45.0942 0604  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\windows\system32\drivers\usbuhci.sys
22:24:45.0957 0604  usbuhci - ok
22:24:46.0004 0604  [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo        C:\windows\System32\Drivers\usbvideo.sys
22:24:46.0051 0604  usbvideo - ok
22:24:46.0082 0604  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\windows\System32\uxsms.dll
22:24:46.0191 0604  UxSms - ok
22:24:46.0207 0604  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\windows\system32\lsass.exe
22:24:46.0222 0604  VaultSvc - ok
22:24:46.0254 0604  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\windows\system32\drivers\vdrvroot.sys
22:24:46.0285 0604  vdrvroot - ok
22:24:46.0332 0604  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\windows\System32\vds.exe
22:24:46.0441 0604  vds - ok
22:24:46.0488 0604  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\windows\system32\DRIVERS\vgapnp.sys
22:24:46.0519 0604  vga - ok
22:24:46.0550 0604  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\windows\System32\drivers\vga.sys
22:24:46.0628 0604  VgaSave - ok
22:24:46.0659 0604  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\windows\system32\drivers\vhdmp.sys
22:24:46.0706 0604  vhdmp - ok
22:24:46.0753 0604  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\windows\system32\drivers\viaide.sys
22:24:46.0768 0604  viaide - ok
22:24:46.0800 0604  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\windows\system32\drivers\volmgr.sys
22:24:46.0815 0604  volmgr - ok
22:24:46.0846 0604  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\windows\system32\drivers\volmgrx.sys
22:24:46.0909 0604  volmgrx - ok
22:24:46.0924 0604  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\windows\system32\drivers\volsnap.sys
22:24:46.0971 0604  volsnap - ok
22:24:47.0002 0604  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\windows\system32\DRIVERS\vsmraid.sys
22:24:47.0034 0604  vsmraid - ok
22:24:47.0112 0604  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\windows\system32\vssvc.exe
22:24:47.0268 0604  VSS - ok
22:24:47.0283 0604  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\windows\system32\DRIVERS\vwifibus.sys
22:24:47.0314 0604  vwifibus - ok
22:24:47.0346 0604  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\windows\system32\DRIVERS\vwififlt.sys
22:24:47.0408 0604  vwififlt - ok
22:24:47.0439 0604  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\windows\system32\w32time.dll
22:24:47.0564 0604  W32Time - ok
22:24:47.0580 0604  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\windows\system32\DRIVERS\wacompen.sys
22:24:47.0626 0604  WacomPen - ok
22:24:47.0673 0604  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\windows\system32\DRIVERS\wanarp.sys
22:24:47.0751 0604  WANARP - ok
22:24:47.0782 0604  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\windows\system32\DRIVERS\wanarp.sys
22:24:47.0845 0604  Wanarpv6 - ok
22:24:47.0923 0604  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\windows\system32\wbengine.exe
22:24:48.0032 0604  wbengine - ok
22:24:48.0063 0604  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\windows\System32\wbiosrvc.dll
22:24:48.0110 0604  WbioSrvc - ok
22:24:48.0141 0604  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\windows\System32\wcncsvc.dll
22:24:48.0204 0604  wcncsvc - ok
22:24:48.0204 0604  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
22:24:48.0250 0604  WcsPlugInService - ok
22:24:48.0282 0604  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\windows\system32\DRIVERS\wd.sys
22:24:48.0297 0604  Wd - ok
22:24:48.0344 0604  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\windows\system32\drivers\Wdf01000.sys
22:24:48.0391 0604  Wdf01000 - ok
22:24:48.0406 0604  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\windows\system32\wdi.dll
22:24:48.0500 0604  WdiServiceHost - ok
22:24:48.0500 0604  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\windows\system32\wdi.dll
22:24:48.0547 0604  WdiSystemHost - ok
22:24:48.0594 0604  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\windows\System32\webclnt.dll
22:24:48.0656 0604  WebClient - ok
22:24:48.0687 0604  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\windows\system32\wecsvc.dll
22:24:48.0781 0604  Wecsvc - ok
22:24:48.0781 0604  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\windows\System32\wercplsupport.dll
22:24:48.0890 0604  wercplsupport - ok
22:24:48.0906 0604  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\windows\System32\WerSvc.dll
22:24:49.0015 0604  WerSvc - ok
22:24:49.0030 0604  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\windows\system32\DRIVERS\wfplwf.sys
22:24:49.0108 0604  WfpLwf - ok
22:24:49.0124 0604  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\windows\system32\drivers\wimmount.sys
22:24:49.0140 0604  WIMMount - ok
22:24:49.0171 0604  WinDefend - ok
22:24:49.0171 0604  WinHttpAutoProxySvc - ok
22:24:49.0233 0604  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\windows\system32\wbem\WMIsvc.dll
22:24:49.0311 0604  Winmgmt - ok
22:24:49.0389 0604  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\windows\system32\WsmSvc.dll
22:24:49.0561 0604  WinRM - ok
22:24:49.0639 0604  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\windows\system32\DRIVERS\WinUsb.sys
22:24:49.0670 0604  WinUsb - ok
22:24:49.0717 0604  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\windows\System32\wlansvc.dll
22:24:49.0779 0604  Wlansvc - ok
22:24:49.0888 0604  [ 98F138897EF4246381D197CB81846D62 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
22:24:50.0013 0604  wlidsvc - ok
22:24:50.0060 0604  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\windows\system32\drivers\wmiacpi.sys
22:24:50.0091 0604  WmiAcpi - ok
22:24:50.0107 0604  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\windows\system32\wbem\WmiApSrv.exe
22:24:50.0154 0604  wmiApSrv - ok
22:24:50.0200 0604  WMPNetworkSvc - ok
22:24:50.0232 0604  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\windows\System32\wpcsvc.dll
22:24:50.0263 0604  WPCSvc - ok
22:24:50.0294 0604  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\windows\system32\wpdbusenum.dll
22:24:50.0341 0604  WPDBusEnum - ok
22:24:50.0388 0604  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\windows\system32\drivers\ws2ifsl.sys
22:24:50.0481 0604  ws2ifsl - ok
22:24:50.0512 0604  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\windows\System32\wscsvc.dll
22:24:50.0575 0604  wscsvc - ok
22:24:50.0575 0604  WSearch - ok
22:24:50.0653 0604  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\windows\system32\wuaueng.dll
22:24:50.0793 0604  wuauserv - ok
22:24:50.0824 0604  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\windows\system32\drivers\WudfPf.sys
22:24:50.0871 0604  WudfPf - ok
22:24:50.0902 0604  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\windows\system32\DRIVERS\WUDFRd.sys
22:24:50.0934 0604  WUDFRd - ok
22:24:50.0965 0604  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\windows\System32\WUDFSvc.dll
22:24:51.0012 0604  wudfsvc - ok
22:24:51.0043 0604  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\windows\System32\wwansvc.dll
22:24:51.0121 0604  WwanSvc - ok
22:24:51.0168 0604  [ 64F88AF327AA74E03658AE32B48CCB8B ] yukonw7         C:\windows\system32\DRIVERS\yk62x64.sys
22:24:51.0214 0604  yukonw7 - ok
22:24:51.0246 0604  ================ Scan global ===============================
22:24:51.0277 0604  [ BA0CD8C393E8C9F83354106093832C7B ] C:\windows\system32\basesrv.dll
22:24:51.0308 0604  [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\windows\system32\winsrv.dll
22:24:51.0339 0604  [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\windows\system32\winsrv.dll
22:24:51.0370 0604  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\windows\system32\sxssrv.dll
22:24:51.0402 0604  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\windows\system32\services.exe
22:24:51.0433 0604  [Global] - ok
22:24:51.0433 0604  ================ Scan MBR ==================================
22:24:51.0448 0604  [ 2E5DEBB2116B3417023E0D6562D7ED07 ] \Device\Harddisk0\DR0
22:24:52.0026 0604  \Device\Harddisk0\DR0 - ok
22:24:52.0026 0604  ================ Scan VBR ==================================
22:24:52.0026 0604  [ 377D7E08FDF136635779511095F2CA43 ] \Device\Harddisk0\DR0\Partition1
22:24:52.0026 0604  \Device\Harddisk0\DR0\Partition1 - ok
22:24:52.0057 0604  [ 3069FB983A4801A399A31386BA809A9B ] \Device\Harddisk0\DR0\Partition2
22:24:52.0057 0604  \Device\Harddisk0\DR0\Partition2 - ok
22:24:52.0072 0604  [ 81A569E96B7FF1D49D02F20C43D90D96 ] \Device\Harddisk0\DR0\Partition3
22:24:52.0088 0604  \Device\Harddisk0\DR0\Partition3 - ok
22:24:52.0088 0604  ============================================================
22:24:52.0088 0604  Scan finished
22:24:52.0088 0604  ============================================================
22:24:52.0104 2380  Detected object count: 1
22:24:52.0104 2380  Actual detected object count: 1
22:25:03.0663 2380  Rezip ( UnsignedFile.Multi.Generic ) - skipped by user
22:25:03.0663 2380  Rezip ( UnsignedFile.Multi.Generic ) - User select action: Skip
         

Alt 31.01.2013, 13:27   #7
markusg
/// Malware-holic
 
TR/Matsnu.EB.98 in C:\Users\marijke\Downloads\Daten_23.01.2013.zip - Standard

TR/Matsnu.EB.98 in C:\Users\marijke\Downloads\Daten_23.01.2013.zip



öffne mal bitte avira, Verwaltung, Quarantäne, poste alle Fundmeldungen mit Pfadangabe
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 31.01.2013, 21:18   #8
herrschmacko
 
TR/Matsnu.EB.98 in C:\Users\marijke\Downloads\Daten_23.01.2013.zip - Standard

TR/Matsnu.EB.98 in C:\Users\marijke\Downloads\Daten_23.01.2013.zip



Code:
ATTFilter

Typ:	Datei
Quelle:	C:\Users\marijke\Downloads\Daten_23.01.2013.zip
Status:	Infiziert
Quarantäne-Objekt:	54eaa286.qua
Wiederhergestellt:	NEIN
Zu Avira hochgeladen:	JA
Betriebssystem:	Windows XP/VISTA Workstation/Windows 7
Suchengine:	8.02.10.236
Virendefinitionsdatei:	7.11.58.126
Meldung:	TR/Matsnu.EB.98
Datum/Uhrzeit:	24.01.2013, 13:34
         

Alt 02.02.2013, 19:22   #9
markusg
/// Malware-holic
 
TR/Matsnu.EB.98 in C:\Users\marijke\Downloads\Daten_23.01.2013.zip - Standard

TR/Matsnu.EB.98 in C:\Users\marijke\Downloads\Daten_23.01.2013.zip



glück gehabt.
avira hat das Teil in der infizierten Zip erkannt.

lade den CCleaner standard:
CCleaner - Download - Filepony
falls der CCleaner
bereits instaliert, überspringen.
öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 03.02.2013, 13:28   #10
herrschmacko
 
TR/Matsnu.EB.98 in C:\Users\marijke\Downloads\Daten_23.01.2013.zip - Standard

TR/Matsnu.EB.98 in C:\Users\marijke\Downloads\Daten_23.01.2013.zip



Code:
ATTFilter
Aangifte voor buitenlandse belastingplichtigen 2011	Belastingdienst	28.02.2012				notwendig		
Adobe Flash Player 10 ActiveX	Adobe Systems Incorporated	04.08.2010		10.0.42.34		notwendig		
Adobe Flash Player 11 Plugin	Adobe Systems Incorporated	29.12.2012	6,00MB	11.5.502.135		notwendig		
Adobe Reader XI - Deutsch	Adobe Systems Incorporated	27.12.2012	127MB	11.0.00			notwendig		
Anno 1701	Sunflowers	31.12.2011		1.02							notwendig		
Atheros Client Installation Program	Atheros	04.08.2010		1.0.5.0621				unbekannt
AudibleManager	Audible, Inc.	27.09.2012		2002992366.48.56.36441322				unbekannt	
Avira Free Antivirus	Avira	14.11.2012	108MB	12.1.9.1236						notwendig		
BatteryLifeExtender	Samsung	04.08.2010	31,5MB	1.0.5							unbekannt
CCleaner	Piriform	23.01.2013		3.27							notwendig		
Citrix Online Plug-in - Web	Citrix Systems, Inc.	10.01.2012		12.0.0.6410			unbekannt
CyberLink DVD Suite	CyberLink Corp.	04.08.2010	15,1MB	6.0.2806					unbekannt
CyberLink LabelPrint	CyberLink Corp.	04.08.2010	163MB	2.5.1916					unbekannt
CyberLink Power2Go	CyberLink Corp.	04.08.2010	120MB	6.0.3108a					unbekannt
CyberLink PowerDirector	CyberLink Corp.	04.08.2010	367MB	7.0.3213					unbekannt
CyberLink PowerDVD 8	CyberLink Corp.	04.08.2010	91,3MB	8.0.2815b					unbekannt
CyberLink PowerProducer	CyberLink Corp.	04.08.2010	297MB	5.0.1.1812					unbekannt		
CyberLink YouCam	CyberLink Corp.	19.04.2011	77,2MB	2.0.3911					unbekannt
dm-Fotowelt	CEWE COLOR AG u Co. OHG	02.02.2013	345MB	5.0.1						notwendig		
Dropbox	Dropbox, Inc.	26.01.2013		1.6.16								notwendig		
Easy Display Manager	Samsung Electronics Co., Ltd.	04.08.2010		3.2				unbekannt
Easy Network Manager	Samsung	04.08.2010	34,9MB	4.3.3							unbekannt		
Easy SpeedUp Manager	Samsung Electronics Co.,Ltd.	04.08.2010		3.0.0.5				unbekannt
EasyBatteryManager	Samsung	04.08.2010		4.0.0.4							unbekannt
Free FLV Converter V 7.0.0	Koyote Soft	08.09.2011	15,9MB	7.0.0.0					unbekannt
Huur- en zorgtoeslag 2011	Belastingdienst	25.08.2011							notwendig
Intel(R) PROSet/Wireless WiFi Software	Intel Corporation	04.08.2010	20,7MB	13.02.0000		unbekannt
Intel(R) Rapid Storage Technology	Intel Corporation	03.02.2013		9.6.3.1001		unbekannt
Intel(R) Turbo Boost Technology Driver	Intel Corporation	04.08.2010		01.02.00.1002		unbekannt
Java(TM) 6 Update 37	Oracle	06.10.2012	95,7MB	6.0.370											notwendig
Malwarebytes Anti-Malware Version 1.70.0.1100	Malwarebytes Corporation	27.01.2013	18,4MB	1.70.0.1100				notwendig
Marvell Miniport Driver	Marvell	04.08.2010		11.22.3.3										unbekannt
Microsoft .NET Framework 4 Client Profile	Microsoft Corporation	02.05.2011	38,8MB	4.0.30319					unbekannt
Microsoft .NET Framework 4 Client Profile DEU Language Pack	Microsoft Corporation	02.05.2011	2,93MB	4.0.30319			unbekannt
Microsoft Office 2010	Microsoft Corporation	04.08.2010	6,31MB	14.0.4763.1000								notwendig
Microsoft Office Klick-und-Los 2010	Microsoft Corporation	21.04.2011		14.0.4763.1000						notwendig
Microsoft Office Starter 2010 - Deutsch	Microsoft Corporation	21.04.2011		14.0.4763.1000						notwendig
Microsoft Silverlight	Microsoft Corporation	12.05.2012	50,6MB	5.1.10411.0								unbekannt
Microsoft SQL Server 2005 Compact Edition [ENU]	Microsoft Corporation	19.04.2011	1,72MB	3.1.0000					unbekannt
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053	Microsoft Corporation	01.05.2011	252KB	8.0.50727.4053		unbekannt
Microsoft Visual C++ 2005 Redistributable	Microsoft Corporation	16.06.2011	300KB	8.0.61001					unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729	Microsoft Corporation	30.08.2011	244KB	9.0.30729			unbekannt	
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148	Microsoft Corporation	10.08.2011	594KB	9.0.30729.4148			unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161	Microsoft Corporation	10.08.2011	600KB	9.0.30729.6161			unbekannt
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219	Microsoft Corporation	11.02.2012	16,5MB	10.0.40219			unbekannt
Miniplan 3.1.5	LucaNet AG	17.10.2012		3.1.5											notwendig
Mozilla Firefox 18.0.1 (x86 de)	Mozilla	19.01.2013	46,2MB	18.0.1										notwendig
Mozilla Maintenance Service	Mozilla	19.01.2013	330KB	18.0.1										unbekannt			
NVIDIA Drivers	NVIDIA Corporation	04.08.2010		1.4										notwendig
Radmin Viewer 3.4	Famatech	02.06.2011	8,58MB	3.41.0000									unbekannt
RealPlayer	RealNetworks	20.03.2012													notwendig
Realtek High Definition Audio Driver	Realtek Semiconductor Corp.	04.08.2010		6.0.1.6003					notwendig	
REALTEK Wireless LAN Software	REALTEK Semiconductor Corp.	04.08.2010		0133.09.1202						notwendig
Samsung R-Series	Samsung	19.04.2011	24,2MB	1.0											notwendig
Samsung Recovery Solution 4	Samsung	04.08.2010		4.0.0.6										notwendig
Samsung Support Center	Samsung	04.08.2010	45,8MB	1.0.2											notwendig
Samsung Update Plus	Samsung Electronics Co., Ltd.	04.08.2010		2.0								notwendig
Skype Toolbars	Skype Technologies S.A.	04.08.2010	5,36MB	1.0.4051									unnötig					
Skype™ 6.0	Skype Technologies S.A.	05.12.2012	20,3MB	6.0.126										notwendig
SopCast 3.4.0	www.sopcast.com	13.09.2011		3.4.0											notwendig
Synaptics Pointing Device Driver	Synaptics Incorporated	04.08.2010		15.0.10.0						unbekannt
User Guide		04.08.2010		1.0												unbekannt
VLC media player 1.1.11	VideoLAN	27.08.2011		1.1.11										notwendig
Windows Live Essentials	Microsoft Corporation	19.04.2011		14.0.8117.0416								unbekannt
Windows Live ID Sign-in Assistant	Microsoft Corporation	04.08.2010	10,0MB	6.500.3165.0						unbekannt
Windows Live Sync	Microsoft Corporation	19.04.2011	2,79MB	14.0.8117.416								unbekannt
Windows Live-Uploadtool	Microsoft Corporation	19.04.2011	224KB	14.0.8014.1029								unbekannt
WISO Steuer 2011	Buhl Data Service GmbH	31.03.2012		18.00.6928								notwendig
         

Alt 04.02.2013, 10:11   #11
markusg
/// Malware-holic
 
TR/Matsnu.EB.98 in C:\Users\marijke\Downloads\Daten_23.01.2013.zip - Standard

TR/Matsnu.EB.98 in C:\Users\marijke\Downloads\Daten_23.01.2013.zip



deinstaliere:
Adobe Flash Player alle
Adobe - Adobe Flash Player installieren
neueste version laden, instalieren.
adobe reader:
Adobe - Adobe Reader herunterladen - Alle Versionen
haken bei mcafee security scan raus nehmen

bitte auch mal den adobe reader wie folgt konfigurieren:
adobe reader öffnen, bearbeiten, voreinstellungen.
allgemein:
nur zertifizierte zusatz module verwenden, anhaken.
internet:
hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc.
es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht.
bei javascript den haken bei java script verwenden raus nehmen
bei updater, automatisch instalieren wählen.
übernehmen /ok



deinstaliere:
AudibleManager
Free FLV
Java
downloade Java jre:
Java-Downloads für alle Betriebssysteme
klicke:
Download der Java-Software für Windows Offline
laden, und instalieren
deinstaliere:
Radmin Viewer
Skype Toolbars
Windows Live : alle von dir nicht benötigten

Öffne CCleaner, analysieren, starten, PC neustarten.
Downloade Dir bitte AdwCleaner auf deinen Desktop.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Suche.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste
    mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 04.02.2013, 22:16   #12
herrschmacko
 
TR/Matsnu.EB.98 in C:\Users\marijke\Downloads\Daten_23.01.2013.zip - Standard

TR/Matsnu.EB.98 in C:\Users\marijke\Downloads\Daten_23.01.2013.zip



Code:
ATTFilter
# AdwCleaner v2.110 - Datei am 04/02/2013 um 23:14:07 erstellt
# Aktualisiert am 03/02/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : marijke - MARIJKE-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\marijke\Downloads\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****


***** [Registrierungsdatenbank] *****


***** [Internet Browser] *****

-\\ Internet Explorer v8.0.7601.17514

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v18.0.1 (de)

Datei : C:\Users\marijke\AppData\Roaming\Mozilla\Firefox\Profiles\g5vsxj7g.default\prefs.js

Gefunden : user_pref("extensions.enabledAddons", "DivXWebPlayer%40divx.com:2.0.2.039,groovesharkUnlocker%40over[...]

-\\ Google Chrome v [Version kann nicht ermittelt werden]

Datei : C:\Users\marijke\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [1000 octets] - [04/02/2013 23:14:07]

########## EOF - C:\AdwCleaner[R1].txt - [1060 octets] ##########
         

Alt 05.02.2013, 13:44   #13
markusg
/// Malware-holic
 
TR/Matsnu.EB.98 in C:\Users\marijke\Downloads\Daten_23.01.2013.zip - Standard

TR/Matsnu.EB.98 in C:\Users\marijke\Downloads\Daten_23.01.2013.zip



Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

neustarten, testen, wie PC + Programme wie Browser laufen
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 06.02.2013, 00:31   #14
herrschmacko
 
TR/Matsnu.EB.98 in C:\Users\marijke\Downloads\Daten_23.01.2013.zip - Standard

TR/Matsnu.EB.98 in C:\Users\marijke\Downloads\Daten_23.01.2013.zip



Code:
ATTFilter
# AdwCleaner v2.111 - Datei am 06/02/2013 um 01:27:52 erstellt
# Aktualisiert am 05/02/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : marijke - MARIJKE-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\marijke\Downloads\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****


***** [Registrierungsdatenbank] *****


***** [Internet Browser] *****

-\\ Internet Explorer v8.0.7601.17514

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v18.0.1 (de)

Datei : C:\Users\marijke\AppData\Roaming\Mozilla\Firefox\Profiles\g5vsxj7g.default\prefs.js

Gelöscht : user_pref("extensions.enabledAddons", "DivXWebPlayer%40divx.com:2.0.2.039,groovesharkUnlocker%40over[...]

-\\ Google Chrome v [Version kann nicht ermittelt werden]

Datei : C:\Users\marijke\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [1129 octets] - [04/02/2013 23:14:07]
AdwCleaner[S1].txt - [1062 octets] - [06/02/2013 01:27:52]

########## EOF - C:\AdwCleaner[S1].txt - [1122 octets] ##########
         

Alt 06.02.2013, 11:05   #15
markusg
/// Malware-holic
 
TR/Matsnu.EB.98 in C:\Users\marijke\Downloads\Daten_23.01.2013.zip - Standard

TR/Matsnu.EB.98 in C:\Users\marijke\Downloads\Daten_23.01.2013.zip



Teste bitte, wie PC + Programme wie Browser laufen.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Antwort

Themen zu TR/Matsnu.EB.98 in C:\Users\marijke\Downloads\Daten_23.01.2013.zip
antivir, befindet, datei, daten, downloads, hallo zusammen, infizierte, infizierte datei, laufe, laufen, programm, quarantäne, reinigen, troja, users, zusammen, öffnen



Ähnliche Themen: TR/Matsnu.EB.98 in C:\Users\marijke\Downloads\Daten_23.01.2013.zip


  1. Windows 8 - 'TR/Inject.cdodsf' in 'C:\Users\Claudia\Downloads\COMPUTER_BILD-Download-Manager_fuer_setup.exe'
    Log-Analyse und Auswertung - 24.06.2015 (7)
  2. "TR/Dldr.Agent.1169920.4 in c:\windows\temp\db22.exe" & "ADWARE\InstallCore.771128 in c:\Users\Julian\Downloads\openal-2.0.7.0.exe"
    Plagegeister aller Art und deren Bekämpfung - 26.01.2015 (9)
  3. Keine Downloads Internet möglich, Office 2013 funktioniert nicht
    Plagegeister aller Art und deren Bekämpfung - 03.06.2014 (41)
  4. Windows 7: Kaspersky Internet Security 2013 findet Trojaner HEUR:Exploit.Java.CVE-2013-1493.gen
    Log-Analyse und Auswertung - 20.11.2013 (57)
  5. Windows 7:Werde Viren nicht los TR/Matsnu.A.59,TR/Matsnu.A.56 und TR/BankZone.A.8
    Log-Analyse und Auswertung - 06.09.2013 (9)
  6. Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-07-2013 Ran by Verena (administrator) on 24-07-2013 20:57:45 Running f
    Mülltonne - 24.07.2013 (1)
  7. TechEd 2013: Visual Studio 2013 angekündigt
    Nachrichten - 04.06.2013 (0)
  8. Win32/StartPage.OPH trojan in C:\Users\uli\Downloads\vlc-2.0.0-win32.exe
    Plagegeister aller Art und deren Bekämpfung - 16.04.2013 (30)
  9. TR/Matsnu.EB.133 Trojanermeldung in C:\Users\App... bin verzweifelt !
    Plagegeister aller Art und deren Bekämpfung - 12.04.2013 (13)
  10. C:\Users\***\Downloads\chromeinstall-7u11.exe TR/zusy.21072.4
    Plagegeister aller Art und deren Bekämpfung - 24.02.2013 (7)
  11. Trojan.Inject.MN in C:Users\ID\Downloads\Isi Fellnase.exe
    Plagegeister aller Art und deren Bekämpfung - 31.01.2013 (13)
  12. Adware Agent in C:\Users\xxxxx\AppData\Local\Temp\814044.Uninstall\Uninstall.exe ;Adware.Agent in C:\Users\xxxxxx\Downloads\FLV
    Log-Analyse und Auswertung - 30.12.2012 (32)
  13. PUP.OfferBundler.ST in C:\Users\...\Downloads\SoftonicDownloader_fuer_teachmaster.exe gefunden
    Plagegeister aller Art und deren Bekämpfung - 23.12.2012 (2)
  14. "PUP.OfferBundler.ST" in \Users\Mama_Papa\Documents\Downloads\SoftonicDownloader_fuer_photoscape.exe
    Log-Analyse und Auswertung - 29.09.2012 (13)
  15. Trojanisches Pferd - TR/Gendal.5743353.1 in C:\Users\***\Downloads\VideoConverter_Setup.exe
    Log-Analyse und Auswertung - 04.03.2012 (13)
  16. 'C:\Users\User\Downloads\sampkeys02.exe wurd BDS/IRCNite.aox gefunden
    Plagegeister aller Art und deren Bekämpfung - 06.01.2011 (30)
  17. TR/Agent.LP.miv in C:\Users\***\Downloads\tvbrowser-2.7.5.exe gefunden
    Plagegeister aller Art und deren Bekämpfung - 29.07.2010 (5)

Zum Thema TR/Matsnu.EB.98 in C:\Users\marijke\Downloads\Daten_23.01.2013.zip - hallo zusammen, auf unserem familien-pc befindet sich oben genannter trojaner. leider durch das öffnen eines emailanhangs eingefangen. habe bis jetzt das antivir programm laufen lassen. Die infizierte Datei wurde in - TR/Matsnu.EB.98 in C:\Users\marijke\Downloads\Daten_23.01.2013.zip...
Archiv
Du betrachtest: TR/Matsnu.EB.98 in C:\Users\marijke\Downloads\Daten_23.01.2013.zip auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.